PKI/0000755000176200001440000000000014633367022010703 5ustar liggesusersPKI/tests/0000755000176200001440000000000014633364723012052 5ustar liggesusersPKI/tests/test.R0000644000176200001440000000613514633364723013161 0ustar liggesusers## simple test suite - avoid testthat! It has an insane amount of ## unnecessary dependencies. A test package should have exactly 0 assert <- function(msg, what) { cat(" . ", msg,"\n") stopifnot(what) .GlobalEnv$ok <- .GlobalEnv$ok + 1L } xfail <- function(...) suppressWarnings(tryCatch({ ...; FALSE }, error=function(e) TRUE)) ## none of these are fatal info <- function(...) message(" -- ", ...) err <- function(...) message(" ** ERROR: ", ...) warn <- function(...) message(" !! ", ...) ## all warnings (unless suppressed) are errors options(warn=2) library(PKI) .GlobalEnv$ok <- 0L ## Majority of tests are in th3 examples, ## so we won't repeat those, but some special cases ## not covered there as well as expected failures info("Checking failure paths") xfail(PKI.load.cert(what="foo", file="bar")) ## set both what and file xfail(PKI.load.cert("foo", "DER")) ## binary format with text xfail(PKI.load.cert("nothing")) ## invalid content xfail(PKI.digest("foo", "bar")) ## invalid hash spec xfail(PKI.load.key(what="foo", file="bar")) xfail(PKI:::PKI.decode.SSH2(fn.priv.der)) ## try to load invalid content info("Checking key paths via files/connections") key <- PKI.genRSAkey(bits = 2048L) fn.priv.pem <- tempfile() PKI.save.key(key, target=fn.priv.pem) fn.priv.der <- tempfile() PKI.save.key(key, "DER", target=fn.priv.der) PKI.load.key(file=fn.priv.pem) PKI.load.key(file=fn.priv.der, format="DER", private=TRUE) fn.pub.pem <- tempfile() PKI.save.key(key, target=fn.pub.pem, private=FALSE) fn.pub.der <- tempfile() PKI.save.key(key, "DER", target=fn.pub.der, private=FALSE) PKI.load.key(file=fn.pub.pem) PKI.load.key(file=fn.pub.der, format="DER", private=FALSE) info("gmp") if (requireNamespace("gmp", quietly=TRUE)) { PKI.mkRSApubkey(gmp::as.bigz("119445732379544598056145200053932732877863846799652384989588303737527328743970559883211146487286317168142202446955508902936035124709397221178664495721428029984726868375359168203283442617134197706515425366188396513684446494070223079865755643116690165578452542158755074958452695530623055205290232290667934914919")) } else { warn("gmp not found, skipping bignum tests") } info("Ciphers") skey <- PKI.random(256) for (cipher in c("aes256ecb", "aes256ofb", "bfcbc", "bfecb", "bfofb", "bfcfb")) assert(cipher, all(PKI.decrypt(PKI.encrypt(charToRaw("foo!"), skey, cipher), skey, cipher)[1:4] == charToRaw("foo!"))) iv <- PKI.random(256) for (cipher in c("bfcbc", "bfecb", "bfofb", "bfcfb")) assert(paste0(cipher, " (with IV)"), all(PKI.decrypt(PKI.encrypt(charToRaw("foo!"), skey, cipher, iv=iv), skey, cipher, iv=iv)[1:4] == charToRaw("foo!"))) info("ASN.1") assert("ASN.1 encode/decode", { d <- ASN1.decode(ASN1.encode(ASN1.item(0:255, 3L))) ASN1.type(d) == 3L && all(d == as.raw(0:255)) }) info("Tar ball signing") tmpfn <- c(fn.pub.der, fn.pub.pem, fn.priv.der, fn.priv.pem) fn <- tempfile() ## on some systems using abs paths can break 100 byte limit ## so we must do this in the tempdir wd <- getwd() td <- tempdir() setwd(td) tar(fn, basename(tmpfn), "none") PKI.sign.tar(fn, key) PKI.verify.tar(fn, key) setwd(wd) unlink(c(fn, tmpfn)) PKI/MD50000644000176200001440000000401214633367022011210 0ustar liggesusers4de27ae15e3212ebc067c02508e4bc64 *DESCRIPTION a4b346ec6e50330e73bda3a31662085c *LICENSE c5be4f75fb3b15ace5bb0e8be292f0bc *NAMESPACE f3789483a39fd5ac57f9054bcaf2ae44 *NEWS 218b75ce9b65515f04a6d8719d1b8f2b *R/asn1.R a291e19951c99df7b2576753215d6aee *R/crypt.R 069f949d073013b70c6b480a05bd8cd5 *R/digest.R f49936b832996d246392d8f398047a3f *R/oid.R 0e5bde9d576ddabbbf13643d54691f0d *R/pem.R 0bbd138515197f4600fa45c7c9495864 *R/pgp.R 2f39ac252e623a993a77a52c2acb329a *R/print.R 66c7100471185596f14a7732d925e6b6 *R/rsa.R 6f3f412af5d70eafbac0672ed4f7961f *R/signR.R efb9ae3081f75d4169c963b7788264eb *R/tools.R ed93e3d4ef3dd4db057393379159d3be *R/x509.R 29420506a5bf8c47914e9ebd99ad3cf8 *configure 4b44b68f608960db3951c3252817b7ea *configure.ac 69b1bb25ce589e6fda4a332fae692151 *inst/certs/RForge-ca.crt d6726b662beb173c9a850007dd80b167 *inst/certs/demo.crt f0cd0d0038a86b27e787d8d34c0ffd7a *man/ASN1.Rd 436fc5111af4beb58c0614dfbd03eb89 *man/BIGNUMint.Rd 383f8fed8d8bbcc84c06d2bfaf90c860 *man/PKI.crypt.Rd 40b718a0ebfb85061734f2a9bd979d8c *man/PKI.digest.Rd e30e52bf05f45f347e29c7df014a3f92 *man/PKI.genpass.Rd 050efec8e0300989b7e81a8c68d429ce *man/PKI.info.Rd a58d719c5a7a96e756ab13031baa883c *man/PKI.random.Rd 1fb482aca66e82f8e114844fc02e5bd8 *man/PKI.sign.Rd 7653544b61c4e714b3dde2b07f195c67 *man/PKI.sign.tar.Rd f096bc859bdf5812fe3d9bee86861bef *man/RSA.Rd 2654d3a9a96aa28609641a15155b1ec8 *man/X509.Rd 53ccb724fc2f3ee1c122d69f27317398 *man/oid.Rd 16ac0bff82bbf64f9f645f1fb38748cc *man/raw2hex.Rd c733862ac29e8bbd01a49b5ac7d4a780 *src/Makevars.in 84f3c3174459e942b9c12bf475435aec *src/Makevars.win 2d4ade3a3b81285867709634b2d19fba *src/asn1.c cd0f24df06bdec9b70931bca30f58569 *src/config.h.in 4d2b8ec6a976a2a1aad8081975e27078 *src/init.c b65b4c2e6523ae43420c742820d253b3 *src/pem.c c1ec6f7df5dd97ff0ecd4e396c96ae56 *src/pgp.c e7fb6b1a9475387556d127dfff21d54c *src/pki-x509.c 393538b97c58068a360bbc624d215c64 *src/pki.h a9643092c6558e4f34da887a47183caa *src/register.c 2dec5e64316500969651ac67939fad13 *src/tools.c c8fb695cba446416df3ecb00dd42dca3 *tests/test.R PKI/R/0000755000176200001440000000000014633364723011111 5ustar liggesusersPKI/R/digest.R0000644000176200001440000000031614633364723012513 0ustar liggesusersPKI.digest <- function(what, hash=c("SHA1", "SHA256", "MD5")) { hash <- pmatch(hash, c("SHA1", "SHA256", "MD5"))[1] if (is.na(hash)) stop("invalid hash specification") .Call(PKI_digest, what, hash) } PKI/R/signR.R0000644000176200001440000001175014633364723012322 0ustar liggesusers# tar one regular file from raw payload tar1 <- function(name, what, mode=0x180) { size <- length(what) header <- raw(512L) fn <- charToRaw(name) header[seq_along(fn)] <- fn header[101:107] <- charToRaw(sprintf("%07o", mode)) header[137:147] <- charToRaw(sprintf("%011o", as.integer(Sys.time()))) header[157L] <- charToRaw("0") # regular file header[125:135] <- charToRaw(sprintf("%011o", as.integer(size))) header[149:156] <- charToRaw(" ") checksum <- sum(as.integer(header))%%2^24 header[149:154] <- charToRaw(sprintf("%06o", as.integer(checksum))) header[155L] <- as.raw(0L) bsize <- ceiling(size / 512L) * 512L padding <- raw(bsize - size) c(header, what, padding) } chunk <- 4194304L ## 4Mb .. as good as any value ... .detect.compression <- function(filename) { con <- file(filename, "rb") on.exit(close(con)) magic <- readBin(con, raw(), n = 5) io <- file if (all(magic[1:2] == c(31, 139)) || all(magic[1:2] == c(31, 157))) io <- gzfile else if (all(magic[1:3] == c(0x42, 0x5a, 0x68))) # "BZh" io <- bzfile else if (all(magic[1:5] == c(0xfd, 0x37, 0x7a, 0x58, 0x5a))) # "\xfd7zXZ" io <- xzfile io } PKI.sign.tar <- function(tarfile, key, certificate, output=tarfile) { io <- .detect.compression(tarfile) file <- io(tarfile, "rb") on.exit(if(!is.null(file)) close(file)) payload <- raw(0) while (length(r <- readBin(file, raw(), chunk))) payload <- c(payload, r) close(file) # FIXME: if we want the .signature to be visible, we need to strip padding to inject new file ! file <- NULL sign <- PKI.sign(payload, key, "SHA1") ## SEQ(BIT STREAM sig, subjectPubKeyInfo[if not cert], cert[optional, if present]) a <- if (missing(certificate)) ASN1.encode(list(ASN1.item(sign, 3L), ASN1.decode(PKI.save.key(key, "DER", FALSE)))) else ASN1.encode(list(ASN1.item(sign, 3L), ASN1.item(raw(0), 0L), ASN1.decode(attr(certificate, "crt.DER")))) payload <- c(payload, tar1(".signature", a), as.raw(rep(0L, 1024L))) if (inherits(output, "connection")) { writeBin(payload, output) return(invisible(output)) } if (is.raw(output)) return(payload) file <- io(as.character(output), "wb") writeBin(payload, file) close(file) file <- NULL invisible(output) } PKI.verify.tar <- function(tarfile, key, silent = FALSE, enforce.cert = FALSE) { file <- NULL if (is.raw(tarfile)) payload <- tarfile else { io <- .detect.compression(tarfile) file <- io(tarfile, "rb") on.exit(if(!is.null(file)) close(file)) payload <- raw(0) while (length(r <- readBin(file, raw(), chunk))) payload <- c(payload, r) if (length(payload) < 1024L) stop("invalid tar format") close(file) file <- NULL } fn <- c(charToRaw(".signature"), raw(1)) i <- length(payload) - 511L n <- length(fn) - 1L while (i > 0L) { if (identical(payload[seq.int(i, i + n)], fn)) break i <- i - 512L } if (i < 1L) { if (!silent) warning("no signature found") return(FALSE) } asn <- try(ASN1.decode(payload[seq.int(i + 512L, length(payload))]), silent=TRUE) if (!is.list(asn) || length(asn) < 2L || ASN1.type(asn[[1]]) != 3L) { if (!silent) warning("bad signature format") return(FALSE) } sig.key <- NULL sig.cert <- NULL if (is.list(asn[[2]]) && length(asn[[2]]) == 2L) { ## no certificate, jsut a key der <- ASN1.encode(asn[[2]]) ## encode back to DER sig.key <- try(PKI.load.key(der, "DER", FALSE), silent=TRUE) if (!inherits(sig.key, "public.key")) sig.key <- NULL } else if (length(asn) > 2L) { ## certificate ## either direct payload (BITSTRING) or decoded already (that's what it should be) der <- if (identical(ASN1.type(asn[[3]]), 3L)) asn[[3]] else ASN1.encode(asn[[3]]) sig.cert <- try(PKI.load.cert(der, "DER"), silent=TRUE) if (!inherits(sig.cert, "X509cert")) sig.cert <- NULL else sig.key <- PKI.pubkey(sig.cert) } if (missing(key)) { if (is.null(sig.key)) { if (!silent) warning("no key supplied and no valid key or certificate in the signature") return(FALSE) } else key <- sig.key } if (!identical(enforce.cert, FALSE) && is.null(sig.cert)) { if (!silent) warning("certificate required but no certificate found") return(FALSE) } res <- PKI.verify(payload[seq.int(1L, i - 1L)], asn[[1]], key) if (enforce.cert) { if (inherits(enforce.cert, "X509cert")) { key1 <- PKI.save.key(PKI.pubkey(enforce.cert), "DER", FALSE) key2 <- PKI.save.key(key, "DER", FALSE) if (!identical(key1, key2)) { if (!silent) warning("signed by a different certificate") return (FALSE) } } if (!isTRUE(res)) FALSE else sig.cert } else res } PKI/R/print.R0000644000176200001440000000063314633364723012372 0ustar liggesusersprint.X509cert <- function(x, short=FALSE, ...) { if (short) { cat("X509 Cert: ", PKI.get.subject(x), "\n") } else { i <- PKI.get.cert.info(x) cat( "X509 Certificate:\n Subject: ", i[[1]], "\n Issuer: ", i[[2]], "\n Fingerprint (SHA-1): ", raw2hex(i[[3]], ':'), "\n Validity: ", paste(.POSIXct(i[[4]]), collapse=" ... "), if (i[[5]]) " (is CA)" else "", "\n\n", sep='') } invisible(x) } PKI/R/tools.R0000644000176200001440000000141114633364723012371 0ustar liggesusersraw2hex <- function(what, sep, upper=FALSE) .Call(PKI_raw2hex, what, if (missing(sep)) NULL else sep, upper) PKI.random <- function(n) .Call(PKI_random, n) PKI.info <- function() .Call(PKI_engine_info) alphanum <- c(LETTERS, letters, 0:9) PKI.genpass <- function(n=15, set=c(alphanum, ".", "/"), block=5, sep="-") { sb <- log(length(set), 2) if (as.integer(sb) != sb) warning("Set length is not a power of 2, set elements will have unequal probability") a <- set[as.integer(PKI.random(n)) %% length(set) + 1L] if (block > 0) { pad <- block - (n %% block) if (pad != block) a <- c(a, rep(" ", pad)) m <- matrix(a, block) gsub(" ", "", paste(apply(m, 2, paste, collapse=''), collapse=sep)) } else paste(a, collapse='') } PKI/R/pgp.R0000644000176200001440000000063514633364723012026 0ustar liggesusersPKI.parse.pgp.key <- function(what, raw=FALSE) if (raw) .Call(PKI_parse_pgp_key, what, raw) else { res <- .Call(PKI_parse_pgp_key, what, raw) names(res) <- c("user.id", "pub.key", "priv.key", "pub.subkeys", "priv.subkeys") res } PKI.readPGP <- function(what, raw=FALSE) lapply(PKI.pem.split(what), function(pem) { body <- PKI.pem.part(pem, TRUE, TRUE) PKI.parse.pgp.key(body, raw) }) PKI/R/asn1.R0000644000176200001440000000052014633364723012073 0ustar liggesusersASN1.decode <- function(what) .Call(decode_ASN1, what) ASN1.encode <- function(what) .Call(encode_ASN1, what) ASN1.item <- function(what, type) { what <- as.raw(what) attr(what, "type") <- type what } ASN1.type <- function(what) attr(what, "type") as.BIGNUMint <- function(what, scalar=TRUE) .Call(PKI_asBIGNUMint, what, scalar) PKI/R/rsa.R0000644000176200001440000001701314633364723012023 0ustar liggesusers## Notes on key formats: ## ## PKCS#1: (BEGIN RSA PUBLIC KEY) - RFC 3447 ## public key : ASN.1 SEQ(modulus (n) INT, publicExponent (e) INT) ## private key: ver, n, e, d, p, q, d mod (p-1), d mod (q-1), (inv q) mod p [,other primes] ## ## PKCS#8: (BEGIN PUBLIC KEY) - RFC 5208 ## ## X.509 SubjectPublicKeyInfo (BEGIN PUBLIC KEY) - RFC 1422 ## SEQ(AlgorithmIdentifier:SEQ(OID, param[NULL]), BIT-STR(key - as defined in PKCS#1)) ## ## SSH2: (BEGIN SSH2 PUBLIC KEY) - RFC 4716 ## int32 n, char[n] type "ssh-rsa", int32 n, byte[n] exponent, int32 n, byte[n] modulus (all big-endian) ## OpenSSH uses same format but on one line with 'ssh-rsa ' prefix ## pkcs-1 1 OID: iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 ## (pkcs-1 1) = rsaEncryption (RFC 3447) --- for use in SubjectPublicKeyInfo oid.pkcs.1.rsaEncryption <- as.raw(c(0x2a,0x86,0x48,0x86,0xf7,0x0d,1,1,1)) PKI.load.key <- function(what, format=c("PEM", "DER"), private, file, password="") { if (!missing(file) && !missing(what)) stop("what and file are mutually exclusive") format <- match.arg(format) if (missing(private)) private <- NA either <- (length(private) > 0) && isTRUE(all(is.na(private))) private <- isTRUE(private) bin <- isTRUE(format == "DER") if (!missing(file)) { what <- con <- file(file, if (bin) "rb" else "r") on.exit(close(con)) } if (inherits(what, "connection")) what <- if (bin) readBin(what, raw(), 65536L) else readLines(what) if (is.character(what)) { ## remove any lines containing : or ending in \ which are headers rm.ln <- which(grepl(":", what, fixed=TRUE) | grepl("\\\\$", what)) if (length(rm.ln)) what <- what[-rm.ln] if (either || private) { ## Check if this is a private key. i <- grep("-BEGIN (RSA |ENCRYPTED )?PRIVATE KEY-", what) j <- grep("-END (RSA |ENCRYPTED )?PRIVATE KEY-", what) if (length(i) >= 1L && length(j) >= 1L && i[1] < j[1]) { ## PEM_read_bio_PrivateKey method takes the base64 encoding with the header. what <- paste(what[i:j], collapse='\n') private <- TRUE } else { if (private) stop("cannot find RSA private key in PEM format") } } if (!private) { i <- grep("-BEGIN PUBLIC KEY-", what, fixed=TRUE) j <- grep("-END PUBLIC KEY-", what, fixed=TRUE) if (length(i) >= 1L && length(j) >= 1L && i[1] < j[1]) what <- base64enc::base64decode(what[(i + 1L):(j - 1L)]) else { ## also support PKCS#1 format i <- grep("-BEGIN RSA PUBLIC KEY-", what, fixed=TRUE) j <- grep("-END RSA PUBLIC KEY-", what, fixed=TRUE) if (length(i) >= 1L && length(j) >= 1L && i[1] < j[1]) { what <- base64enc::base64decode(what[(i + 1L):(j - 1L)]) # wrap the PKCS#1 in X.509 SubjectPublicKeyInfo what <- ASN1.encode(list(list(ASN1.item(oid.pkcs.1.rsaEncryption, 6L), ASN1.item(raw(0), 5L)), ASN1.item(what, 3L))) } else { ## also support SSH2 format i <- grep("-- BEGIN SSH2 PUBLIC KEY --", what, fixed=TRUE) j <- grep("-- END SSH2 PUBLIC KEY --", what, fixed=TRUE) if (length(i) >= 1L && length(j) >= 1L && i[1] < j[1]) return(PKI.decode.SSH2(base64enc::base64decode(what[(i + 1L):(j - 1L)]), "key", FALSE)) else { if (either) stop("cannot find either public or private RSA key in PEM format") else stop("cannot find public RSA key in PEM format") } } } } } if (private) .Call(PKI_load_private_RSA, what, password) else .Call(PKI_load_public_RSA, what) } PKI.save.key <- function(key, format=c("PEM", "DER"), private=NA, target) { der <- .Call(PKI_extract_key, key, private) format <- match.arg(format) if (isTRUE(format == "PEM")) { guard <- if (inherits(der, "public.key.DER")) c("-----BEGIN PUBLIC KEY-----","-----END PUBLIC KEY-----") else c("-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----") pem <- c(guard[1], base64enc::base64encode(der, 64), guard[2]) if (!missing(target)) { if (is.character(target)) { target <- file(target, "w") on.exit(close(target)) } if (inherits(target, "connection")) writeLines(pem, target) } return (pem) } if (!missing(target)) { if (is.character(target)) { target <- file(target, "wb") on.exit(close(target)) } if (inherits(target, "connection")) writeBin(c(der), target) } return (der) } PKI.genRSAkey <- function(bits=2048L) .Call(PKI_RSAkeygen, bits) PKI.sign <- function(what, key, hash=c("SHA1", "SHA256", "MD5"), digest) { if (!missing(digest) && !missing(what)) stop("what and digest are mutually exclusive") if (missing(digest)) digest <- PKI.digest(what, hash) hash <- pmatch(hash, c("SHA1", "SHA256", "MD5"))[1] if (is.na(hash)) stop("invalid hash specification") .Call(PKI_sign_RSA, digest, hash, key) } PKI.verify <- function(what, signature, key, hash=c("SHA1", "SHA256", "MD5"), digest) { if (inherits(key, "X509cert")) key <- PKI.pubkey(key) if (!missing(digest) && !missing(what)) stop("what and digest are mutually exclusive") if (missing(digest)) digest <- PKI.digest(what, hash) hash <- pmatch(hash, c("SHA1", "SHA256", "MD5"))[1] if (is.na(hash)) stop("invalid hash specification") .Call(PKI_verify_RSA, digest, hash, key, signature) } PKI.mkRSApubkey <- function(modulus, exponent=65537L, format = c("DER", "PEM", "key")) { format <- match.arg(format) if (inherits(modulus, "bigz") || !is.raw(modulus)) modulus <- as.BIGNUMint(modulus) if (inherits(exponent, "bigz") || !is.raw(exponent)) exponent <- as.BIGNUMint(exponent) der <- ASN1.encode(list(list(ASN1.item(oid.pkcs.1.rsaEncryption, 6L), ASN1.item(raw(0), 5L)), ASN1.item(ASN1.encode(list(ASN1.item(modulus, 2L), ASN1.item(exponent, 2L))), 3L))) if (format == "DER") return(der) if (format == "PEM") return(c("-----BEGIN PUBLIC KEY-----", base64enc::base64encode(der, 64), "-----END PUBLIC KEY-----")) .Call(PKI_load_public_RSA, der) } ## not exported - decode raw vector containg ssh-rsa key PKI.decode.SSH2 <- function(what, format, silent=TRUE) { c <- rawConnection(what, "rb") l <- readBin(c, 1L, endian="big") s <- rawToChar(readBin(c, raw(), l)) if (!isTRUE(s == "ssh-rsa")) { if (isTRUE(silent)) return(NULL) stop("unsupported SSH2 public key - expected ssh-rsa, found ", s) } l <- readBin(c, 1L, endian="big") exp <- readBin(c, raw(), l) l <- readBin(c, 1L, endian="big") mod <- readBin(c, raw(), l) close(c) PKI.mkRSApubkey(mod, exp, format=format) } PKI.load.OpenSSH.pubkey <- function(what, first=TRUE, format = c("DER", "PEM", "key")) { format <- match.arg(format) if (inherits(what, "connection")) what <- readLines(what) what <- what[grep("^ssh-rsa ", what)] if (length(what)) { if (isTRUE(first) && length(what) > 1L) what <- what[1L] keys <- lapply(strsplit(what, " "), function(ln) PKI.decode.SSH2(base64enc::base64decode(ln[2]), format)) if (isTRUE(first)) keys[[1]] else keys } else list() } PKI/R/x509.R0000644000176200001440000000255014633364723011743 0ustar liggesusersPKI.load.cert <- function(what, format = c("PEM", "DER"), file) { format <- match.arg(format) if (!missing(file) && !missing(what)) stop("what and file are mutually exclusive") binary <- isTRUE(format == "DER") if (!missing(file)) { what <- con <- file(file, if (binary) "rb" else "r") on.exit(close(con)) } if (inherits(what, "connection")) what <- if (binary) readBin(what, raw(), chunk) else readLines(what) if (is.character(what)) { if (binary) stop("DER format selected but input is text") i <- grep("-BEGIN CERTIFICATE-", what, fixed=TRUE) j <- grep("-END CERTIFICATE-", what, fixed=TRUE) if (length(i) >= 1L && length(j) >= 1L && i[1] < j[1]) what <- base64enc::base64decode(what[(i + 1L):(j - 1L)]) else stop("invalid PEM format") } .Call(PKI_load_DER_X509, what) } PKI.verifyCA <- function(certificate, ca, default=FALSE, partial=FALSE) .Call(PKI_verify_cert, ca, certificate, default, partial) PKI.pubkey <- function(certificate) .Call(PKI_cert_public_key, certificate) PKI.get.subject <- function(certificate) .Call(PKI_get_subject, certificate) PKI.get.cert.info <- function(certificate) { i <- .Call(PKI_get_cert_info, certificate) names(i) <- c("subject", "issuer", "fingerprint", "validity", "ca") i[[4]] <- .POSIXct(i[[4]]) i } PKI/R/oid.R0000644000176200001440000000242214633364723012007 0ustar liggesusers## OBJECT IDENTIFIERs from ASN.1 ## We use the DER encoding for its internal representation ## Methods exist for as.character() and as.integer() ## to convert them tot the textual/unencoded form ## NOTE: we only support up to 31-bit OID components ## due to R integer representation limitations ## The "type" attribute is provided for direct ## compatibility with ASN.1 functions oid <- function(x) { if (is.character(x)) { if (length(x) != 1) stop("OID character specification must be a single string") x <- as.integer(strsplit(x, ".", TRUE)[[1]]) } ## the type attribute is for ASN.1 encoding structure(if (is.raw(x)) x else .Call(PKI_int2oid, x), type=6L, class="oid") } is.oid <- function(x) inherits(x, "oid") as.oid <- function(x, ...) UseMethod("as.oid") as.oid.default <- function(x, ...) oid(x) as.character.oid <- function(x, ...) paste(.Call(PKI_oid2int, x), collapse=".") as.integer.oid <- function(x, ...) .Call(PKI_oid2int, x) print.oid <- function(x, ...) { cat(" ObjectID: ", as.character(x), "\n", sep='') invisible(x) } Ops.oid <- function(e1, e2) { if (.Generic == "==") return(identical(as.integer(e1), as.integer(e2))) if (.Generic == "!=") return(!identical(as.integer(e1), as.integer(e2))) stop("Operator not meaningful for ObjectIDs") } PKI/R/pem.R0000644000176200001440000000023514633364723012015 0ustar liggesusersPKI.pem.split <- function(what) .Call(PKI_PEM_split, what) PKI.pem.part <- function(what, body=TRUE, decode=FALSE) .Call(PKI_PEM_part, what, body, decode) PKI/R/crypt.R0000644000176200001440000000031714633364723012376 0ustar liggesusersPKI.encrypt <- function(what, key, cipher = NULL, iv = NULL) .Call(PKI_encrypt, what, key, cipher, iv) PKI.decrypt <- function(what, key, cipher = NULL, iv = NULL) .Call(PKI_decrypt, what, key, cipher, iv) PKI/NEWS0000644000176200001440000001033714633364723011413 0ustar liggesusersNEWS for PKI package 0.1-14 o improves fall-back to native crypto routines on macOS (#31) o remove calls to SETLENGTH() and copy defensively. 0.1-13 o fixed PKI.sign.tar() and PKI.verify.tar() mist-detecting tar-balls with xz (lzma) compression. Also the detection no longer fails in UTF-8 locales on systems where R attempts to interpret the magic bytes as UTF-8. (#29) o added PKI.genpass() for random password generation 0.1-12 o minor cleanup of casts to avoid spurious warnings o add support for large vector digests 0.1-11 o add PKI.info() which returns information about the underlying engine. o add support for OpenSSL >= 3.0.0 (#26) Thanks to Steve Langasek for analysis and patch. o PKI.sign.tar() avoids the use of strings for compression detection as it can fail in some locales. (#27) o added support for PKGCONFIG which defaults to pkg-config and will be used to auto-detect compiler flags if they are not provided in PKG_* or OPENSSL_INCLUDES. This behavior can be disabled by explicitly setting PKGCONFIG to an empty string. 0.1-10 o minor change of flags for UCRT Windows 0.1-9 o add default= and partial= arguments to PKI.verifyCA() o add PKI.get.cert.info() and informative print() method for certificates. o fix PKI.verify.tar to support certificates stored directly instead of wrapped inside ASN1 bit string. 0.1-8 o improve configure to use R's CPPFLAGS 0.1-7 o fix a bug in PKI.save.key when writing binary DER key to a file or connection o add defensive PROTECTs in PKI_load_DER_X509 0.1-6 o add work-around for macOS SDKs that remove libcrypto 0.1-5.1 (CRAN NMU courtesy of Brian Ripley) o added explicit C code for symbol registration 0.1-5 o use configure/autoconf o macOS: fetch OpenSSL headers from Apple if not available in the SDK 0.1-4 o add support for explicit setting of initialization vectors (iv) in PKI.encrypt() and PKI.decrypt() for ciphers that support it. (see #16) o add PKI.random() for generating cryptographically strong random bytes which can be used for keys, IVs, seeds etc. o adapt to API changes in OpenSSL 1.1 (see also PR#18) 0.1-3 2015-07-28 o fixed crash when loading private keys introduced by PR#1 in (unreleased) 0.1-2 and bring back the ability to directly read "DER"-encoded private RSA keys. o fix detection of PKCS#8 encrypted private keys in PEM format 0.1-2 (not released) o add "DER" format option to PKI.load.cert() o allow key in PKI.verify to be a certificate (which will be passed to PKI.pubkey() internally) o add experimental signing/verification of tar files using PKI.sign.tar() and PKI.verify.tar() o add support for symmetric ciphers like AES in PKI.encrypt()/PKI.decrypt() o add support for retrieving the subject of a certificate via PKI.get.subject() [PR#2, thanks to Matt Jones] o add support for PKCS#8 private key format (RFC 5208) and sign/verify/digest using SHA256. [PR#1, thanks to Siddhartha Bagaria] o bugfix: key length was incorrectly checked when using symmetric ciphers so too short keys were accepted. o bugfix: if the last block was filled during encryption, the necessary additional padding block was not generated. (#8) o bugfix: some functions did not call PKI initialization. One manifestation was that error messages were cryptic until any X.509 function was called. (#9) 0.1-1 2013-02-19 o added PKI.load.key() and PKI.save.key() functions to load/save keys from/to PEM and DER formats IMPORTANT API NOTE: PKI.load.key() replaces the (unexported) function PKI.load.privkey() in the previous PKI version. o added support for OpenSSH public key format (as used in .ssh/authorized_keys files) as well as pure PKCS#1 and SSH2 PEMs o make PEM parsing more robust to support headers o added ASN.1 tools to parse and synthesize ASN.1 formatted objects - mostly for use in key format conversions o added as.BIGNUMint() for ASN.1 BIGNUM integer format conversion o added PKI.mkRSApubkey() to create RSA public keys from modulus and exponent alone o added raw2hex() function to convert raw hashes into string format 0.1-0 2012-11-05 o first public release PKI/src/0000755000176200001440000000000014633364723011477 5ustar liggesusersPKI/src/config.h.in0000644000176200001440000000273414633364723013530 0ustar liggesusers/* src/config.h.in. Generated from configure.ac by autoheader. */ /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDIO_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Define to 1 if all of the C90 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for backward compatibility; new code need not use it. */ #undef STDC_HEADERS PKI/src/Makevars.win0000644000176200001440000000007114633364723013765 0ustar liggesusersPKG_LIBS = -lssl -lcrypto -lws2_32 -lgdi32 -lcrypt32 -lz PKI/src/register.c0000644000176200001440000000632514633364723013475 0ustar liggesusers#include #include #include // for NULL #include /* .Call calls */ extern SEXP decode_ASN1(SEXP sWhat); extern SEXP encode_ASN1(SEXP sWhat); extern SEXP PKI_asBIGNUMint(SEXP sWhat, SEXP sScalar); extern SEXP PKI_load_DER_X509(SEXP what); extern SEXP PKI_verify_cert(SEXP sCA, SEXP sCert, SEXP sDefault, SEXP sPart); extern SEXP PKI_extract_key(SEXP sKey, SEXP sPriv); extern SEXP PKI_cert_public_key(SEXP sCert); extern SEXP PKI_encrypt(SEXP what, SEXP sKey, SEXP sCipher, SEXP sIV); extern SEXP PKI_decrypt(SEXP what, SEXP sKey, SEXP sCipher, SEXP sIV); extern SEXP PKI_digest(SEXP sWhat, SEXP sMD); extern SEXP PKI_sign_RSA(SEXP what, SEXP sMD, SEXP sKey); extern SEXP PKI_verify_RSA(SEXP what, SEXP sMD, SEXP sKey, SEXP sig); extern SEXP PKI_load_private_RSA(SEXP what, SEXP sPassword); extern SEXP PKI_load_public_RSA(SEXP what); extern SEXP PKI_int2oid(SEXP sVal); extern SEXP PKI_oid2int(SEXP sVal); extern SEXP PKI_RSAkeygen(SEXP sBits); extern SEXP PKI_random(SEXP sBytes); extern SEXP PKI_sign(SEXP what, SEXP sKey, SEXP sMD, SEXP sPad); extern SEXP PKI_get_subject(SEXP sCert); extern SEXP PKI_get_cert_info(SEXP sCert); extern SEXP PKI_raw2hex(SEXP sRaw, SEXP sSep, SEXP sUpp); extern SEXP PKI_parse_pgp_key(SEXP sWhat, SEXP sRaw); extern SEXP PKI_PEM_split(SEXP sWhat); extern SEXP PKI_PEM_part(SEXP sWhat, SEXP sBody, SEXP sDecode); extern SEXP PKI_engine_info(void); static const R_CallMethodDef CallEntries[] = { {"PKI_RSAkeygen", (DL_FUNC) &PKI_RSAkeygen, 1}, {"PKI_asBIGNUMint", (DL_FUNC) &PKI_asBIGNUMint, 2}, {"PKI_cert_public_key", (DL_FUNC) &PKI_cert_public_key, 1}, {"PKI_decrypt", (DL_FUNC) &PKI_decrypt, 4}, {"PKI_digest", (DL_FUNC) &PKI_digest, 2}, {"PKI_encrypt", (DL_FUNC) &PKI_encrypt, 4}, {"PKI_engine_info", (DL_FUNC) &PKI_engine_info, 0}, {"PKI_extract_key", (DL_FUNC) &PKI_extract_key, 2}, {"PKI_get_subject", (DL_FUNC) &PKI_get_subject, 1}, {"PKI_get_cert_info", (DL_FUNC) &PKI_get_cert_info, 1}, {"PKI_int2oid", (DL_FUNC) &PKI_int2oid, 1}, {"PKI_oid2int", (DL_FUNC) &PKI_oid2int, 1}, {"PKI_load_DER_X509", (DL_FUNC) &PKI_load_DER_X509, 1}, {"PKI_load_private_RSA", (DL_FUNC) &PKI_load_private_RSA, 2}, {"PKI_load_public_RSA", (DL_FUNC) &PKI_load_public_RSA, 1}, {"PKI_parse_pgp_key", (DL_FUNC) &PKI_parse_pgp_key, 2}, {"PKI_PEM_split", (DL_FUNC) &PKI_PEM_split, 1}, {"PKI_PEM_part", (DL_FUNC) &PKI_PEM_part, 3}, {"PKI_random", (DL_FUNC) &PKI_random, 1}, {"PKI_raw2hex", (DL_FUNC) &PKI_raw2hex, 3}, {"PKI_sign_RSA", (DL_FUNC) &PKI_sign_RSA, 3}, {"PKI_verify_RSA", (DL_FUNC) &PKI_verify_RSA, 4}, {"PKI_verify_cert", (DL_FUNC) &PKI_verify_cert, 4}, {"decode_ASN1", (DL_FUNC) &decode_ASN1, 1}, {"encode_ASN1", (DL_FUNC) &encode_ASN1, 1}, {NULL, NULL, 0} }; void R_init_PKI(DllInfo *dll) { R_registerRoutines(dll, NULL, CallEntries, NULL, NULL); R_useDynamicSymbols(dll, FALSE); } PKI/src/init.c0000644000176200001440000000161714633364723012613 0ustar liggesusers#include "pki.h" static int ssl_needs_init = 1; /* in OpenSSL 3.x we may need to load the legacy provider for ciphers like Blowfish */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_LIB_CTX *PKI_ossl_ctx = NULL; static OSSL_PROVIDER *legacy_provider = NULL; static OSSL_PROVIDER *default_provider = NULL; #endif void PKI_init(void) { if (ssl_needs_init) { #if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); #else OPENSSL_init_ssl(0, 0); /* defaults correspond to the above */ #endif #if OPENSSL_VERSION_NUMBER >= 0x30000000L if (!PKI_ossl_ctx) PKI_ossl_ctx = OSSL_LIB_CTX_new(); if (PKI_ossl_ctx) { if (!legacy_provider) legacy_provider = OSSL_PROVIDER_load(PKI_ossl_ctx, "legacy"); if (!default_provider) default_provider = OSSL_PROVIDER_load(PKI_ossl_ctx, "default"); } #endif ssl_needs_init = 0; } } PKI/src/pki.h0000644000176200001440000000420214633364723012431 0ustar liggesusers#if __APPLE__ #include /* Apple has deprecated OpenSSL so it is all warnings - we just get rid of those */ #ifdef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER #undef DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER #define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER #endif #endif /* OpenSSL 3.x deprecates a lot - suppress */ #ifndef OPENSSL_SUPPRESS_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED 1 #endif #include #include #include #include #include #include #include #include #include #include #include #if OPENSSL_VERSION_NUMBER >= 0x30000000L #include /* shared library context (from init.c) */ extern OSSL_LIB_CTX *PKI_ossl_ctx; #endif #if defined __APPLE__ && defined MAC_OS_X_VERSION_10_7 && MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 /* use accelerated crypto on OS X instead of OpenSSL crypto */ /* We only use the one-shot functions normally declared in CommonCrypto/CommonDigest.h to avoid nonsensical warnings */ #define DIGEST_LEN_TYPE uint32_t extern unsigned char *CC_MD5(const void *data, uint32_t len, unsigned char *md); extern unsigned char *CC_SHA1(const void *data, uint32_t len, unsigned char *md); extern unsigned char *CC_SHA256(const void *data, uint32_t len, unsigned char *md); #ifndef __LP64__ /* 32-bit - API fully covers it, just cast */ #undef SHA1 #define SHA1(D,L,H) CC_SHA1(D, (uint32_t)(L), H) #undef SHA256 #define SHA256(D,L,H) CC_SHA256(D, (uint32_t)(L), H) #undef MD5 #define MD5(D,L,H) CC_MD5(D, (uint32_t)(L), H) #else /* 64-bit - native API only works on 32-bit lengths */ #undef SHA1 #define SHA1(D,L,H) while (1) { if ((L) >= 4294967296L) SHA1(D,L,H); else CC_SHA1(D, (uint32_t)(L), H); break; } #undef SHA256 #define SHA256(D,L,H) while (1) { if ((L) >= 4294967296L) SHA256(D,L,H); else CC_SHA256(D, (uint32_t)(L), H); break; } #undef MD5 #define MD5(D,L,H) while (1) { if ((L) >= 4294967296L) MD5(D,L,H); else CC_MD5(D, (uint32_t)(L), H); break; } #endif /* LP64 */ #endif /* OS X 10.7+ */ PKI/src/Makevars.in0000644000176200001440000000005014633364723013573 0ustar liggesusersPKG_CPPFLAGS=@CPPFLAGS@ PKG_LIBS=@LIBS@ PKI/src/pgp.c0000644000176200001440000002776514633364723012452 0ustar liggesusers#include #include typedef unsigned int plen_t; typedef unsigned int u32_t; typedef struct ppacket { int type; plen_t len; const unsigned char *data; } ppacket_t; static int parse1(ppacket_t *p, const unsigned char *r, const unsigned char *e) { plen_t len = 0; int type = 0; unsigned char h = r[0]; const unsigned char *b = r; int trunp = 0; if (!(h & 0x80)) { /* headers must have MSB set */ Rf_warning("Invalid trailing content at %lu", (unsigned long) (r - b)); return -1; } while (1) { if (h & 0x40) { /* new format */ type = h & 0x3f; if (r[0] < 192) { /* one - byte length */ len = *(r++); } else if (r[0] >= 192 && r[0] < 224) { if (r + 2 <= e) { trunp = 1; break; } len = *(r++) - 192; len <<= 8; len |= *(r++); len += 192; } else if (r[0] == 255) { int i = 0; if (r + 4 <= e) { trunp = 1; break; } r++; while (i < 4) { len <<= 8; len |= *(r++); i++; } } else Rf_error("Packets with partial body lengths are not supported"); } else { /* old format */ int ld = h & 3; type = (h >> 2) & 0xf; r++; if (r + ld + 2 >= e) { trunp = 1; break; } switch (ld) { case 0: len = *(r++); break; case 1: len = *(r++); len <<= 8; len |= *(r++); break; case 2: len = *(r++); len <<= 8; len |= *(r++); len <<= 8; len |= *(r++); len <<= 8; len |= *(r++); break; case 3: if (e - r > 2147483640) Rf_error("Packet in old format is too big"); len = (plen_t) (e - r); break; } } break; } if (trunp) Rf_error("Truncated packet at %lu (incomplete header)", (unsigned long) (r - b)); if ((unsigned long) (e - r) < (unsigned long) len) Rf_error("Truncated packet at %lu (expected %u body, got only %lu)", (unsigned long) (r - b), len, (unsigned long) (e - r)); p->type = type; p->len = len; p->data = r; return 1; } /* parse a single MPI (multiprecision integer) Note that the packet is modified to eat the parsed content. FWIW: The MPI representation in PGP uses length in bits (leading 16-bit integer) while ASN.1 uses bytes only and bigz uses 32-bit segments. This is not a problem here, but if one of those formats were to be converted back then we would have to extract teh exact precision FIXME: in theory the MSB may contain garbage, but we require it to be 0-padded. To fix we'd have to zero-out the unused bits. */ static SEXP parse_mpi(ppacket_t *p, int vlf) { SEXP res; unsigned char *dst; if (vlf) { /* EC formats use (non-MPI) var-len entries so we cover them here, too */ unsigned int len; if (p->len < 1 || p->len < (len = ((unsigned int) p->data[0])) + 1) Rf_error("Invalid or truncated variable-length field"); dst = (unsigned char*) RAW(res = allocVector(RAWSXP, len)); memcpy(dst, p->data + 1, len); p->data += len + 1; p->len -= len + 1; return res; } if (p->len < 2) Rf_error("Invalid or truncated multiprecision integer header (need 2 bytes, got %d)", (int) p->len); unsigned int mplen = (((unsigned int) p->data[0]) << 8) | ((unsigned int) p->data[1]); unsigned int mpby = (mplen + 7) / 8; dst = (unsigned char*) RAW(res = allocVector(RAWSXP, mpby)); if (mpby) { if (p->len < mpby + 2) Rf_error("Invalid or truncated multiprecision integer entry (need %d, got %d)", (int) mpby +2, (int) p->len); memcpy(dst, p->data + 2, mpby); } p->data += 2 + mpby; p->len -= 2 + mpby; return res; } /* parses OpenPGP binary payload. Note, however, that currently we only extract the Key/Sub-Key Packets and User ID Packet, all other packets are recognised, but ignored. If sRaw != FALSE then the result is simply a list of raw vectors with "type" attributes, each containing one packet. */ SEXP PKI_parse_pgp_key(SEXP sWhat, SEXP sRaw) { const unsigned char *r, *e; int raw = Rf_asInteger(sRaw) ? 1 : 0; SEXP res = PROTECT(raw ? CONS(R_NilValue, R_NilValue) : allocVector(VECSXP, 5)), rt = 0, tys = 0; SEXP lastKey = R_NilValue; if (TYPEOF(sWhat) != RAWSXP) Rf_error("Invalid input, must be a raw vector"); r = (const unsigned char *) RAW(sWhat); e = r + XLENGTH(sWhat); while (r < e) { ppacket_t p; if (parse1(&p, r, e) != 1) break; if (raw) { SEXP ne = PROTECT(allocVector(RAWSXP, p.len)); if (!rt) { SETCAR(res, ne); rt = res; } else { SEXP le = PROTECT(CONS(ne, R_NilValue)); SETCDR(rt, le); UNPROTECT(1); rt = le; } if (!tys) tys = Rf_install("type"); Rf_setAttrib(ne, tys, Rf_ScalarInteger(p.type)); memcpy(RAW(ne), p.data, p.len); UNPROTECT(1); } else { #define MAX_ALG 24 static const char *keyfmt_def[] = { /* key-specific data definitions M=MPI, V=var-len; pub/priv */ "", /* undef */ "MM/MMMM", /* RSA 1 */ "MM/MMMM", /* RSA 2 */ "MM/MMMM", /* RSA 3 */ "", "", "", "", "", "", "", "", "", "", "", "", "MMM/M", /* Elgamal 16 */ "MMMM/M", /* DSA 17 */ "VMV/M", /* ECDH 18 */ "VM/M", /* ECDSA 19 */ "", "", "VM/M", /* EdDSA 22 */ "", "" }; switch (p.type) { case 6: /* pub key */ case 14: /* pub subkey */ case 5: /* pri key */ case 7: /* pri subkey */ { const unsigned char *c = p.data; const char *names[] = { "algorithm", "public", "private", "created", "user.id", "" }; SEXP sKey = PROTECT(mkNamed(VECSXP, names)); if (p.len < 10) Rf_error("Invalid (truncated) Key packet"); if (*c == 4 || *c == 5) { int ki = 0; u32_t t = (((u32_t) c[1]) << 24) | (((u32_t) c[2]) << 16) | (((u32_t) c[3]) << 8) | ((u32_t) c[4]); unsigned int alg = (unsigned int) c[5]; ppacket_t mpi = p; const char *alg_name = ""; u32_t klen = 0; SET_VECTOR_ELT(sKey, 3, ScalarReal((double) t)); mpi.data += 6; mpi.len -= 6; if (*c == 5) { /* v5 adds key material length */ if (mpi.len < 4) Rf_error("Truncated v5 Key packet"); klen = (((u32_t) c[1]) << 24) | (((u32_t) c[2]) << 16) | (((u32_t) c[3]) << 8) | ((u32_t) c[4]); mpi.data += 4; mpi.len -= 4; if (mpi.len < klen) Rf_error("Truncated v5 Key packet (need %lu, got %lu)", (unsigned long) klen, (unsigned long) mpi.len); mpi.len = klen; } if (alg <= MAX_ALG && keyfmt_def[alg][0]) { /* only parse known algorithms */ const char *fmt = keyfmt_def[alg]; SEXP tail = 0; /* Rprintf(" known alg %d, format: '%s'\n", alg, fmt); */ while(mpi.len > 0 && *fmt && *fmt != '/') { SEXP mpe = PROTECT(parse_mpi(&mpi, *fmt == 'V')); if (!tail) { SET_VECTOR_ELT(sKey, 1, (tail = CONS(mpe, R_NilValue))); } else { SETCDR(tail, CONS(mpe, R_NilValue)); tail = CDR(tail); } UNPROTECT(1); fmt++; ki++; } if (*fmt != '/' && *fmt) Rf_error("Truncated Key packet, missing components: %s", fmt); } else if (*c == 5) { /* for v5 we can at least return the raw content */ SEXP rc = Rf_allocVector(RAWSXP, klen); SET_VECTOR_ELT(sKey, 1, rc); memcpy(RAW(rc), mpi.data, XLENGTH(rc)); } if (*c == 5) { if (mpi.len) Rf_warning("Key packet v5 parsed content does not match declared length, %d bytes left", (int) mpi.len); /* reset assuming valid length entry */ mpi = p; mpi.data += 10 + klen; mpi.len -= 10 + klen; } if (mpi.len > 2 && (p.type == 5 || p.type == 7)) { /* private keys */ unsigned int s2k = mpi.data[0]; if (s2k) Rf_warning("Private key is encrypted, skipping"); else { mpi.data++; mpi.len--; if (*c == 5) { unsigned int skip = mpi.data[0]; if (mpi.len < skip + 5) /* we also count the next 4-byte size */ Rf_error("Truncated v5 private key"); /* FIXME: we ignore the secret payload size for now (32-bit) and jsut skip over it */ mpi.data += skip + 5; mpi.len -= skip + 5; } /* ok, at this point mpi should point to the priv key secret data */ if (alg <= MAX_ALG && keyfmt_def[alg][0]) { const char *fmt = keyfmt_def[alg]; while (*fmt && *fmt != '/') fmt++; if (*(fmt++) == '/') { /* do we have private key specs ? */ SEXP tail = 0; while(mpi.len > 0 && *fmt && *fmt != '/') { SEXP mpe = PROTECT(parse_mpi(&mpi, *fmt == 'V')); if (!tail) { SET_VECTOR_ELT(sKey, 2, (tail = CONS(mpe, R_NilValue))); } else { SETCDR(tail, CONS(mpe, R_NilValue)); tail = CDR(tail); } UNPROTECT(1); fmt++; ki++; } if (*fmt != '/' && *fmt) Rf_error("Truncated Key packet, missing components: %s", fmt); } /* if there are specs, they have priv key specs so there is no else .. */ } else { /* return the rest as-is */ SEXP rc = Rf_allocVector(RAWSXP, mpi.len); SET_VECTOR_ELT(sKey, 3, rc); memcpy(RAW(rc), mpi.data, XLENGTH(rc)); } } } #if 0 /* if we ever want to parse the encrypted keys .. too complex to bother, use libraries for that ... */ unsigned int s2k = mpi.data[0], aead = 256, sea = 256, ptr = 0; mpi.data++; mpi.len--; /* s2k = 0 clear, 1..253 = sym key alg, MD5+IDEA, no salt, >= 253 followed by S2K spec */ if (s2k >= 253) { sea = mpi.data[ptr++]; /* sym enc alg */ if (a2k == 253) aead = mpi.data[ptr++]; s2k = mpi.data[1]; if (s2k != 0 && s2k != 1 && s2k != 3) Rf_error("Invalid S2K specification (%u) in private key", s2k); mpi.data++; mpi.len--; /* S2K: 0 = [hash], 1 = [hash] [salt 8], 3 = [hash] [salt 8] [count 1] */ } #endif switch(alg) { /* RFC 4880 */ case 1: case 2: case 3: alg_name = "RSA"; break; case 16: alg_name = "Elgamal"; break; case 17: alg_name = "DSA"; break; case 18: /* RFC 6637 */ alg_name = "ECDH"; break; case 19: alg_name = "ECDSA"; break; case 21: /* reserved, but has a name */ alg_name = "DH"; break; case 22: /* draft: https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/ */ alg_name = "EdDSA"; break; case 23: /* following are reserved but named (see above) */ alg_name = "AEDH"; break; case 24: alg_name = "AEDSA"; break; } SET_VECTOR_ELT(sKey, 0, mkString(alg_name)); if (p.type == 6) { /* pub key */ SEXP old = VECTOR_ELT(res, 1); if (old != R_NilValue) { SEXP x; if (TYPEOF(old) == VECSXP) SET_VECTOR_ELT(res, 1, CONS(old, R_NilValue)); x = VECTOR_ELT(res, 1); while (CDR(x) != R_NilValue) x = CDR(x); SETCDR(x, CONS(sKey, R_NilValue)); } else SET_VECTOR_ELT(res, 1, sKey); } else if (p.type == 5) { /* private key */ SEXP old = VECTOR_ELT(res, 2); if (old != R_NilValue) { SEXP x; if (TYPEOF(old) == VECSXP) SET_VECTOR_ELT(res, 2, CONS(old, R_NilValue)); x = VECTOR_ELT(res, 2); while (CDR(x) != R_NilValue) x = CDR(x); SETCDR(x, CONS(sKey, R_NilValue)); } else SET_VECTOR_ELT(res, 2, sKey); } else if (p.type == 14 || p.type == 7) { /* pub/priv subkey */ int where = (p.type == 14) ? 3 : 4; if (VECTOR_ELT(res, where) == R_NilValue) SET_VECTOR_ELT(res, where, CONS(sKey, R_NilValue)); else { SEXP x = VECTOR_ELT(res, where); while (CDR(x) != R_NilValue) x = CDR(x); SETCDR(x, CONS(sKey, R_NilValue)); } } lastKey = sKey; /* SK ALG: 0 none, ..., 7 AES128, 8 AES192, 9 AES256 */ /* HASH: 1 MD5, 2 SHA1, 3 RIPE-MD/160, 8 SHA256, 9 SHA284, 10 SHA512, 11 SHA224 */ } else Rf_error("Unsupported key packet version: %d", (int) *c); UNPROTECT(1); /* sKey */ break; } case 13: { SEXP cUID = PROTECT(mkCharLenCE((const char*) p.data, p.len, CE_UTF8)); if (lastKey != R_NilValue) SET_VECTOR_ELT(lastKey, 4, Rf_ScalarString(cUID)); SET_VECTOR_ELT(res, 0, Rf_ScalarString(cUID)); UNPROTECT(1); } break; } } r = p.data + p.len; } UNPROTECT(1); return res; } PKI/src/tools.c0000644000176200001440000000274114633364723013007 0ustar liggesusers#include #include static char stbuf[1024]; static const char hex1[] = "0123456789abcdef"; static const char hex2[] = "0123456789ABCDEF"; SEXP PKI_raw2hex(SEXP sRaw, SEXP sSep, SEXP sUpp) { int upp = asInteger(sUpp) == 1; size_t n, i, sl; const char *sep = 0; char *buf, *bp; unsigned char *data; const char *hex = upp ? hex2 : hex1; SEXP tmp = R_NilValue, res; if (TYPEOF(sRaw) != RAWSXP) Rf_error("input must be a raw vector"); if (TYPEOF(sSep) == STRSXP) { if (LENGTH(sSep) != 1) Rf_error("sep must be a single string"); sep = CHAR(STRING_ELT(sSep, 0)); } else if (sSep != R_NilValue) Rf_error("sep must be a single string"); n = (size_t) XLENGTH(sRaw); data = (unsigned char *) RAW(sRaw); if (!sep) { res = allocVector(STRSXP, n); PROTECT(res); for (i = 0; i < n; i++) { char hv[3]; hv[0] = hex[data[i] >> 4]; hv[1] = hex[data[i] & 15]; hv[2] = 0; SET_STRING_ELT(res, i, mkChar(hv)); } UNPROTECT(1); return res; } sl = (size_t) strlen(sep); if (n * (2 + sl) + 1 > sizeof(buf)) { tmp = PROTECT(allocVector(RAWSXP, n * (2 + sl) + 2)); buf = (char*) RAW(tmp); } else buf = stbuf; bp = buf; for (i = 0; i < n; i++) { const char *sp = sep; *(buf++) = hex[data[i] >> 4]; *(buf++) = hex[data[i] & 15]; if (i + 1 < n) while (*sp) *(buf++) = *(sp++); } *buf = 0; res = mkString(bp); if (tmp != R_NilValue) UNPROTECT(1); return res; } PKI/src/pem.c0000644000176200001440000002077614633364723012440 0ustar liggesusers#include #include /* sadly memmem is not POSIX and our payload is not guatanteed to the 0-terminated (and we can't terminate it since it is const char*) so we have to use a silly stopgap */ static const char *mm(const char *haystack, size_t hlen, const char *needle, size_t nlen) { const char *c = haystack; size_t left; if (!nlen) return 0; while (((left = (hlen - (c - haystack))) >= nlen) /* needle must fit */ && (c = memchr(c, needle[0], left))) { if (!memcmp(c, needle, nlen)) return c; c++; } return 0; } /* returns 0-63 for valid input or 127 on EOF */ static unsigned char val(const char **src, const char *se) { while (*src < se) { char c = **src; src[0]++; if (c >= 'A' && c <= 'Z') return c - 'A'; if (c >= 'a' && c <= 'z') return c - 'a' + 26; if (c >= '0' && c <= '9') return c - '0' + 52; if (c == '+') return 62; if (c == '/') return 63; if (c == '=') break; /* we loop as to skip any blanks, newlines etc. */ } return 127; /* EOF */ } /* src = dst is permissible since decoded is always shorter (4 -> 3) if t = NULL then the required size is returned instead */ static R_xlen_t base64decode(const char *src, R_xlen_t len, void *dst, R_xlen_t max_len) { unsigned char *t = (unsigned char*) dst, *end = t ? (t + max_len) : 0; const char *se = src + len; R_xlen_t est = 0; while ((src < se) && (!t || t < end)) { unsigned char v = val(&src, se); if (v > 63) break; if (t) *t = (unsigned char) (v << 2); v = val(&src, se); if (v < 64) { if (t) { *t |= (unsigned char) (v >> 4); if (++t == end) { if (src < se && *src == '=') break; /* correct end at padding */ return -1; } *t = (unsigned char) (v << 4); } else est++; /* 1 complete, 1 pending */ v = val(&src, se); if (v < 64) { if (t) { *t |= (unsigned char) (v >> 2); if (++t == end) { if (src < se && *src == '=') break; return -1; } *t = (unsigned char) (v << 6); } else est++; /* 2 complete, 1 pending */ v = val(&src, se); if (v < 64) { if (t) { *t |= (unsigned char) (v & 0x3f); t++; } else est++; /* 3 complete */ } } } } return t ? ((R_xlen_t) (t - (unsigned char*) dst)) : est; } static char buf[512]; /* PEM specifies "-----BEGIN (.*)-----" and so does OpenPGP, but SSH2 uses "---- BEGIN (.*) ----" so we allow "----[- ]BEGIN" */ SEXP PKI_PEM_split(SEXP sWhat) { SEXP res = PROTECT(CONS(R_NilValue, R_NilValue)), tail = 0; if (TYPEOF(sWhat) == STRSXP) { /* line-by-line */ R_xlen_t n = XLENGTH(sWhat), i = 0; while (i < n - 1) { const char *c = CHAR(STRING_ELT(sWhat, i)); if (!strncmp(c, "-----BEGIN ", 11) || !strncmp(c, "---- BEGIN ", 11)) { const char *tag = c + 11; const char *e = strstr(c + 11, "----"); if (e) { const char *te = e; R_xlen_t i0 = i + 1; size_t cmplen; SEXP sTag; while (te > tag && te[-1] == ' ') te--; if (te - tag > 256) Rf_error("Armor tag too long on line %ld: %s", (long) (i + 1), tag); sTag = PROTECT(Rf_ScalarString(mkCharLenCE(tag, (int) (te - tag), CE_UTF8))); cmplen = te - tag + 9; /* construct the tail tag by s/BEGIN/END/ */ memcpy(buf, tag - 11, 5); memcpy(buf + 5, "END ", 4); memcpy(buf + 9, tag, te - tag); buf[te - tag + 9] = 0; while (i < n) { c = CHAR(STRING_ELT(sWhat, i)); if (!strncmp(c, buf, cmplen)) break; i++; } if (i < n) { R_xlen_t j = i0; R_xlen_t psize = 0; /* compute total size */ while (j < i) { psize += strlen(CHAR(STRING_ELT(sWhat, j))) + 1; j++; } if (psize) { SEXP chunk = PROTECT(Rf_allocVector(RAWSXP, psize)); unsigned char *d = (unsigned char *)RAW(chunk); j = i0; while (j < i) { const char *cc = CHAR(STRING_ELT(sWhat, j)); size_t clen = strlen(cc); memcpy(d, cc, clen); d += clen; *(d++) = '\n'; j++; } if (tail) { SEXP nt = PROTECT(CONS(chunk, R_NilValue)); SETCDR(tail, nt); UNPROTECT(1); tail = nt; } else { SETCAR(res, chunk); tail = res; } Rf_setAttrib(chunk, Rf_install("tag"), sTag); UNPROTECT(1); } } /* i < n (= end found) */ UNPROTECT(1); /* sTag */ } /* if end ---- found */ } /* if ----[- ]BEGIN found */ i++; } /* while i < n */ } else if (TYPEOF(sWhat) == RAWSXP) { const char *src = (const char *) RAW(sWhat); const char *se = src + XLENGTH(sWhat), *c = src; while (c + 30 < se) { /* it has to fit both armor guards */ c = memchr(c, '-', se - c); if (!c) break; if (!strncmp(c, "-----BEGIN ", 11) || !strncmp(c, "---- BEGIN ", 11)) { const char *tag = c + 11; const char *e = mm(c + 11, se - c - 11, "----", 4); c += 11; if (e) { const char *te = e; SEXP sTag; size_t cmplen; while (te > tag && te[-1] == ' ') te--; if (te - tag > 256) Rf_error("Armor tag too long @%ld", (long) (tag - src)); sTag = PROTECT(Rf_ScalarString(mkCharLenCE(tag, (int) (te - tag), CE_UTF8))); cmplen = te - tag + 9; /* construct the tail tag by s/BEGIN/END/ */ memcpy(buf, tag - 11, 5); memcpy(buf + 5, "END ", 4); memcpy(buf + 9, tag, te - tag); /* find EOL */ while (e < se && (*e != '\r' && *e != '\n')) e++; if (e < se - 1 && *e == '\r' && e[1] == '\n') e++; /* handle \r\n as one */ if (e < se - 12) { /* need a lot more ... (payload, END etc.) */ /* look for end of armor */ const char *epos = mm(e + 1, (se - e) - 1, buf, cmplen); if (epos) { R_xlen_t psize = (R_xlen_t) ((epos - e) - 1); SEXP chunk = PROTECT(Rf_allocVector(RAWSXP, psize)); unsigned char *d = (unsigned char *) RAW(chunk); memcpy(d, e + 1, psize); if (tail) { SEXP nt = PROTECT(CONS(chunk, R_NilValue)); SETCDR(tail, nt); UNPROTECT(1); tail = nt; } else { SETCAR(res, chunk); tail = res; } Rf_setAttrib(chunk, Rf_install("tag"), sTag); UNPROTECT(1); c = epos + (te - tag + 9); /* but c behind the armor */ } /* if (epos) */ } UNPROTECT(1); /* sTag */ } } while (c < se && *c == '-') c++; } } else Rf_error("Invalid input type, must be either character of raw vector"); UNPROTECT(1); return (CAR(res) == R_NilValue) ? R_NilValue : res; } SEXP PKI_PEM_part(SEXP sWhat, SEXP sBody, SEXP sDecode) { int body = (Rf_asInteger(sBody) == 0) ? 0 : 1; int decode = (Rf_asInteger(sDecode) == 0) ? 0 : 1; SEXP res; const char *src, *se, *c, *he; if (TYPEOF(sWhat) != RAWSXP) Rf_error("Input must be a raw vector"); src = (const char *) RAW(sWhat); se = src + XLENGTH(sWhat); /* Note that this is merely a heuristic, each format has slightly different definitions, but mostly base64 doesn't include : and headers must either have : or a leading whitespace */ he = c = src; while (c < se) { const char *le = c; int has_col = 0; he = c; while (le < se && (*le != '\r' && *le != '\n')) { if (*le == ':') has_col = 1; le++; } /* it is has no :, doesn't start with WS and has some content then it must be body */ if (!has_col && *c != ' ' && *c != '\t' && le > c) break; if (le == c) { /* end of headers, empty line, skip to next */ while (le < se && (*le == '\n' || *le == '\r')) le++; c = le; break; } if (le + 1 < se && *le == '\r' && le[1] == '\n') le++; /* move past EOL */ c = le + 1; } /* he = first byte that is not a header c = first byte that is body */ if (body) { if (c < se) { if (decode) { R_xlen_t dsize = base64decode(c, se - c, 0, 0); if (dsize < 0) { Rf_warning("Invalid base64 content, returning empty vector"); dsize = 0; } res = Rf_allocVector(RAWSXP, dsize); if (dsize > 0) { /* this should never fail since we determined the size ahead of time ... */ if (base64decode(c, se - c, RAW(res), XLENGTH(res)) != XLENGTH(res)) { PROTECT(res); Rf_warning("Decoding base64 error, result may be incomplete"); UNPROTECT(1); } } } else { res = Rf_allocVector(RAWSXP, se - c); memcpy(RAW(res), c, XLENGTH(res)); } return res; } else { return Rf_allocVector(RAWSXP, 0); } } res = Rf_allocVector(RAWSXP, he - src); if (XLENGTH(res)) memcpy(RAW(res), src, XLENGTH(res)); return res; } PKI/src/pki-x509.c0000644000176200001440000006531614633364723013144 0ustar liggesusers#include "pki.h" #include #include #include #define USE_RINTERNALS 1 #include /* NOTE: we use d2i_RSAPrivateKey but s2i_RSA_PUBKEY (instead of s2i_RSAPublicKey) because that is what OpenSSL uses as well. PUBKEY is on X509 SubjectPublicKeyInfo format while RSAPublicKey is in PKCS#1 format. The difference in PEM files is "PUBLIC KEY" for X509 and "RSA PUBLIC KEY" for the other. Note that OpenSSL on the command line doesn't even support loading PEM with RSA PUBLIC KEY, that's why we don't even offer it as an option. */ /* from init.c */ void PKI_init(void); /* OpenSSL 1.1 has changed APIs - adapt accordingly */ #if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_PKEY_get_key_type_(X) EVP_PKEY_type((X)->type) #else #define EVP_PKEY_get_key_type_(X) EVP_PKEY_base_id(X) #endif static void PKI_free_X509(SEXP ref) { X509 *x509 = (X509*) R_ExternalPtrAddr(ref); if (x509) X509_free(x509); } static void PKI_free_EVP_PKEY(SEXP ref) { EVP_PKEY *key = (EVP_PKEY*) R_ExternalPtrAddr(ref); if (key) EVP_PKEY_free(key); } SEXP PKI_load_DER_X509(SEXP what) { SEXP res, ia; const unsigned char *ptr; X509 *x509 = 0; if (TYPEOF(what) != RAWSXP) Rf_error("what must be a raw vector containing the DER-encoded certificate"); ptr = (const unsigned char*) RAW(what); PKI_init(); x509 = d2i_X509(&x509, &ptr, LENGTH(what)); if (!x509) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = PROTECT(R_MakeExternalPtr(x509, R_NilValue, R_NilValue)); R_RegisterCFinalizerEx(res, PKI_free_X509, TRUE); setAttrib(res, R_ClassSymbol, PROTECT(mkString("X509cert"))); /* we add the content to the cert in case someone tries to serialize it */ ia = PROTECT(install("crt.DER")); setAttrib(res, ia, what); UNPROTECT(3); return res; } /* c_name is solely for error messages */ static X509 *retrieve_cert(SEXP obj, const char *c_name) { X509 *cacrt; if (!inherits(obj, "X509cert")) Rf_error("invalid %scertificate object", c_name); cacrt = (X509*) R_ExternalPtrAddr(obj); if (!cacrt) { /* check if this is NULL because it has been restored from serialization */ SEXP der = getAttrib(obj, install("crt.DER")); if (TYPEOF(der) == RAWSXP) { const unsigned char *ptr = (const unsigned char*) RAW(der); cacrt = d2i_X509(&cacrt, &ptr, LENGTH(der)); if (!cacrt) Rf_warning("Attempt to load NULL %scertificate with invalid crt.DER content", c_name); else { /* there is no SETPTR so have have to use SETCAR */ SETCAR(obj, (SEXP) cacrt); R_RegisterCFinalizerEx(obj, PKI_free_X509, TRUE); } } } if (!cacrt) Rf_error("invalid %scertificate (NULL)", c_name); return cacrt; } SEXP PKI_verify_cert(SEXP sCA, SEXP sCert, SEXP sDefault, SEXP sPart) { X509 *cert; X509_STORE *store; X509_STORE_CTX *ctx; int rv; PKI_init(); cert = retrieve_cert(sCert, ""); store = X509_STORE_new(); if (Rf_asInteger(sDefault) > 0) X509_STORE_set_default_paths(store); /* highly recommended (and default since OpenSSL 1.1.0) to avoid breakage of chains like the famous Let's Encrypt 2021 sanfu or Sectigo */ #ifdef X509_V_FLAG_TRUSTED_FIRST X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); #endif #ifdef X509_V_FLAG_PARTIAL_CHAIN if (Rf_asInteger(sPart) > 0) X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN); #endif if (TYPEOF(sCA) == VECSXP) { int i; for (i = 0; i < LENGTH(sCA); i++) X509_STORE_add_cert(store, retrieve_cert(VECTOR_ELT(sCA, i),"CA ")); } else if (sCA != R_NilValue) X509_STORE_add_cert(store, retrieve_cert(sCA, "CA ")); ctx = X509_STORE_CTX_new(); X509_STORE_CTX_init(ctx, store, cert, NULL); rv = X509_verify_cert(ctx); #if 0 /* we could print of even return the chain, this is how ... */ { int j; STACK_OF(X509) *chain = X509_STORE_CTX_get1_chain(ctx); int num_untrusted = X509_STORE_CTX_get_num_untrusted(ctx); Rprintf("Chain:\n"); for (j = 0; j < sk_X509_num(chain); j++) { X509 *cert = sk_X509_value(chain, j); X509_NAME *sname = X509_get_subject_name(cert); char buf[256]; Rprintf("depth=%d: %s", j, X509_NAME_oneline(sname, buf, sizeof(buf) - 1)); if (j < num_untrusted) Rprintf(" (untrusted)"); Rprintf("\n"); } sk_X509_pop_free(chain, X509_free); } #endif X509_STORE_CTX_free(ctx); X509_STORE_free(store); return ScalarLogical((rv == 1) ? TRUE : FALSE); } #define PKI_KT_PUBLIC 1 #define PKI_KT_PRIVATE 2 static SEXP wrap_EVP_PKEY(EVP_PKEY *key, int kt) { SEXP res = PROTECT(R_MakeExternalPtr(key, R_NilValue, R_NilValue)); R_RegisterCFinalizerEx(res, PKI_free_EVP_PKEY, TRUE); if (kt == PKI_KT_PRIVATE || kt == PKI_KT_PUBLIC) setAttrib(res, R_ClassSymbol, mkString((kt == PKI_KT_PUBLIC) ? "public.key" : "private.key")); else { SEXP cl = PROTECT(allocVector(STRSXP, 2)); SET_STRING_ELT(cl, 0, mkChar("public.key")); SET_STRING_ELT(cl, 1, mkChar("private.key")); setAttrib(res, R_ClassSymbol, cl); UNPROTECT(1); } /* FIXME: we don't have non-external payload for serialization */ UNPROTECT(1); return res; } SEXP PKI_extract_key(SEXP sKey, SEXP sPriv) { SEXP res; EVP_PKEY *key; RSA *rsa; int get_priv = asInteger(sPriv), len; if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key")) Rf_error("invalid key object"); if (get_priv == NA_INTEGER) get_priv = inherits(sKey, "private.key"); if (get_priv && !inherits(sKey, "private.key")) return R_NilValue; key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); PKI_init(); if (EVP_PKEY_get_key_type_(key) != EVP_PKEY_RSA) Rf_error("Sorry only RSA keys are supported at this point"); rsa = EVP_PKEY_get1_RSA(key); if (get_priv) { unsigned char *ptr; len = i2d_RSAPrivateKey(rsa, 0); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); ptr = (unsigned char*) RAW(res); len = i2d_RSAPrivateKey(rsa, &ptr); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); PROTECT(res); setAttrib(res, R_ClassSymbol, mkString("private.key.DER")); UNPROTECT(1); } else { unsigned char *ptr; len = i2d_RSA_PUBKEY(rsa, 0); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); ptr = (unsigned char*) RAW(res); len = i2d_RSA_PUBKEY(rsa, &ptr); if (len < 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); PROTECT(res); setAttrib(res, R_ClassSymbol, mkString("public.key.DER")); UNPROTECT(1); } return res; } SEXP PKI_cert_public_key(SEXP sCert) { X509 *cert; EVP_PKEY *key; PKI_init(); cert = retrieve_cert(sCert, ""); key = X509_get_pubkey(cert); if (!key) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); return wrap_EVP_PKEY(key, PKI_KT_PUBLIC); } static char buf[8192]; static char cipher_name[32]; static EVP_CIPHER_CTX *get_cipher(SEXP sKey, SEXP sCipher, int enc, int *transient, SEXP sIV) { EVP_CIPHER_CTX *ctx; PKI_init(); if (inherits(sKey, "symmeric.cipher")) { if (transient) transient[0] = 0; return (EVP_CIPHER_CTX*) R_ExternalPtrAddr(sCipher); } if (TYPEOF(sKey) != RAWSXP && (TYPEOF(sKey) != STRSXP || LENGTH(sKey) < 1)) Rf_error("invalid key object"); else { const char *cipher, *c_key, *c_iv = 0; size_t key_len; const EVP_CIPHER *type; if (TYPEOF(sCipher) != STRSXP || LENGTH(sCipher) != 1) Rf_error("non-RSA key and no cipher is specified"); cipher = CHAR(STRING_ELT(sCipher, 0)); if (strlen(cipher) > sizeof(cipher_name) - 1) Rf_error("invalid cipher name"); { char *c = cipher_name; while (*cipher) { if ((*cipher >= 'a' && *cipher <= 'z') || (*cipher >= '0' && *cipher <= '9')) *(c++) = *cipher; else if (*cipher >= 'A' && *cipher <= 'Z') *(c++) = *cipher + 32; cipher++; } *c = 0; cipher = (const char*) cipher_name; } if (!strcmp(cipher, "aes128") || !strcmp(cipher, "aes128cbc")) type = EVP_aes_128_cbc(); else if (!strcmp(cipher, "aes128ecb")) type = EVP_aes_128_ecb(); else if (!strcmp(cipher, "aes128ofb")) type = EVP_aes_128_ofb(); else if (!strcmp(cipher, "aes256") || !strcmp(cipher, "aes256cbc")) type = EVP_aes_256_cbc(); else if (!strcmp(cipher, "aes256ecb")) type = EVP_aes_256_ecb(); else if (!strcmp(cipher, "aes256ofb")) type = EVP_aes_256_ofb(); else if (!strcmp(cipher, "blowfish") || !strcmp(cipher, "bfcbc")) #if OPENSSL_VERSION_NUMBER >= 0x30000000L type = EVP_CIPHER_fetch(PKI_ossl_ctx, "BF-CBC", NULL); #else type = EVP_bf_cbc(); #endif else if (!strcmp(cipher, "bfecb")) #if OPENSSL_VERSION_NUMBER >= 0x30000000L type = EVP_CIPHER_fetch(PKI_ossl_ctx, "BF-ECB", NULL); #else type = EVP_bf_ecb(); #endif else if (!strcmp(cipher, "bfofb")) #if OPENSSL_VERSION_NUMBER >= 0x30000000L type = EVP_CIPHER_fetch(PKI_ossl_ctx, "BF-OFB", NULL); #else type = EVP_bf_ofb(); #endif else if (!strcmp(cipher, "bfcfb")) #if OPENSSL_VERSION_NUMBER >= 0x30000000L type = EVP_CIPHER_fetch(PKI_ossl_ctx, "BF-CFB", NULL); #else type = EVP_bf_cfb(); #endif else Rf_error("unknown cipher `%s'", CHAR(STRING_ELT(sCipher, 0))); if (TYPEOF(sIV) == STRSXP) { if (LENGTH(sIV) != 1) Rf_error("invalid IV - if used must be a string (or raw), but is string vector of length %d", (int) LENGTH(sIV)); c_iv = CHAR(STRING_ELT(sIV, 0)); size_t req_len = (size_t) EVP_CIPHER_iv_length(type); size_t iv_len = strlen(c_iv); if (iv_len < req_len) Rf_error("insufficient IV - must be %u bytes long", (unsigned int) req_len); } else if (TYPEOF(sIV) == RAWSXP) { c_iv = (const char *) RAW(sIV); size_t req_len = (size_t) EVP_CIPHER_iv_length(type); if (((size_t) LENGTH(sIV)) < req_len) Rf_error("insufficient IV - must be %u bytes long", (unsigned int) req_len); } else if (sIV != R_NilValue) Rf_error("invalid IV - must be NULL (no/empty IV), a string or a raw vector of sufficient length for the cipher"); if (TYPEOF(sKey) == STRSXP) { c_key = CHAR(STRING_ELT(sKey, 0)); key_len = strlen(c_key); } else { c_key = (const char*) RAW(sKey); key_len = (size_t) LENGTH(sKey); } if (key_len < (size_t) EVP_CIPHER_key_length(type)) Rf_error("key is too short (%u bytes) for the cipher - need %d bytes", (unsigned int) key_len, (int) EVP_CIPHER_key_length(type)); ctx = EVP_CIPHER_CTX_new(); if (!ctx) Rf_error("cannot allocate memory for cipher"); if (!EVP_CipherInit(ctx, type, (unsigned char*) c_key, (unsigned char *) c_iv, enc)) { EVP_CIPHER_CTX_free(ctx); Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); } if (transient) transient[0] = 1; return ctx; } } #if 0 static void PKI_free_cipher(SEXP sCipher) { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*) R_ExternalPtrAddr(sCipher); if (ctx) EVP_CIPHER_CTX_free(ctx); } /* FIXME: this is exposed as C symbol but not actually used anywhere ... ?!? */ /* it is not longer registered anyway ... */ SEXP PKI_sym_cipher(SEXP sKey, SEXP sCipher, SEXP sEncrypt, SEXP sIV) { SEXP res; int transient_cipher = 0; int do_enc = (asInteger(sEncrypt) != 0) ? 1 : 0; EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, do_enc, &transient_cipher, sIV); if (!transient_cipher) return sCipher; res = PROTECT(R_MakeExternalPtr(ctx, R_NilValue, R_NilValue)); R_RegisterCFinalizerEx(res, PKI_free_cipher, TRUE); setAttrib(res, R_ClassSymbol, PROTECT(mkString("symmetric.cipher"))); UNPROTECT(2); return res; } #endif SEXP PKI_encrypt(SEXP what, SEXP sKey, SEXP sCipher, SEXP sIV) { SEXP res; EVP_PKEY *key; RSA *rsa; int len; if (TYPEOF(what) != RAWSXP) Rf_error("invalid payload to sign - must be a raw vector"); if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key")) { int transient_cipher = 0; EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, 1, &transient_cipher, sIV); int block_len = EVP_CIPHER_CTX_block_size(ctx); int padding = LENGTH(what) % block_len; /* Note: padding is always required, so if the last block is full, there must be an extra block added at the end */ padding = block_len - padding; /* FIXME: ctx will leak on alloc errors for transient ciphers - wrap them first */ res = allocVector(RAWSXP, len = (LENGTH(what) + padding)); if (!EVP_CipherUpdate(ctx, RAW(res), &len, RAW(what), LENGTH(what))) { if (transient_cipher) { EVP_CIPHER_CTX_cleanup(ctx); free(ctx); } Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); } if (len < LENGTH(res)) EVP_CipherFinal(ctx, RAW(res) + len, &len); if (transient_cipher) { EVP_CIPHER_CTX_cleanup(ctx); free(ctx); } return res; } key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); if (EVP_PKEY_get_key_type_(key) != EVP_PKEY_RSA) Rf_error("Sorry only RSA keys are supported at this point"); rsa = EVP_PKEY_get1_RSA(key); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); len = RSA_public_encrypt(LENGTH(what), RAW(what), (unsigned char*) buf, rsa, RSA_PKCS1_PADDING); if (len < 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); return res; } SEXP PKI_decrypt(SEXP what, SEXP sKey, SEXP sCipher, SEXP sIV) { SEXP res; EVP_PKEY *key; RSA *rsa; int len; if (TYPEOF(what) != RAWSXP) Rf_error("invalid payload to sign - must be a raw vector"); PKI_init(); if (!inherits(sKey, "private.key")) { int transient_cipher = 0, fin = 0; EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, 0, &transient_cipher, sIV); /* FIXME: ctx will leak on alloc errors for transient ciphers - wrap them first */ res = allocVector(RAWSXP, len = LENGTH(what)); if (!EVP_CipherUpdate(ctx, RAW(res), &len, RAW(what), LENGTH(what))) { if (transient_cipher) { EVP_CIPHER_CTX_cleanup(ctx); free(ctx); } Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); } if (EVP_CipherFinal(ctx, RAW(res) + len, &fin)) len += fin; if (len < LENGTH(res)) { SEXP res2; PROTECT(res); res2 = allocVector(RAWSXP, len); memcpy(RAW(res2), RAW(res), len); res = res2; UNPROTECT(1); } if (transient_cipher) { EVP_CIPHER_CTX_cleanup(ctx); free(ctx); } return res; } key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); if (EVP_PKEY_get_key_type_(key) != EVP_PKEY_RSA) Rf_error("Sorry only RSA keys are supported at this point"); rsa = EVP_PKEY_get1_RSA(key); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); len = RSA_private_decrypt(LENGTH(what), RAW(what), (unsigned char*) buf, rsa, RSA_PKCS1_PADDING); if (len < 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); return res; } #define PKI_SHA1 1 #define PKI_SHA256 2 #define PKI_MD5 3 SEXP PKI_digest(SEXP sWhat, SEXP sMD) { SEXP res; unsigned char hash[32]; /* really, at most 20 bytes are needed */ size_t len, what_len; int md = asInteger(sMD); const unsigned char *what; PKI_init(); if (TYPEOF(sWhat) == RAWSXP) { what = (const unsigned char*) RAW(sWhat); what_len = (size_t) XLENGTH(sWhat); } else if (TYPEOF(sWhat) == STRSXP) { if (LENGTH(sWhat) < 1) return allocVector(RAWSXP, 0); /* good? */ what = (const unsigned char*) CHAR(STRING_ELT(sWhat, 0)); what_len = strlen((const char*) what); } else Rf_error("what must be a string or a raw vector"); switch (md) { case PKI_SHA1: SHA1(what, what_len, hash); len = SHA_DIGEST_LENGTH; break; case PKI_SHA256: SHA256(what, what_len, hash); len = SHA256_DIGEST_LENGTH; break; case PKI_MD5: MD5(what, what_len, hash); len = MD5_DIGEST_LENGTH; break; default: Rf_error("unsupported hash function"); len = 0; /* dead code but needed to appease compilers */ } res = allocVector(RAWSXP, len); memcpy(RAW(res), hash, len); return res; } SEXP PKI_sign_RSA(SEXP what, SEXP sMD, SEXP sKey) { SEXP res; int md = asInteger(sMD), type; EVP_PKEY *key; RSA *rsa; unsigned int siglen = sizeof(buf); switch (md) { case PKI_MD5: type = NID_md5; break; case PKI_SHA1: type = NID_sha1; break; case PKI_SHA256: type = NID_sha256; break; default: Rf_error("unsupported hash type"); } if (TYPEOF(what) != RAWSXP || (md == PKI_MD5 && LENGTH(what) != MD5_DIGEST_LENGTH) || (md == PKI_SHA1 && LENGTH(what) != SHA_DIGEST_LENGTH) || (md == PKI_SHA256 && LENGTH(what) != SHA256_DIGEST_LENGTH)) Rf_error("invalid hash"); if (!inherits(sKey, "private.key")) Rf_error("key must be RSA private key"); key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); PKI_init(); if (EVP_PKEY_get_key_type_(key) != EVP_PKEY_RSA) Rf_error("key must be RSA private key"); rsa = EVP_PKEY_get1_RSA(key); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); if (RSA_sign(type, (const unsigned char*) RAW(what), LENGTH(what), (unsigned char *) buf, &siglen, rsa) != 1) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, siglen); memcpy(RAW(res), buf, siglen); return res; } SEXP PKI_verify_RSA(SEXP what, SEXP sMD, SEXP sKey, SEXP sig) { int md = asInteger(sMD), type; EVP_PKEY *key; RSA *rsa; switch (md) { case PKI_MD5: type = NID_md5; break; case PKI_SHA1: type = NID_sha1; break; case PKI_SHA256: type = NID_sha256; break; default: Rf_error("unsupported hash type"); } if (TYPEOF(what) != RAWSXP || (md == PKI_MD5 && LENGTH(what) != MD5_DIGEST_LENGTH) || (md == PKI_SHA1 && LENGTH(what) != SHA_DIGEST_LENGTH) || (md == PKI_SHA256 && LENGTH(what) != SHA256_DIGEST_LENGTH)) Rf_error("invalid hash"); if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key")) Rf_error("key must be RSA public or private key"); key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); if (EVP_PKEY_get_key_type_(key) != EVP_PKEY_RSA) Rf_error("key must be RSA public or private key"); rsa = EVP_PKEY_get1_RSA(key); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); return ScalarLogical( /* FIXME: sig is not const in RSA_verify - that is odd so in theory in may modify sig ... */ (RSA_verify(type, (const unsigned char*) RAW(what), LENGTH(what), (unsigned char *) RAW(sig), LENGTH(sig), rsa) == 1) ? TRUE : FALSE); } SEXP PKI_load_private_RSA(SEXP what, SEXP sPassword) { EVP_PKEY *key = 0; BIO *bio_mem; if (TYPEOF(sPassword) != STRSXP || LENGTH(sPassword) != 1) Rf_error("Password must be a string"); PKI_init(); if (TYPEOF(what) == RAWSXP) { /* assuming binary DER format */ RSA *rsa = 0; const unsigned char *ptr; ptr = (const unsigned char *) RAW(what); rsa = d2i_RSAPrivateKey(&rsa, &ptr, LENGTH(what)); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key, rsa); } else if (TYPEOF(what) == STRSXP && LENGTH(what)) { SEXP b64Key = STRING_ELT(what, 0); bio_mem = BIO_new_mem_buf((void *) CHAR(b64Key), -1); key = PEM_read_bio_PrivateKey(bio_mem, 0, 0, (void*) CHAR(STRING_ELT(sPassword, 0))); BIO_free(bio_mem); if (!key) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); } else Rf_error("Private key must be a character or raw vector"); return wrap_EVP_PKEY(key, PKI_KT_PRIVATE); } SEXP PKI_load_public_RSA(SEXP what) { EVP_PKEY *key; RSA *rsa = 0; const unsigned char *ptr; if (TYPEOF(what) != RAWSXP) Rf_error("key must be a raw vector"); PKI_init(); ptr = (const unsigned char *) RAW(what); rsa = d2i_RSA_PUBKEY(&rsa, &ptr, LENGTH(what)); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key, rsa); return wrap_EVP_PKEY(key, PKI_KT_PUBLIC); } SEXP PKI_RSAkeygen(SEXP sBits) { EVP_PKEY *key; RSA *rsa; int bits = asInteger(sBits); if (bits < 512) Rf_error("invalid key size"); PKI_init(); #if OPENSSL_VERSION_NUMBER < 0x10100000L rsa = RSA_generate_key(bits, 65537, 0, 0); if (!rsa) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); #else /* How to make simple things really complicated ... */ rsa = RSA_new(); if (!rsa) Rf_error("cannot allocate RSA key: %s", ERR_error_string(ERR_get_error(), NULL)); { BIGNUM *e = BN_new(); if (!e) { RSA_free(rsa); Rf_error("cannot allocate exponent: %s", ERR_error_string(ERR_get_error(), NULL)); } BN_set_word(e, 65537); if (RSA_generate_key_ex(rsa, bits, e, NULL) <= 0) { BN_free(e); RSA_free(rsa); Rf_error("cannot generate key: %s", ERR_error_string(ERR_get_error(), NULL)); } BN_free(e); } #endif key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key, rsa); return wrap_EVP_PKEY(key, PKI_KT_PRIVATE | PKI_KT_PUBLIC); } SEXP PKI_random(SEXP sBytes) { int len = asInteger(sBytes); SEXP res; if (len < 0) Rf_error("invalid number of bytes requested - must be 0 .. 2^32-1"); res = allocVector(RAWSXP, len); PKI_init(); if (!RAND_bytes((unsigned char*) RAW(res), len)) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); return res; } #if 0 /* FIXME: this requires openssl 1.0 or higher - not acceptable at this point */ #define PKI_MD5 1 #define PKI_SHA1 2 #define PKI_SHA256 3 #define PKI_PKCS1 1 /*#define PKI_ */ SEXP PKI_sign(SEXP what, SEXP sKey, SEXP sMD, SEXP sPad) { SEXP res; EVP_PKEY *key; EVP_PKEY_CTX *ctx; int mdt, padt, r; size_t sl; if (TYPEOF(what) != RAWSXP) Rf_error("invalid payload to sign - must be a raw vector"); if (!inherits(sKey, "private.key")) Rf_error("key must be RSA private key"); PKI_init(); mdt = asInteger(sMD); padt = asInteger(sPad); key = (EVP_PKEY*) R_ExternalPtrAddr(sKey); if (!key) Rf_error("NULL key"); ctx = EVP_PKEY_CTX_new(key); if (!ctx || EVP_PKEY_sign_init(ctx) <= 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); switch (padt) { case PKI_PKCS1: default: r = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING); } if (r <= 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); switch (mdt) { case PKI_MD5: r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_md5()); break; case PKI_SHA1: r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()); break; default: case PKI_SHA256: r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); break; } if (r <= 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); sl = sizeof(buf); if (EVP_PKEY_sign(ctx, buf, &sl, (const unsigned char*) RAW(what), LENGTH(what)) <= 0) Rf_error("%s", ERR_error_string(ERR_get_error(), NULL)); res = allocVector(RAWSXP, sl); memcpy(RAW(res), buf, sl); EVP_PKEY_CTX_free(ctx); return res; } #endif /* Return the Subject of an X509 Certificate by wrapping the OpenSSL X509_get_subject_name() function. */ SEXP PKI_get_subject(SEXP sCert) { SEXP res; X509 *cert; BIO *mem = BIO_new(BIO_s_mem()); long len; char *txt = 0; PKI_init(); cert = retrieve_cert(sCert, ""); if (X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, (XN_FLAG_ONELINE | ASN1_STRFLGS_UTF8_CONVERT) & ~ASN1_STRFLGS_ESC_MSB) < 0) { BIO_free(mem); Rf_error("X509_NAME_print_ex failed with %s", ERR_error_string(ERR_get_error(), NULL)); } len = BIO_get_mem_data(mem, &txt); if (len < 0 || len > 2147483646) { BIO_free(mem); Rf_error("cannot get memory buffer, %s", ERR_error_string(ERR_get_error(), NULL)); } res = PROTECT(allocVector(STRSXP, 1)); SET_STRING_ELT(res, 0, mkCharLenCE(txt, (int) len, CE_UTF8)); UNPROTECT(1); BIO_free(mem); return res; } #include static char cibuf[512]; static double ASN1_TIME2d(const ASN1_TIME* time) { int pday, psec; ASN1_TIME *epoch; double d; #if OPENSSL_VERSION_NUMBER < 0x10002000L Rf_warning("OpenSSL is too old and does not support ASN1 time differences"); return NA_REAL; #else epoch = ASN1_TIME_set(0, 0); ASN1_TIME_diff(&pday, &psec, epoch, time); ASN1_STRING_free(epoch); d = (double) pday; d *= 86400.0; d += (double) psec; return d; #endif } SEXP PKI_get_cert_info(SEXP sCert) { #define FPLEN 20 /* size of the fingerprint - here SHA1 */ const EVP_MD *digest = EVP_sha1(); SEXP res = PROTECT(Rf_allocVector(VECSXP, 5)); int rc; unsigned len; X509 *cert; double *ts; PKI_init(); cert = retrieve_cert(sCert, ""); cibuf[sizeof(cibuf) - 1] = 0; *cibuf = 0; X509_NAME_oneline(X509_get_subject_name(cert), cibuf, sizeof(cibuf) - 1); SET_VECTOR_ELT(res, 0, Rf_mkString(cibuf)); X509_NAME_oneline(X509_get_issuer_name(cert), cibuf, sizeof(cibuf) - 1); SET_VECTOR_ELT(res, 1, Rf_mkString(cibuf)); len = FPLEN; rc = X509_digest(cert, digest, (unsigned char*) cibuf, &len); if (rc && len == FPLEN) { SEXP sFP; SET_VECTOR_ELT(res, 2, (sFP = allocVector(RAWSXP, len))); memcpy(RAW(sFP), cibuf, len); } ts = REAL(SET_VECTOR_ELT(res, 3, Rf_allocVector(REALSXP, 2))); ts[0] = ASN1_TIME2d(X509_get_notBefore(cert)); ts[1] = ASN1_TIME2d(X509_get_notAfter(cert)); SET_VECTOR_ELT(res, 4, Rf_ScalarLogical(X509_check_ca(cert))); UNPROTECT(1); return res; } /* NOTE: we are intentionally not using macros since thay may not match the actual run-time version. The only exception is OPENSSL_VERSION_TEXT where we have no other choice */ SEXP PKI_engine_info(void) { char sver[48]; const char *names[] = { "engine", "version", "description", "" }; SEXP res = PROTECT(mkNamed(VECSXP, names)); #if OPENSSL_VERSION_NUMBER >= 0x10100000L unsigned long ver = OpenSSL_version_num(); #else unsigned long ver = OPENSSL_VERSION_NUMBER; #endif #ifdef LIBRESSL_VERSION_NUMBER SET_VECTOR_ELT(res, 0, mkString("libressl")); #else SET_VECTOR_ELT(res, 0, mkString("openssl")); #endif sver[sizeof(sver) - 1] = 0; snprintf(sver, sizeof(sver) - 1, "%u.%u", (unsigned int) (ver >> 28), (unsigned int) ((ver >> 20) & 255)); SET_VECTOR_ELT(res, 1, ScalarReal(atof(sver))); #if OPENSSL_VERSION_NUMBER >= 0x30000000L SET_VECTOR_ELT(res, 2, mkString(OpenSSL_version(OPENSSL_FULL_VERSION_STRING))); #else # ifdef OPENSSL_VERSION_TEXT SET_VECTOR_ELT(res, 2, mkString(OPENSSL_VERSION_TEXT)); # else snprintf(sver, sizeof(sver) - 1, "%s %d.%d.%d%c", # ifdef LIBRESSL_VERSION_NUMBER "LibreSSL", # else "OpenSSL", # endif (unsigned int) (ver >> 28), (unsigned int) ((ver >> 20) & 255), (unsigned int) ((ver >> 12) & 255), (char) (((ver >> 8) & 31) + 0x60)); SET_VECTOR_ELT(res, 2, mkString(sver)); # endif #endif UNPROTECT(1); return res; } PKI/src/asn1.c0000644000176200001440000002226114633364723012510 0ustar liggesusers#include #include static SEXP decode_ASN1_bytes(unsigned char *d, unsigned int l, unsigned int *ptr) { unsigned int i = 0; int cl = d[i++]; if (i < l) { unsigned int len = d[i++]; if (len > 127) { unsigned int nb = len - 128; if (i + nb > l) Rf_error("truncated ASN.1 object"); if (nb > 4) Rf_error("too large ASN.1 object"); len = 0; while (nb) { len <<= 8; len |= d[i++]; nb--; } } if (i + len > l) Rf_error("truncated ASN.1 object"); /* Rprintf(" %p: type 0x%02x len %d\n", d, cl, len); */ if (cl == 0x30) { /* sequence */ SEXP rl = R_NilValue, tl = R_NilValue, res; unsigned int si = i, n = 0; while (i - si < len) { unsigned int i_off = 0; SEXP v = decode_ASN1_bytes(d + i, si + len - i, &i_off); i += i_off; if (rl == R_NilValue) tl = rl = PROTECT(CONS(v, R_NilValue)); else tl = SETCDR(tl, CONS(v, R_NilValue)); n++; } res = PROTECT(allocVector(VECSXP, n)); if (rl != R_NilValue) { unsigned int j = 0; while (rl != R_NilValue) { SET_VECTOR_ELT(res, j++, CAR(rl)); rl = CDR(rl); } UNPROTECT(1); } UNPROTECT(1); if (ptr) *ptr = i; return res; } else { /* everything else we just return as raw with "type" attribute */ int unused = -1; if (cl == 3) {/* bit string - take out the unused bits number */ unused = d[i++]; len--; } { SEXP res = PROTECT(allocVector(RAWSXP, len)); SEXP clo = PROTECT(ScalarInteger(cl)); memcpy(RAW(res), d + i, len); setAttrib(res, install("type"), clo); if (unused != -1) { SEXP ub = PROTECT(ScalarInteger(unused)); setAttrib(res, install("padded.bits"), ub); UNPROTECT(1); } UNPROTECT(2); if (ptr) *ptr = i + len; return res; } } } Rf_error("truncated ASN.1 object"); /* unreachable */ return R_NilValue; } SEXP decode_ASN1(SEXP sWhat) { if (TYPEOF(sWhat) != RAWSXP) Rf_error("ASN.1 object must be a raw vector"); return decode_ASN1_bytes((unsigned char*) RAW(sWhat), (unsigned int) LENGTH(sWhat), 0); } static unsigned char *encode_ASN1_bytes(unsigned char *d, unsigned int max_len, SEXP sWhat) { unsigned int i = 0; if (max_len < 16) Rf_error("too large object"); if (TYPEOF(sWhat) == RAWSXP) { SEXP ty = getAttrib(sWhat, install("type")); unsigned int len = LENGTH(sWhat); unsigned char unused = 0; int cl; if (ty == R_NilValue) Rf_error("raw object without type - cannot encode"); cl = d[i++] = (unsigned char) asInteger(ty); if (cl == 3) { SEXP ub = getAttrib(sWhat, install("unused.bits")); if (ub != R_NilValue) unused = (unsigned char) asInteger(ub); len++; } if (len < 128) d[i++] = (unsigned char) len; else { unsigned int nb = 0, l0 = len, nb0; while (l0) { l0 >>= 8; nb++; } d[i++] = (unsigned char) (nb + 128); nb0 = nb; l0 = len; while (nb) { d[i + --nb] = (unsigned char) l0; l0 >>= 8; } i += nb0; } if (i + len + 2 > max_len) Rf_error("too large object"); if (cl == 3) { d[i++] = unused; len--; } memcpy(d + i, RAW(sWhat), len); return d + i + len; } else if (TYPEOF(sWhat) == VECSXP) { unsigned int i0 = i, len = 0, n = LENGTH(sWhat), j, shift_by; unsigned char *e; d[i++] = 0x30; /* reserve some space for the length - we use at most 32-bits */ i += 5; e = d + i; for (j = 0; j < n; j++) { unsigned char *en = encode_ASN1_bytes(e, max_len - i, VECTOR_ELT(sWhat, j)); i += en - e; e = en; } len = (unsigned int) (e - (d + i0 + 6)); shift_by = 4; if (len < 128) d[i0 + 1] = (unsigned char) len; else { unsigned int l0 = len, nb = 0; while (l0) { l0 >>= 8; nb++; } e = d + i0 + 1; *(e++) = (unsigned char) (nb + 128); l0 = len; while (l0) { e[--nb] = (unsigned char) l0; l0 >>= 8; shift_by--; } } if (shift_by) memmove(d + i0 + 6 - shift_by, d + i0 + 6, len); return d + i0 + 6 - shift_by + len; } else Rf_error("ASN.1 objects to be wrapped must be either lists or raw vectors"); /* unreachable */ return 0; } SEXP encode_ASN1(SEXP sWhat) { unsigned int max_len = 1024*1024; SEXP tmp = PROTECT(allocVector(RAWSXP, max_len)), res; unsigned char *e = encode_ASN1_bytes((unsigned char*) RAW(tmp), LENGTH(tmp), sWhat); res = allocVector(RAWSXP, e - (unsigned char*) RAW(tmp)); memcpy(RAW(res), RAW(tmp), LENGTH(res)); UNPROTECT(1); return res; } static SEXP bigz2bignum(const unsigned int *bz) { SEXP res = allocVector(RAWSXP, 1 + bz[0] * 4); unsigned char *c = (unsigned char *) RAW(res); unsigned int i; *(c++) = 0; /* we may need a leading zero */ /* FIXME: we handle only positive numbers */ for (i = 2; i < bz[0] + 2; i++) { *(c++) = bz[i] >> 24; *(c++) = (bz[i] >> 16) & 255; *(c++) = (bz[i] >> 8) & 255; *(c++) = bz[i] & 255; } c = (unsigned char*) RAW(res); for (i = 0; i < LENGTH(res); i++) if (c[i]) break; if (c[i] > 127) i--; if (i > 0) { SEXP res2; PROTECT(res); res2 = allocVector(RAWSXP, LENGTH(res) - i); memcpy(RAW(res2), c + i, LENGTH(res) - i); res = res2; UNPROTECT(1); } return res; } SEXP PKI_int2oid(SEXP sVal) { int np = 0; unsigned char buf[128], *dst = buf, *e = buf + sizeof(buf) - 6; const unsigned int *v; SEXP res; int i = 2, n; if (TYPEOF(sVal) == REALSXP) { sVal = PROTECT(coerceVector(sVal, INTSXP)); np++; } if (TYPEOF(sVal) != INTSXP) Rf_error("OID specification must be a vector of integers"); v = (const unsigned int*) INTEGER(sVal); n = LENGTH(sVal); if (n < 3) Rf_error("Invalid OID"); *(dst++) = (unsigned char)(v[0] * 40 + v[1]); while (i < n && dst < e) { unsigned int x = v[i++]; if (x > 127) { /* since we have only 32-bits that measn at most 5 encoded bytes */ char rev[8], *r = rev; while (x > 0) { *(r++) = (x & 0x7f) | 0x80; x >>= 7; } while (r > rev) *(dst++) = *(--r); dst[-1] &= 0x7f; /* clear the last MSB */ } else *(dst++) = (unsigned char) x; } res = Rf_allocVector(RAWSXP, dst - buf); memcpy(RAW(res), buf, LENGTH(res)); if (np) UNPROTECT(np); return res; } SEXP PKI_oid2int(SEXP sVal) { SEXP res; int len = 2; int i = 1, n; const unsigned char *r, *re; unsigned int *iv; if (TYPEOF(sVal) != RAWSXP) Rf_error("Input must be a raw vector"); r = (const unsigned char*) RAW(sVal); n = LENGTH(sVal); re = r + n; /* count the total number of entries (w/o the leading two) */ while (i < n) if ((r[i++] & 0x80) == 0) len++; res = Rf_allocVector(INTSXP, len); iv = (unsigned int*) INTEGER(res); iv[0] = r[0] / 40; iv[1] = r[0] - (40 * iv[0]); r++; i = 2; while (i < len) { unsigned int v = 0; while(r < re) { unsigned int nx = *(r++); v |= (nx & 0x7f); if ((nx & 0x80) == 0) break; v <<= 7; } iv[i++] = v; } return res; } /* BIGNUM is a big-endian integer with the additional rule that the first MSB is the sign, so for positive integers (like here) the first byte must be <128 hence a leading 00 is needed if the first byte was to start with the MSB set */ static SEXP long2bignum(unsigned long v) { unsigned char buf[9], *c = buf + 8; SEXP res; if (v < 128) { SEXP res = allocVector(RAWSXP, 1); RAW(res)[0] = (unsigned char) v; return res; } while (v) { *(c--) = (unsigned char) v; v >>= 8; } if (c[1] < 128) c++; /* move back if leading zero is not needed */ res = allocVector(RAWSXP, buf + 9 - c); memcpy(RAW(res), c, LENGTH(res)); return res; } SEXP PKI_asBIGNUMint(SEXP sWhat, SEXP sScalar) { int scalar = asInteger(sScalar) == TRUE; if (inherits(sWhat, "bigz")) { const unsigned int *bz; if (TYPEOF(sWhat) != RAWSXP || LENGTH(sWhat) < 4) Rf_error("invalid bigz format"); bz = (const unsigned int*) RAW(sWhat); if (scalar) { if (bz == 0) Rf_error("attempt to use zero-length vector as scalar"); return bigz2bignum(bz + 1); } else { SEXP res = PROTECT(allocVector(VECSXP, bz[0])); unsigned int i, j = 1; for (i = 0; i < bz[0]; i++) { SET_VECTOR_ELT(res, i, bigz2bignum(bz + j)); j += bz[j] + 1; } UNPROTECT(1); return res; } } if (TYPEOF(sWhat) == REALSXP) { if (scalar) { if (!LENGTH(sWhat)) Rf_error("attempt to use zero-length vector as scalar"); return long2bignum((unsigned long) asReal(sWhat)); } else { unsigned int i, n = LENGTH(sWhat); SEXP res = PROTECT(allocVector(VECSXP, n)); const double *d = REAL(sWhat); for (i = 0; i < n; i++) SET_VECTOR_ELT(res, i, long2bignum((unsigned long) d[i])); UNPROTECT(1); return res; } } if (TYPEOF(sWhat) == INTSXP) { if (scalar) { if (!LENGTH(sWhat)) Rf_error("attempt to use zero-length vector as scalar"); return long2bignum((unsigned long) asInteger(sWhat)); } else { unsigned int i, n = LENGTH(sWhat); SEXP res = PROTECT(allocVector(VECSXP, n)); const int *d = INTEGER(sWhat); for (i = 0; i < n; i++) SET_VECTOR_ELT(res, i, long2bignum((unsigned long) d[i])); UNPROTECT(1); return res; } } Rf_error("unsupported type to convert"); /* unreachable */ return R_NilValue; } PKI/NAMESPACE0000644000176200001440000000111314633364723012123 0ustar liggesusersuseDynLib(PKI, .registration = TRUE) export(PKI.load.cert, PKI.verifyCA, PKI.verify, PKI.sign, PKI.pubkey, PKI.encrypt, PKI.decrypt, PKI.genRSAkey, PKI.digest, PKI.save.key, PKI.load.key, raw2hex, ASN1.encode, ASN1.decode, ASN1.item, ASN1.type, as.BIGNUMint, PKI.mkRSApubkey, PKI.load.OpenSSH.pubkey, PKI.sign.tar, PKI.verify.tar, PKI.get.subject, PKI.get.cert.info, PKI.random, PKI.info, PKI.genpass, as.oid, is.oid, oid) import(base64enc) S3method(print, X509cert) S3method(print, oid) S3method(as.character, oid) S3method(as.integer, oid) S3method(as.oid, default) S3method(Ops, oid) PKI/LICENSE0000644000176200001440000004072314633364723011723 0ustar liggesusers [Summary: GPL-2 with OpenSSL linking exception] PKI Copyright (C) 2011-2015 Simon Urbanek This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library - see http://www.openssl.org/), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. Full text of GPL-2 follows: GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS PKI/configure.ac0000644000176200001440000001016014633364723013174 0ustar liggesusers# Process this file with autoconf to produce a configure script. AC_INIT([PKI],[0.1],[Simon.Urbanek@r-project.org]) AC_CONFIG_SRCDIR([src/pki.h]) AC_CONFIG_HEADERS([src/config.h]) # find R home and set CC/CFLAGS : ${R_HOME=`R RHOME`} if test -z "${R_HOME}"; then echo "could not determine R_HOME" exit 1 fi RBIN="${R_HOME}/bin/R" # pick all flags for testing from R : ${CC=`"${RBIN}" CMD config CC`} : ${CFLAGS=`"${RBIN}" CMD config CFLAGS`} : ${CPPFLAGS=`"${RBIN}" CMD config CPPFLAGS`} : ${LDFLAGS=`"${RBIN}" CMD config LDFLAGS`} : ${CPP="$CC -E"} : ${PKGCONFIG=pkg-config} # honor PKG_xx overrides LIBS="${LIBS} ${PKG_LIBS}" # for CPPFLAGS we will superfluously double R's flags # since we'll set PKG_CPPFLAGS with this, but that shouldn't hurt CPPFLAGS="${CPPFLAGS} ${PKG_CPPFLAGS}" AC_SUBST(R_HOME) AC_ARG_VAR([OPENSSL_INCLUDES],[optional path to the include directory for OpenSSL headers]) AC_ARG_VAR([PKG_CPPFLAGS],[additional pre-processor flags]) AC_ARG_VAR([PKG_LIBS],[additional linker library flags]) AC_ARG_VAR([PKGCONFIG],[command to use for flags detection if none are supplied, defaults to pkg-config]) if test "x${OPENSSL_INCLUDES}" != x; then CPPFLAGS="${CPPFLAGS} -I${OPENSSL_INCLUDES}" else if test x"${PKG_CPPFLAGS}" = x -a x"${PKG_LIBS}" = x -a x"$PKGCONFIG" != x; then AC_MSG_CHECKING([for $PKGCONFIG]) if $PKGCONFIG --version >/dev/null 2>&1; then AC_MSG_RESULT(yes) AC_MSG_CHECKING([whether it knows about openssl]) if $PKGCONFIG openssl; then AC_MSG_RESULT(yes) PC_CFLAGS=`$PKGCONFIG --cflags openssl` PC_LIBS=`$PKGCONFIG --libs openssl` AC_MSG_NOTICE([CFLAGS: ${PC_CFLAGS}]) AC_MSG_NOTICE([LIBS: ${PC_LIBS}]) CPPFLAGS="${CPPFLAGS} ${PC_CFLAGS}" LIBS="${LIBS} ${PC_LIBS}" else AC_MSG_RESULT(no) fi else AC_MSG_RESULT(no) fi fi fi # Checks for programs. AC_PROG_CC AC_CHECK_HEADER([openssl/ssl.h],,[ if test "`uname -s`" = Darwin; then AC_MSG_NOTICE([Missing OpenSSL headers on macOS,]) AC_MSG_NOTICE([attempting to get headers from Apple...]) mkdir tmp cd tmp curl -L https://opensource.apple.com/tarballs/OpenSSL098/OpenSSL098-59.tar.gz | tar fxz - if test -e OpenSSL098-59/src/include/openssl; then mkdir ../src/include mv OpenSSL098-59/src/include/openssl ../src/include else AC_MSG_ERROR([Failed to download OpenSSL sources from Apple. Please install OpenSSL headers before installing PKI.]) fi cd .. rm -rf tmp CPPFLAGS="-Iinclude -Isrc/include ${CPPFLAGS}" AS_UNSET([ac_cv_header_openssl_ssl_h]) AC_CHECK_HEADER([openssl/ssl.h],,[AC_MSG_ERROR([Failed to find usable OpenSSL headers])]) fi ]) # check RSA/crypto AC_CHECK_HEADER([openssl/rsa.h], [AC_SEARCH_LIBS(RSA_generate_key_ex, [crypto ssl openssl],, [ works=no ## more Darwin woes - Catalina SDK removes crypto, so we have to force ## the .dylib itself from the system since -l only searches in the SDK if test "`uname -s`" = Darwin; then AC_MSG_NOTICE([Regular linking failed, trying force-link crypto from system location:]) for lib in /usr/lib/libcrypto.dylib; do save_LIBS="$LIBS" LIBS="$LIBS $lib" AC_LINK_IFELSE([AC_LANG_FUNC_LINK_TRY(RSA_generate_key_ex)], [works=yes], [LIBS="${save_LIBS}"]) if test $works = yes; then AC_MSG_NOTICE([Found working library: $lib]) break; fi done fi if test "$works" = no; then AC_MSG_ERROR([Cannot find usable crypto library. Please install openssl-dev or equivalent and/or set PKG_LIBS if not in default location.]) fi ])], [AC_MSG_ERROR([Failed to find usable ssl headers. Please install openssl-dev or equivalent and/or set PKG_LIBS/PKG_CPPFLAGS if not in default location.])] ) # check SSL support AC_CHECK_HEADER([openssl/ssl.h], [AC_SEARCH_LIBS(SSL_CTX_load_verify_locations, [ssl openssl],, [AC_MSG_ERROR([Cannot find usable SSL library])])], [AC_MSG_ERROR([Failed to find usable SSL library. Please install openssl-dev or equivalent and/or set PKG_LIBS if not in default location.])] ) AC_SUBST(LIBS) AC_SUBST(CPPFLAGS) AC_CONFIG_FILES([src/Makevars]) AC_OUTPUT PKI/inst/0000755000176200001440000000000014633364723011665 5ustar liggesusersPKI/inst/certs/0000755000176200001440000000000014633364723013005 5ustar liggesusersPKI/inst/certs/RForge-ca.crt0000644000176200001440000000343614633364723015272 0ustar liggesusers-----BEGIN CERTIFICATE----- MIIFEzCCAvsCFDoQpUVtVz1st9xah2hor0o351djMA0GCSqGSIb3DQEBCwUAMEYx CzAJBgNVBAYTAk5aMRYwFAYDVQQDDA1jYS5yZm9yZ2UubmV0MR8wHQYJKoZIhvcN AQkBFhBhZG1pbkByZm9yZ2UubmV0MB4XDTIxMDgyOTAxNTI0OVoXDTMxMDgyNzAx NTI0OVowRjELMAkGA1UEBhMCTloxFjAUBgNVBAMMDWNhLnJmb3JnZS5uZXQxHzAd BgkqhkiG9w0BCQEWEGFkbWluQHJmb3JnZS5uZXQwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQDH9kw8zQL3hNLfpaUdsSrNj/wPJNvTDBC+N7svTY6QB6y/ uzQY3e0s3mFQ7ukLWCmYcM2TM0v2yj3uX8Itp02LZSzhb+iwHLHgKhb7f/5XgmNU utAMwZw+42PE7IExo9k/E7IIbnCsrK/CaNHTHhKCIoJa3gvhEFTVmBKprsyA9RqS 1nKcCnz+IHaMig7YkN5rVSM90cufkoQsGTjImp/Y95f0HJJweI7zmjv42H0yza2C 6eIg+6kqqlgVzQ5cgNUfOBqN7xgsFGPVsKbo4F4cQuUv4hAViD6Vc3iOaTNi8J0j ALWYHeIrmHgQ5K00MASTXQ9xQ9tTMjAQd74UqZV60CrzFBj/A9Ltgmad6VM7eRlG Ba+yD9dO32MqfUO3ISfHA4v0Iq+bHvQB7qDBpvXcBijdj1SSxj4ZDb4ekTch2Qbp Y0XwNcgS+x3seg9h24nDiGgkXqvdiYvJEkWPZWbHBu/G+2GPnZXKUP6gEa5PH2vW em9yxr0moQaaV5KtdDq5XXNI+Gei9uLS08UE845FPlQtRG3cn0PN5d7hemdw6J3r YxwVzXopDyHiBk6sDtICCHY74FMPEgT1X7JH8dsPz79fS+LQYkiwlcPX4LO4onoc 1JTIHg3+Ok2ZwIePcPVe37A86VqT1fjjF9I/dvNmeMAiks0RCiWCfzo3TxV2iwID AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCtKj8qkiuflGqtINF4P7aTboqITVVXvUQR sGbL9xNHUA684mxwYV2MLCp7AsC9VFat3VgG5Zm/ZoKyPDmsCsmKPC0CjPZXJV45 P2rz6IHw6A+cca1HKmySww7Oz2qOGssqFnpMs00eiucFxgyAmXi9zwOUc4582xf6 xYyq9mxvHRW+IvFFIIUiKgUxuuehOaAG3b0/vq5mQ4E58J/oYYUGe4f1ug0H9anU 4P4JGrS8z15XA9tE3klsNZJ4z+8HJKYg5D7Fplja6Fx/bG/dsczMyvKd5gTYV3DH 9HCMwj5CFNcDE9Lhv3zCONAwKda6MhlaZaFSSFeQxV8Sb8MMe9i7miMa3lIuUlMa e0wcviG70ID5aKCeOFbqZ47D+HBKbcNb52gaODpiwFodJvy49OTyiYL+Kim6qaMj 5I7+YBWaPJ5OZs2HA5Q4Cy3AqlzSmE0ml187xeWOcRlScfaMttPRMZqAnjr72lVb +kuk9oRKKdRuqwkJxVbqNUAsvpFADuon3s9F4hujIJzLXh298tT/HSd+1jTVa9Ov PZUSc+4SJ5o5MqYX4TQKMRQFRx1vERdFM3nU7y1apPOmQ6AKrWKSEpZbL9TZ6tnl MZAzTKbiVFq0D69zJlngJR/BUREdS9MMSoU7kgrT3Nz7ZoxcxkAXt/ogZ6a2ZEBi 3ILaZUhIyg== -----END CERTIFICATE----- PKI/inst/certs/demo.crt0000644000176200001440000000263014633364723014444 0ustar liggesusers-----BEGIN CERTIFICATE----- MIID9TCCAd0CFH8IbAXsz88Ul8itwzIrCKq5dcqiMA0GCSqGSIb3DQEBCwUAMEYx CzAJBgNVBAYTAk5aMRYwFAYDVQQDDA1jYS5yZm9yZ2UubmV0MR8wHQYJKoZIhvcN AQkBFhBhZG1pbkByZm9yZ2UubmV0MB4XDTIxMTAxMjIyMDkwOFoXDTI2MTAxMTIy MDkwOFowKDELMAkGA1UEBhMCTloxGTAXBgNVBAoMEFJGb3JnZSBEZW1vIENlcnQw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrRxlQCFwFvFI4Glsa4GUR EUehM/nixJbtYcP7NNcr+ttuoetPTRT7xX8DhzxkLQG+k4lVjXSZAYYbFYl0maJe QqoRfTXaE5o35rr3l5Z6RdDKcmQhZHzgLqzoX4kvhzyiyJY+GHTW30S14umGu9y6 vyzhPF1LkrQ5ObLC5Z70kTWX/L6MOmY87Oda7xVnwl4NeTiNjWeeNs2rWMc3yEzt UdtQLGcH30yJswLV4BuS+X4+Bdam7JfVPdq/bhEf4xtlgdDj+Kr3LPV08ohYQgWs 2W1vs0jXoweQGTqEEH5jmu8C9wJxc5cf+IrD104WI5xqXh7T7g4pzkDujBlmVelf AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAI3rZpS5oAkHipcx4L3BydLDV40RxdAa g+taGuENQH0dZJhdAPvIz1U6PlgqTxxQ78eLijvlFjh/BTYgG2pJs4CHyyyTHqgV i9Uga0/wCnkz90DrYVDakCPNLeiczRxcivj6iH1L3kNUsY4WD3zGEOeQbsc/N/fg aQuj3OzN0ZGoGXDAE3HWasT1eqImMyHP8ZsHbO+eHPlg+Z2CkBT38CcsU2taOJw2 2iXypYd7pTO7JNzTrbmX6QEt9lB5RU6Z6h+pd7J5OqAQlApHY1xJFTbnsal53/YD NnmnK9W9Lj/qItcmF8PCEBTy6StAeb5US0SZ+WQsp6TGiiDctkARS6Q3o5A4pB4+ jFP9zWcn8GxpYqVwxSzCRIU7rLUUv7T0CYHQLre2ZCh0DK8s5GBeIYBA4Ygj1GCj C2XcI5GUOk/CFrb2YIz7MLD7eb+SpqqQZcA59PC/jrAKYMax4Ckonzv7GSAL0uE+ /GoWHWXtLgvebChoIIIvpo5jnyPlixiI9MlUW/RK3GyGrGPoYyt5o3QTnclREqAC +RkFGELTuG16ibY5s7QU5DqILzZbuxDTXSEZwVXkQj/j6UJnxL9XfAXdVqL550eT chN+RkyAL7tamiZUj1mD5pCffP7wtIz02GD+lkRUQtl4ZEg5KlbMCyYPtWhsFbI+ UdGIo92UUBm8 -----END CERTIFICATE----- PKI/configure0000755000176200001440000042106514633364735012632 0ustar liggesusers#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.71 for PKI 0.1. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, # Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi # Reset variables that may have inherited troublesome values from # the environment. # IFS needs to be set, to space, tab, and newline, in precisely that order. # (If _AS_PATH_WALK were called with IFS unset, it would have the # side effect of setting IFS to empty, thus disabling word splitting.) # Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl IFS=" "" $as_nl" PS1='$ ' PS2='> ' PS4='+ ' # Ensure predictable behavior from utilities with locale-dependent output. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # We cannot yet rely on "unset" to work, but we need these variables # to be unset--not just set to an empty or harmless value--now, to # avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct # also avoids known problems related to "unset" and subshell syntax # in other old shells (e.g. bash 2.01 and pdksh 5.2.14). for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH do eval test \${$as_var+y} \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done # Ensure that fds 0, 1, and 2 are open. if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="as_nop=: if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else \$as_nop case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : else \$as_nop exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1" if (eval "$as_required") 2>/dev/null then : as_have_required=yes else $as_nop as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$as_shell as_have_required=yes if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null then : break 2 fi fi done;; esac as_found=false done IFS=$as_save_IFS if $as_found then : else $as_nop if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes fi fi if test "x$CONFIG_SHELL" != x then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno then : printf "%s\n" "$0: This script requires a shell more modern than all" printf "%s\n" "$0: the shells that I found on your system." if test ${ZSH_VERSION+y} ; then printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." else printf "%s\n" "$0: Please tell bug-autoconf@gnu.org and $0: Simon.Urbanek@r-project.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_nop # --------- # Do nothing but, unlike ":", preserve the value of $?. as_fn_nop () { return $? } as_nop=as_fn_nop # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null then : eval 'as_fn_append () { eval $1+=\$2 }' else $as_nop as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null then : eval 'as_fn_arith () { as_val=$(( $* )) }' else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_nop # --------- # Do nothing but, unlike ":", preserve the value of $?. as_fn_nop () { return $? } as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } # Determine whether it's possible to make 'echo' print without a newline. # These variables are no longer used directly by Autoconf, but are AC_SUBSTed # for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac # For backward compatibility with old third-party macros, we provide # the shell variables $as_echo and $as_echo_n. New code should use # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. as_echo='printf %s\n' as_echo_n='printf %s' rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='PKI' PACKAGE_TARNAME='pki' PACKAGE_VERSION='0.1' PACKAGE_STRING='PKI 0.1' PACKAGE_BUGREPORT='Simon.Urbanek@r-project.org' PACKAGE_URL='' ac_unique_file="src/pki.h" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_STDIO_H # include #endif #ifdef HAVE_STDLIB_H # include #endif #ifdef HAVE_STRING_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_header_c_list= ac_subst_vars='LTLIBOBJS LIBOBJS OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC PKGCONFIG PKG_LIBS PKG_CPPFLAGS OPENSSL_INCLUDES R_HOME target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir runstatedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking ' ac_precious_vars='build_alias host_alias target_alias OPENSSL_INCLUDES PKG_CPPFLAGS PKG_LIBS PKGCONFIG CC CFLAGS LDFLAGS LIBS CPPFLAGS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -runstatedir | --runstatedir | --runstatedi | --runstated \ | --runstate | --runstat | --runsta | --runst | --runs \ | --run | --ru | --r) ac_prev=runstatedir ;; -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ | --run=* | --ru=* | --r=*) runstatedir=$ac_optarg ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures PKI 0.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/pki] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of PKI 0.1:";; esac cat <<\_ACEOF Some influential environment variables: OPENSSL_INCLUDES optional path to the include directory for OpenSSL headers PKG_CPPFLAGS additional pre-processor flags PKG_LIBS additional linker library flags PKGCONFIG command to use for flags detection if none are supplied, defaults to pkg-config CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for configure.gnu first; this name is used for a wrapper for # Metaconfig's "Configure" on case-insensitive file systems. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF PKI configure 0.1 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest.beam if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext then : ac_retval=0 else $as_nop printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 printf %s "checking for $2... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" else $as_nop eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext } then : ac_retval=0 else $as_nop printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link ac_configure_args_raw= for ac_arg do case $ac_arg in *\'*) ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append ac_configure_args_raw " '$ac_arg'" done case $ac_configure_args_raw in *$as_nl*) ac_safe_unquote= ;; *) ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab. ac_unsafe_a="$ac_unsafe_z#~" ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g" ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;; esac cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by PKI $as_me 0.1, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac printf "%s\n" "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Sanitize IFS. IFS=" "" $as_nl" # Save into config.log some information that might help in debugging. { echo printf "%s\n" "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo printf "%s\n" "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then printf "%s\n" "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then printf "%s\n" "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && printf "%s\n" "$as_me: caught signal $ac_signal" printf "%s\n" "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h printf "%s\n" "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. if test -n "$CONFIG_SITE"; then ac_site_files="$CONFIG_SITE" elif test "x$prefix" != xNONE; then ac_site_files="$prefix/share/config.site $prefix/etc/config.site" else ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi for ac_site_file in $ac_site_files do case $ac_site_file in #( */*) : ;; #( *) : ac_site_file=./$ac_site_file ;; esac if test -f "$ac_site_file" && test -r "$ac_site_file"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 printf "%s\n" "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 printf "%s\n" "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Test code for whether the C compiler supports C89 (global declarations) ac_c_conftest_c89_globals=' /* Does the compiler advertise C89 conformance? Do not test the value of __STDC__, because some compilers set it to 0 while being otherwise adequately conformant. */ #if !defined __STDC__ # error "Compiler does not advertise C89 conformance" #endif #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated as an "x". The following induces an error, until -std is added to get proper ANSI mode. Curiously \x00 != x always comes out true, for an array size at least. It is necessary to write \x00 == 0 to get something that is true only with -std. */ int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) '\''x'\'' int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), int, int);' # Test code for whether the C compiler supports C89 (body of main). ac_c_conftest_c89_main=' ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); ' # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' // Does the compiler advertise C99 conformance? #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare // FILE and stderr. #define debug(...) dprintf (2, __VA_ARGS__) #define showlist(...) puts (#__VA_ARGS__) #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) static void test_varargs_macros (void) { int x = 1234; int y = 5678; debug ("Flag"); debug ("X = %d\n", x); showlist (The first, second, and third items.); report (x>y, "x is %d but y is %d", x, y); } // Check long long types. #define BIG64 18446744073709551615ull #define BIG32 4294967295ul #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) #if !BIG_OK #error "your preprocessor is broken" #endif #if BIG_OK #else #error "your preprocessor is broken" #endif static long long int bignum = -9223372036854775807LL; static unsigned long long int ubignum = BIG64; struct incomplete_array { int datasize; double data[]; }; struct named_init { int number; const wchar_t *name; double average; }; typedef const char *ccp; static inline int test_restrict (ccp restrict text) { // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) continue; return 0; } // Check varargs and va_copy. static bool test_varargs (const char *format, ...) { va_list args; va_start (args, format); va_list args_copy; va_copy (args_copy, args); const char *str = ""; int number = 0; float fnumber = 0; while (*format) { switch (*format++) { case '\''s'\'': // string str = va_arg (args_copy, const char *); break; case '\''d'\'': // int number = va_arg (args_copy, int); break; case '\''f'\'': // float fnumber = va_arg (args_copy, double); break; default: break; } } va_end (args_copy); va_end (args); return *str && number && fnumber; } ' # Test code for whether the C compiler supports C99 (body of main). ac_c_conftest_c99_main=' // Check bool. _Bool success = false; success |= (argc != 0); // Check restrict. if (test_restrict ("String literal") == 0) success = true; char *restrict newvar = "Another string"; // Check varargs. success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); test_varargs_macros (); // Check flexible array members. struct incomplete_array *ia = malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; // Check named initializers. struct named_init ni = { .number = 34, .name = L"Test wide string", .average = 543.34343, }; ni.number = 58; int dynamic_array[ni.number]; dynamic_array[0] = argv[0][0]; dynamic_array[ni.number - 1] = 543; // work around unused variable warnings ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' || dynamic_array[ni.number - 1] != 543); ' # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' // Does the compiler advertise C11 conformance? #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif // Check _Alignas. char _Alignas (double) aligned_as_double; char _Alignas (0) no_special_alignment; extern char aligned_as_int; char _Alignas (0) _Alignas (int) aligned_as_int; // Check _Alignof. enum { int_alignment = _Alignof (int), int_array_alignment = _Alignof (int[100]), char_alignment = _Alignof (char) }; _Static_assert (0 < -_Alignof (int), "_Alignof is signed"); // Check _Noreturn. int _Noreturn does_not_return (void) { for (;;) continue; } // Check _Static_assert. struct test_static_assert { int x; _Static_assert (sizeof (int) <= sizeof (long int), "_Static_assert does not work in struct"); long int y; }; // Check UTF-8 literals. #define u8 syntax error! char const utf8_literal[] = u8"happens to be ASCII" "another string"; // Check duplicate typedefs. typedef long *long_ptr; typedef long int *long_ptr; typedef long_ptr long_ptr; // Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. struct anonymous { union { struct { int i; int j; }; struct { int k; long int l; } w; }; int m; } v1; ' # Test code for whether the C compiler supports C11 (body of main). ac_c_conftest_c11_main=' _Static_assert ((offsetof (struct anonymous, i) == offsetof (struct anonymous, w.k)), "Anonymous union alignment botch"); v1.i = 2; v1.w.k = 5; ok |= v1.i != 5; ' # Test code for whether the C compiler supports C11 (complete). ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} ${ac_c_conftest_c99_globals} ${ac_c_conftest_c11_globals} int main (int argc, char **argv) { int ok = 0; ${ac_c_conftest_c89_main} ${ac_c_conftest_c99_main} ${ac_c_conftest_c11_main} return ok; } " # Test code for whether the C compiler supports C99 (complete). ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} ${ac_c_conftest_c99_globals} int main (int argc, char **argv) { int ok = 0; ${ac_c_conftest_c89_main} ${ac_c_conftest_c99_main} return ok; } " # Test code for whether the C compiler supports C89 (complete). ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} int main (int argc, char **argv) { int ok = 0; ${ac_c_conftest_c89_main} return ok; } " as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers src/config.h" # find R home and set CC/CFLAGS : ${R_HOME=`R RHOME`} if test -z "${R_HOME}"; then echo "could not determine R_HOME" exit 1 fi RBIN="${R_HOME}/bin/R" # pick all flags for testing from R : ${CC=`"${RBIN}" CMD config CC`} : ${CFLAGS=`"${RBIN}" CMD config CFLAGS`} : ${CPPFLAGS=`"${RBIN}" CMD config CPPFLAGS`} : ${LDFLAGS=`"${RBIN}" CMD config LDFLAGS`} : ${CPP="$CC -E"} : ${PKGCONFIG=pkg-config} # honor PKG_xx overrides LIBS="${LIBS} ${PKG_LIBS}" # for CPPFLAGS we will superfluously double R's flags # since we'll set PKG_CPPFLAGS with this, but that shouldn't hurt CPPFLAGS="${CPPFLAGS} ${PKG_CPPFLAGS}" if test "x${OPENSSL_INCLUDES}" != x; then CPPFLAGS="${CPPFLAGS} -I${OPENSSL_INCLUDES}" else if test x"${PKG_CPPFLAGS}" = x -a x"${PKG_LIBS}" = x -a x"$PKGCONFIG" != x; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $PKGCONFIG" >&5 printf %s "checking for $PKGCONFIG... " >&6; } if $PKGCONFIG --version >/dev/null 2>&1; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether it knows about openssl" >&5 printf %s "checking whether it knows about openssl... " >&6; } if $PKGCONFIG openssl; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } PC_CFLAGS=`$PKGCONFIG --cflags openssl` PC_LIBS=`$PKGCONFIG --libs openssl` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CFLAGS: ${PC_CFLAGS}" >&5 printf "%s\n" "$as_me: CFLAGS: ${PC_CFLAGS}" >&6;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LIBS: ${PC_LIBS}" >&5 printf "%s\n" "$as_me: LIBS: ${PC_LIBS}" >&6;} CPPFLAGS="${CPPFLAGS} ${PC_CFLAGS}" LIBS="${LIBS} ${PC_LIBS}" else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi fi fi # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args. set dummy ${ac_tool_prefix}clang; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}clang" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "clang", so it can be a program name with args. set dummy clang; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="clang" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi fi test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion -version; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 printf %s "checking whether the C compiler works... " >&6; } ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else $as_nop ac_file='' fi if test -z "$ac_file" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 printf "%s\n" "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 printf %s "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else $as_nop { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 printf "%s\n" "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 printf %s "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_nop printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes else $as_nop ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ac_compiler_gnu=$ac_cv_c_compiler_gnu if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+y} ac_save_CFLAGS=$CFLAGS { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 else $as_nop ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes else $as_nop CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : else $as_nop ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi ac_prog_cc_stdc=no if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 else $as_nop ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c11_program _ACEOF for ac_arg in '' -std=gnu11 do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_c11=$ac_arg fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } else $as_nop if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } CC="$CC $ac_cv_prog_cc_c11" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 ac_prog_cc_stdc=c11 fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 else $as_nop ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c99_program _ACEOF for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_c99=$ac_arg fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } else $as_nop if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } CC="$CC $ac_cv_prog_cc_c99" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 ac_prog_cc_stdc=c99 fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 else $as_nop ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c89_program _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } else $as_nop if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } CC="$CC $ac_cv_prog_cc_c89" fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 ac_prog_cc_stdc=c89 fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_header= ac_cache= for ac_item in $ac_header_c_list do if test $ac_cache; then ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then printf "%s\n" "#define $ac_item 1" >> confdefs.h fi ac_header= ac_cache= elif test $ac_header; then ac_cache=$ac_item else ac_header=$ac_item fi done if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes then : printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h fi ac_fn_c_check_header_compile "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_ssl_h" = xyes then : else $as_nop if test "`uname -s`" = Darwin; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Missing OpenSSL headers on macOS," >&5 printf "%s\n" "$as_me: Missing OpenSSL headers on macOS," >&6;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: attempting to get headers from Apple..." >&5 printf "%s\n" "$as_me: attempting to get headers from Apple..." >&6;} mkdir tmp cd tmp curl -L https://opensource.apple.com/tarballs/OpenSSL098/OpenSSL098-59.tar.gz | tar fxz - if test -e OpenSSL098-59/src/include/openssl; then mkdir ../src/include mv OpenSSL098-59/src/include/openssl ../src/include else as_fn_error $? "Failed to download OpenSSL sources from Apple. Please install OpenSSL headers before installing PKI." "$LINENO" 5 fi cd .. rm -rf tmp CPPFLAGS="-Iinclude -Isrc/include ${CPPFLAGS}" { ac_cv_header_openssl_ssl_h=; unset ac_cv_header_openssl_ssl_h;} ac_fn_c_check_header_compile "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_ssl_h" = xyes then : else $as_nop as_fn_error $? "Failed to find usable OpenSSL headers" "$LINENO" 5 fi fi fi # check RSA/crypto ac_fn_c_check_header_compile "$LINENO" "openssl/rsa.h" "ac_cv_header_openssl_rsa_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_rsa_h" = xyes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_generate_key_ex" >&5 printf %s "checking for library containing RSA_generate_key_ex... " >&6; } if test ${ac_cv_search_RSA_generate_key_ex+y} then : printf %s "(cached) " >&6 else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ char RSA_generate_key_ex (); int main (void) { return RSA_generate_key_ex (); ; return 0; } _ACEOF for ac_lib in '' crypto ssl openssl do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO" then : ac_cv_search_RSA_generate_key_ex=$ac_res fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext if test ${ac_cv_search_RSA_generate_key_ex+y} then : break fi done if test ${ac_cv_search_RSA_generate_key_ex+y} then : else $as_nop ac_cv_search_RSA_generate_key_ex=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_generate_key_ex" >&5 printf "%s\n" "$ac_cv_search_RSA_generate_key_ex" >&6; } ac_res=$ac_cv_search_RSA_generate_key_ex if test "$ac_res" != no then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else $as_nop works=no ## more Darwin woes - Catalina SDK removes crypto, so we have to force ## the .dylib itself from the system since -l only searches in the SDK if test "`uname -s`" = Darwin; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Regular linking failed, trying force-link crypto from system location:" >&5 printf "%s\n" "$as_me: Regular linking failed, trying force-link crypto from system location:" >&6;} for lib in /usr/lib/libcrypto.dylib; do save_LIBS="$LIBS" LIBS="$LIBS $lib" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define RSA_generate_key_ex to an innocuous variant, in case declares RSA_generate_key_ex. For example, HP-UX 11i declares gettimeofday. */ #define RSA_generate_key_ex innocuous_RSA_generate_key_ex /* System header to define __stub macros and hopefully few prototypes, which can conflict with char RSA_generate_key_ex (); below. */ #include #undef RSA_generate_key_ex /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char RSA_generate_key_ex (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_RSA_generate_key_ex || defined __stub___RSA_generate_key_ex choke me #endif int main (void) { return RSA_generate_key_ex (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO" then : works=yes else $as_nop LIBS="${save_LIBS}" fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test $works = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Found working library: $lib" >&5 printf "%s\n" "$as_me: Found working library: $lib" >&6;} break; fi done fi if test "$works" = no; then as_fn_error $? "Cannot find usable crypto library. Please install openssl-dev or equivalent and/or set PKG_LIBS if not in default location." "$LINENO" 5 fi fi else $as_nop as_fn_error $? "Failed to find usable ssl headers. Please install openssl-dev or equivalent and/or set PKG_LIBS/PKG_CPPFLAGS if not in default location." "$LINENO" 5 fi # check SSL support ac_fn_c_check_header_compile "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_ssl_h" = xyes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_CTX_load_verify_locations" >&5 printf %s "checking for library containing SSL_CTX_load_verify_locations... " >&6; } if test ${ac_cv_search_SSL_CTX_load_verify_locations+y} then : printf %s "(cached) " >&6 else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ char SSL_CTX_load_verify_locations (); int main (void) { return SSL_CTX_load_verify_locations (); ; return 0; } _ACEOF for ac_lib in '' ssl openssl do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO" then : ac_cv_search_SSL_CTX_load_verify_locations=$ac_res fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext if test ${ac_cv_search_SSL_CTX_load_verify_locations+y} then : break fi done if test ${ac_cv_search_SSL_CTX_load_verify_locations+y} then : else $as_nop ac_cv_search_SSL_CTX_load_verify_locations=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_CTX_load_verify_locations" >&5 printf "%s\n" "$ac_cv_search_SSL_CTX_load_verify_locations" >&6; } ac_res=$ac_cv_search_SSL_CTX_load_verify_locations if test "$ac_res" != no then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else $as_nop as_fn_error $? "Cannot find usable SSL library" "$LINENO" 5 fi else $as_nop as_fn_error $? "Failed to find usable SSL library. Please install openssl-dev or equivalent and/or set PKG_LIBS if not in default location." "$LINENO" 5 fi ac_config_files="$ac_config_files src/Makevars" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 printf "%s\n" "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi # Reset variables that may have inherited troublesome values from # the environment. # IFS needs to be set, to space, tab, and newline, in precisely that order. # (If _AS_PATH_WALK were called with IFS unset, it would have the # side effect of setting IFS to empty, thus disabling word splitting.) # Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl IFS=" "" $as_nl" PS1='$ ' PS2='> ' PS4='+ ' # Ensure predictable behavior from utilities with locale-dependent output. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # We cannot yet rely on "unset" to work, but we need these variables # to be unset--not just set to an empty or harmless value--now, to # avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct # also avoids known problems related to "unset" and subshell syntax # in other old shells (e.g. bash 2.01 and pdksh 5.2.14). for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH do eval test \${$as_var+y} \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done # Ensure that fds 0, 1, and 2 are open. if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS case $as_dir in #((( '') as_dir=./ ;; */) ;; *) as_dir=$as_dir/ ;; esac test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null then : eval 'as_fn_append () { eval $1+=\$2 }' else $as_nop as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null then : eval 'as_fn_arith () { as_val=$(( $* )) }' else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # Determine whether it's possible to make 'echo' print without a newline. # These variables are no longer used directly by Autoconf, but are AC_SUBSTed # for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac # For backward compatibility with old third-party macros, we provide # the shell variables $as_echo and $as_echo_n. New code should use # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. as_echo='printf %s\n' as_echo_n='printf %s' rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by PKI $as_me 0.1, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Report bugs to ." _ACEOF ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ PKI config.status 0.1 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" Copyright (C) 2021 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) printf "%s\n" "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) printf "%s\n" "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX printf "%s\n" "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "src/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;; "src/Makevars") CONFIG_FILES="$CONFIG_FILES src/Makevars" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 printf "%s\n" "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`printf "%s\n" "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || printf "%s\n" X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi PKI/man/0000755000176200001440000000000014633364723011463 5ustar liggesusersPKI/man/X509.Rd0000644000176200001440000001077414633364723012430 0ustar liggesusers\name{X509} \alias{X509} \alias{PKI.load.cert} \alias{PKI.verifyCA} \alias{PKI.pubkey} \alias{PKI.get.subject} \alias{PKI.get.cert.info} \title{ Public Key Instraftructure (X509) functions } \description{ \code{PKI.load.cert} creates a certificate object from a string, connection or file. \code{PKI.verifyCA} verifies a certificate against a given chain of trust. \code{PKI.pubkey} extracts public key from a certificate. \code{PKI.get.subject} extracts the subject name from the certificate. \code{PKI.get.cert.info} decodes information from the certificate. } \usage{ PKI.load.cert(what, format = c("PEM", "DER"), file) PKI.verifyCA(certificate, ca, default = FALSE, partial = FALSE) PKI.pubkey(certificate) PKI.get.subject(certificate) PKI.get.cert.info(certificate) } \arguments{ \item{what}{string, raw vector or connection to load the certificate from} \item{format}{format used to encode the certificate} \item{file}{filename to load the certificate from - \code{what} and \code{file} are mutually exclusive} \item{certificate}{a certificate object (as returned by \code{PKI.load.cert})} \item{ca}{a certificate object of the Certificate Authority (CA) or a list of such objects if a chain of certificates is involved} \item{default}{logical, if \code{TRUE} then root CAs known to OpenSSL will be added to the trust store. In that case \code{ca} can also be \code{NULL} if the certificate is directly signed by the root CA (very uncommon).} \item{partial}{logical, if \code{TRUE} then the CAs listed in \code{ca} are trusted even if they are neither root nor self-signed CAs.} } \details{ \code{PKI.verifyCA} is used to verify the validity of a certificate by following a chain of trust. In the most simple case the certificate was issued by a certificate authority (CA) directly, which has a self-signed certificate. This is typically the case when you (or your organization) have created your own CA for internal use. In that case you only need to supply that CA's certificate to \code{ca} and that's it. It is also possible that your self-signed CA issued an intermediate certificate - if that is the case then pass a list of both certificates (order doesn't matter) to \code{ca}. Another use case is that you have a certificate which has been issued by publicly trusted CA - this is commonly the case with SSL certificates used by web servers. In that case, the chain doesn't end with an internal self-signed certificate, but instead it will end with a publicly known root CA. OpenSSL manages a list of such trusted CAs and you can check against them with \code{default=TRUE}. However, in most cases your certificate won't be issued directly by a root CA, but by an intermetiate authority so you have to pass the intermediate certificate(s) in the \code{ca} argument. Finally, it is sometimes possible that the default list of trusted certificates does not include the root CA that you need. If that is the case, and you still want to trust that chain, you can set \code{partial=TRUE} and then \code{PKI.verifyCA} will trust the certificates provided in \code{ca} unconditinally, even if they don't lead to a trusted root or are not self-signed. Note, however, that this is the least secure option and you should only use it if the certificates are supplied by you and not the user. If you want to support user-supplied intermediate certificates then you can use \code{PKI.verifyCA} first to verify the integrity of the user-supplied chain with \code{partial=TRUE} and then verify just the intermediate certificate against your trusted certificate. That way you won't trust the intermediate certificate inadvertently. } \value{ \code{PKI.load.cert}: a certificate object \code{PKI.verifyCA}: \code{TRUE} is the certificate can be trusted, \code{FALSE} otherwise \code{PKI.pubkey}: public key object \code{PKI.get.subject}: string containing the subject information in one-line RFC2253 format but in UTF8 encoding instead of MBS escapes. NOTE: this is experimantal, we may choose to parse the contents and return it in native R form as a named vector instead. } %\references{ %} \author{ Simon Urbanek } %\note{ %} %\seealso{ %} \examples{ (ca <- PKI.load.cert(file=system.file("certs", "RForge-ca.crt", package="PKI"))) (my.cert <- PKI.load.cert(readLines(system.file("certs", "demo.crt", package="PKI")))) PKI.verifyCA(my.cert, ca) PKI.pubkey(my.cert) PKI.get.subject(my.cert) PKI.get.cert.info(my.cert) } \keyword{manip} PKI/man/oid.Rd0000644000176200001440000000605314633364723012531 0ustar liggesusers\name{oid} \alias{oid} \alias{as.oid} \alias{as.oid.default} \alias{as.oid.integer} \alias{as.character.oid} \alias{as.integer.oid} \alias{is.oid} \alias{Ops.oid} \alias{print.oid} \title{ OBJECT IDENTIFIER Functions } \description{ Object Identifiers (OIDs) are entities defined by international standards (ITU-T, ISO, IEC) used to identify objects. In the PKI context they are used for example to identify encyrption algorithms. Each root (first integer - see below) denotes the standards body governing the allocations. OIDs consist of a hierarchy of integers with each component having a meaning in the hierarchy. For example, the OID of the DER encoding is defined in the ITU-T X.680 standard as \code{joint-iso-itu-t(2) asn1(1) ber-derived(2) distinguished-encoding(1)} where the text before each integer describes its meaning in that context and the integer is the encoding of that meaning. So the OID itself would be in character form \code{"2.1.2.1"} (also called the dot notation introduced by IETF) and in R integer form \code{c(2, 1, 2, 1)}. Internally, OIDs are represented in their ASN.1 encoding as raw vectors which is the way they are typically used in files or communication payload. The following functions are used to operate on OIDs. \code{oid} creates an OID. Coercion methods \code{as.integer} and \code{as.character} convert the OID into its numeric and textural form respectively. \code{as.oid} is a generic for convering objects into OIDs and is implemented for at least the above cases. \code{is.oid} returns \code{TRUE} if the object is an OID. } \usage{ oid(x) as.oid(x, ...) \method{as.oid}{default}(x, ...) is.oid(x) \method{Ops}{oid}(e1, e2) \method{print}{oid}(x, ...) \method{as.character}{oid}(x, ...) \method{as.integer}{oid}(x, ...) } \arguments{ \item{x}{object to covert/create/check} \item{e1}{left-hand side argument for binary operators} \item{e2}{right-hand side arguemnt for binary operators} \item{...}{further arguments (currently unused)} } \details{ The only allowed oparators on OIDs are \code{==} and \code{!=} which return \code{TRUE} or \code{FALSE}. The \code{oid(x)} constructor (and also the \code{as.oid} default method) support following types: scalar string (expected to be in dot-notation), integer vector, numeric vector (it is coerced to integer vector implicitly), raw vector (must be ASN.1 encoding of the OID). The S3 class of OID objects is \code{"oid"}. It consists of a raw vector repesenting the ASN.1 encoded OID (without the type specifier). An additional attribute \code{"type"} is set to \code{6L} for compatiblity with \code{\link{ASN1.encode}}. } %\value{ %} %\references{ %} \author{ Simon Urbanek } %\note{ %} \seealso{ \code{\link{ASN1.encode}} } \examples{ ## RSA algorithm OID: ## iso(1) member-body(2) us(840) rsadsi(113549) ## pkcs(1) pkcs-1(1) rsaEncryption(1) o <- oid("1.2.840.113549.1.1.1") as.raw(o) as.integer(o) as.character(o) as.oid(as.integer(o)) == o is.oid(o) (a <- ASN1.encode(o)) as.oid(ASN1.decode(a)) == o } \keyword{manip} PKI/man/PKI.info.Rd0000644000176200001440000000207614633364723013334 0ustar liggesusers\name{PKI.info} \alias{PKI.info} \title{ Retrieve PKI back-end information } \description{ \code{PKI.info} returns information about the engine which is providing the PKI functionality. } \usage{ PKI.info() } \value{ Named list: \item{engine}{string, name of the engine, currently either \code{"openssl"} or \code{"libressl"}} \item{version}{numeric, version of the engine as a real number in the form \code{major.minor}} \item{description}{string, description of the engine, its version and any futher information that the engine may provide} } \author{ Simon Urbanek } \note{ This function should be treated as informational only. The return value is subject to change, mainly we may extend it to possibly supply information on available ciphers etc. Older versions of OpenSSL did not provide functional API to retrieve version inforation, so versions < 1.1 may not reflect the true version, but rather the values from the headers at compile time which may not be the same as the loaded library at run-time. } \examples{ str(PKI.info()) } \keyword{interface} PKI/man/raw2hex.Rd0000644000176200001440000000234414633364723013335 0ustar liggesusers\name{raw2hex} \alias{raw2hex} \title{ Convert raw vector to string hex representation } \description{ \code{raw2hex} convers a raw vector into hexadecimal representation } \usage{ raw2hex(what, sep, upper = FALSE) } \arguments{ \item{what}{raw vector} \item{sep}{optional separator string} \item{upper}{logical, if \code{TRUE} then upper case letters are used, otherwise any letters will be lower case.} } \details{ If \code{sep} is omitted or \code{NULL} then the resulting character vector will have as many elements as the raw vector. Otherwise the elements are concatenated using the specified separator into one character string. This is much more efficient than using \code{paste(raw2hex(x), collapse=sep)}, but has the same effect. } \value{ Character vector with the hexadecimal representation of the raw vector. } %\references{ %} \author{ Simon Urbanek } %\note{ %} \examples{ raw2hex(PKI.digest(raw(), "SHA1"), "") raw2hex(PKI.digest(raw(), "MD5"), ":") ## this is jsut a performance comparison and a test that ## raw2hex can handle long strings x <- as.raw(runif(1e5) * 255.9) system.time(h1 <- raw2hex(x, " ")) system.time(h2 <- paste(raw2hex(x), collapse=" ")) stopifnot(identical(h1, h2)) } \keyword{manip} PKI/man/PKI.digest.Rd0000644000176200001440000000123414633364723013653 0ustar liggesusers\name{PKI.digest} \alias{PKI.digest} \title{ Compute digest sum based on SHA1, SHA256 or MD5 hash functions } \description{ \code{PKI.digest} computes digsest sum based on the hash function specified } \usage{ PKI.digest(what, hash = c("SHA1", "SHA256", "MD5")) } \arguments{ \item{what}{raw vector of bytes to digest} \item{hash}{type of the hash function. Note that "MD5" should \emph{not} be used for cryptographic purposes as it is not secure} } %\details{ %} \value{ Raw vector containg the hash } %\references{ %} \author{ Simon Urbanek } %\note{ %} \seealso{ \code{\link{PKI.sign}} } \examples{ PKI.digest(as.raw(1:10)) } \keyword{manip} PKI/man/PKI.genpass.Rd0000644000176200001440000000333314633364723014036 0ustar liggesusers\name{PKI.genpass} \alias{PKI.genpass} \title{ Generate cryptographically strong pseudo-random password. } \description{ \code{PKI.genpass} generates \code{n} cryptographically strong pseudo-random password by using a given set of allowed characters. } \usage{ PKI.genpass(n=15, set=c(alphanum, ".", "/"), block=5, sep="-") } \arguments{ \item{n}{positive integer, number of random elements in the password} \item{set}{character vector, set of characters to use in the password, ideally its length should be a power of 2 and must be at most 256. Internal variable \code{alphanum} is equivalent to \code{c(LETTERS, letters, 0:9)}.} \item{block}{non-negative integer, number of character blocks in the password or 0 if no separated blocks are desired.} \item{sep}{string, separator between blocks (only used if 0 < \code{blocks} < \code{n}).} } \details{ \code{PKI.genpass} generates a password based on a set of allowable characters by subsetting the set with bytes generated using \code{\link{PKI.random}}. If \code{block} is >0 and <\code{n} then blocks of \code{block} characters are separated by the separator string \code{sep}. This is typically used to guarantee at least one special character in the password. The default results in a 90-bit random password of the form \code{XXXXX-XXXXX-XXXXX}. } \value{ String, generated password. } \author{ Simon Urbanek } \note{ This is just a utility front-end to \code{\link{PKI.random}(n)} to subset \code{set} modulo its length. If the set does not have a length which is a power of 2 then a warning is issued and the leading elements are more likely to be used, reducing the password strength. } \examples{ PKI.genpass() } \keyword{manip} PKI/man/PKI.crypt.Rd0000644000176200001440000000451214633364723013537 0ustar liggesusers\name{PKI.crypt} \alias{PKI.crypt} \alias{PKI.encrypt} \alias{PKI.decrypt} \title{ PKI encryption/decryption functions } \description{ \code{PKI.encrypt} encrypts a raw vector \code{PKI.decrypt} decrypts a raw vector } \usage{ PKI.encrypt(what, key, cipher = NULL, iv = NULL) PKI.decrypt(what, key, cipher = NULL, iv = NULL) } \arguments{ \item{what}{raw vector to encrypt/decrypt. It must not exceed the key size minus padding} \item{key}{key to use for encryption/decryption} \item{cipher}{cipher to use for encryption/decryption} \item{iv}{initialization vector for ciphers that use it (e.g., CBC). \code{NULL} corresponds to all-zeroes IV, otherwise must be either a string or a raw vector with sufficiently many bytes to match the IV length for the cipher.} } %\details{ %} \value{ Raw vector (encrypted/decrypted) } %\references{ %} \author{ Simon Urbanek } \note{ The cipher is optional for key objects that already contain the cipher information such as RSA keys (in fact it is ignored in that case). Supported symmetric ciphers are AES-128, AES-256 and BF (blowfish). Each cipher can be used in CBC (default), ECB or OFB modes which are specified as suffix, so \code{"aes256ofb"} would specify AES-256 in OFB mode. Case and non-alphanumeric characters are ignored, so the same could be specified as \code{"AES-256-OFB"}. PKCS padding is used to fill up to the block size. Analogously, PKCS padding is expected when decoding. Note that the payload for RSA encryption should be very small since it must fit into the key size including padding. For example, 1024-bit key can only encrypt 87 bytes, while 2048-bit key can encrypt 215 bytes. Therefore a typical use is to use RSA to transfer a symmeric key to the peer and subsequently use symmetric ciphers like AES for encryption of larger amounts of data. } \seealso{ \code{\link{PKI.genRSAkey}}, \code{\link{PKI.pubkey}} } \examples{ key <- PKI.genRSAkey(2048) x <- charToRaw("Hello, world!") e <- PKI.encrypt(x, key) y <- PKI.decrypt(e, key) stopifnot(identical(x, y)) print(rawToChar(y)) ## AES symmetric - use SHA256 to support arbitrarily long key strings key <- PKI.digest(charToRaw("hello"), "SHA256") ae <- PKI.encrypt(x, key, "aes256") ae ad <- PKI.decrypt(ae, key, "aes256") stopifnot(identical(x, ad)) } \keyword{manip} PKI/man/RSA.Rd0000644000176200001440000001127214633364723012402 0ustar liggesusers\name{RSA} \alias{RSA} \alias{PKI.genRSAkey} \alias{PKI.load.key} \alias{PKI.save.key} \alias{PKI.mkRSApubkey} \alias{PKI.load.OpenSSH.pubkey} \title{ PKI functions handling RSA keys } \description{ \code{PKI.load.key} loads an RSA key in PKCS#1/8 PEM or DER format. \code{PKI.save.key} creates a PEM or DER representation of a RSA key. \code{PKI.genRSAkey} generates RSA public/private key pair. \code{PKI.mkRSApubkey} creates a RSA public key with the supplied modulus and exponent. \code{PKI.load.OpenSSH.pubkey} loads public key in OpenSSH format (as used in \code{.ssh/authorized_keys} file) } \usage{ PKI.load.key(what, format = c("PEM", "DER"), private, file, password="") PKI.save.key(key, format = c("PEM", "DER"), private, target) PKI.genRSAkey(bits = 2048L) PKI.mkRSApubkey(modulus, exponent=65537L, format = c("DER", "PEM", "key")) PKI.load.OpenSSH.pubkey(what, first=TRUE, format = c("DER", "PEM", "key")) } \arguments{ \item{what}{string, raw vector or connection to load the key from} \item{key}{RSA key object} \item{format}{format - PEM is ASCII (essentially base64-encoded DER with header/footer), DER is binary and key means an acutal key object} \item{private}{logical, whether to use the private key (\code{TRUE}), public key (\code{FALSE}) or whichever is available (\code{NA} or missing).} \item{file}{filename to load the key from - \code{what} and \code{file} are mutually exclusive} \item{password}{string, used only if \code{what} is an encrypted private key as the password to decrypt the key} \item{target}{optional connection or a file name to store the result in. If missing, the result is just returned form the function as either a character vector (PEM) or a raw vector (DER).} \item{bits}{size of the generated key in bits. Must be \code{2 ^ n} with integer \code{n > 8}.} \item{modulus}{modulus either as a raw vector (see \code{\link{as.BIGNUMint}}) or \code{bigz} object (from \code{gmp} package) or an integer.} \item{exponent}{exponent either as a raw vector (see \code{\link{as.BIGNUMint}}) or \code{bigz} object (from \code{gmp} package) or an integer.} \item{first}{logical, if \code{TRUE} only the first key will be used, otherwise the result is a list of keys.} } %\details{ %} \value{ \code{PKI.load.key}: private or public key object \code{PKI.save.key}: raw vector (DER format) or character vector (PEM format). \code{PKI.genRSAkey}: private + public key object \code{PKI.mkRSApubkey}, \code{PKI.load.OpenSSH.pubkey}: raw vector (DER format) or character vector (PEM format) or a \code{"public.key"} object. } %\references{ %} \author{ Simon Urbanek } \note{ The output format for private keys in PEM is PKCS#1, but for public keys it is X.509 SubjectPublicKeyInfo (certificate public key). This is consistent with OpenSSL RSA command line tool which uses the same convention. \code{PKI.load.key} can auto-detect the contained format based on the header if `PEM` format is used. In that case it supports PKCS#1 (naked RSA key), PKCS#8 (wrapped key with identifier - for public keys X.509 SubjectPublicKeyInfo) and encrypted private key in PKCS#8 (password must be passed to decrypt). `DER` format provides no way to define the type so `private` cannot be `NA` and only the default format (PKCS#1 for private keys and X.509 SubjectPublicKeyInfo for public keys) is supported. The OpenSSH format is one line beginning with \code{"ssh-rsa "}. SSH2 PEM public keys (rfc4716) are supported in \code{PKI.load.key} and the binary payload is the same as the OpenSSH, only with different wrapping. } \seealso{\code{\link{PKI.encrypt}}, \code{\link{PKI.decrypt}}, \code{\link{PKI.pubkey}}} \examples{ # generate 2048-bit RSA key key <- PKI.genRSAkey(bits = 2048L) # extract private and public parts as PEM priv.pem <- PKI.save.key(key) pub.pem <- PKI.save.key(key, private=FALSE) # load back the public key separately pub.k <- PKI.load.key(pub.pem) # encrypt with the public key x <- PKI.encrypt(charToRaw("Hello, world!"), pub.k) # decrypt with private key rawToChar(PKI.decrypt(x, key)) # compute SHA1 hash (fingerprint) of the public key PKI.digest(PKI.save.key(key, "DER", private=FALSE)) # convert OpenSSH public key to PEM format # (the example is split into multiple lines just # so it is readable in the documentation, in reality you can # simply use the full line from is_rsa.pub without gsub) PKI.load.OpenSSH.pubkey(gsub("\n","", "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuvOXqfZ3pJeWeqyQOIXZwmg M1RBqPUmVx3XgntpA+YtOZjKfuoJSpg3LhBuI/wXx8L2QZXNFibvX4qX2qoYsb Hvkz2uonA3F7HRhCR/BJURR5nT135znVqALZo328v86HDsVWYR2/JzY1X8GI2R 2iKUMGXF0hVuRphdwLB735CU= foo@mycomputer"), format="PEM") } \keyword{manip} PKI/man/PKI.random.Rd0000644000176200001440000000135214633364723013655 0ustar liggesusers\name{PKI.random} \alias{PKI.random} \title{ Generate cryptographically strong pseudo-random bytes. } \description{ \code{PKI.random} generates \code{n} cryptographically strong pseudo-random bytes. } \usage{ PKI.random(n) } \arguments{ \item{n}{non-negative integer, number of bytes to generate} } \details{ \code{PKI.random} is the preferred way to generate cryptographically strong random content that can be used as keys, seeds etc. Not to be confused with random number generators in R, it is entirely separate for cryptographics purposes. } \value{ Raw vector of \code{n} cryptographically strong pseudo-random bytes. } %\references{ %} \author{ Simon Urbanek } %\note{ %} \examples{ PKI.random(10) } \keyword{manip} PKI/man/ASN1.Rd0000644000176200001440000000530614633364723012460 0ustar liggesusers\name{ASN1} \alias{ASN1} \alias{ASN1.decode} \alias{ASN1.encode} \alias{ASN1.item} \alias{ASN1.type} \title{ Functions for handling ASN.1 format (typically DER) } \description{ \code{ASN1.decode} decodes \code{ASN.1} binary format into raw format chunks tagged with class types. \code{ASN1.encode} converts structured objects into \code{ASN.1} binary format. \code{ASN1.item} creates an item - basic object in structures that can be encoded using \code{ASN1.encode}. \code{ASN1.type} extracts the class type from an \code{ASN.1} item } \usage{ ASN1.decode(what) ASN1.encode(what) ASN1.item(what, type) ASN1.type(what) } \arguments{ \item{what}{object to decode/encode/query} \item{type}{class type of the item (integer value)} } \details{ This is a suite of low-level tools to deal with ASN.1 (Abstract Syntax Notation One) binary formats DER, BER and CER. The tools were written specifically to handle the various DER-encoded key structures so it provides only a subset of the ASN.1 specification. They are used internally by the \code{PKI} poackage. \code{ASN1.decode} decodes the binary representation (as raw vector) into individual items. Sequences are convered into lists, all other objects are retained in their binary form and tagged with the integer class type - which can be obtained using \code{ASN1.type} function. \code{ASN1.encode} expects item (or a list of items) either created using \code{ASN1.decode} or \code{ASN1.item} and converts them into \code{DER} binary format. The result of \code{ASN1.encode(ASN1.decode(x))} will be \code{x} if \code{x} was in \code{DER} format. } \value{ \code{ASN1.decode} returns either one item or a list. \code{ASN1.encode} returns a raw vector in DER format. \code{ASN1.type} returns an integer class type \code{ASN1.item} returns an ASN.1 item object } %\references{ %} \author{ Simon Urbanek } \note{ \code{ASN1.encode} uses a fixed buffer for encoding which currently limits the total size of the resulting structure to 1MB. Only definite length forms are supported. The validity of individual items is not checked. } %\seealso{ %} \examples{ # generate a small key key <- PKI.genRSAkey(bits = 512L) # extract private and public parts in DER format prv <- PKI.save.key(key, format="DER") pub <- PKI.save.key(key, private=FALSE, format="DER") # parse the public key x <- ASN1.decode(pub) x # the second element is the actual key # as a bit string that's itself in DER # two integers - modulus and exponent # Note that this is in fact the pure PKCS#1 key format ASN1.decode(x[[2]]) # encoding it back should yield the same representation since it is DER stopifnot(identical(ASN1.encode(x), as.raw(pub))) } \keyword{manip} PKI/man/PKI.sign.Rd0000644000176200001440000000345314633364723013341 0ustar liggesusers\name{PKI.sign} \alias{PKI.sign} \alias{PKI.verify} \title{ PKI: sign content or verify a signature } \description{ \code{PKI.sign} signs content using RSA with the specified hash function \code{PKI.verify} verifies a signature of RSA-signed content } \usage{ PKI.sign(what, key, hash = c("SHA1", "SHA256", "MD5"), digest) PKI.verify(what, signature, key, hash = c("SHA1", "SHA256", "MD5"), digest) } %- maybe also 'usage' for other objects documented here. \arguments{ \item{what}{raw vector: content to sign} \item{key}{RSA private key to use for signing; RSA public key or certificate to use for verification.} \item{hash}{hash function to use. "MD5" should not be used unless absolutely needed for compatibility as it is less secure.} \item{digest}{raw vector: it is possible to supply the digest of the content directly instead of specifying \code{what}.} \item{signature}{raw vector: signature} } \details{ Objects are signed by computing a hash function digest (typically using \code{SHA1} hash function) and then signing the digest with a RSA key. Verification is done by computing the digest and then comparing the signature to the digest. Private key is needed for signing whereas public key is needed for verification. Both functions call \code{\link{PKI.digest}} on \code{what} if \code{digest} is not specified. } \value{ \code{PKI.sign} signature (raw vector) \code{PKI.verify} logical: \code{TRUE} if the digest and signature match, \code{FALSE} otherwise } %\references{ %} \author{ Simon Urbanek } %\note{ %} \seealso{ \code{\link{PKI.pubkey}}, \code{\link{PKI.genRSAkey}}, \code{\link{PKI.digest}} } \examples{ key <- PKI.genRSAkey(2048) x <- charToRaw("My message to sign") sig <- PKI.sign(x, key) stopifnot(PKI.verify(x, sig, key)) } \keyword{manip} PKI/man/BIGNUMint.Rd0000644000176200001440000000242614633364723013452 0ustar liggesusers\name{BIGNUMint} \alias{BIGNUMint} \alias{as.BIGNUMint} \title{ Functions for BIGNUM representation of arbitrarily precise integers } \description{ \code{as.BIGNUMint} encodes integer in BIGNUM format as raw vector as used by ASN.1 format. } \usage{ as.BIGNUMint(what, scalar = TRUE) } \arguments{ \item{what}{representation of an integer or a vector thereof. Currently supported formats include \code{"bigz"} objects from the \code{"gmp"} package, integers and reals. } \item{scalar}{if \code{TRUE} then the input is expected to be scalar and only the first element will be used (zero-length vectors raise an error). Otherwise the result will be a list of all converted elements. } } \details{ The BIGNUM representation as used in ASN.1 is a big-endian encoding of variable length stored in a raw vector. Negative numbers are stored in two-complement's encoding, but are currently unsupported by \code{as.BIGNUMint}. } \value{ Raw vector in BIGNUM integer representation. } %\references{ %} \author{ Simon Urbanek } \note{ Unless the input is of class \code{"bigz"} then 32-bit platforms only support integers up to 32-bit, 64-bit platforms up to 53-bit (when real vectors are used). } %\seealso{ %} \examples{ as.BIGNUMint(65537) } \keyword{manip} PKI/man/PKI.sign.tar.Rd0000644000176200001440000000604614633364723014127 0ustar liggesusers\name{PKI.sign.tar} \alias{PKI.sign.tar} \alias{PKI.verify.tar} \title{ Functions for signing and verification of tar files } \description{ \code{PKI.sign.tar} appends a signature to a tar file \code{PKI.verify.tar} verifies the signature in a tar file } \usage{ PKI.sign.tar(tarfile, key, certificate, output = tarfile) PKI.verify.tar(tarfile, key, silent = FALSE, enforce.cert = FALSE) } \arguments{ \item{tarfile}{string, file name of the file to sign} \item{key}{\code{PKI.sign.tar}: private key to use for signing; \code{PKI.verify.tar}: optional, public key to use for verification} \item{certificate}{optional, certificate to embed in the signature with the public key matching \code{key}. If not present the signature will only contain the public key.} \item{output}{file name, connection or raw vector determining how to store the signed tar file} \item{silent}{if \code{TRUE} then no warning are generatod, otherwise a warning is issues for failed verification describing the reason for failure} \item{enforce.cert}{if \code{TRUE} then a certificate is required in the signature. It can be also set to a valid certificate in which case the public key of the certificate in the signature must also match the public key in the supplied certificate.} } \details{ \code{PKI.tar.sign} adds extra entry \code{.signature} with the signature based on the contents of the \code{tarfile}. Note that any existing signatures are retained. \code{key} is a mandatory private key used to sign the content. \code{certificate} is optional but if present, it will be embedded in the signature. The \code{tarfile} can be in compressed form (gzip, bzip2 or xz) in which case it is decompressed internally before the signature is applied. If \code{output} is a file name then the same compression is applied to the output, otherwise the output is uncompressed. \code{PKI.verify.tar} retrieves the last \code{.signature} entry from the tar file (if \code{tarfile} is a file name then the same compression auto-detection is applied as above) and verifies the signature against either the supplied (public) \code{key} or against the key or certificate stored in the signature. The result is \code{TRUE} or \code{FALSE} except when \code{enforce.cert} is set. In that case the result is the certificate contained in the signature if the validation succeeded (and thus it can be further verified against a chain of trust), otherwise \code{FALSE}. } %\value{ %} %\references{ %} \author{ Simon Urbanek } \note{ The signature format is ASN.1 DER encoded as follows: \code{SEQ(signature BITSTRING, subjectPublicKeyInfo, Certificate[opt])} The \code{subjectPublicKeyInfo} can be \code{NULL} in which case the certificate must be present (in X.509 DER format). The signature is appended as tar entry named \code{.signature}. However, terminating blocks are not removed from the file, so the signature is placed after the EOF blocks and thus doesn't affect extraction. } %\seealso{ %} %\examples{ %} \keyword{manip} PKI/DESCRIPTION0000644000176200001440000000130514633367022012410 0ustar liggesusersPackage: PKI Version: 0.1-14 Title: Public Key Infrastucture for R Based on the X.509 Standard Author: Simon Urbanek Maintainer: Simon Urbanek Depends: R (>= 2.9.0), base64enc Enhances: gmp Description: Public Key Infrastucture functions such as verifying certificates, RSA encription and signing which can be used to build PKI infrastructure and perform cryptographic tasks. License: GPL-2 | GPL-3 | file LICENSE URL: http://www.rforge.net/PKI SystemRequirements: OpenSSL library and headers (openssl-dev or similar) NeedsCompilation: yes Packaged: 2024-06-15 19:22:05 UTC; rforge Repository: CRAN Date/Publication: 2024-06-15 19:40:02 UTC