Related
Im trying to use the one click root for the droid 3. Every time I run the program all it says is adb is not recognized as an internal or external command. And when I change adb to .bat I just get a .dll error, even though I have the dll with the software. Im using Windows 7 64 bit edition. This is my first Android phone so I am a noob to them, so please be as specific as possible.
when I click on the dll file, here's what I get: TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown> Runtime Error!
Program: Invalid parameter passed to C runtime function.
InitializeCriticalSectionAndSpinCount k e r n e l 3 2 . d l l
This is a LIVE guide to communicating with your phones modem by AT commands. The information contained here is collected on a continuous basis from various places after having some trouble finding all relevant information in one place. Now this place is here, and if not please post a comment on what's missing and where to find it, if you do know.
All results in this guide have been obtained using a Samsung Galaxy S2 running a stock rooted GB 2.3.4 with PDA:XWKI4 and PHONE:XXKI1 on the 2.6.35.7 Kernel.
The key documents to have as a reference when working with the Android AT command set are found at the 3GPP site. In particular these 2 documents:
[1] The ETSI GSM 07.07 (3GPP TS 27.007) specifies AT style
commands for controlling a GSM phone or modem.
[2] The ETSI GSM 07.05 (3GPP TS 27.005) specifies AT style
commands for managing the SMS feature of GSM.
These documents exists in many different versions, so they are not all equal in content. Make sure to check what document version you are using.
Background
To better understand mobile phone modems and the underlying hardware I strongly recommend reading Harald Welte's "Anatomy of contemporary GSM cellphone hardware" [3] and Telica's "Challenges in integrating modems on Open Platforms" [4]. To summarize enormously, I can say this. On a modern Android based "smart phone", there are essentially two processors. The Application Processor (AP) where your Android operating system (AOS) and user interface (UI) lives, and the Baseband/Cellular Processor (BP/CP) where all the GSM and other high-tech communication magic happens, including the modem we wish to communicate with. In the most modern phones the BP and the AP and all possible other peripheral devices are integrated into one piece of hardware, loosely known as a Smartphone or System on a Chip (SoC). On this SoC there are a number of peripheral devices such as RTC, UARTs, SPI, I2C, USB ports, SD/MMC card controllers and an ISO7816 SIM card reader. However, to preserve the layered hardware structure, the AP and BP still communicates via UART (serial line), USB, SPI or through shared RAM and/or a combination of these. Therefore there will always be some path directly accessible from the outside that we should be able to use to communicate directly with the BP. Exactly how this is done, is mostly unknown due to the closed source and protectionisitc nature of the SoC manufacturers, to the great dismay of the developer community.
Although there are several methods for invoking and controlling modem services, the two most common are through the AT Commands (ATC) and/or through Remote Procedural Calls (RPC). The ATC method is by far the most popular and the ATC set can be categorized as follows.
Code:
Call Control: Commands for initiating and controling calls.
Data Call Control: Commands for controlling the data transfer and QoS.
Network Service: Commands for Supplementary services,ME, operator
selection, locking and registraction.
SMS Control: Commands for sending, notifying, setting SMS services.
ME Control & Status: Commands for ME power,keypad,display,phonebook,RTC's.
The AOS provide support for this framwork in the Radio Interface Layer (RIL), which acts as the interface between the radio HW and the Java Applicaiton Programming Interface (API). However, the RIL is divided into 3 parts or layers if you want. (These are just arbitrary, and not GSM layers!)
L3. The Java RIL (AOS API) accessible to all but with a limited set of commands.
L2. The RIL Daemon (RILJ) acting as an interface between AOS and the Vendor RIL.
L1. The Vendor RIL, which is a closed-source and HW-specific implemetation.
L0. The OEM/Vendor modem HW and firmware then acts on the L1 ATC's. (?)
Thus the job of the RIL is to translate all the telephony requests from the Android telephony framework and map them to the corresponding AT commands to the modem, and back again.
Here are two useful pictures that try to explain the various RIL layers.
Fig.1.
Fig.2.
Finding the correct serial device for the phone modem
In your phone you will find hundreds of devices listed under /dev. Knowing which one is the serial device(s) used for communicating with your Baseband Processor's (BP) Modem, is key in getting a useful AT communication going. Here it is also good to know that there are several serial devices connected to the BP. These connections are working in parallel through a MUX. So it is very likely you will be able to use several different devices to send AT commands with.
So how do we find an appropriate local serial device on the phone? One way is of course to try to connect via some terminal application to all devices and send some AT commands and look for a response, but that is not very scientific or practical. Different phones may use different default (Modem) serial devices. One way to find the serial devices is by listing available tty drivers.
Code:
# cat /proc/tty/drivers
...
rfcomm /dev/rfcomm 216 0-255 serial
g_serial /dev/ttyGS 253 0 serial
ttySAC /dev/s3c2410_serial 204 64-68 serial
serial /dev/ttyS 4 64-67 serial
...
So what are these doing and which one should we try?
After Googling around we suspect that:
rfcomm = Used by Bluetooth serial devices
ttySAC = Used by serial SAmsung Console
g_serial = "DataRouter" (also see dun: (10,123) )
In addition and thanks to the documentation in Adam Outler's info package [5], it can be inferred from the block diagram that perhaps:
Code:
s3c2410_serial0 - UART0 - Bluetooth (ttySAC)
s3c2410_serial1 - UART1 - GPS
s3c2410_serial2 - UART2 - AP PMIC - A/S1 ??
s3c2410_serial3 - UART3 - AP PMIC --> AP Level Shifter --> BP UART ??
s3c2410_serial4 - UART4 - not used?
(PMIC = Power Management IC)
The block diagram is this one, from the SGS-2 service manual.
Connecting using: a local terminal application or the ADB shell
So from our previous results, we would suspect that we could use /dev/ttyGS0. Since Busybox contain the microcom terminal program, we can simply do:
Code:
# busybox microcom -t 5000 /dev/ttyGS0
AT
ATI
<nothing> :(
However, although the connection is successful, there is no AT reaction on that line...
[EDIT] (See notes in a later post.)
Connecting using: Windows
If you are using Windows, you can go into Device Manager (DM) to find the correct port(s) used by your phone. However, depending on whether you set your phone to be used as a "USB mass storage" device or not, there may appear different devices in the DM. Here we assume that we just physically connect the phone and do nothing more. I.e. We're not using the device as a USB storage.
Next, under the device class listed as "Modems", you will probably find at least two modem devices. For example, I have one called "HDAUDIO Soft Data Fax Modem with SmartCP", which has nothing to do with Samsung and most likely came with the computer with some bloatware. The other one is called "SAMSUNG Mobile USB Modem", which is what we want. Then right-click to open Properties of the USB Modem device and navigate to the "Diagnostics" tab. Click on the "Query Modem" to send some test AT commands to your modem. If this doesn't work, you have a problem, and I don't have an answer. The result should look something like this:
Code:
ATQ0V1E0 - OK
AT+GMM - AT+GMM
GT-I9100
AT+FCLASS=? - (0,8)
AT#CLS=? - COMMAND NOT SUPPORTED
AT+GCI? - COMMAND NOT SUPPORTED
AT+GCI=? - COMMAND NOT SUPPORTED
ATI1 - Manufacturer: SAMSUNG
Model: I9100
Revision: I9100XXKI1
IMEI: xxxxx
ATI2 - Manufacturer: SAMSUNG
Model: I9100
Revision: I9100XXKI1
IMEI: xxxxx
...
See below for an explanation of these commands.
Now try this yourself with some terminal application. My personal favorite is the free and fully feature loaded "RealTerm". In the Display tab, use ANSI and check the "newLine mode" box, then in the Port tab, find your port as listed in Device Manager. For example, for me the modem port is located on COM port 12. This is listed as "12=\ssudmdm0000" in RealTerm.
Connecting using: Cygwin (on Windows)
First thing to know about using Cygwin, is that the windows COMn ports are addressed as /dev/ttyS[n-1], thus if you have connected your phone with a USB cable, and you find it is connected to COM port 12, then it will be accessible only through /dev/ttyS11 under Cygwin. Other terminal applications may use different ports. In addition you need to have installed/compiled some terminal program like: picocom, microcom or cu etc. Also make sure the COM port is not already occupied by another terminal program.
$ picocom /dev/ttyS11
...
This works as expected.
Some basic AT command structure
I'm not going to say much about the AT commands themselves, as they are almost as old as home computers themselves. However, let's have a brief look at the "Modem Query" above.
Code:
ATQ0V1E0
- This is actually a concatenation of the 3 commands:
(ATQ0 + ATV1 + ATE0) where:
ATQ0 - Disables echo suppression
ATV1 - Enables Verbose command results mode
ATE0 - Turns off local Echo
AT+GMM
- This one doesn't work in direct serial mode (!) and
is equivalent to AT+CGMM which shows the device model
identification. (I9100)
AT+FCLASS=?
- This queries the phone (TA) mode: (data, fax, voice etc.)
ATI
- This lists: Manufacturer, Model, Revision, IMEI
NOTE: AT commands can be concatenated on one line with each line starting with AT, and each command separated by ";". In some cases the semicolon is not needed. Typically a command without "=" or "?" is a general command, that sets or gets some parameters. But any command with "=" is a setting command, unless it is directly followed by "?", in which case you are querying the available/allowed parameters and their range. If the command is followed by "?" without a "=" it is a query, asking the values for something.
WARNING!DO NOT SEND RANDOM COMMANDS/CHARACTERS TO YOUR PHONE MODEM
Many AT commands can easily wipe or brick your phone or SIM card!
I am in no way responsible for anyone bricking their phones, and
I cannot help you if you do so. So you better know exactly what you
send before you send anything at all.
General AT command list extracted from 3GPP TS 27.007
Here is a list with general AT commands and a brief description of their functions and the document section they are found at. The document version I used for the info extraction is shown on the first line.
Note: Several of these commands are deprecated or simply not available on the Android/Samsung phone modems, at least not int he form shown in that document.
Code:
3GPP TS 27.007 Release 9 145 V9.4.0 (2010-06)
AT+CAAP 7.25 - Automatic answer for eMLPP Service
AT+CACM 8.25 - Accumulated call meter
AT+CAEMLPP 7.22 - eMLPP Priority Registration and Interrogation
AT+CAHLD 11.1.3 - Leave an ongoing Voice Group or Voice Broadcast Call
AT+CAJOIN 11.1.1 - Accept an incoming Voice Group or Voice Broadcast Call
AT+CALA 8.16 - Alarm
AT+CALCC 11.1.6 - List current Voice Group and Voice Broadcast Calls
AT+CALD 8.38 - Delete alarm
AT+CALM 8.20 - Alert sound mode
AT+CAMM 8.26 - Accumulated call meter maximum
AT+CANCHEV 11.1.8 - NCH Support Indication
AT+CAOC 7.16 - Advice of Charge
AT+CAPD 8.39 - Postpone or dismiss an alarm
AT+CAPTT 11.1.4 - Talker Access for Voice Group Call
AT+CAREJ 11.1.2 - Reject an incoming Voice Group or Voice Broadcast Call
AT+CAULEV 11.1.5 - Voice Group Call Uplink Status Presentation
AT+CBC 8.4 - Battery charge
AT+CBCAP 8.59 - Battery Capacity
AT+CBCHG 8.61 - Battery Charger Status
AT+CBCON 8.60 - Battery Connection Status
AT+CBCS 11.3.2 - VBS subscriptions and GId status
AT+CBKLT 8.51 - Backlight
AT+CBST 6.7 - Select bearer service type
AT+CCFC 7.11 - Call forwarding number and conditions
AT+CCHC 8.46 - Close Logical Channel
AT+CCHO 8.45 - Open Logical Channel
AT+CCLK 8.15 - Clock
AT+CCUG 7.10 - Closed user group
AT+CCWA 7.12 - Call waiting
AT+CCWE 8.28 - Call Meter maximum event
AT+CDIP 7.9 - Called line identification presentation
AT+CDIS 8.8 - Display control
AT+CEAP 8.47 - EAP authentication
AT+CEER 6.10 - Extended error report
AT+CEMODE 10.1.28 - UE modes of operation for EPS
AT+CEPTT 11.1.10 - Short Data Transmission during ongoing VGCS
AT+CEREG 10.1.22 - EPS network registration status
AT+CERP 8.48 - EAP Retrieve Parameters
AT+CFCS 7.24 - Fast call setup conditions
AT+CFUN 8.2 - Set phone functionality
AT+CGACT 10.1.10 - PDP context activate or deactivate
AT+CGATT 10.1.9 - PS attach or detach
AT+CGCLASS 10.1.17 - GPRS mobile station class
AT+CGCLOSP 10.1.13 - Configure local Octet Stream PAD parameters
AT+CGCMOD 10.1.11 - PDP Context Modify
AT+CGCONTRDP 10.1.23 - PDP Context Read Dynamic Parameters
AT+CGCS 11.3.1 - VGCS subscriptions and GId status
AT+CGDATA 10.1.12 - Enter data state
AT+CGDCONT 10.1.1 - Define PDP Context
AT+CGDSCONT 10.1.2 - Define Secondary PDP Context
AT+CGEQOS 10.1.26 - Define EPS Quality Of Service
AT+CGEQOSRDP 10.1.27 - EPS Quality Of Service Read Dynamic Parameters
AT+CGEREP 10.1.19 - Packet Domain event reporting
AT+CGLA 8.43 - Generic UICC Logical Channel access
AT+CGMI 5.1 - Request manufacturer identification
AT+CGMM 5.2 - Request model identification
AT+CGMR 5.3 - Request revision identification
AT+CGREG 10.1.20 - GPRS network registration status
AT+CGSMS 10.1.21 - Select service for MO SMS messages
AT+CGSN 5.4 - Request product serial number identification
AT+CGTFT 10.1.3 - Traffic Flow Template
AT+CGTFTRDP 10.1.25 - Traffic Flow Template Read Dynamic Parameters
AT+CHLD 7.13 - Call related supplementary services
AT+CHSC 6.15 - HSCSD current call parameters
AT+CHSD 6.12 - HSCSD device parameters
AT+CHSR 6.16 - HSCSD parameters report
AT+CHST 6.13 - HSCSD transparent call configuration
AT+CHSU 6.17 - HSCSD automatic user initiated upgrading
AT+CHUP 6.5 - Hangup call
AT+CIMI 5.6 - Request international mobile subscriber identity
AT+CIND 8.9 - Indicator control
AT+CKPD 8.7 - Keypad control
AT+CLAC 8.37 - List all available AT commands
AT+CLAE 8.31 - Language Event
AT+CLAN 8.30 - Set Language
AT+CLCC 7.18 - List current calls
AT+CLCK 7.4 - Facility lock
AT+CLIP 7.6 - Calling line identification presentation
AT+CLIR 7.7 - Calling line identification restriction
AT+CLVL 8.23 - Loudspeaker volume level
AT+CMAR 8.36 - Master Reset
AT+CMEC 8.6 - Mobile Termination control mode
AT+CMEE 9.1 - Report mobile termination error
AT+CMER 8.10 - Mobile Termination event reporting
AT+CMOD 6.4 - Call mode
AT+CMOLR 8.50 - Mobile Originated Location Request
AT+CMOLRE 9.1 - Report mobile originated location request error
AT+CMOLRE 9.3 - Mobile termination error result code
AT+CMTLR 8.57 - Mobile Terminated Location Request notification
AT+CMUT 8.24 - Mute control
AT+CMUX 5.7 - Multiplexing mode
AT+CNAP 7.30 - Calling name identification presentation
AT+CNUM 7.1 - Subscriber number
AT+COLP 7.8 - Connected line identification presentation
AT+COLR 7.31 - Connected line identification restriction status
AT+COPN 7.21 - Read operator names
AT+COPS 7.3 - PLMN selection
AT+COTDI 11.1.9 - Originator to Dispatcher Information
AT+CPAS 8.1 - Phone activity status
AT+CPBF 8.13 - Find phonebook entries
AT+CPBR 8.12 - Read phonebook entries
AT+CPBS 8.11 - Select phonebook memory storage
AT+CPBW 8.14 - Write phonebook entry
AT+CPIN 8.3 - Enter PIN
AT+CPLS 7.20 - Selection of preferred PLMN list
AT+CPNET 7.27 - Preferred network indication
AT+CPNSTAT 7.28 - Preferred network status
AT+CPOL 7.19 - Preferred PLMN list
AT+CPOS 8.55 - Positioning Control
AT+CPOSR 8.56 - Positioning Reporting
AT+CPPS 7.23 - eMLPP subscriptions
AT+CPROT 8.42 - Enter protocol mode
AT+CPSB 7.29 - Current Packet Switched Bearer
AT+CPUC 8.27 - Price per unit and currency table
AT+CPWC 8.29 - Power class
AT+CPWD 7.5 - Change password
AT+CR 6.9 - Service reporting control
AT+CRC 6.11 - Cellular result codes
AT+CREG 7.2 - Network registration
AT+CRLA 8.44 - Restricted UICC Logical Channel access
AT+CRLP 6.8 - Radio link protocol
AT+CRMC 8.34 - Ring Melody Control
AT+CRMP 8.35 - Ring Melody Playback
AT+CRSL 8.21 - Ringer sound level
AT+CRSM 8.18 - Restricted SIM access
AT+CSCC 8.19 - Secure control command
AT+CSCS 5.5 - Select TE character set
AT+CSDF 6.22 - Settings date format
AT+CSGT 8.32 - Set Greeting Text
AT+CSIL 6.23 - Silence Command
AT+CSIM 8.17 - Generic SIM access
AT+CSNS 6.19 - Single numbering scheme
AT+CSQ 8.5 - Signal quality
AT+CSSAC 7.32 - Service Specific Access Control restriction status
AT+CSSN 7.17 - Supplementary service notifications
AT+CSTA 6.1 - Select type of address
AT+CSTF 6.24 - Settings time format
AT+CSVM 8.33 - Set Voice Mail Number
AT+CTFR 7.14 - Call deflection
AT+CTZR 8.41 - Time Zone Reporting
AT+CTZU 8.40 - Automatic Time Zone Update
AT+CUAD 8.49 - UICC Application Discovery
AT+CUSD 7.15 - Unstructured supplementary service data
AT+CVHU 6.20 - Voice Hangup Control
AT+CVIB 8.22 - Vibrator mode
AT+CVMOD 6.4 - Voice Call Mode
AT+FCLASS C.2.1 - Select mode
AT+VBT C.2.2 - Buffer threshold setting
AT+VCID C.2.3 - Calling number ID presentation
AT+VGR C.2.4 - Receive gain selection
AT+VGT C.2.5 - Transmit gain selection
AT+VIP C.2.6 - Initialise voice parameters
AT+VIT C.2.7 - Inactivity timer
AT+VLS C.2.8 - Line selection
AT+VRX C.2.9 - Receive data state
AT+VSM C.2.10 - Select compression method
AT+VTD C.2.12 - Tone duration
AT+VTS C.2.11 - DTMF and tone generation
AT+VTX C.2.13 - Transmit data state
Questions and Help Needed
Q1: What is the correct device on the SGS2, for ATC communication to the modem?
Q2: How and where is this device selected/configured?
Q3: What do the various Proprietary AT commands (AT+X...) do?
Q4: Where can I find more documentation on the BP/CP?References:
[1] http://www.3gpp.org/ftp/Specs/html-info/27007.htm
[2] http://www.3gpp.org/ftp/Specs/html-info/27005.htm
[3] Harald Welte's "Anatomy of contemporary GSM cellphone hardware"
http://laforge.gnumonks.org/papers/gsm_phone-anatomy-latest.pdf
[4] Telica's White Paper: "Challenges in integrating modems on Open Platforms"
http://teleca.com/Home/news_room/Whitepapers.aspx
[5] Adam Outler's "The all-in-one Galaxy S2 Hack Pack"
[6] Fabien Sanglard's non-blog: "Tracing the baseband":
http://fabiensanglard.net/cellphoneModem/index2.php
[7] "Android Application Development" (Android Telephony Internals, Ch.15.2),
R.Rogers/J.Lombardo, O'Reilly Media 2009
http://androidapps.org.ua/i_sect18_d1e18369.html
Keywords: AT Commands, Modem, Terminal, CDC-ACM, RIL, Serial, UART
If you like this work, please hit the thank you button!
The GT-I9100 Baseband Processor (BP/CP) Specifications
Currently I have got two different specifications regarding what BP is used in the SGS2, most likely due to the different versions available of the SGS2 in Europe vs. USA. The ones I have are:
Intel/Infineon XMM6260 is the "platform" that consists of:
a) The X-GOLD 626 (ARM1176?, 40nm) baseband processor
b) The SMARTi UE2 RF-transceiver (65nm CMOS)
c) The 3GPP Release 7 HSPA+ protocol stack with:
Downlink: Category 14, Uplink: Category 7
d) Alternative Names*: Infineon IFX6260 = Intel IMC6260 = Intel XMM6260
e) Picture: http://www.infineon.com/export/sites/default/media/press/Image/press_photo/X-GOLD626.jpg
f) Datasheet: N/A
g) Most likely used in European phones
h) is apparently also present in the iPhone 4S.. (check!)
i) Closest available documentation:
XMM6160 (X-GOLD 616, ARM1176) which is also used in the SGS-1:
http://www.infineon.com/dgdl/X-GOLD...f0004&fileId=db3a30431ed1d7b2011f5bee88ef75eb
The biggest difference is in the SMARTi-UE RF-chip. BP remains similar.
XMM6180 (X-GOLD 618, ARM1176 @416 MHz) used in the iPhone4 & iPad2:
http://www.infineon.com/dgdl/X-GOLD...f0004&fileId=db3a30431ed1d7b2011f5bec418f75e6
.
Qualcomm QSC6085 (65nm,424 CSP, 12x12mm) contain:
a) BP: ARM926EJS @ 192 MHz
b) + QDSP @ 96 MHz (also on BP)
c) Modem: IS-95 A/B, 1X Rel.0, EVDOr0, EVDOrA
d) is apparently also present in the "Verizon Wireless USB760 Modem"
e) Picture: N/A
f) Datasheet: N/A
g) Most likely used in North American (US) phones (CDMA)
*It should be noted that Infineon Technologies (Wireless Division) has been acquired by Intel Mobile Communications, in early 2011.
In fact these two differences just made a whole lot of sense from the available AT command sets. Basically the modem specific AT commands immediately give up the manufacturer of the modem firmware. (Yes, competing OEM developers do work together!) Because the command sets usually consists of 3 types.
The old school "Hayes" AT standard given by ETSI GSM 07.07.
Vendor Proprietary AT commands, specific for each OEM.
Carrier Proprietary AT commands, specific to some service providers. (E.g. AT&T, Sprint, T-mobile, Verizon etc.)
So for our 2 modem cases above we have the obvious Proprietary AT extensions:Qualcomm QSCnnnn: AT$Q<something>
Intel/Infineon XMMnnnn: AT+X<something>which indeed confirms the BP of my SGS2. Obviously there is a far easier way to reach this conclusion...---------------------------------------------------------------
TIPS!
To see what baseband processor you have,
you can enter into ServiceMode and check.
This should always work as many ServiceMode
functions are directly modem dependent.
---------------------------------------------------------------
Why? Because the ServiceMode application
actually reside in the modem firmware!Do this:Dial: *#197328640#
Code:
MAIN MENU:
...
[2] VERSION INFO. -->
[1] SW VERSION -->
[5] READ ALL SW VERSION:
...
======>[COLOR=Red] IFX [/COLOR]SW VER: [COLOR=Red]SP6260[/COLOR]_U1_01.1135
...
This implies the phone is using software for the (Infineon) IFX 6260...But the ServiceMode is just talking to the modem, so you can get the
same information by opening an (external) terminal shell and send
the following ATC:
Code:
[B]AT+XGENDATA[/B]
+XGENDATA: " [COLOR=Red]SP6260[/COLOR]_U1_01.1135_DB110831 2011-Sep-2 18:14:20
PDB_NOT_AVAILABLE
*SP6260_U1_01.1135_DB110831*"
"*"
OK
Here is the FBGA pin-out of that chip:
Fig.4.
A small addendum about the SMARTi UE2 chip
The BP is communicating with the RF-tranceiver chip called SMARTi UE2
(labelled "5712"), using a communication interface that corresponds to
the (MIPI) DigRF 3G (V.3.09) standard. Through this protocol the BP
(or other device) can also control some aspects of the RF to some
minor extent. But without the proper specifications of the 5712, it
may also contain other interfaces...
The DigRF connections:
Fig.5.
The SMARTi UE2 chip:
Fig.6.
Here are more link for the interested reader:
General DigRF info:
http://www.mipi.org/specifications/digrfsm-specifications
http://www.mipi.org/sites/default/files/Specification Overview final.pdf
http://electronicdesign.com/article/test-and-measurement/digrf-faqs19953.aspx
The DigRF protocol details:
http://www.siliconreleasesolutions.com/pdf/DigRF-TMWorld0509-FINAL.pdf
http://www.docstoc.com/docs/53386199/DigRF-BASEBAND-RF-DIGITAL-INTERFACE-SPECIFICATION
Complete AT command list for Samsung Galaxy S2 (GB 2.3.4, KI4)
These were obtained by sending the "list all available AT commands" request: AT+CLAC .
Their functions have been collected from many different sources, none of which originates
from Samsung. Thus many ATC's are marked with one or more "?" to signify the uncertainty.
The standard AT set as shown in the OP, I have not bothered to describe here.
Code:
ATA - Answer
ATD - Dial ...
ATE - Enable command echo (0=disable, 1=enable)
ATH - ??? Hangup/Hook
ATO ?? - Return to Online Data Mode
ATQ - Result code supression
ATS - Command line termination? S[3,4,5]
ATV - Command response format (0=Numerical, 1=Verbose)
ATX - Result code format for CONNECT Mfg!
ATZ - Reset Modem (...)
ATl -
ATm -
AT&C ? - (Received line signal detector) Behaviour
AT&D ? - (Data terminal ready) Behaviour
AT&F ? - Restore Factory Default Configuration
AT\Q ? - Local flow control selection
AT+CACM
AT+CAMM
AT+CAOC
AT+CBC
AT+CBST
AT+CCFC
AT+CCHC
AT+CCHO - Open Logical Channel
AT+CCID - SIM Serial Number
AT+CCLK - Realtime clock
AT+CCUG
AT+CCWA
AT+CCWE
AT+CEER
AT+CFUN * ? This command selects the level of functionality <fun> in the MS. Only some values of<fun> are allowed (see Defined values).
AT+CGACT -
AT+CGATT -
AT+CGAUTO -
AT+CGCLASS -
AT+CGCMOD -
AT+CGDATA -
AT+CGDCONT -
AT+CGDSCONT -
AT+CGEQMIN -
AT+CGEQNEG -
AT+CGEQREQ -
AT+CGEREP * - Packet Domain event reporting
AT+CGLA E - Generic UICC Logical Channel access
AT+CGMI - Request manufacturer identification
AT+CGMM - Request model identification
AT+CGMR - Request revision identification
AT+CGPADDR -
AT+CGQMIN -
AT+CGQREQ -
AT+CGREG * - GPRS network registration status AT+CGREG=2;+CGREG?
AT+CGSMS -
AT+CGSN * - Request product serial number identification (IMEI)
AT+CGTFT
AT+CHLD
AT+CHUP - Hangup call
AT+CIMI * - Request international mobile subscriber identity (IMSI)
AT+CLAC - List all available AT commands
AT+CLAN
AT+CLCC
AT+CLCK
AT+CLIP
AT+CLIR
AT+CMEE - Report mobile termination error (+CME) verbosity mode (0,1,2)
AT+CMGC
AT+CMGD
AT+CMGF
AT+CMGL
AT+CMGR
AT+CMGS
AT+CMGW
AT+CMMS
AT+CMOD
AT+CMSS
AT+CMUX - Set multiplexing protocol control channel mode(s)
AT+CNAP
AT+CNMA
AT+CNMI * - This command selects the procedure, how receiving of new SMS from network is indicated to the TE
AT+CNUM
AT+COLP
AT+COLR
AT+CONNECTPORT
AT+COPN
AT+COPS -
AT+CPAS
AT+CPIN
AT+CPIN2
AT+CPLS
AT+CPMS
AT+CPOL
AT+CPUC
AT+CPWD
AT+CPWROFF
AT+CR
AT+CRC
AT+CREG
AT+CRES
AT+CRLA ? - Restricted UICC Logical Channel access
AT+CRLP * - Radio link protocol
AT+CRSM
AT+CSAS
AT+CSCA
AT+CSCB
AT+CSCS
AT+CSDH
AT+CSIM
AT+CSMP
AT+CSMS
AT+CSQ - Signal Quality
AT+CSSN
AT+CSTA
AT+CSVM
AT+CTFR
AT+CTZR
AT+CTZU
AT+CUAD - UICC Application Discovery
AT+CUSD
AT+CVHU
AT+FCLASS - Select mode: put TA into mode: (data, fax, voice etc.)
AT+IPR - This command specifies the data rate at which the DCE will accept commands. The full range of data rate values may be reduced dependent on HW or other criteria.
AT+NEER
AT+TRACE * ? (see: +XSIO) This command controls the trace; it allows selecting the trace mode, method and the trace data transfer rate.
AT+VTD
AT+VTS
AT+XAACOPS ?
AT+XAPP * ! - Known buffer overflow in Iphone 4S (unsigned code execution): Probably used to send executable code (application) to BB!
AT+XBANDSEL ? This command allows to switch from automatic band selection to selection of one or more (up to four) bands.
AT+XCALLSTAT * ? Set reporting call status: This command allows enabling / disabling the reporting voice call status on DTE using an unsolicited result code +XCALLSTAT: <call_id><stat>.
AT+XCEER ?
AT+XCGCLASS ?? Changing the startup MS Mobile class ("B", "CC")
AT+XCONFIG + ?? This command allows the configuration of DLCs (Data Logical Channels). (see +XMUX)
AT+XCOPS ? Display of the most adapted name of the network.The command parameter <type> allows requesting the name type which shall be displayed.
AT+XCSP ? This command reads the customer service profile (CSP) from the SIM. The CSP indicates the services that are user accessible.
AT+XCSPAGING ? This command allows enable/disable the circuit switching paging. The command has an effect only when used before +COPS or +CGATT.
AT+XCSSMS ? Initiate Resending of SMS over CS if GPRS Fails
AT+XCTMS ? This command allows to set the TTY/CTM behavior. The selected setting is stored also in NVRAM and remains valid also after switch off the mobile
AT+XDATACHANNEL ? This command configures the channel over which CSD or GPRS data shall be routed.
AT+XDLCTEST ?
AT+XDNS ? This command enables / disables a dynamic DNS (Domain Name Service) request before context activation.
AT+XDTMF ? This command allows setting the value of SEND DTMF user setting that controls whether the DTMF tone generation on request from SIM-TK is allowed.
AT+XEER ?
AT+XEONS ? displays the list of available networks with details like long operator name, short operator name, MCC/MNC, Long EONS name, Short EONS name for each PLMN.
AT+XFDOR ? Trigger Fast Dormancy
AT+XFDORT ? Set Fast Dormancy Timer
AT+XGAUTH ? This proprietary command allows to enter the type of authentication for a user-name (using a password) for the specified PDP context
AT+XGENDATA ? This command requests the software version and generation data.
AT+XHOMEZR ? This Set command enables and disables the home zone change event reporting. If the reporting is enabled; the MT returns the unsolicited result code +XHOMEZR: <label> whenever the home zone is changed.
AT+XHSDUPA ? This command configures the mode of HSDPA and HSUPA (by changing the appropriate dynamic NVRAM parameter)
AT+XL1SET ? Call the L1-specific function
AT+XLEMA ??? Emergency number list (Ofono)
AT+XLIN ? This command sets the current line.
AT+XLOG * ! - Known buffer overflow in Iphone 4S (unsigned code execution) ? This command allows displaying the exceptions stored in NVRAM on DTE. The MS-error LOG is contained in a response code formatted as +XLOG: <num>,<code>,<file>,<line>,<count> or an other appropriate format as specified below.
AT+XMER ? Enables or disables sending of unsolicited result codes from the MS to the DTE when the battery charge level or the radio signal level crosses a defined threshold.
AT+XMUX + ? Multiplexing mode: This command configures the GSM 07.10 multiplexing protocol.
AT+XNOTIFYDUNSTATUS ??? (LG) This command is used to notify DNS setting status
AT+XNVMMCC ?
AT+XNVMPLMN ?
AT+XPINCNT - This command reads the remaining attempts for SIM PIN, SIM PIN2, SIM PUK and SIM PUK2.
AT+XPOW ? This command sets the powersaving-mode.
AT+XPROGRESS ? This command allows enabling / disabling the display of an unsolicited result code + XPROGRESS: <cin> (call number indication), <status> on DTE while a call is in progress.
AT+XRAT ? This command forces the selection of the Radio Access Technology (RAT) in the protocol stack.
AT+XREDIAL ? Enabling of automatic redialing if the called party was busy.
AT+XREG ! ? Involved in the iPhone unlock hacks...
AT+XRXDIV * ? This command is used to allow external control of the Rx Diversity feature during runtime.
AT+XSETCAUSE ?
AT+XSIMSTATE ? Display SIM and Phonelock Status (write at+xsimstate=1 to turn on, at+xsimstate=0 to turn off)
AT+XSIO * ? This command allows the configuration of the modem-interface (AT), trace-interface, IrDA interface and MUX-interface by setting the variant number.
AT+XSMS ? Detection of Signal DR_SM_FINISHED_IND
AT+XSVM ? This command allows to set the voice mail server number.
AT+XSYSTRACE ?
AT+XTESM ?
AT+XTRACECONFIG ?
AT+XUBANDSEL ?
AT+XUICC - Checks for UICC Card, whether the current SIM is a 2G or 3G sim.
AT+XVTS -
As you can see there are quite a few OEM commands here, whose functions I have not been able to
figure out yet. Please post if you know anything or have any documentation on these. They all
start with: AT+X<something>. There are also others that, that are not documented at all, AFAIK.
[2012-02-05]
On this list, the most interesting ATC's for our purposes are AT+XSIO and AT+XTRACE as described here:
Code:
[B]AT+XSIO[/B] This command allows the configuration of the modem-interface (AT),
trace-interface, IrDA interface and MUX-interface by setting the
variant number.
• Set command allows the configuration of the modem-interface (AT), trace-interface, IrDA interface and
MUX-interface by setting the variant number. The set variant number becomes active only after a reset
• Read command allows seeing which is the current variant and which is the requested variant. A star marks
the active variant.
• Test command returns the possible and customizable variants.
Defined values:
<requested> requested variant, which may be in range 0-255
<active> currently active variant, which may be in range 0-255
<AT-interface> NULL, UART0, …, UARTn
<Trace> NULL, UART0, …, UARTn
<MUX> 1-x
<IrDA> NULL, UART0, …, UARTn
Example:
[B]AT+XSIO=?[/B]
+XSIO: [SP62XX_es1] Variant=0: AT= USART2 USB[03]; BB-Trace= USB1; 3G-Trace= USB2; OCT= USB6;
+XSIO: Variant=1 : AT= USART2 USB[03]; BB-Trace= TADO0; 3G-Trace= TADO1; OCT= USB1;
+XSIO: Variant=2 : AT= USART2 USB[01]; BB-Trace= BG0; 3G-Trace= BG1;
+XSIO: Variant=3 : AT= USB[01]; BB-Trace= USART2; 3G-Trace= USIF5; OCT= USB6;
+XSIO: Variant=4 : AT= USART2 USB[01]; BB-Trace=/bbt/0; 3G-Trace=/3gt/0;
[B]AT+XSIO? [/B]
+XSIO: 0, *0
-------------------------------------------------------------------------------
[B]AT+TRACE[/B] This command controls the trace; it allows selecting the trace mode,
method and the trace data transfer rate.
• Set command switches the trace on or off. It allows the trace mode, method and the trace data transfer rate.
• Read command allows seeing the current set mode value along with the speed, i.e. data transfer rate. It also
allows knowing which traceable unit is on or off.
• Test command returns all the possible values of mode, data transfer rate, traceable unit, their mode and
power saving countdown.
Command Syntax:
AT+TRACE=[<mode>],[<speed>],[<unit>=<umode>],[<method>],[PowerSavingCountdown]
Defined Valuse:
<mode> may be
0 switch trace off
1 switch trace on (all kinds of traces are switched on)
128 This value can not be entered, it is only displayed via read
syntax if trace configuration is done by unitdefinitions
the last time. See <umode> & <unit> for trace configuration;
<unit>=<umode>
<unit> indicates a traceable unit as follows:
St stack
Pf printf
Bt Bluetooth
Ap apoxi
Db debug
Lt LLT (Low Level Trace)
Li LwIP (Lightweight TCP/IP Stack)
Ga GATE (3rd Party Software Decoding with a Windows DLL)
<umode> defines whether the unit related trace is on or off and can have the values:
0 unit-trace off
1 unit-trace on
<method> sting type indicating the trace method with possible values:
"BTM" byte stuffing trace method
"EBTM" extended byte stuffing trace method
<PowerSavingCountdown>
Integer value indicating the power saving countdown
value in units of milliseconds. The maximum valid value is
30000.
Example:
[B]AT+TRACE? [/B]
+TRACE: 1,921600,"ap=1;st=1;db=1;pr=1;bt=1,lt=1;li=1;ga=1;ae=1","DTM",0
[2012-02-14]
Additional hidden AT commands on the SGS-2
Runing strings on the stock /system/bin/drexe , you will find the following AT commands embedded.
These are probably not directly supported by Modem, but rather interpreted by drexe, as
they're not present in the +CLAC list. In addition, some of them just don't work and maybe only
provided for backward compatibility for other devices and modems.
Code:
AT+APPLIST
AT+AUTHKEY=
AT+BATGETLEVEL?
AT+CERTKEY
AT+CGMM
AT+CGSN
AT+CGTEMR=NewPCStudio
AT+DEVAUTH
AT+DEVCONINFO
AT+DISSTRNO=
AT+FOTALOC?
AT+FOTAREADY?
AT+FOTASTART
AT+FUS?
AT+GMM
AT+GSN
AT+HIDSWVER
AT+IMEINUM
AT+PASSWORDINPUT
AT+PRODUCTCODE
AT+PROF=
AT+SECUKEY
AT+SUDDLMOD=
AT+SUPPORTFUS
AT+SWVER
AT+SYNCML=MOBEXSTART
AT+SYNCML=MOBEXSTOP
[2012-02-09]
Very good to read, thanks for linking me that.
But just to correct - AT is abit deprecated interface in SGS, SGS2 and similiar models. It can be used to control modem directly from PC (not sure if PC is really directly talking to modem or to part of Android's HALs, which is then talking to modem, for eg. USB-UART multiplexer in I9000 and S8500/S8530 is capable to switch phone MicroUSB port between AP USB/UART and CP USB/UART.
The main controlling interface used in above models is RPC through oneDRAM shared-memory area. You can find devices like "dpram", "onedram", "modemctl" in kernel - these are critical for proper working of modem. Even if RIL is using AT commands, it does send them through RPC.
AP-CP UART connection seems to be used only for early booting stage (at least in I9000 and S8500, haven't analysed I9100 but guess that's similiar)
Ad1. There may be no real ability to communicate with modem directly on SGS2 and AT responses you are getting may be from Android, working on AP only, not AMSS (Advanced Mobile Subscriber Software - RTOS working on Qualcomm's CP)
Ad4. These datasheets are most guarded secrets of manufacturers. Only single, incomplete manuals leak from Qualcomm, not really useful. Also AP-CP RPC protocol is proprietary of Samsung, they got AMSS sources from Qualcomm and they are adding their own drivers there.
Oh yes, I gave Qualcomm as example, but is CP in SGS2 Qualcomm? It wasn't QC product on SGS1 but tbh it is also very closed source.
While AP-CP low level protocol is opensource (you can find it in dpram/onedram/modemctl drivers in kernel), higher level of that layer - compiled into sec-RIL, is not.
AP-CP protocol is different between I9000 and S8500 (general concept remains the same, just it has been rewriten so packet types and structures are different), but if you are interested - we're creating opensource RIL for S8000/S8500/S8530/S8600 device series, supposed to work with Android ports for them - http://code.google.com/p/bada-modemril/ (branch experimental-MochaIPC)
As I understand, SGS2 use intel's xmm6260 platform, which might also contain it's own interface/firmware etc.
As long as the modem works well, there is little need to dig into the details of how ril communicate with modem, but when the modem does not work as it should (In my case it refused to register on only one specific mobile operator), an AT command which can do a factory reset of the modem might be helpful
EDIT: 2012-02-01
Rebellos said:
... not sure if PC is really directly talking to modem or to part of Android's HALs, which is then talking to modem, for eg. USB-UART multiplexer in I9000 and S8500/S8530 is capable to switch phone MicroUSB port between AP USB/UART and CP USB/UART.
Click to expand...
Click to collapse
Hi, thanks for deep insight! I had to read your post 5+ times to take it all in.
That the AT is deprecated is no secret, but the fact (at least according to some firmware specialists) is that it will still be a while before the OEM's can get rid of the (AT) dependence of their secret and crappy proprietary firmware, that often need to be backward compatible...
Regarding whether I'm talking to AP or CP. You are probably correct that I am talking to AP through HAL. At least from SGS2 block diagram, UART-3 is in the AP, but connected to a level-shifter in the PMIC (still on the same SoC), which is in turn connected to the BP UART-X. (I don't have a clue why this is done so.) So in any case it seem that the AT's are reaching their destination, through some abstraction layer, which may explain why I can only talk ATC's from Samsung Drivers and not from a local (phone) terminal shells.
The question is, what happens if we try to use the Bada trick, to go into ServiceMode (SM) and enable the corresponding BP access? But the SM is different on SGS and that option is not clearly available. However, there is:
Code:
MAIN MENU --> COMMON --> DIAG CONFIG
[1] LOG VIA USB *
[2] LOG VIA UART
[3] LOG VIA IPC
[4] SPEED 115200
[5] SPEED 921600 *
[6] DBG MSG OFF (toggle)
[7] RAMDUMP OFF (toggle)
[8] DUMP ALL TRACE
But these do not seem related to AP/BP connections...[EDIT]
I found it! The selection of AP/BP connection behavior
when connecting your phone as a USB client, to a PC
host, can be manually set in the PhoneUtil (PU) menu.
This sets the behavior of your phone when connecting it
to a PC, so that you can select whether you like it to act
as a Modem or PDA, on the USB and/or UART port.
The PU menu is different from the ServiceMode menu.
Dial: *#7284#
Code:
UART:
[[B]o[/B]] MODEM[B]*[/B]
[ ] PDA
USB:
[ ] MODEM
[[B]o[/B]] PDA[B]*[/B]
* is default SGS2 setting.
However, after making the change to use USB in MODEM mode,
my host is asking for new drivers, which I cannot find... Now, if the modem controlling interface is using RPC, how is this reflected at the OS level? Still, any Linux based kernel is device based, so there have to be a way to talk to that device. (I have no idea how to work with RPC's...)
There may be no real ability to communicate with modem directly on SGS2 and AT responses you are getting may be from Android, working on AP only, not AMSS (Advanced Mobile Subscriber Software - RTOS working on Qualcomm's CP)
Click to expand...
Click to collapse
A: There is no AMSS, since we are not using a Qualcomm BP in this device...
... Only single, incomplete manuals leak from Qualcomm, not really useful. Also AP-CP RPC protocol is proprietary of Samsung, they got AMSS sources from Qualcomm and they are adding their own drivers there.
Click to expand...
Click to collapse
A: Agree, but HW hackers are often too much concerned with getting the exact datasheets. Rather try to get an old/similar one that is available... The old device drivers probably have not changed THAT much, but at least it would be a start.
While AP-CP low level protocol is opensource (you can find it in dpram/onedram/modemctl drivers in kernel), higher level of that layer - compiled into sec-RIL, is not.
Click to expand...
Click to collapse
Can you be more specific? (I'm starting to get lost here somewhere...)
AP-CP protocol is different between I9000 and S8500 (general concept remains the same, just it has been rewriten so packet types and structures are different), but if you are interested - we're creating opensource RIL for S8000/S8500/S8530/S8600 device series, supposed to work with Android ports for them - http://code.google.com/p/bada-modemril/ (branch experimental-MochaIPC)
Click to expand...
Click to collapse
Yes, I am. How/where can I find what these differences are?
PS. Regarding the BP on the SGS2, see my 2nd post...
E:V:A said:
A: There is no AMSS, since we are not using a Qualcomm BP in this device...
Click to expand...
Click to collapse
Doesn't matter that much at all, it's likely almost the same stuff.
E:V:A said:
Can you be more specific? (I'm starting to get lost here somewhere...)
Yes, I am. How/where can I find what these differences are?
Click to expand...
Click to collapse
Not hard to get lost, it took me literally few months to understand all these things. Sources are very messy - pay attention to Makefiles, some of drivers aren't even compiled in.
I9000 GB driver (it was reorganised, comparing to Froyo)
https://github.com/project-voodoo/l...erbread-samsung/drivers/misc/samsung_modemctl
I9100 driver is in I9100 kernel sources in /drivers/svnet/ and /drivers/dpram/ (maybe also somewhere else, couldn't find direct link)
You can find my implementation of SHP OneDram frames-protocol there, based on I9000 GB driver - http://code.google.com/p/bada-modemctl/ (it isn't working yet - noone tested it)
As you can see - it's only lowlevel interface of sending frames and few parsers.
Real parsers and senders of frames are in libsec-ril.so library of platform - you can open it with IDA (I suggest 6.0+, it does deal with GOT of linux DLLs much better than previous versions) and find booting modem, installing callbacks inside of dpram/modemctl, parsing and sending packets and so on. Have fun.
I have to say I'm pretty lost on the topic already. I've read about such stuff at the replicant project a while ago. Maybe you find some useful information there.
replicant.us (can't link yet)
Looks to me like they have free ril implementations for dream, n1 and nexus S.
XdxH62 said:
I have to say I'm pretty lost on the topic already. I've read about such stuff at the replicant project a while ago. Maybe you find some useful information there.
Click to expand...
Click to collapse
Copy that! I don't even know where to begin...
But I have collected (thanks to you guys) the following very interesting links:
Available Source Code:
XGOLD-RIL (Omapzoom):
http://dev.omapzoom.org/?p=modem-int/xgold-ril.git;a=tree
Voodoo SGS-1 GB modem:
https://github.com/project-voodoo/l...ung/drivers/misc/samsung_modemctl/modem_ctl.c
https://github.com/project-voodoo/l...erbread-samsung/drivers/misc/samsung_modemctl
General...
https://github.com/GalaxySII/samsung-kernel-galaxysii
bada-modemril: Android RIL library for communication with baseband processor using Samsung OneDram.
https://code.google.com/p/bada-modemril/
bada-modemctl: Android kernel driver for communication with baseband processor using Samsung OneDram.
http://code.google.com/p/bada-modemctl/
Samsung H1 / Nexus S RIL/Modem support:
http://replicant.us/
http://trac.osuosl.org/trac/replicant/wiki
https://gitorious.org/replicant
https://gitorious.org/replicant/samsung-ril
http://github.com/morphis/libsamsung-ipc
http://ftp.osuosl.org/pub/replicant/
Nice!
http://trac.osuosl.org/trac/replicant/wiki/How_to_port_Replicant
https://github.com/morphis/libsamsung-ipc/tree/master/samsung-ipc/device/aries
Unrelated?
Android USB-to-serial: IOIO API
https://github.com/ytai/ioio/wiki
Android App: android-serialport-api
https://code.google.com/p/android-serialport-api/
Great USB GSM/3G stick hacking:
http://blogs.gnome.org/dcbw/category/drivers/
ModemManager Hmm??
https://launchpad.net/modemmanager
http://cgit.freedesktop.org/ModemManager/ModemManager/tree/README
http://cgit.freedesktop.org/ModemManager/ModemManager/tree/libqcdm/src/dm-commands.h
I am the Replicant developer who worked on Nexus S port and also did the work on aries (galaxy s, galaxy tab) devices and wrote a big part of the free RIL.
Replicant is a fully free Android derivate running on some devices (mostly Google phones).
If you have any question regarding samsung modems in Android phones, i'd be happy to answer them!
I'll attach the mail I sent back to E:V:A next
---------- Post added at 08:27 PM ---------- Previous post was at 08:22 PM ----------
Modems on Android devices is a wide domain.
Phones differ on many things, like:
* modem chipset
* modem firmware
* transport modem <-> AP
* modem protocol
* user-space integration (Android RIL)
First thing is the modem chipset. There are quite a few. For instance on
HTC phones, you'll have the ones included in the MSM or QSD SoCs (which
is quite unusual, modems aren't often part of the SoC) IIRC.
On other devices, it'll be a separate chip connected to the SoC via
various transport methods.
I know better the case of recent Samsung phones, like Nexus S, Galaxy S,
Galaxy Tab (first gen), Galaxy S2, etc.
There, you have the modem, usually an intel x-gold 6xx, that is wired to
the SoC. So transport is done via serial line and/or some dedicated RAM
memory (not from the main sticks).
Even though a phone can have the same modem wired (at hardware level)
the same way, the kernel drivers can be different. That's the case of
nexus s and galaxy s. On the first one, modem Rx/Tx with AP is done via
ioctls while on galaxy s it's done via a PHONET network interface
(svnet0). SO it's not (and particularly on Samsung phones) only a serial
interface you can open with screen: you need to understand how it's done
and write dedicated software to reproduce this (cf. the code on
libsamsung-ipc/devices/ that is device-specific).
So once you have transport set up, you need to know about the protocol
the modem speaks. This depends on the firmware the modem is running.
I know that the modem used in Nexus S is also used in some iPhone (4G
IIRC) but it has a different firmware and so speaks a different
protocol. I suspect it to be AT on the iPhone while Nexus S speaks a
samsung-specific modem protocol. They invented that protocol and
rewritten the modem firmware to use it instead of AT or anything else.
This protocol is usually called "Samsung IPC Protocol" and we have a
free implementation of it in libsamsung-ipc and samsung-ril.
On the Nokia N900, transport is also a PHONET socket and the protocol is
neither AT nor Samsung IPC but some protocol made by nokia and
implemented in ofono.
So you have exemples of different transport methods and modem protocols.
I could give you more exemples.
Of course, on Android, you need to have the user-space programs (the RIL
mainly) to match both the transport scheme and the modem protocol to
have anything working.
> Please have a look at our XDA-forum thread:
>
> "How to talk to the Modem with AT commands":
> http://forum.xda-developers.com/showthread.php?t=1471241
Apparently you were able to contact the modem with some AT commands.
Either the modem has an AT mode that can run along with IPC (would
surprise me, but why not), but it may very well be uncompleted and is
anyway not used at all in official binaries, either this is Android
emulating and AT device while sending back stuff from and to the RIL,
either this is not the modem.
Anyway I can tell you for sure that this is absolutely not the way to
talk to the modem properly. The correct way is to use the IPC protocol
and appropriate transport handling (which is way more complex than only
opening a serial line).
I just started the work on galaxy s2, I'll soon have done the transport
layer and we already know the protocol.
PaulKocialkowski said:
..Anyway I can tell you for sure that this is absolutely not the way to
talk to the modem properly. The correct way is to use the IPC protocol
and appropriate transport handling (which is way more complex than only
opening a serial line).
I just started the work on galaxy s2, I'll soon have done the transport
layer and we already know the protocol.
Click to expand...
Click to collapse
So no way to talk with the modem in Nexus S? Also if I use the REPLICANT rom?
Thanks.
alextreme said:
So no way to talk with the modem in Nexus S? Also if I use the REPLICANT rom?
Thanks.
Click to expand...
Click to collapse
Oh Nexus S status is very good (actually the best). That's the device we initally created libsamsung-ipc for (before, it was for samsung H1 and wasn't called libsamsung-ipc).
State of the modem using libsamsung-ipc and samsung-ril is at: redmine.replicant.us/projects/replicant/wiki/SamsungModems
basically, we have calls, sms, network registration and much more. Data is working but it's unclean on the code and needs more work. Note that I'm the only active dev on samsung-ril, and we're 2 on libsamsung-ipc. I'm also the one who added support for galaxy s and galaxy tab devices.
So in Nexus S, you can talk with the modem very easily, using libsamsung-ipc (which is a lib, so you need to use a binary, like modemctrl that comes with libsamsung-ipc).
Also, note that the SHR GNU/Linux distribution supports Nexus S as well and uses libsamung-ipc.
PaulKocialkowski said:
I am the Replicant developer who worked on Nexus S port and also did the work on aries (galaxy s, galaxy tab) devices and wrote a big part of the free RIL. ... I just started the work on galaxy s2, I'll soon have done the transport layer and we already know the protocol.
Click to expand...
Click to collapse
Hi Paul!
Thank you very much for your important contribution,
which really helped sort out, clarify and confirm many things!
I have just prepared a long response, but while writing it, more
fog has cleared and I will just go straight to my questions.
The rest (which is now less relevant) will be posted later as
a reference to others following this thread.
So my Questions to you at this point are:
Given the above pictures of the various abstraction layers,
how/where does the PHONET network interface fit in?
.
How does the "Samsung IPC Protocol" fit into this picture, regarding the translation and transmission of external terminal AT commands and their interpretation. [Perhaps you have link to a good/easy explanation of this protcol?]
.
How could we use this, to send ATC's from a local terminal?
I guess the ultimate reason for wanting to do this, is to be able to get closer to the radio-interface-layer, and thus be able to get access to those radio parameters, not normally available to applications via the limited Java API.
.
Alternatively, how would you propose a better way to obtain the various low-level modem variables such as the ones shown here? (Freesmartphone.org)
.
From the (poor) OMAPedia RIL-layer picture and the GT-I9100 block-diagram, it seem that there might perhaps be other channels available to communicate with the BP/Modem. (I.e. Through the UART, GPIO, McSPI?) Any ideas on how/if this could be done?
.
How could we build our own RIL(s) with minimal effort and test it?
.
For example, here is a copy of this, which is an example how to build Replicant RIL and then replace the local rild from command line to test with. Would be great to be able to do the same on the SGS2...without having to flash new ROMs.
.
How does the Replicant "libsamsung-ipc" differ from that used in the "Project-Vodoo: samsung_modemctl" ?
That was a bunch...
However, I would be happy to help contribute to Replicant if possible,
although you should keep in mind that I am not a professional
programmer in any way.
Here is the direct link to Replicant's Samsung RIL status page:
http://redmine.replicant.us/projects/replicant/wiki/SamsungModems
Recap of recent results
After the last post by Paul, things have become more clear. The following are the results I got up until then.
On the first one [Nexus S], modem Rx/Tx with AP is done via
ioctls while on Galaxy S it's done via a PHONET network interface
(svnet0). SO it's not (and particularly on Samsung phones) only a serial
interface you can open with screen: you need to understand how it's done
and write dedicated software to reproduce this...
Click to expand...
Click to collapse
The problem is to understand why I can communicate with ATC's from
outside (USB connected) terminal, but not from a local (on phone)
terminal, like for example /dev/ttyGS0. At this point I do understand that
the "SAMSUNG Mobile USB Modem" interface, together with ADB drivers,
provides some kind of (USB to HCI-socket to Modem) protocol converter,
and probably speaks directly to RIL and not the CP or Modem. We now
know that this is the Proprietary protocol called "Samsung IPC Protocol".
But if this is the case I thought I should still be able to find (and intercept)
whatever internal sockets or protocols used, to be able to establish and
send ATC's to the modem. But so far I have only been able to do the
following.
The setup:
Code:
[MY-PC] [RealTerm] <-- USB-cable --> [I9100]
Sending ATC's here is working as expected. I then tried to find the
devices/sockets/processes that handle this communication, and suddenly
I found myself in very murky waters. Trying to connect to the various local
devices on the phone, and not to sockets, as I do not know how to do that.
I had partial success, when I earlier tracked down /dev/ttyGS0 as having
something to do with the DataRouter. As I used nc to connect to
the ttyGS0 device during a RealTerm session, like this:
# nc -f /dev/ttyGS0
I could send characters to
RealTerm side, but the Modem never got anything. And when I typed on
RealTerm, only a few characters appeared on ttyGS0, but the modem did
respond normally. So I concluded that /dev/ttyGS0 is somehow used for
receiving modem responses, while some other protocol or device is used
for transmitting to modem. (This is now confirmed by the previous posts!)
How did I do this?
Unlike on other/older Android phones, the ATC's are not shown in logcat
under the tag "D/AT" but rather under "E/DataRouter"! So open another
window (adb shell) session and run: # logcat DataRouter:E *:S
Then open your (PC) terminal and send a few ATC's.
When sending an "AT"command, they will appear as:
Code:
E/DataRouter( 2585): After the usb select
E/DataRouter( 2585): Before checking the modem suspend state
E/DataRouter( 2585): PDP is resumed now
E/DataRouter( 2585): After checking the modem suspend state
E/DataRouter( 2585): Path set is [B][COLOR=Black]DATA_PATH_CHAR_MODEM[/COLOR][/B]
E/DataRouter( 2585): Send [1] bytes to SMD. message:A
E/DataRouter( 2585): Sending data to SMD: Len = [1]
E/DataRouter( 2585): buffer = [A]
E/DataRouter( 2585): Wrote 1 chars to EXTERNAL PORT [B][COLOR=Red]fd=17 ch = 41[/COLOR][/B]
E/DataRouter( 2585): Before the usb select
E/DataRouter( 2585): After the Modem Read select
E/DataRouter( 2585): Read 1 chars from SMD Modem file fd = 17
E/DataRouter( 2585): buf = A
E/DataRouter( 2585): Wrote 1 chars to USB PORT fd=29
E/DataRouter( 2585): buf=A
E/DataRouter( 2585): Before the Modem Read select
E/DataRouter( 2585): After the usb select
E/DataRouter( 2585): Before checking the modem suspend state
E/DataRouter( 2585): PDP is resumed now
E/DataRouter( 2585): After checking the modem suspend state
E/DataRouter( 2585): Path set is DATA_PATH_CHAR_MODEM
E/DataRouter( 2585): Send [1] bytes to SMD. message:T
E/DataRouter( 2585): Sending data to SMD: Len = [1]
E/DataRouter( 2585): buffer = [T]
But I didn't know exactly what to make from this, for example;
a) What is the "ch = 41" specification? It is just the ASCII of an "A" sent to
a device/file called 17. But when writing, it is called "EXTERNAL PORT"
while on reading, it's from "SMD Modem file"...
b) What is the DATA_PATH_CHAR_MODEM variable? I cannot find any
reference to this anywhere! I then found the devices and sockets by
identifying the file handles (fd) in the (datarouter) process directory:
Code:
[B]# busybox ls -al --color=never /proc/2585/fd[/B]
fd=17 --> socket:[1904]
fd=29 --> /dev/ttyGS0
NOTE: I prefer to always use the busybox binaries, as I no longer trust
the Samsung ones to give the complete/proper information...
Given the more recent information from previous posts, I decided to look for svnet.
Code:
[B]# find / -iname "*svnet*"[/B]
/proc/sys/net/ipv4/neigh/svnet0
/proc/sys/net/ipv4/conf/svnet0
/proc/sys/net/ipv6/neigh/svnet0
/proc/sys/net/ipv6/conf/svnet0
...
/proc/[B][COLOR=SeaGreen]<process-id>[/COLOR][/B]/net/dev_snmp6/svnet0
...
/sys/devices/virtual/net/svnet0
/sys/bus/usb/drivers/cdc_svnet
/sys/class/net/svnet0
[B]
# ls -l /sys/devices/virtual/net[/B]
drwxr-xr-x root root 2012-02-03 05:56 lo
drwxr-xr-x root root 2012-02-02 12:34 svnet0
drwxr-xr-x root root 2012-02-02 12:34 sit0
drwxr-xr-x root root 2012-02-02 17:21 pdp0
These are all interesting and relevant , but I have no idea what
they all do... But /sys/bus/usb/drivers/cdc_svnet are all linked to
the HCI-USB devices under: /sys/devices/platform/s5p-ehci/usb1/1-2
and contain 4 of each of:
- "CDC Communication Interface"
- "CDC Data Interface"
PaulKocialkowski said:
Oh Nexus S status is very good (actually the best). That's the device we initally created libsamsung-ipc for (before, it was for samsung H1 and wasn't called libsamsung-ipc).
State of the modem using libsamsung-ipc and samsung-ril is at: redmine.replicant.us/projects/replicant/wiki/SamsungModems
basically, we have calls, sms, network registration and much more. Data is working but it's unclean on the code and needs more work. Note that I'm the only active dev on samsung-ril, and we're 2 on libsamsung-ipc. I'm also the one who added support for galaxy s and galaxy tab devices.
So in Nexus S, you can talk with the modem very easily, using libsamsung-ipc (which is a lib, so you need to use a binary, like modemctrl that comes with libsamsung-ipc).
Also, note that the SHR GNU/Linux distribution supports Nexus S as well and uses libsamung-ipc.
Click to expand...
Click to collapse
Okay but I would like to send AT Commands from Android terminal to the modem or from an APP in Android. Can I find using REPLICANT ROM the folder /dev/smd0?
I found this an interesting read. http://download.maritex.com.pl/pdfs/wi/GSM-TM2.pdf It has a lot of information in it.
AdamOutler said:
I found this an interesting read. ... It has a lot of information in it.
Click to expand...
Click to collapse
Sorry, but I just can't see how it is relevant. Did I miss something? It's just another GSM module without HW specs as usual... Thanks anyway.
E:V:A said:
Sorry, but I just can't see how it is relevant. Did I miss something? It's just another GSM module without HW specs as usual... Thanks anyway.
Click to expand...
Click to collapse
It has AT command descriptions which may assist in adding more descriptions to the first page. I noticed alot of yours were incomplete, so I posted that.
AdamOutler said:
It has AT command descriptions which may assist in adding more descriptions to the first page. I noticed alot of yours were incomplete, so I posted that.
Click to expand...
Click to collapse
Ahh, yes. I was just updating the AT+Xzzzz sets form various sources. (The best one by far was the Google available: "AMOD HSPA Modules_AT_Command Specification".) I had to move the list to post #3. Now there are only a very few missing. The others I did not bother to re-explain/merge with the already known and "standard" ones...
There are a lot of implementations of the AT set. There are official documents with all the standard commands. Take a look at wiki.openmoko.org page: Hardware:AT_Commands (links to ETSI and 3GPP documents).
---------- Post added at 09:15 PM ---------- Previous post was at 08:41 PM ----------
IIRC, there is an UART debug line that can be used to talk to the modem directly. On Nexus S, the ttyFIQ0 node was related to UART. Maybe you can route the modem to ttyFIQ0 by dealing with /sys/class/sec/uart_switch/UART_SEL/value
Important fact: note this on Galaxy S2 init.rc:
chown radio system /sys/class/sec/uart_switch/UART_SEL/value
Really try to look at that sys node and you'll perhaps succeed to get it (modem UART line) routed on ttyFIQ0 on the device.
Also, look at the FSA something component in the kernel sources: it's highly related to the UART line. It was FSA9480 on Nexus S. Look at NexusSBootloader#Serial-Console on Replicant Redmine wiki to see how we used it.
I seriously doubt there is any kind of protocol converter that converts Samsung IPC data to AT commands on this line. In my opinion the line you get is most probably the modem debug UART line.
It looks like this:
Modem <-> UART line <-> FSA9480 <-> USB <-> Host PC
|<-> kernel driver <-> RIL <-> Android framework
And the idea would be to redirect the modem uart line to ttyFIQ0. I don't know if you have to do the routing via the FSA component. I know someone who perhaps knows better about that.
---------- Post added at 09:21 PM ---------- Previous post was at 09:15 PM ----------
The logs with DataRouter are really interesting. These are not part of the RIL (I checked with strings) but there is definitely something *software* between the modem and your terminal on PC.
Hi everyone,
I am writing this post because I need help for clarifying some aspects of the radio interface layer.
I know that the two main components of the RIL stack are RILD (which interfaces the Java part with the low-level hardware) and vendor-RIL (which interfaces RILD with the modem). Both of them have loops that are used to capture and analyze new commands of events coming from other layers. These loops are the rild event loop, which handles requests from upper and lower layers of Android, and vendor reader loop, which handles the commands from and to the modem. However, I am not 100% sure whether these loops are polling based (i.e., looping all the time even when there are no new data to process) or they are triggered only when a new data or command is received (i.e., interrupt based). At first I thought that it is polling based because of the "loop until 2012 (the end of the world)" in slide number 12 in the presentation "Android RIL - Radio Interface Layer" available here : http://www.slideshare.net/leafjohn/ril-and-android-telephony?related=1 . I also think that the maintenance of the IPC socket of communication between RILD and RILJ (the java part of the RIL stack) to allow RILD and RILJ to exchange communications and data is polling based (it loops even when there is nothing to process).
In summary, I would really like your opinion to clarify the following questions:
1) Is the exchange of data between the baseband processor and the application processor interrupt based or polling based?
In practice, is the application processor polling regularly the port of communication with the baseband to check for the presence of new commands from the baseband, or the application processor is woken up by some sort of interrupt generated by the baseband processor as soon as the baseband has to communicate some new commands?
2) how the vendor reader loop detects the presence of a new unsolicited command? Is the vendor reader loop running even when there are no new commands or it is started only in the presence of a new unsolicited command?
In the case in which the reader loop is started only when a new unsolicited command is detected, what component or process starts this vendor reader loop?
3) is the rild event loop running all the time to check whether some events have been detected by the vendor RIL or it runs only when the vendor RIL adds a new event in the event queue of RILD?
In the case in which the event loop is started only when a new event has been added to the event queue, what component or process starts this event loop?
4) How RILD maintains the communication sockets with the java part of the RIL stack (RILJ)? Are they opened only when there are new data to exchange or they are maintained open all the time?
Thanks I a lot for any information and help you can give me. I really appreciate it.
Hello Friends~!
I have built information trees, to teach you about these tools. I was originally going to package them all together, but in my efforts of doing so I realize that the process was getting too convoluted, when there is already an excellent "package manager" called Chocolatey that will allow us to Download all These and more, with "wrapped" permissions, meaning you don't have to go into settings, and program environment variables for Every Single Program you want to install. I will make a separate thread on Chocolatey and explain better what it is, and how to use it
READ THE WARNING IN THE THREAD BELOW BEFORE DOWNLOADING OPENSSL
TOOLS FOR ENCRYPTION AND BUILDING APPLICATIONS, SOURCES
Spoiler: OPENSSL
Please read the WARNING on this Thread about CRYPTOGRAPHY before downloading...
Spoiler: THREAD
How to Make and Sign a Driver and Certificate: Intro To Encryption
========================================= HOW TO MAKE AND SIGN, A DRIVER AND CERTIFICATE: INTRO TO ENCRYPTION~! ========================================= Today we are going to get our feet a little wet in Cryptography~! Why would I need this...
forum.xda-developers.com
Spoiler: DOWNLOAD
GitHub - openssl/openssl: TLS/SSL and crypto library
TLS/SSL and crypto library. Contribute to openssl/openssl development by creating an account on GitHub.
github.com
You need to click on Clone, then download zip.
Spoiler: LIKE THIS
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Spoiler: WHAT IS OPEN SSL
Spoiler: README
Welcome to the OpenSSL Project
www.openssl.org
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit
for the Transport Layer Security (TLS) protocol formerly known as the
Secure Sockets Layer (SSL) protocol. The protocol implementation is based
on a full-strength general purpose cryptographic library, which can also
be used stand-alone.
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson.
The official Home Page of the OpenSSL Project is [www.openssl.org].
Spoiler: OVERVIEW
The OpenSSL toolkit includes:
- **libssl**
an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]).
- **libcrypto**
a full-strength general purpose cryptographic library. It constitutes the
basis of the TLS implementation, but can also be used independently.
- **openssl**
the OpenSSL command line tool, a swiss army knife for cryptographic tasks,
testing and analyzing. It can be used for
- creation of key parameters
- creation of X.509 certificates, CSRs and CRLs
- calculation of message digests
- encryption and decryption
- SSL/TLS client and server tests
- handling of S/MIME signed or encrypted mail
- and more...
Spoiler: FOR PRODUCTION USE
Source code tarballs of the official releases can be downloaded from
[www.openssl.org/source](https://www.openssl.org/source).
The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions
of the OpenSSL toolkit are available. In particular on Linux and other
Unix operating systems it is normally recommended to link against the
precompiled shared libraries provided by the distributor or vendor.
Spoiler: FOR TESTING AND DEVELOPMENT
Although testing and development could in theory also be done using
the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the
code base.
The official OpenSSL Git Repository is located at [git.openssl.org].
There is a GitHub mirror of the repository at [github.com/openssl/openssl],
which is updated automatically from the former on every commit.
A local copy of the Git Repository can be obtained by cloning it from
the original OpenSSL repository using
git clone git://git.openssl.org/openssl.git
or from the GitHub mirror using
git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute
new features, you need to fork the OpenSSL repository openssl/openssl on
GitHub and clone your public fork instead.
git clone https://github.com/yourname/openssl.git
This is necessary, because all development of OpenSSL nowadays is done via
GitHub pull requests. For more details, see [Contributing](#contributing).
Spoiler: BUILD AND INSTALL
After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for
detailed instructions about building and installing OpenSSL. For some
platforms, the installation instructions are amended by a platform specific
document.
* [Notes for UNIX-like platforms](NOTES-UNIX.md)
* [Notes for Android platforms](NOTES-ANDROID.md)
* [Notes for Windows platforms](NOTES-WINDOWS.md)
* [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
* [Notes for the OpenVMS platform](NOTES-VMS.md)
* [Notes on Perl](NOTES-PERL.md)
* [Notes on Valgrind](NOTES-VALGRIND.md)
Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as
known issues are available on the [OpenSSL 3.0 Wiki] page.
Spoiler: DOCUMENTATION
Manual Pages
------------
The manual pages for the master branch and all current stable releases are
available online.
- [OpenSSL master](https://www.openssl.org/docs/manmaster)
- [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1)
Wiki
----
There is a Wiki at [wiki.openssl.org] which is currently not very active.
It contains a lot of useful information, not all of which is up to date.
License
=======
OpenSSL is licensed under the Apache License 2.0, which means that
you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill its conditions.
See the [LICENSE.txt](LICENSE.txt) file for more details.
Support
=======
There are various ways to get in touch. The correct channel depends on
your requirement. see the [SUPPORT](SUPPORT.md) file for more details.
Contributing
============
If you are interested and willing to contribute to the OpenSSL project,
please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file.
Legalities
==========
A number of nations restrict the use or export of cryptography. If you are
potentially subject to such restrictions you should seek legal advice before
attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
<!-- Links -->
[www.openssl.org]:
<https://www.openssl.org>
"OpenSSL Homepage"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[github.com/openssl/openssl]:
<https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror"
[wiki.openssl.org]:
<https://wiki.openssl.org>
"OpenSSL Wiki"
[OpenSSL 3.0 Wiki]:
<https://wiki.openssl.org/index.php/OpenSSL_3.0>
"OpenSSL 3.0 Wiki"
[RFC 8446]:
<https://tools.ietf.org/html/rfc8446>
<!-- Logos and Badges -->
[openssl logo]:
doc/images/openssl.svg
"OpenSSL Logo"
[github actions ci badge]:
<https://github.com/openssl/openssl/workflows/GitHub CI/badge.svg>
"GitHub Actions CI Status"
[github actions ci]:
<https://github.com/openssl/openssl/actions?query=workflow:"GitHub+CI">
"GitHub Actions CI"
[appveyor badge]:
<https://ci.appveyor.com/api/projects/status/8e10o7xfrg73v98f/branch/master?svg=true>
"AppVeyor Build Status"
[appveyor jobs]:
<https://ci.appveyor.com/project/openssl/openssl/branch/master>
"AppVeyor Jobs"
Spoiler: INSTALLATION AND EXPLANATION OF SYSTEMS
This document describes installation on all supported operating
systems (the Unix/Linux family, including macOS), OpenVMS,
and Windows).
Spoiler: TABLE OF CONTENTS
Spoiler: PREREQUISITES
To install OpenSSL, you will need:
* A "make" implementation
* Perl 5 with core modules (please read [NOTES-PERL.md](NOTES-PERL.md))
* The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-PERL.md))
* an ANSI C compiler
* a development environment in the form of development libraries and C
header files
* a supported operating system
Spoiler: NOTATIONAL CONVENTIONS
Throughout this document, we use the following conventions.
Spoiler: COMMANDS
Any line starting with a dollar sign is a command line.
$ command
The dollar sign indicates the shell prompt and is not to be entered as
part of the command.
Spoiler: CHOICES
Several words in curly braces separated by pipe characters indicate a
**mandatory choice**, to be replaced with one of the given words.
Spoiler: EXAMPLE
For example, the line
$ echo { WORD1 | WORD2 | WORD3 }
represents one of the following three commands
$ echo WORD1
- or -
$ echo WORD2
- or -
$ echo WORD3
One or several words in square brackets separated by pipe characters
denote an **optional choice**. It is similar to the mandatory choice,
but it can also be omitted entirely.
Spoiler: EXAMPLE
So the line
$ echo [ WORD1 | WORD2 | WORD3 ]
represents one of the four commands
$ echo WORD1
- or -
$ echo WORD2
- or -
$ echo WORD3
- or -
$ echo
Spoiler: ARGUMENTS
**Optional Arguments** are enclosed in square brackets.
[option...]
A trailing ellipsis means that more than one could be specified.
Spoiler: QUICK INSTALLATION GUIDE
If you just want to get OpenSSL installed without bothering too much
about the details, here is the short version of how to build and install
OpenSSL. If any of the following steps fails, please consult the
[Installation in Detail](#installation-steps-in-detail) section below.
Spoiler: BUILDING OPENSSL
Use the following commands to configure, build and test OpenSSL.
The testing is optional, but recommended if you intend to install
OpenSSL for production use.
Spoiler: UNIX LINUX MAC
$ ./Configure
$ make
$ make test
Spoiler: OPENVMS
Use the following commands to build OpenSSL:
$ perl Configure
$ mms
$ mms test
Spoiler: WINDOWS
If you are using Visual Studio, open a Developer Command Prompt and
issue the following commands to build OpenSSL.
$ perl Configure
$ nmake
$ nmake test
As mentioned in the [Choices](#choices) section, you need to pick one
of the four Configure targets in the first command.
Most likely you will be using the `VC-WIN64A` target for 64bit Windows
binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86).
The other two options are `VC-WIN64I` (Intel IA64, Itanium) and
`VC-CE` (Windows CE) are rather uncommon nowadays.
Spoiler: INSTALLING OPENSSL
The following commands will install OpenSSL to a default system location.
**Danger Zone:** even if you are impatient, please read the following two
paragraphs carefully before you install OpenSSL.
For security reasons the default system location is by default not writable
for unprivileged users. So for the final installation step administrative
privileges are required. The default system location and the procedure to
obtain administrative privileges depends on the operating system.
It is recommended to compile and test OpenSSL with normal user privileges
and use administrative privileges only for the final installation step.
Spoiler: SYSTEMS WITH OPENSSL PREINSTALLED
On some platforms OpenSSL is preinstalled as part of the Operating System.
In this case it is highly recommended not to overwrite the system versions,
because other applications or libraries might depend on it.
To avoid breaking other applications, install your copy of OpenSSL to a
[different location](#installing-to-a-different-location) which is not in
the global search path for system libraries.
Finally, if you plan on using the FIPS module, you need to read the
[Post-installation Notes](#post-installation-notes) further down.
Spoiler: UNIX LINUX MAC
Depending on your distribution, you need to run the following command as
root user or prepend `sudo` to the command:
$ make install
By default, OpenSSL will be installed to
/usr/local
More precisely, the files will be installed into the subdirectories
/usr/local/bin
/usr/local/lib
/usr/local/include
depending on the file type, as it is custom on Unix-like operating systems.
Spoiler: OPENVMS
Use the following command to install OpenSSL.
$ mms install
By default, OpenSSL will be installed to
SYS$COMMON:[OPENSSL]
Spoiler: WINDOWS
Spoiler: USING VISUAL STUDIO
If you are using Visual Studio, open the Developer Command Prompt _elevated_
and issue the following command.
$ nmake install
The easiest way to elevate the Command Prompt is to press and hold down
the both the `<CTRL>` and `<SHIFT>` key while clicking the menu item in the
task menu.
The default installation location is
C:\Program Files\OpenSSL
for native binaries, or
C:\Program Files (x86)\OpenSSL
for 32bit binaries on 64bit Windows (WOW64).
Spoiler: INSTALLING TO A DIFFERENT LOCATION
To install OpenSSL to a different location (for example into your home
directory for testing purposes) run `Configure` as shown in the following
examples.
The options `--prefix` and `--openssldir` are explained in further detail in
[Directories](#directories) below, and the values used here are mere examples.
Spoiler: UNIX OPENVMS
On Unix:
$ ./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl
On OpenVMS:
$ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
Note: if you do add options to the configuration command, please make sure
you've read more than just this Quick Start, such as relevant `NOTES-*` files,
the options outline below, as configuration options may change the outcome
in otherwise unexpected ways.
Spoiler: CONFIGURATION OPTIONS
There are several options to `./Configure` to customize the build (note that
for Windows, the defaults for `--prefix` and `--openssldir` depend on what
configuration is used and what Windows implementation OpenSSL is built on.
For more information, see the [Notes for Windows platforms](NOTES-WINDOWS.md).
Spoiler: API LEVEL
Spoiler: API=X.Y[.Z]
--api=x.y[.z]
Build the OpenSSL libraries to support the API for the specified version.
If [no-deprecated](#no-deprecated) is also given, don't build with support
for deprecated APIs in or below the specified version number. For example,
adding
Spoiler: API=1.1.0 NO-DEPRECATED
--api=1.1.0 no-deprecated
will remove support for all APIs that were deprecated in OpenSSL version
1.1.0 or below. This is a rather specialized option for developers.
If you just intend to remove all deprecated APIs up to the current version
entirely, just specify [no-deprecated](#no-deprecated).
If `--api` isn't given, it defaults to the current (minor) OpenSSL version.
Spoiler: CROSS COMPILE PREFIX
--cross-compile-prefix=<PREFIX>
The `<PREFIX>` to include in front of commands for your toolchain.
It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler
as `a-b-c-gcc`, etc. Unfortunately cross-compiling is too case-specific to put
together one-size-fits-all instructions. You might have to pass more flags or
set up environment variables to actually make it work. Android and iOS cases
are discussed in corresponding `Configurations/15-*.conf` files. But there are
cases when this option alone is sufficient. For example to build the mingw64
target on Linux `--cross-compile-prefix=x86_64-w64-mingw32-` works. Naturally
provided that mingw packages are installed. Today Debian and Ubuntu users
have option to install a number of prepackaged cross-compilers along with
corresponding run-time and development packages for "alien" hardware. To give
another example `--cross-compile-prefix=mipsel-linux-gnu-` suffices in such
case.
For cross compilation, you must [configure manually](#manual-configuration).
Also, note that `--openssldir` refers to target's file system, not one you are
building on.
Spoiler: BUILD TYPE
--debug
Build OpenSSL with debugging symbols and zero optimization level.
--release
Build OpenSSL without debugging symbols. This is the default.
Spoiler: DIRECTORIES
Spoiler: LIBDIR
--libdir=DIR
The name of the directory under the top of the installation directory tree
(see the `--prefix` option) where libraries will be installed. By default
this is `lib`. Note that on Windows only static libraries (`*.lib`) will
be stored in this location. Shared libraries (`*.dll`) will always be
installed to the `bin` directory.
Some build targets have a multilib postfix set in the build configuration.
For these targets the default libdir is `lib<multilib-postfix>`. Please use
`--libdir=lib` to override the libdir if adding the postfix is undesirable.
Spoiler: OPENSSLDIR
--openssldir=DIR
Directory for OpenSSL configuration files, and also the default certificate
and key store. Defaults are:
Unix: /usr/local/ssl
Windows: C:\Program Files\Common Files\SSL
OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
For 32bit Windows applications on Windows 64bit (WOW64), always replace
`C:\Program Files` by `C:\Program Files (x86)`.
Spoiler: PREFIX
--prefix=DIR
The top of the installation directory tree. Defaults are:
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
OpenVMS: SYS$COMMON:[OPENSSL]
Spoiler: COMPILER WARNINGS
--strict-warnings
This is a developer flag that switches on various compiler options recommended
for OpenSSL development. It only works when using gcc or clang as the compiler.
If you are developing a patch for OpenSSL then it is recommended that you use
this option where possible.
Spoiler: ZLIB FLAGS
Spoiler: WITH-ZLIB-INCLUDE
--with-zlib-include=DIR
The directory for the location of the zlib include file. This option is only
necessary if [zlib](#zlib) is used and the include file is not
already on the system include path.
Spoiler: WITH-ZLIB-LIB
--with-zlib-lib=LIB
Spoiler: UNIX
**On Unix**: this is the directory containing the zlib library.
If not provided the system library path will be used.
Spoiler: WINDOWS
**On Windows:** this is the filename of the zlib library (with or
without a path). This flag must be provided if the
[zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used
then this flag is optional and defaults to `ZLIB1` if not provided.
Spoiler: VMS
**On VMS:** this is the filename of the zlib library (with or without a path).
This flag is optional and if not provided then `GNV$LIBZSHR`, `GNV$LIBZSHR32`
or `GNV$LIBZSHR64` is used by default depending on the pointer size chosen.
Spoiler: SEEDING THE RANDOM NUMBER GENERATOR
--with-rand-seed=seed1[,seed2,...]
A comma separated list of seeding methods which will be tried by OpenSSL
in order to obtain random input (a.k.a "entropy") for seeding its
cryptographically secure random number generator (CSPRNG).
The current seeding methods are:
Spoiler: OS
### os
Use a trusted operating system entropy source.
This is the default method if such an entropy source exists.
Spoiler: GETRANDOM
### getrandom
Use the [getrandom(2)][man-getrandom] or equivalent system call.
[man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html
Spoiler: DEVRANDOM
### devrandom
Use the first device from the `DEVRANDOM` list which can be opened to read
random bytes. The `DEVRANDOM` preprocessor constant expands to
"/dev/urandom","/dev/random","/dev/srandom"
on most unix-ish operating systems.
Spoiler: EGD
### egd
Check for an entropy generating daemon.
This source is ignored by the FIPS provider.
Spoiler: RDCPU
### rdcpu
Use the `RDSEED` or `RDRAND` command on x86 or `RNDRRS` command on aarch64
if provided by the CPU.
Spoiler: LIBRANDOM
### librandom
Use librandom (not implemented yet).
This source is ignored by the FIPS provider.
Spoiler: NONE
### none
Disable automatic seeding. This is the default on some operating systems where
no suitable entropy source exists, or no support for it is implemented yet.
This option is ignored by the FIPS provider.
For more information, see the section [Notes on random number generation][rng]
at the end of this document.
[rng]: #notes-on-random-number-generation
Spoiler: SETTING THE FIPS HMAC KEY
Spoiler: FIPS-KEY=VALUE
--fips-key=value
As part of its self-test validation, the FIPS module must verify itself
by performing a SHA-256 HMAC computation on itself. The default key is
the SHA256 value of "the holy handgrenade of antioch" and is sufficient
for meeting the FIPS requirements.
To change the key to a different value, use this flag. The value should
be a hex string no more than 64 characters.
Spoiler: ENABLE AND DISABLE FEATURES
Feature options always come in pairs, an option to enable feature
`xxxx`, and an option to disable it:
[ enable-xxxx | no-xxxx ]
Whether a feature is enabled or disabled by default, depends on the feature.
In the following list, always the non-default variant is documented: if
feature `xxxx` is disabled by default then `enable-xxxx` is documented and
if feature `xxxx` is enabled by default then `no-xxxx` is documented.
Spoiler: NO-AFALGENG
### no-afalgeng
Don't build the AFALG engine.
This option will be forced on a platform that does not support AFALG.
Spoiler: ENABLE-KTLS
### enable-ktls
Build with Kernel TLS support.
This option will enable the use of the Kernel TLS data-path, which can improve
performance and allow for the use of sendfile and splice system calls on
TLS sockets. The Kernel may use TLS accelerators if any are available on the
system. This option will be forced off on systems that do not support the
Kernel TLS data-path.
Spoiler: ENABLE-ASAN
### enable-asan
Build with the Address sanitiser.
This is a developer option only. It may not work on all platforms and should
never be used in production environments. It will only work when used with
gcc or clang and should be used in conjunction with the [no-shared](#no-shared)
option.
Spoiler: ENABLE-ACVP-TESTS
### enable-acvp-tests
Build support for Automated Cryptographic Validation Protocol (ACVP)
tests.
This is required for FIPS validation purposes. Certain ACVP tests require
access to algorithm internals that are not normally accessible.
Additional information related to ACVP can be found at
<https://github.com/usnistgov/ACVP>.
Spoiler: NO-ASM
### no-asm
Do not use assembler code.
This should be viewed as debugging/troubleshooting option rather than for
production use. On some platforms a small amount of assembler code may still
be used even with this option.
Spoiler: NO-ASYNC
### no-async
Do not build support for async operations.
Spoiler: NO-AUTOALGINIT
### no-autoalginit
Don't automatically load all supported ciphers and digests.
Typically OpenSSL will make available all of its supported ciphers and digests.
For a statically linked application this may be undesirable if small executable
size is an objective. This only affects libcrypto. Ciphers and digests will
have to be loaded manually using `EVP_add_cipher()` and `EVP_add_digest()`
if this option is used. This option will force a non-shared build.
Spoiler: NO-AUTOERRINIT
### no-autoerrinit
Don't automatically load all libcrypto/libssl error strings.
Typically OpenSSL will automatically load human readable error strings. For a
statically linked application this may be undesirable if small executable size
is an objective.
Spoiler: NO-AUTOLOAD-CONFIG
### no-autoload-config
Don't automatically load the default `openssl.cnf` file.
Typically OpenSSL will automatically load a system config file which configures
default SSL options.
Spoiler: ENABLE-BUILDTEST-C++
### enable-buildtest-c++
While testing, generate C++ buildtest files that simply check that the public
OpenSSL header files are usable standalone with C++.
Enabling this option demands extra care. For any compiler flag given directly
as configuration option, you must ensure that it's valid for both the C and
the C++ compiler. If not, the C++ build test will most likely break. As an
alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`.
Spoiler: BANNER=TEXT
### --banner=text
Use the specified text instead of the default banner at the end of
configuration.
Spoiler: W
### --w
On platforms where the choice of 32-bit or 64-bit architecture
is not explicitly specified, `Configure` will print a warning
message and wait for a few seconds to let you interrupt the
configuration. Using this flag skips the wait.
Spoiler: NO-BULK
### no-bulk
Build only some minimal set of features.
This is a developer option used internally for CI build tests of the project.
Spoiler: NO-CACHED-FETCH
### no-cached-fetch
Never cache algorithms when they are fetched from a provider. Normally, a
provider indicates if the algorithms it supplies can be cached or not. Using
this option will reduce run-time memory usage but it also introduces a
significant performance penalty. This option is primarily designed to help
with detecting incorrect reference counting.
Spoiler: NO-CAPIENG
### no-capieng
Don't build the CAPI engine.
This option will be forced if on a platform that does not support CAPI.
Spoiler: NO-CMP
### no-cmp
Don't build support for Certificate Management Protocol (CMP)
and Certificate Request Message Format (CRMF).
Spoiler: NO-CMS
### no-cms
Don't build support for Cryptographic Message Syntax (CMS).
Spoiler: NO-COMP
### no-comp
Don't build support for SSL/TLS compression.
If this option is enabled (the default), then compression will only work if
the zlib or `zlib-dynamic` options are also chosen.
Spoiler: ENABLE-CRYPTO-MDEBUG
### enable-crypto-mdebug
This now only enables the `failed-malloc` feature.
Spoiler: ENABLE-CRYPTO-MDEBUG-BACKTRACE
### enable-crypto-mdebug-backtrace
This is a no-op; the project uses the compiler's address/leak sanitizer instead.
Spoiler: NO-CT
### no-ct
Don't build support for Certificate Transparency (CT).
Spoiler: NO-DEPRECATED
### no-deprecated
Don't build with support for deprecated APIs up until and including the version
given with `--api` (or the current version, if `--api` wasn't specified).
Spoiler: NO-DGRAM
### no-dgram
Don't build support for datagram based BIOs.
Selecting this option will also force the disabling of DTLS.
Spoiler: NO-DSO
### no-dso
Don't build support for loading Dynamic Shared Objects (DSO)
Spoiler: ENABLE-DEVCRYPTOENG
### enable-devcryptoeng
Build the `/dev/crypto` engine.
This option is automatically selected on the BSD platform, in which case it can
be disabled with `no-devcryptoeng`.
Spoiler: NO-DYNAMIC-ENGINE
### no-dynamic-engine
Don't build the dynamically loaded engines.
This only has an effect in a shared build.
Spoiler: NO-EC
### no-ec
Don't build support for Elliptic Curves.
Spoiler: NO-EC2M
### no-ec2m
Don't build support for binary Elliptic Curves
Spoiler: ENABLE-EC_NISTP_64_GCC_128
### enable-ec_nistp_64_gcc_128
Enable support for optimised implementations of some commonly used NIST
elliptic curves.
This option is only supported on platforms:
- with little-endian storage of non-byte types
- that tolerate misaligned memory references
- where the compiler:
- supports the non-standard type `__uint128_t`
- defines the built-in macro `__SIZEOF_INT128__`
Spoiler: ENABLE-EGD
### enable-egd
Build support for gathering entropy from the Entropy Gathering Daemon (EGD).
Spoiler: NO-ENGINE
### no-engine
Don't build support for loading engines.
Spoiler: NO-ERR
### no-err
Don't compile in any error strings.
Spoiler: ENABLE-EXTERNAL-TESTS
### enable-external-tests
Enable building of integration with external test suites.
This is a developer option and may not work on all platforms. The following
external test suites are currently supported:
- GOST engine test suite
- Python PYCA/Cryptography test suite
- krb5 test suite
See the file [test/README-external.md](test/README-external.md)
for further details.
Spoiler: NO-FILENAMES
### no-filenames
Don't compile in filename and line number information (e.g. for errors and
memory allocation).
Spoiler: ENABLE-FIPS
### enable-fips
Build (and install) the FIPS provider
Spoiler: NO-FIPS-SECURITYCHECKS
### no-fips-securitychecks
Don't perform FIPS module run-time checks related to enforcement of security
parameters such as minimum security strength of keys.
Spoiler: ENABLE-FUZZ-LIBFUZZER, ENABLE-FUZZ-AFL
### enable-fuzz-libfuzzer, enable-fuzz-afl
Build with support for fuzzing using either libfuzzer or AFL.
These are developer options only. They may not work on all platforms and
should never be used in production environments.
See the file [fuzz/README.md](fuzz/README.md) for further details.
Spoiler: NO-GOST
### no-gost
Don't build support for GOST based ciphersuites.
Note that if this feature is enabled then GOST ciphersuites are only available
if the GOST algorithms are also available through loading an externally supplied
engine.
Spoiler: NO-LEGACY
### no-legacy
Don't build the legacy provider.
Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
Spoiler: NO-MAKEDEPEND
### no-makedepend
Don't generate dependencies.
Spoiler: NO-MODULE
### no-module
Don't build any dynamically loadable engines.
This also implies `no-dynamic-engine`.
Spoiler: NO-MULTIBLOCK
### no-multiblock
Don't build support for writing multiple records in one go in libssl
Note: this is a different capability to the pipelining functionality.
Spoiler: NO-NEXTPROTONEG
### no-nextprotoneg
Don't build support for the Next Protocol Negotiation (NPN) TLS extension.
Spoiler: NO-OCSP
### no-ocsp
Don't build support for Online Certificate Status Protocol (OCSP).
Spoiler: NO-PADLOCKENG
### no-padlockeng
Don't build the padlock engine.
Spoiler: NO-HW-PADLOCK
### no-hw-padlock
As synonym for `no-padlockeng`. Deprecated and should not be used.
Spoiler: NO-PIC
### no-pic
Don't build with support for Position Independent Code.
Spoiler: NO-PINSHARED
### no-pinshared
Don't pin the shared libraries.
By default OpenSSL will attempt to stay in memory until the process exits.
This is so that libcrypto and libssl can be properly cleaned up automatically
via an `atexit()` handler. The handler is registered by libcrypto and cleans
up both libraries. On some platforms the `atexit()` handler will run on unload of
libcrypto (if it has been dynamically loaded) rather than at process exit. This
option can be used to stop OpenSSL from attempting to stay in memory until the
process exits. This could lead to crashes if either libcrypto or libssl have
already been unloaded at the point that the atexit handler is invoked, e.g. on a
platform which calls `atexit()` on unload of the library, and libssl is unloaded
before libcrypto then a crash is likely to happen. Applications can suppress
running of the `atexit()` handler at run time by using the
`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
See the man page for it for further details.
Spoiler: NO-POSIX-IO
### no-posix-io
Don't use POSIX IO capabilities.
Spoiler: NO-PSK
### no-psk
Don't build support for Pre-Shared Key based ciphersuites.
Spoiler: NO-RDRAND
### no-rdrand
Don't use hardware RDRAND capabilities.
Spoiler: NO-RFC3779
### no-rfc3779
Don't build support for RFC3779, "X.509 Extensions for IP Addresses and
AS Identifiers".
Spoiler: SCTP
### sctp
Build support for Stream Control Transmission Protocol (SCTP).
Spoiler: NO-SHARED
### no-shared
Do not create shared libraries, only static ones.
See [Notes on shared libraries](#notes-on-shared-libraries) below.
Spoiler: NO-SOCK
### no-sock
Don't build support for socket BIOs.
Spoiler: NO-SRP
### no-srp
Don't build support for Secure Remote Password (SRP) protocol or
SRP based ciphersuites.
Spoiler: NO-SRTP
### no-srtp
Don't build Secure Real-Time Transport Protocol (SRTP) support.
Spoiler: NO-SSE2
### no-sse2
Exclude SSE2 code paths from 32-bit x86 assembly modules.
Normally SSE2 extension is detected at run-time, but the decision whether or not
the machine code will be executed is taken solely on CPU capability vector. This
means that if you happen to run OS kernel which does not support SSE2 extension
on Intel P4 processor, then your application might be exposed to "illegal
instruction" exception. There might be a way to enable support in kernel, e.g.
FreeBSD kernel can be compiled with `CPU_ENABLE_SSE`, and there is a way to
disengage SSE2 code paths upon application start-up, but if you aim for wider
"audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm`
options imply `no-sse2`.
Spoiler: NO-SSL-TRACE
### no-ssl-trace
Don't build with SSL Trace capabilities.
This removes the `-trace` option from `s_client` and `s_server`, and omits the
`SSL_trace()` function from libssl.
Disabling `ssl-trace` may provide a small reduction in libssl binary size.
Spoiler: NO-STATIC-ENGINE
### no-static-engine
Don't build the statically linked engines.
This only has an impact when not built "shared".
Spoiler: NO-STDIO
### no-stdio
Don't use anything from the C header file `stdio.h` that makes use of the `FILE`
type. Only libcrypto and libssl can be built in this way. Using this option will
suppress building the command line applications. Additionally, since the OpenSSL
tests also use the command line applications, the tests will also be skipped.
Spoiler: NO-TESTS
### no-tests
Don't build test programs or run any tests.
Spoiler: NO-THREADS
### no-threads
Don't build with support for multi-threaded applications.
Spoiler: THREADS
### threads
Build with support for multi-threaded applications. Most platforms will enable
this by default. However, if on a platform where this is not the case then this
will usually require additional system-dependent options!
See [Notes on multi-threading](#notes-on-multi-threading) below.
Spoiler: ENABLE-TRACE
### enable-trace
Build with support for the integrated tracing api.
See manual pages OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details.
Spoiler: NO-TS
### no-ts
Don't build Time Stamping (TS) Authority support.
Spoiler: ENABLE-UBSAN
### enable-ubsan
Build with the Undefined Behaviour sanitiser (UBSAN).
This is a developer option only. It may not work on all platforms and should
never be used in production environments. It will only work when used with
gcc or clang and should be used in conjunction with the `-DPEDANTIC` option
(or the `--strict-warnings` option).
Spoiler: NO-UI-CONSOLE
### no-ui-console
Don't build with the User Interface (UI) console method
The User Interface console method enables text based console prompts.
Spoiler: ENABLE-UNIT-TEST
### enable-unit-test
Enable additional unit test APIs.
This should not typically be used in production deployments.
Spoiler: NO-UPLINK
### no-uplink
Don't build support for UPLINK interface.
Spoiler: ENABLE-WEAK-SSL-CIPHERS
### enable-weak-ssl-ciphers
Build support for SSL/TLS ciphers that are considered "weak"
Enabling this includes for example the RC4 based ciphersuites.
Spoiler: ZLIB
### zlib
Build with support for zlib compression/decompression.
Spoiler: ZLIB-DYNAMIC
### zlib-dynamic
Like the zlib option, but has OpenSSL load the zlib library dynamically
when needed.
This is only supported on systems where loading of shared libraries is supported.
Spoiler: 386
### 386
In 32-bit x86 builds, use the 80386 instruction set only in assembly modules
The default x86 code is more efficient, but requires at least an 486 processor.
Note: This doesn't affect compiler generated code, so this option needs to be
accompanied by a corresponding compiler-specific option.
Spoiler: NO-{PROTOCOL}
### no-{protocol}
no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}
Don't build support for negotiating the specified SSL/TLS protocol.
If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
are disabled.
Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is
synonymous with `no-ssl3`. Note this only affects version negotiation.
OpenSSL will still provide the methods for applications to explicitly select
the individual protocol versions.
Spoiler: NO-{PROTOCOL}-METHOD
### no-{protocol}-method
no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method
Analogous to `no-{protocol}` but in addition do not build the methods for
applications to explicitly select individual protocol versions. Note that there
is no `no-tls1_3-method` option because there is no application method for
TLSv1.3.
Using individual protocol methods directly is deprecated. Applications should
use `TLS_method()` instead.
Spoiler: ENABLE-{ALGORITHM}
### enable-{algorithm}
enable-{md2|rc5}
Build with support for the specified algorithm.
Spoiler: NO-{ALGORITHM}
### no-{algorithm}
no-{aria|bf|blake2|camellia|cast|chacha|cmac|
des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ocb|
poly1305|rc2|rc4|rmd160|scrypt|seed|
siphash|siv|sm2|sm3|sm4|whirlpool}
Build without support for the specified algorithm.
The `ripemd` algorithm is deprecated and if used is synonymous with `rmd160`.
Spoiler: COMPILER-SPECIFIC OPTIONS
### Compiler-specific options
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and passed through to the
compiler to allow you to define preprocessor symbols, specify additional
libraries, library directories or other compiler options. It might be worth
noting that some compilers generate code specifically for processor the
compiler currently executes on. This is not necessarily what you might have
in mind, since it might be unsuitable for execution on other, typically older,
processor. Consult your compiler documentation.
Take note of the [Environment Variables](#environment-variables) documentation
below and how these flags interact with those variables.
-xxx, +xxx, /xxx
Additional options that are not otherwise recognised are passed through as
they are to the compiler as well. Unix-style options beginning with a
`-` or `+` and Windows-style options beginning with a `/` are recognized.
Again, consult your compiler documentation.
If the option contains arguments separated by spaces, then the URL-style
notation `%20` can be used for the space character in order to avoid having
to quote the option. For example, `-opt%20arg` gets expanded to `-opt arg`.
In fact, any ASCII character can be encoded as %xx using its hexadecimal
encoding.
Take note of the [Environment Variables](#environment-variables) documentation
below and how these flags interact with those variables.
Spoiler: ENVIRONMENT VARIABLES
### Environment Variables
VAR=value
Assign the given value to the environment variable `VAR` for `Configure`.
These work just like normal environment variable assignments, but are supported
on all platforms and are confined to the configuration scripts only.
These assignments override the corresponding value in the inherited environment,
if there is one.
Spoiler: MAKE VARIABLES
The following variables are used as "`make` variables" and can be used as an
alternative to giving preprocessor, compiler and linker options directly as
configuration. The following variables are supported:
AR The static library archiver.
ARFLAGS Flags for the static library archiver.
AS The assembler compiler.
ASFLAGS Flags for the assembler compiler.
CC The C compiler.
CFLAGS Flags for the C compiler.
CXX The C++ compiler.
CXXFLAGS Flags for the C++ compiler.
CPP The C/C++ preprocessor.
CPPFLAGS Flags for the C/C++ preprocessor.
CPPDEFINES List of CPP macro definitions, separated
by a platform specific character (':' or
space for Unix, ';' for Windows, ',' for
VMS). This can be used instead of using
-D (or what corresponds to that on your
compiler) in CPPFLAGS.
CPPINCLUDES List of CPP inclusion directories, separated
the same way as for CPPDEFINES. This can
be used instead of -I (or what corresponds
to that on your compiler) in CPPFLAGS.
HASHBANGPERL Perl invocation to be inserted after '#!'
in public perl scripts (only relevant on
Unix).
LD The program linker (not used on Unix, $(CC)
is used there).
LDFLAGS Flags for the shared library, DSO and
program linker.
LDLIBS Extra libraries to use when linking.
Takes the form of a space separated list
of library specifications on Unix and
Windows, and as a comma separated list of
libraries on VMS.
RANLIB The library archive indexer.
RC The Windows resource compiler.
RCFLAGS Flags for the Windows resource compiler.
RM The command to remove files and directories.
These cannot be mixed with compiling/linking flags given on the command line.
In other words, something like this isn't permitted.
$ ./Configure -DFOO CPPFLAGS=-DBAR -DCOOKIE
Spoiler: BACKWARD COMPATABILITY
Backward compatibility note:
To be compatible with older configuration scripts, the environment variables
are ignored if compiling/linking flags are given on the command line, except
for the following:
AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC, and WINDRES
For example, the following command will not see `-DBAR`:
$ CPPFLAGS=-DBAR ./Configure -DCOOKIE
However, the following will see both set variables:
$ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE
If `CC` is set, it is advisable to also set `CXX` to ensure both the C and C++
compiler are in the same "family". This becomes relevant with
`enable-external-tests` and `enable-buildtest-c++`.
Spoiler: RECONFIGURE
### Reconfigure
reconf
reconfigure
Reconfigure from earlier data.
This fetches the previous command line options and environment from data
saved in `configdata.pm` and runs the configuration process again, using
these options and environment. Note: NO other option is permitted together
with `reconf`. Note: The original configuration saves away values for ALL
environment variables that were used, and if they weren't defined, they are
still saved away with information that they weren't originally defined.
This information takes precedence over environment variables that are
defined when reconfiguring.
Spoiler: DISPLAYING CONFIGURATION DATA
The configuration script itself will say very little, and finishes by
creating `configdata.pm`. This perl module can be loaded by other scripts
to find all the configuration data, and it can also be used as a script to
display all sorts of configuration data in a human readable form.
For more information, please do:
$ ./configdata.pm --help # Unix
or
$ perl configdata.pm --help # Windows and VMS
Spoiler: INSTALLATION STEPS IN DETAIL
Spoiler: CONFIGURE OPENSSL
Spoiler: AUTOMATIC CONFIGURATION
In previous version, the `config` script determined the platform type and
compiler and then called `Configure`. Starting with this release, they are
the same.
Spoiler: LINUX MAC
$ ./Configure [options...]
Spoiler: OPENVMS
$ perl Configure [options...]
Spoiler: WINDOWS
$ perl Configure [options...]
Spoiler: MANUAL CONFIGURATION
OpenSSL knows about a range of different operating system, hardware and
compiler combinations. To see the ones it knows about, run
$ ./Configure LIST # Unix
or
$ perl Configure LIST # All other platforms
Spoiler: UNIX
For the remainder of this text, the Unix form will be used in all examples.
Please use the appropriate form for your platform.
Pick a suitable name from the list that matches your system. For most
operating systems there is a choice between using cc or gcc.
When you have identified your system (and if necessary compiler) use this
name as the argument to `Configure`. For example, a `linux-elf` user would
run:
$ ./Configure linux-elf [options...]
Spoiler: CREATE YOUR OWN CONFIGURATION
If your system isn't listed, you will have to create a configuration
file named `Configurations/YOURFILENAME.conf` (replace `YOURFILENAME`
with a filename of your choosing) and add the correct
configuration for your system. See the available configs as examples
and read [Configurations/README.md](Configurations/README.md) and
[Configurations/README-design.md](Configurations/README-design.md)
for more information.
The generic configurations `cc` or `gcc` should usually work on 32 bit
Unix-like systems.
`Configure` creates a build file (`Makefile` on Unix, `makefile` on Windows
and `descrip.mms` on OpenVMS) from a suitable template in `Configurations/`,
and defines various macros in `include/openssl/configuration.h` (generated
from `include/openssl/configuration.h.in`.
Spoiler: OUT OF TREE BUILDS
OpenSSL can be configured to build in a build directory separate from the
source code directory. It's done by placing yourself in some other
directory and invoking the configuration commands from there.
Spoiler: UNIX
$ mkdir /var/tmp/openssl-build
$ cd /var/tmp/openssl-build
$ /PATH/TO/OPENSSL/SOURCE/Configure [options...]
Spoiler: OPENVMS
$ set default sys$login:
$ create/dir [.tmp.openssl-build]
$ set default [.tmp.openssl-build]
$ perl D:[PATH.TO.OPENSSL.SOURCE]Configure [options...]
Spoiler: WINDOWS
$ C:
$ mkdir \temp-openssl
$ cd \temp-openssl
$ perl d:\PATH\TO\OPENSSL\SOURCE\Configure [options...]
Paths can be relative just as well as absolute. `Configure` will do its best
to translate them to relative paths whenever possible.
Spoiler: BUILD OPENSSL
Build OpenSSL by running:
$ make # Unix
$ mms ! (or mmk) OpenVMS
$ nmake # Windows
This will build the OpenSSL libraries (`libcrypto.a` and `libssl.a` on
Unix, corresponding on other platforms) and the OpenSSL binary
(`openssl`). The libraries will be built in the top-level directory,
and the binary will be in the `apps/` subdirectory.
If the build fails, take a look at the [Build Failures](#build-failures)
subsection of the [Troubleshooting](#troubleshooting) section.
Spoiler: TEST OPENSSL
After a successful build, and before installing, the libraries should
be tested. Run:
$ make test # Unix
$ mms test ! OpenVMS
$ nmake test # Windows
**Warning:** you MUST run the tests from an unprivileged account (or disable
your privileges temporarily if your platform allows it).
See [test/README.md](test/README.md) for further details how run tests.
See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests.
Spoiler: INSTALL OPENSSL
If everything tests ok, install OpenSSL with
$ make install # Unix
$ mms install ! OpenVMS
$ nmake install # Windows
Note that in order to perform the install step above you need to have
appropriate permissions to write to the installation directory.
The above commands will install all the software components in this
directory tree under `<PREFIX>` (the directory given with `--prefix` or
its default):
Spoiler: UNIX LINUX MAC
bin/ Contains the openssl binary and a few other
utility scripts.
include/openssl
Contains the header files needed if you want
to build your own programs that use libcrypto
or libssl.
lib Contains the OpenSSL library files.
lib/engines Contains the OpenSSL dynamically loadable engines.
share/man/man1 Contains the OpenSSL command line man-pages.
share/man/man3 Contains the OpenSSL library calls man-pages.
share/man/man5 Contains the OpenSSL configuration format man-pages.
share/man/man7 Contains the OpenSSL other misc man-pages.
share/doc/openssl/html/man1
share/doc/openssl/html/man3
share/doc/openssl/html/man5
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
Spoiler: OPENVMS
'arch' is replaced with the architecture name, `ALPHA` or `IA64`,
'sover' is replaced with the shared library version (`0101` for 1.1), and
'pz' is replaced with the pointer size OpenSSL was built with:
[.EXE.'arch'] Contains the openssl binary.
[.EXE] Contains a few utility scripts.
[.include.openssl]
Contains the header files needed if you want
to build your own programs that use libcrypto
or libssl.
[.LIB.'arch'] Contains the OpenSSL library files.
[.ENGINES'sover''pz'.'arch']
Contains the OpenSSL dynamically loadable engines.
[.SYS$STARTUP] Contains startup, login and shutdown scripts.
These define appropriate logical names and
command symbols.
[.SYSTEST] Contains the installation verification procedure.
[.HTML] Contains the HTML rendition of the manual pages.
Spoiler: ADDITIONAL DIRECTORIES
Additionally, install will add the following directories under
OPENSSLDIR (the directory given with `--openssldir` or its default)
for you convenience:
certs Initially empty, this is the default location
for certificate files.
private Initially empty, this is the default location
for private key files.
misc Various scripts.
The installation directory should be appropriately protected to ensure
unprivileged users cannot make changes to OpenSSL binaries or files, or
install engines. If you already have a pre-installed version of OpenSSL as
part of your Operating System it is recommended that you do not overwrite
the system version and instead install to somewhere else.
Package builders who want to configure the library for standard locations,
but have the package installed somewhere else so that it can easily be
packaged, can use
$ make DESTDIR=/tmp/package-root install # Unix
$ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
The specified destination directory will be prepended to all installation
target paths.
Spoiler: COMPATABILITY ISSUES WITH PREVIOUS OPENSSL VERSIONS
Compiling Existing Applications
Starting with version 1.1.0, OpenSSL hides a number of structures that were
previously open. This includes all internal libssl structures and a number
of EVP types. Accessor functions have been added to allow controlled access
to the structures' data.
This means that some software needs to be rewritten to adapt to the new ways
of doing things. This often amounts to allocating an instance of a structure
explicitly where you could previously allocate them on the stack as automatic
variables, and using the provided accessor functions where you would previously
access a structure's field directly.
Some APIs have changed as well. However, older APIs have been preserved when
possible.
Spoiler: POST-INSTALLATION NOTES
With the default OpenSSL installation comes a FIPS provider module, which
needs some post-installation attention, without which it will not be usable.
This involves using the following command:
$ openssl fipsinstall
See the openssl-fipsinstall(1) manual for details and examples.
Spoiler: ADVANCED BUILD OPTIONS
Spoiler: ENVIRONMENT VARIABLES
Environment Variables
---------------------
A number of environment variables can be used to provide additional control
over the build process. Typically these should be defined prior to running
`Configure`. Not all environment variables are relevant to all platforms.
Spoiler: AR
AR
The name of the ar executable to use.
Spoiler: BUILDFILE
BUILDFILE
Use a different build file name than the platform default
("Makefile" on Unix-like platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template.
See [Configurations/README.md](Configurations/README.md)
for further information.
Spoiler: CC
CC
The compiler to use. Configure will attempt to pick a default
compiler for your platform but this choice can be overridden
using this variable. Set it to the compiler executable you wish
to use, e.g. gcc or clang.
Spoiler: CROSS_COMPILE
CROSS_COMPILE
This environment variable has the same meaning as for the
"--cross-compile-prefix" Configure flag described above. If both
are set then the Configure flag takes precedence.
Spoiler: HASHBANGPERL
HASHBANGPERL
The command string for the Perl executable to insert in the
#! line of perl scripts that will be publicly installed.
Default: /usr/bin/env perl
Note: the value of this variable is added to the same scripts
on all platforms, but it's only relevant on Unix-like platforms.
Spoiler: KERNEL_BITS
KERNEL_BITS
This can be the value `32` or `64` to specify the architecture
when it is not "obvious" to the configuration. It should generally
not be necessary to specify this environment variable.
Spoiler: NM
NM
The name of the nm executable to use.
Spoiler: OPENSSL_LOCAL_CONFIG_DIR
OPENSSL_LOCAL_CONFIG_DIR
OpenSSL comes with a database of information about how it
should be built on different platforms as well as build file
templates for those platforms. The database is comprised of
".conf" files in the Configurations directory. The build
file templates reside there as well as ".tmpl" files. See the
file [Configurations/README.md](Configurations/README.md)
for further information about the format of ".conf" files
as well as information on the ".tmpl" files.
In addition to the standard ".conf" and ".tmpl" files, it is
possible to create your own ".conf" and ".tmpl" files and
store them locally, outside the OpenSSL source tree.
This environment variable can be set to the directory where
these files are held and will be considered by Configure
before it looks in the standard directories.
Spoiler: PERL
PERL
The name of the Perl executable to use when building OpenSSL.
Only needed if builing should use a different Perl executable
than what is used to run the Configure script.
Spoiler: RANLIB
RANLIB
The name of the ranlib executable to use.
Spoiler: RC
RC
The name of the rc executable to use. The default will be as
defined for the target platform in the ".conf" file. If not
defined then "windres" will be used. The WINDRES environment
variable is synonymous to this. If both are defined then RC
takes precedence.
Spoiler: WINDRES
WINDRES
See RC.
Spoiler: MAKEFILE TARGETS
The `Configure` script generates a Makefile in a format relevant to the specific
platform. The Makefiles provide a number of targets that can be used. Not all
targets may be available on all platforms. Only the most common targets are
described here. Examine the Makefiles themselves for the full list.
Spoiler: ALL
all
The target to build all the software components and
documentation.
Spoiler: BUILD_SW
build_sw
Build all the software components.
THIS IS THE DEFAULT TARGET.
Spoiler: BUILD_DOCS
build_docs
Build all documentation components.
Spoiler: CLEAN
clean
Remove all build artefacts and return the directory to a "clean"
state.
Spoiler: DEPEND
depend
Rebuild the dependencies in the Makefiles. This is a legacy
option that no longer needs to be used since OpenSSL 1.1.0.
Spoiler: INSTALL
install
Install all OpenSSL components.
Spoiler: INSTALL_SW
install_sw
Only install the OpenSSL software components.
Spoiler: INSTALL_DOCS
install_docs
Only install the OpenSSL documentation components.
Spoiler: INSTALL_MAN_DOCS
install_man_docs
Only install the OpenSSL man pages (Unix only).
Spoiler: INSTALL_HTML_DOCS
install_html_docs
Only install the OpenSSL HTML documentation.
Spoiler: INSTALL_FIPS
install_fips
Install the FIPS provider module configuration file.
Spoiler: LIST-TESTS
list-tests
Prints a list of all the self test names.
Spoiler: TEST
test
Build and run the OpenSSL self tests.
Spoiler: UNINSTALL
uninstall
Uninstall all OpenSSL components.
Spoiler: RECONFIGURE
reconf
Re-run the configuration process, as exactly as the last time
as possible.
Spoiler: UPDATE
update
This is a developer option. If you are developing a patch for
OpenSSL you may need to use this if you want to update
automatically generated files; add new error codes or add new
(or change the visibility of) public API functions. (Unix only).
Spoiler: RUNNING SELECTED TESTS
You can specify a set of tests to be performed
using the `make` variable `TESTS`.
See the section [Running Selected Tests of
test/README.md](test/README.md#running-selected-tests).
Spoiler: TROUBLESHOOTING
Spoiler: CONFIGURATION PROBLEMS
### Selecting the correct target
The `./Configure` script tries hard to guess your operating system, but in some
cases it does not succeed. You will see a message like the following:
$ ./Configure
Operating system: x86-whatever-minix
This system (minix) is not supported. See file INSTALL.md for details.
Even if the automatic target selection by the `./Configure` script fails,
chances are that you still might find a suitable target in the `Configurations`
directory, which you can supply to the `./Configure` command,
possibly after some adjustment.
The `Configurations/` directory contains a lot of examples of such targets.
The main configuration file is [10-main.conf], which contains all targets that
are officially supported by the OpenSSL team. Other configuration files contain
targets contributed by other OpenSSL users. The list of targets can be found in
a Perl list `my %targets = ( ... )`.
my %targets = (
...
"target-name" => {
inherit_from => [ "base-target" ],
CC => "...",
cflags => add("..."),
asm_arch => '...',
perlasm_scheme => "...",
},
...
)
If you call `./Configure` without arguments, it will give you a list of all
known targets. Using `grep`, you can lookup the target definition in the
`Configurations/` directory. For example the `android-x86_64` can be found in
[Configurations/15-android.conf](Configurations/15-android.conf).
The directory contains two README files, which explain the general syntax and
design of the configuration files.
- [Configurations/README.md](Configurations/README.md)
- [Configurations/README-design.md](Configurations/README-design.md)
If you need further help, try to search the [openssl-users] mailing list
or the [GitHub Issues] for existing solutions. If you don't find anything,
you can [raise an issue] to ask a question yourself.
More about our support resources can be found in the [SUPPORT] file.
Spoiler: CONFIGURATION ERRORS
If the `./Configure` or `./Configure` command fails with an error message,
read the error message carefully and try to figure out whether you made
a mistake (e.g., by providing a wrong option), or whether the script is
working incorrectly. If you think you encountered a bug, please
[raise an issue] on GitHub to file a bug report.
Along with a short description of the bug, please provide the complete
configure command line and the relevant output including the error message.
Note: To make the output readable, please add a 'code fence' (three backquotes
` ``` ` on a separate line) before and after your output:
```
./Configure [your arguments...]
[output...]
```
Spoiler: BUILD FAILURES
If the build fails, look carefully at the output. Try to locate and understand
the error message. It might be that the compiler is already telling you
exactly what you need to do to fix your problem.
There may be reasons for the failure that aren't problems in OpenSSL itself,
for example if the compiler reports missing standard or third party headers.
If the build succeeded previously, but fails after a source or configuration
change, it might be helpful to clean the build tree before attempting another
build. Use this command:
$ make clean # Unix
$ mms clean ! (or mmk) OpenVMS
$ nmake clean # Windows
Assembler error messages can sometimes be sidestepped by using the `no-asm`
configuration option. See also [notes](#notes-on-assembler-modules-compilation).
Compiling parts of OpenSSL with gcc and others with the system compiler will
result in unresolved symbols on some systems.
If you are still having problems, try to search the [openssl-users] mailing
list or the [GitHub Issues] for existing solutions. If you think you
encountered an OpenSSL bug, please [raise an issue] to file a bug report.
Please take the time to review the existing issues first; maybe the bug was
already reported or has already been fixed.
Spoiler: TEST FAILURES
If some tests fail, look at the output. There may be reasons for the failure
that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue).
You may want increased verbosity, that can be accomplished as described in
section [Test Failures of test/README.md](test/README.md#test-failures).
You may also want to selectively specify which test(s) to perform. This can be
done using the `make` variable `TESTS` as described in section [Running
Selected Tests of test/README.md](test/README.md#running-selected-tests).
If you find a problem with OpenSSL itself, try removing any
compiler optimization flags from the `CFLAGS` line in the Makefile and
run `make clean; make` or corresponding.
To report a bug please open an issue on GitHub, at
<https://github.com/openssl/openssl/issues>.
Spoiler: NOTES
Spoiler: MULTITHREADING
For some systems, the OpenSSL `Configure` script knows what compiler options
are needed to generate a library that is suitable for multi-threaded
applications. On these systems, support for multi-threading is enabled
by default; use the `no-threads` option to disable (this should never be
necessary).
On other systems, to enable support for multi-threading, you will have
to specify at least two options: `threads`, and a system-dependent option.
(The latter is `-D_REENTRANT` on various systems.) The default in this
case, obviously, is not to include support for multi-threading (but
you can still use `no-threads` to suppress an annoying warning message
from the `Configure` script.)
OpenSSL provides built-in support for two threading models: pthreads (found on
most UNIX/Linux systems), and Windows threads. No other threading models are
supported. If your platform does not provide pthreads or Windows threads then
you should use `Configure` with the `no-threads` option.
For pthreads, all locks are non-recursive. In addition, in a debug build,
the mutex attribute `PTHREAD_MUTEX_ERRORCHECK` is used. If this is not
available on your platform, you might have to add
`-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation.
(On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in
ifdef test cannot be used.)
Spoiler: SHARED LIBRARIES
For most systems the OpenSSL `Configure` script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems
the shared libraries will be created by default. This can be suppressed and
only static libraries created by using the `no-shared` option. On systems
where OpenSSL does not know how to build shared libraries the `no-shared`
option will be forced and only static libraries will be created.
Shared libraries are named a little differently on different platforms.
One way or another, they all have the major OpenSSL version number as
part of the file name, i.e. for OpenSSL 1.1.x, `1.1` is somehow part of
the name.
On most POSIX platforms, shared libraries are named `libcrypto.so.1.1`
and `libssl.so.1.1`.
on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll`
with import libraries `libcrypto.dll.a` and `libssl.dll.a`.
On Windows build with MSVC or using MingW, shared libraries are named
`libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows,
`libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows,
and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows.
With MSVC, the import libraries are named `libcrypto.lib` and `libssl.lib`,
while with MingW, they are named `libcrypto.dll.a` and `libssl.dll.a`.
On VMS, shareable images (VMS speak for shared libraries) are named
`ossl$libcrypto0101_shr.exe` and `ossl$libssl0101_shr.exe`. However, when
OpenSSL is specifically built for 32-bit pointers, the shareable images
are named `ossl$libcrypto0101_shr32.exe` and `ossl$libssl0101_shr32.exe`
instead, and when built for 64-bit pointers, they are named
`ossl$libcrypto0101_shr64.exe` and `ossl$libssl0101_shr64.exe`.
Spoiler: RANDOM NUMBER GENERATION
Availability of cryptographically secure random numbers is required for
secret key generation. OpenSSL provides several options to seed the
internal CSPRNG. If not properly seeded, the internal CSPRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
The seeding method can be configured using the `--with-rand-seed` option,
which can be used to specify a comma separated list of seed methods.
However, in most cases OpenSSL will choose a suitable default method,
so it is not necessary to explicitly provide this option. Note also
that not all methods are available on all platforms. The FIPS provider will
silently ignore seed sources that were not validated.
I) On operating systems which provide a suitable randomness source (in
form of a system call or system device), OpenSSL will use the optimal
available method to seed the CSPRNG from the operating system's
randomness sources. This corresponds to the option `--with-rand-seed=os`.
II) On systems without such a suitable randomness source, automatic seeding
and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary
to install additional support software to obtain a random seed and reseed
the CSPRNG manually. Please check out the manual pages for `RAND_add()`,
`RAND_bytes()`, `RAND_egd()`, and the FAQ for more information.
Spoiler: ASSEMBLER MODULES COMPILATION
Compilation of some code paths in assembler modules might depend on whether the
current assembler version supports certain ISA extensions or not. Code paths
that use the AES-NI, PCLMULQDQ, SSSE3, and SHA extensions are always assembled.
Apart from that, the minimum requirements for the assembler versions are shown
in the table below:
| ISA extension | GNU as | nasm | llvm |
|---------------|--------|--------|---------|
| AVX | 2.19 | 2.09 | 3.0 |
| AVX2 | 2.22 | 2.10 | 3.1 |
| ADCX/ADOX | 2.23 | 2.10 | 3.3 |
| AVX512 | 2.25 | 2.11.8 | 3.6 (*) |
| AVX512IFMA | 2.26 | 2.11.8 | 6.0 (*) |
| VAES | 2.30 | 2.13.3 | 6.0 (*) |
---
(*) Even though AVX512 support was implemented in llvm 3.6, prior to version 7.0
an explicit -march flag was apparently required to compile assembly modules. But
then the compiler generates processor-specific code, which in turn contradicts
the idea of performing dispatch at run-time, which is facilitated by the special
variable `OPENSSL_ia32cap`. For versions older than 7.0, it is possible to work
around the problem by forcing the build procedure to use the following script:
#!/bin/sh
exec clang -no-integrated-as "[email protected]"
instead of the real clang. In which case it doesn't matter what clang version
is used, as it is the version of the GNU assembler that will be checked.
Spoiler: LINKS
[openssl-users]:
<https://mta.openssl.org/mailman/listinfo/openssl-users>
[SUPPORT]:
./SUPPORT.md
[GitHub Issues]:
<https://github.com/openssl/openssl/issues>
[raise an issue]:
<https://github.com/openssl/openssl/issues/new/choose>
[10-main.conf]:
Configurations/10-main.conf
Spoiler: STRAWBERRY PERL
Spoiler: DOWNLOAD
Strawberry Perl for Windows - Releases
strawberryperl.com
Spoiler: STRAWBERRY PERL README
=== Strawberry Perl (64-bit) 5.32.1.1-64bit README ===
Spoiler: WHAT IS STRAWBERRY PERL
* 'Perl' is a programming language suitable for writing simple scripts as well
as complex applications. See http://perldoc.perl.org/perlintro.html
* 'Strawberry Perl' is a perl environment for Microsoft Windows containing all
you need to run and develop perl applications. It is designed to be as close
as possible to perl environment on UNIX systems. See http://strawberryperl.com/
* If you are completely new to perl consider visiting http://learn.perl.org/
Spoiler: INSTALLATION INSTRUCTIONS
* If installing this version from a .zip file, you MUST extract it to a
directory that does not have spaces in it - e.g. c:\myperl\
and then run some commands and manually set some environment variables:
c:\myperl\relocation.pl.bat ... this is REQUIRED!
c:\myperl\update_env.pl.bat ... this is OPTIONAL
You can specify " --nosystem" after update_env.pl.bat to install Strawberry
Perl's environment variables for the current user only.
* If having a fixed installation path does not suit you, try "Strawberry Perl
Portable Edition" from http://strawberryperl.com/releases.html
Spoiler: HOW TO USE STRAWBERRY PERL
* In the command prompt window you can:
1. run any perl script by launching
c:\> perl c:\path\to\script.pl
2. install additional perl modules (libraries) from http://www.cpan.org/ by
c:\> cpan Module::Name
3. run other tools included in Strawberry Perl like: perldoc, gcc, gmake ...
* You'll need a text editor to create perl scripts. One is NOT included with
Strawberry Perl. A few options are Padre (which can be installed by running
"cpan Padre" from the command prompt) and Notepad++ (which is downloadable at
http://notepad-plus-plus.org/ ) which both include syntax highlighting
for perl scripts. You can even use Notepad, if you wish.
Spoiler: TEXT TEMPLATE PERL MODULE
Text::Template - Expand template text with embedded Perl - metacpan.org
Expand template text with embedded Perl
metacpan.org
Spoiler: NASM
Spoiler: DOWNLOAD
https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/win64/nasm-2.15.05-win64.zip
Spoiler: WHAT IS NASM
NASM
Spoiler: GNU MAKE
Spoiler: DOWNLOAD
https://sourceforge.net/projects/gnuwin32/files/make/3.81/make-3.81.exe/download?use_mirror=phoenixnap&download=
Spoiler: WHAT IS GNUMAKE
GNU make
GNU make
www.gnu.org
Spoiler: MINGGW
Spoiler: DOWNLOAD
https://sourceforge.net/projects/mi...ngw-w64-release/mingw-w64-v9.0.0.zip/download
Spoiler: WHAT IS MINGGW
MinGW-w64
GCC for Windows 64 & 32 bits
www.mingw-w64.org
OTHER TOOLS FOR REFERENCE
Spoiler: NOTEPAD++
Spoiler: DOWNLOAD
https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.3.1/npp.8.3.1.portable.x64.zip
Spoiler: WHAT AM I
This is the tool I use to help me write scripts better than just using a plain text editor.
FOR MORE OPENSSL DOCUMENTATION~! XDA HAS 80,000 WORD LIMIT XD
/docs/man3.0/man1/index.html
www.openssl.org
Make All Of This Easier~!
How To Use Chocolatey
========================= ============================================ HOW TO USE CHOCOLATEY ============== ============= Hi Friends~! This amazing package manager changed my Windoz life
forum.xda-developers.com
Happy studies!
Spoiler: USER ERROR INDUCED FORUM BUGZ
I DON'T UNDERSTAND HOW TWO SPOILERS KEEP ADDING THEMSELVES AT THE END OF MY THREAD ARBITRARILY AFTER EDITTING~! WHAT A NEAT LITTLE BUG THAT IS PRODUCING ITSELF, AS THIS TREE GROWS, LARGER, AND, LARGER <3
NOW IT ADDED 5 HAHAHA!
EDIT----NOW I KNOW WHAT IS CAUSING IT, IS WHEN I AM HAND TYPING THE SPOILERS AND I MISS /SPOILER, IT ADDS AS MANY MISSED SPOILERS TO THE END AS WAS MISSED IN THE ORIGINAL SPOILER TREE CODE. COOL~!
Spoiler: FURTHER LEARNING
I am watching this video now to learn about generating private and public key pairs, like we do with cryto currency~! How fun and neat to finally start to understand the backbones of this Tech
GitHub - pyca/cryptography: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. - GitHub - pyca/cryptography: cryptography is a package designed to expose cryptographic prim...
github.com
What are OpenSSL BIOs? How do they work? How are BIOs used in OpenSSL?
I need some general information about OpenSSL BIO. Some kind of introduction to it. What is OpenSSL BIO? What is its general idea? I know that it is some kind of API for input/output. But how is it
stackoverflow.com
I finally did it~! Took me forever to figure out such simple things but my openssl toolset I'm sharing with y'all is portable and works out the gate :> all open source but mingw requires you keep their sources if you are interested in redistributing~!
Spoiler: SUCESSIO
And now through all this reinventing of the wheel~! I know what Chocolatey Is and Is used for~! I will figure this out better now haha.
Installing Chocolatey
Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Chocolatey integrates w/SCCM, Puppet, Chef, etc. Chocolatey is trusted by businesses to manage software deployments.
chocolatey.org
Chocolatey Software Docs | Getting Started
Introduction to Chocolatey
docs.chocolatey.org
Packages
Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. Chocolatey integrates w/SCCM, Puppet, Chef, etc. Chocolatey is trusted by businesses to manage software deployments.
community.chocolatey.org
This package has been Blocked By Content Filtering On Some Browsers Or Even ISPs~!
I would say it's because The Shadow Corporations want to keep the code slaves on their IDE's but I digress...~~!
This is Mostly a Joke~! Mostly... ;-]
oMG Chocolatey was SO MUCH EASIER. I finally created my certificate; I'm going to sign my driver~! And whether or not it fixes the problem we will see. Regardless this has been a fun exercise and I will post a video with a visual example on my future chocolatey thread, about what I learned about IDEs, "Programming Languages", package installation on windows, system environment variables, etc~! Hopefully I will explain it in a way that makes sense
Something you should be aware of when using open source software, is that, even though it's free and states that you can use it in your own, Developed, Software, you absolutely must read the licences, readmes, and documentation, for sharing the work!
A GNU case, evidenced, that asks of, software developers, on freeware, can be enforced in court~!
Do your due diligence and read what the software providers add in text form for us because they did a lot of work for us to bring us what they do
13:13 mark
is Notepad++ superior to sublime??
Kross13 said:
is Notepad++ superior to sublime??
Click to expand...
Click to collapse
I will always be honest, I am Learning, So I do Not know~! What I advise is to try them both,, and learn the differences or "nuances" between the systems, so we can tell each other why we feel a certain way toward a certain program~! I will try out sublime now as I remember hearing about it years and years ago, but I wasn't at a basic enough level to understand what all of this is for.
Thank you for sharing this program with us~!
Thanks for this information. I will try it soon.
I think Notepad++ is the best free tool to help coding.
This is my opinion.
This video explains in super detail more about certificates, in ways I didn't even think of, in relation to man in the middle attacks on everyday websites we use.
Spoiler: Video
.
Since I'm thinking about it, and the idea of decentralization comes up, this video is interesting in explaining our present day internets' root
Spoiler: vid
Hello there. I wanted to share a link to a thread that "chains together" with this Thread. It is relating to Android Verified Boot which is a means of cryptographically protecting images. I am still learning so I will add links on that thread with interesting things. Notably the repository is available, there is a literal college thesis investigative study 33 pages, some good talks to listen to in the background and other things. Anyway it's here if anyone is interested
Learning About AVB Android Verified Boot (Boot.img dtb.img, vbmeta.img, and the "staging blob")
Edit-- after studying a couple days I understand why no modification to the images would work, which is due to AVB. I have a lot more studying to do and I will explain better. This thread is currently a mess of notes from a noob picking a kind...
forum.xda-developers.com
Oh and this is a subtle callout if anyone knows anything about avb please share on that thread. I am absolutely fascinated with this now and whelp... rabbit holes.
Hello,
I have a Macrodroid string variable that contains a port number. I need to use it for connection purposes when running a windows batch file to connect with it.
Let's say the variable name is X and the value currently stored there is: 12345.
Is there a command I can run in command line such as:
localhost:777/macrodroid/get-variable/x
that would result in 12345 result so rather than manually entering the port number into a text file based on the new value each time, and then read it in a batch variable as I do now:
set /p port=<C:\port.txt
I could do this:
set /p port=<localhost.macrodroid.private/get-variable/x
So I guess for this, I need Macrodroid to host like a small local servlet (server) that would basically just expose the single variable that I need? Or is there an alternative android app server that would give me this functionality where I could store a string variable and then read from it? I'm not sure this could be done with Macrodroid webhook as it's more for invoking triggers, not reading variables, and it's using Macrodroid public server and not hosting a local server?
Thank you.