From a9740b7da6dfc0eff524bded95006fd06f3a62d0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 06:44:52 +0000 Subject: [PATCH 01/21] SCO 5.0.5 with both gcc and cc passed --- STATUS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index e2a8e2783..88cd5c1af 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/11 22:02:07 $ + ______________ $Date: 2000/09/12 06:44:52 $ DEVELOPMENT STATE @@ -14,6 +14,8 @@ hpux-brokengcc - failed (BN_sqr) linux-elf - passed Solaris [engine] - failed (speed cswift) + sco5-gcc - passed + sco5-cc - passed o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 0f92cae9bcfe5f286f8eb7d8035b4996358911c8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 06:49:03 +0000 Subject: [PATCH 02/21] Linux in Sparc v7 passed --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 88cd5c1af..0e3135ce3 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 06:44:52 $ + ______________ $Date: 2000/09/12 06:49:03 $ DEVELOPMENT STATE @@ -13,6 +13,7 @@ hpux-gcc - passed hpux-brokengcc - failed (BN_sqr) linux-elf - passed + linux-sparcv7 - passed Solaris [engine] - failed (speed cswift) sco5-gcc - passed sco5-cc - passed From 03ea28c985bdc8f1a9747fe9fe4a5faf4927e5a8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 08:12:52 +0000 Subject: [PATCH 03/21] Better error checking for RSA and DSA signature and verification speed tests. This was required to not get mysterious errors when they wouldn't quite want to work. --- apps/speed.c | 193 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 120 insertions(+), 73 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index c468e3372..899ad02c3 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1133,49 +1133,73 @@ int MAIN(int argc, char **argv) int ret; if (!rsa_doit[j]) continue; ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]); - pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j], - RSA_SECONDS); -/* RSA_blinding_on(rsa_key[j],NULL); */ - Time_F(START,usertime); - for (count=0,run=1; COND(rsa_c[j][0]); count++) + if (ret == 0) { - ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, - rsa_key[j]); - if (ret <= 0) - { - BIO_printf(bio_err,"RSA private encrypt failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else + { + pkey_print_message("private","rsa", + rsa_c[j][0],rsa_bits[j], + RSA_SECONDS); +/* RSA_blinding_on(rsa_key[j],NULL); */ + Time_F(START,usertime); + for (count=0,run=1; COND(rsa_c[j][0]); count++) + { + ret=RSA_sign(NID_md5_sha1, buf,36, buf2, + &rsa_num, rsa_key[j]); + if (ret == 0) + { + BIO_printf(bio_err, + "RSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP,usertime); + BIO_printf(bio_err, + "%ld %d bit private RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][0]=d/(double)count; + rsa_count=count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n", - count,rsa_bits[j],d); - rsa_results[j][0]=d/(double)count; - rsa_count=count; #if 1 ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j], - RSA_SECONDS); - Time_F(START,usertime); - for (count=0,run=1; COND(rsa_c[j][1]); count++) + if (ret <= 0) { - ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, - rsa_key[j]); - if (ret <= 0) - { - BIO_printf(bio_err,"RSA verify failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n"); + ERR_print_errors(bio_err); + dsa_doit[j] = 0; + } + else + { + pkey_print_message("public","rsa", + rsa_c[j][1],rsa_bits[j], + RSA_SECONDS); + Time_F(START,usertime); + for (count=0,run=1; COND(rsa_c[j][1]); count++) + { + ret=RSA_verify(NID_md5_sha1, buf,36, buf2, + rsa_num, rsa_key[j]); + if (ret == 0) + { + BIO_printf(bio_err, + "RSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } + } + d=Time_F(STOP,usertime); + BIO_printf(bio_err, + "%ld %d bit public RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][1]=d/(double)count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n", - count,rsa_bits[j],d); - rsa_results[j][1]=d/(double)count; #endif if (rsa_count <= 1) @@ -1197,54 +1221,77 @@ int MAIN(int argc, char **argv) for (j=0; j Date: Tue, 12 Sep 2000 10:05:11 +0000 Subject: [PATCH 04/21] FreeBSD and solaris with gcc passed --- STATUS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 0e3135ce3..5e304397d 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 06:49:03 $ + ______________ $Date: 2000/09/12 10:05:11 $ DEVELOPMENT STATE @@ -8,6 +8,7 @@ Proposed release date September 24, 2000 0.9.6-beta1 is available: OpenBSD-x86 2.7 - failed (ftime/TIMEB) + [FIXED] hpux-parisc-cc 10.20 - passed hpux-parisc-gcc 10.20 - passed hpux-gcc - passed @@ -15,8 +16,11 @@ linux-elf - passed linux-sparcv7 - passed Solaris [engine] - failed (speed cswift) + [FIXED] + solaris-sparcv8-gcc - passed sco5-gcc - passed sco5-cc - passed + FreeBSD - passed o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 8a26980b072b179b772f1c935454bd75bfa8be00 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 10:07:19 +0000 Subject: [PATCH 05/21] Note the failure on Win32 --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 5e304397d..ec9b76a0e 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 10:05:11 $ + ______________ $Date: 2000/09/12 10:07:19 $ DEVELOPMENT STATE @@ -21,6 +21,7 @@ sco5-gcc - passed sco5-cc - passed FreeBSD - passed + Win32 - failed (PCURSORINFO) o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From e4daf9dfce3137c2d9b668e51c1df864c5437b3a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 15:46:04 +0000 Subject: [PATCH 06/21] Holger Reif reports a few more Solaris successes. --- STATUS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index ec9b76a0e..459e7358d 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 10:07:19 $ + ______________ $Date: 2000/09/12 15:46:04 $ DEVELOPMENT STATE @@ -18,6 +18,9 @@ Solaris [engine] - failed (speed cswift) [FIXED] solaris-sparcv8-gcc - passed + solaris-sparcv9-gcc - passed + solaris-sparcv9-cc - passed + solaris64-sparcv9-cc - passed sco5-gcc - passed sco5-cc - passed FreeBSD - passed From fb1cba063df56ae322b58bf0da25c5de670ab890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Tue, 12 Sep 2000 16:40:59 +0000 Subject: [PATCH 07/21] bug: RAND_poll(). --- STATUS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index 459e7358d..8228a1fbd 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 15:46:04 $ + ______________ $Date: 2000/09/12 16:40:59 $ DEVELOPMENT STATE @@ -25,7 +25,8 @@ sco5-cc - passed FreeBSD - passed Win32 - failed (PCURSORINFO) - o OpenSSL 0.9.5a: Released on April 1st, 2000 + RAND_poll() problem on Win2000 + o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 From 54f10e6adce56eb2e59936e32216162aadc5d050 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 12 Sep 2000 20:28:30 +0000 Subject: [PATCH 08/21] New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ. --- CHANGES | 9 +++++++++ ssl/s3_pkt.c | 52 ++++++++++++++++++++++++++++------------------------ ssl/ssl.h | 3 +++ 3 files changed, 40 insertions(+), 24 deletions(-) diff --git a/CHANGES b/CHANGES index 7bb375d11..2231003dc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default + behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if + the underlying transport is blocking) if a handshake took place. + (The default behaviour is needed by applications such as s_client + and s_server that use select() to determine when to use SSL_read; + but for applications that know in advance when to expect data, it + just makes things more complicated.) + [Bodo Moeller] + *) Add RAND_egd_bytes(), which gives control over the number of bytes read from EGD. [Ben Laurie] diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index e3d02e600..141407985 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -899,19 +899,21 @@ start: return(-1); } - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - BIO *bio; - /* In the case where we try to read application data - * the first time, but we trigger an SSL handshake, we - * return -1 with the retry option set. I do this - * otherwise renegotiation can cause nasty problems - * in the blocking world */ /* ? */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); + } } } } @@ -1022,19 +1024,21 @@ start: return(-1); } - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - BIO *bio; - /* In the case where we try to read application data - * the first time, but we trigger an SSL handshake, we - * return -1 with the retry option set. I do this - * otherwise renegotiation can cause nasty problems - * in the blocking world */ /* ? */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); + } } goto start; } diff --git a/ssl/ssl.h b/ssl/ssl.h index f418b9921..6ffeca4d3 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -335,6 +335,9 @@ typedef struct ssl_session_st * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ From 279fff0d7f34f6dcf3a4af071610eab42d8c5d93 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 Sep 2000 22:19:41 +0000 Subject: [PATCH 09/21] A few more systems reported successfull. --- STATUS | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index 8228a1fbd..e503375d4 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 16:40:59 $ + ______________ $Date: 2000/09/12 22:19:41 $ DEVELOPMENT STATE @@ -15,6 +15,7 @@ hpux-brokengcc - failed (BN_sqr) linux-elf - passed linux-sparcv7 - passed + linux-ppc - passed Solaris [engine] - failed (speed cswift) [FIXED] solaris-sparcv8-gcc - passed @@ -26,7 +27,8 @@ FreeBSD - passed Win32 - failed (PCURSORINFO) RAND_poll() problem on Win2000 - o OpenSSL 0.9.5a: Released on April 1st, 2000 + aix-gcc (AIX 4.3.2) - passed + o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 o OpenSSL 0.9.3a: Released on May 29th, 1999 From 4041156461457749bf871e2a9f30b9fe6370c426 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 13 Sep 2000 00:20:24 +0000 Subject: [PATCH 10/21] Clarify some of the I/O issues. Add case of using select() and blocking I/O with BIOs and why you shouldn't (thanks Bodo!). --- doc/crypto/BIO_read.pod | 20 ++++++++++++--- doc/crypto/BIO_should_retry.pod | 43 +++++++++------------------------ 2 files changed, 28 insertions(+), 35 deletions(-) diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod index 6c001a309..e7eb5ea04 100644 --- a/doc/crypto/BIO_read.pod +++ b/doc/crypto/BIO_read.pod @@ -38,16 +38,28 @@ the operation is not implemented in the specific BIO type. =head1 NOTES A 0 or -1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type (for -example an SSL BIO can retry even if the underlying connection is blocking) +particular when the source/sink is non-blocking or of a certain type it may merely be an indication that no data is currently available and that -the application should retry the operation later. L -can be called to determine the precise cause. +the application should retry the operation later. + +One technique sometimes used with blocking sockets is to use a system call +(such as select(), poll() or eqivalent) to determine when data is available +and then call read() to read the data. The eqivalent with BIOs (that is call +select() on the underlying I/O structure and then call BIO_read() to +read the data) should B be used because a single call to BIO_read() +can cause several reads (and writes in the case of SSL BIOs) on the underlying +I/O structure and may block as a result. Instead select() (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. + +See the L for details of how to +determine the cause of a retry and other I/O issues. If the BIO_gets() function is not supported by a BIO then it possible to work around this by adding a buffering BIO L to the chain. =head1 SEE ALSO +L TBA diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod index ab67a4611..6d291b188 100644 --- a/doc/crypto/BIO_should_retry.pod +++ b/doc/crypto/BIO_should_retry.pod @@ -46,7 +46,7 @@ reason other than reading or writing is the cause of the condition. BIO_get_retry_reason() returns a mask of the cause of a retry condition consisting of the values B, B, B though current BIO types will only set one of -these (Q: is this correct?). +these. BIO_get_retry_BIO() determines the precise reason for the special condition, it returns the BIO that caused this condition and if @@ -55,7 +55,7 @@ the reason code and the action that should be taken depends on the type of BIO that resulted in this condition. BIO_get_retry_reason() returns the reason for a special condition if -pass the relevant BIO, for example as returned by BIO_get_retry_BIO(). +passed the relevant BIO, for example as returned by BIO_get_retry_BIO(). =head1 NOTES @@ -68,27 +68,17 @@ has reached EOF. Some BIO types may place additional information on the error queue. For more details see the individual BIO type manual pages. -If the underlying I/O structure is in a blocking mode then most BIO -types will not signal a retry condition, because the underlying I/O +If the underlying I/O structure is in a blocking mode almost all current +BIO types will not request a retry, because the underlying I/O calls will not. If the application knows that the BIO type will never signal a retry then it need not call BIO_should_retry() after a failed BIO I/O call. This is typically done with file BIOs. -The presence of an SSL BIO is an exception to this rule: it can -request a retry because the handshake process is underway (either -initially or due to a session renegotiation) even if the underlying -I/O structure (for example a socket) is in a blocking mode. - -The action an application should take after a BIO has signalled that a -retry is required depends on the BIO that caused the retry. - -If the underlying I/O structure is in a blocking mode then the BIO -call can be retried immediately. That is something like this can be -done: - - do { - len = BIO_read(bio, buf, len); - } while((len <= 0) && BIO_should_retry(bio)); +SSL BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to BIO_read(). An application can retry the failed +call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY +on the underlying SSL structure. While an application may retry a failed non blocking call immediately this is likely to be very inefficient because the call will fail @@ -100,18 +90,9 @@ For example if the cause is ultimately a socket and BIO_should_read() is true then a call to select() may be made to wait until data is available and then retry the BIO operation. By combining the retry conditions of several non blocking BIOs in a single select() call -it is possible to service several BIOs in a single thread. - -The cause of the retry condition may not be the same as the call that -made it: for example if BIO_write() fails BIO_should_read() can be -true. One possible reason for this is that an SSL handshake is taking -place. - -Even if data is read from the underlying I/O structure this does not -imply that the next BIO I/O call will succeed. For example if an -encryption BIO reads only a fraction of a block it will not be -able to pass any data to the application until a complete block has -been read. +it is possible to service several BIOs in a single thread, though +the performance may be poor if SSL BIOs are present because long delays +can occur during the initial handshake process. It is possible for a BIO to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of From c11dead17c0808e1a312ca02a849ed5cdd74c535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 13 Sep 2000 01:45:54 +0000 Subject: [PATCH 11/21] Don't set the two top bits to one when generating a random number < q.:wq --- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_ossl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 5aef2d5fc..af3c56d77 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -84,7 +84,7 @@ int DSA_generate_key(DSA *dsa) i=BN_num_bits(dsa->q); for (;;) { - if (!BN_rand(priv_key,i,1,0)) + if (!BN_rand(priv_key,i,0,0)) goto err; if (BN_cmp(priv_key,dsa->q) >= 0) BN_sub(priv_key,priv_key,dsa->q); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b51cf6ad8..094356518 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -181,7 +181,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) /* Get random k */ for (;;) { - if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; + if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err; if (BN_cmp(&k,dsa->q) >= 0) BN_sub(&k,&k,dsa->q); if (!BN_is_zero(&k)) break; From 5401c4c2bf60f6f31efad8acb6f43b3da6443a03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 13 Sep 2000 01:48:05 +0000 Subject: [PATCH 12/21] Not the DSA change. --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 2231003dc..5eaa55393 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Don't set the two most significant bits to one when generating a + random number < q in the DSA library. + [Ulf Möller] + *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if the underlying transport is blocking) if a handshake took place. From 5b7417dbe13a8e3721fa0e3640367e80a416e01c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 13 Sep 2000 01:50:24 +0000 Subject: [PATCH 13/21] More Windows failures reported --- STATUS | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index e503375d4..520b485b4 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/12 22:19:41 $ + ______________ $Date: 2000/09/13 01:50:24 $ DEVELOPMENT STATE @@ -25,8 +25,10 @@ sco5-gcc - passed sco5-cc - passed FreeBSD - passed - Win32 - failed (PCURSORINFO) + Win32 VC++ - failed (PCURSORINFO) RAND_poll() problem on Win2000 + CygWin32 - test failed + MingW32 - failed (thelp32.h) aix-gcc (AIX 4.3.2) - passed o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 From 523d778aeff6bae4128a59d5d04eb968c8edecd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 13 Sep 2000 02:01:35 +0000 Subject: [PATCH 14/21] The other log message should have read "Note the DSA change". --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5eaa55393..1eca68380 100644 --- a/CHANGES +++ b/CHANGES @@ -6,7 +6,7 @@ *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if From c0366d89f640edb2e60eea8ef7708c6aa565cf56 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 13 Sep 2000 07:17:35 +0000 Subject: [PATCH 15/21] 3 changes: - Make sure PCURSORINFO is defined even on systems that do not provide it. - Change the reference to Peter Gutmann's paper. - Make sure we don't walk the whole heap lists for performance reasons. Jeffrey Altman suggests following Peter Gutmann's advice to keep it to 50 heap entries per heap list. --- crypto/rand/rand_win.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index cb8e17634..7d61bce35 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -130,6 +130,15 @@ static void readtimer(void); static void readscreen(void); +/* It appears like PCURSORINFO is only defined when WINVER is 0x0500 and up, + which currently only happens on Win2000. Unfortunately, that is a typedef, + so it's a little bit difficult to detect properly. On the other hand, the + macro CURSOR_SHOWING is defined within the same conditional, so it can be + use to detect the absence of PCURSORINFO. */ +#ifndef CURSOR_SHOWING +typedef void *PCURSORINFO; +#endif + typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR, DWORD, DWORD); typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); @@ -254,7 +263,7 @@ int RAND_poll(void) * * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, - * http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf + * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) @@ -307,10 +316,14 @@ int RAND_poll(void) if (heap_first(&hentry, hlist.th32ProcessID, hlist.th32HeapID)) + { + int entrycnt = 50; do RAND_add(&hentry, hentry.dwSize, 0); - while (heap_next(&hentry)); + while (heap_next(&hentry) + && --entrycnt > 0); + } } while (heaplist_next(handle, &hlist)); From cea81a62ff735b1144faa56410edf03c8c167491 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 13 Sep 2000 11:29:15 +0000 Subject: [PATCH 16/21] Make sure that Configure will defined DSO_WIN32 for the Win32 targets. I feel a bit unsure if this should really be done for Mingw32 and CygWin32 --- Configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index 2fb2d56d9..93df8dc8d 100755 --- a/Configure +++ b/Configure @@ -359,24 +359,24 @@ my %table=( # Windows NT, Microsoft Visual C++ 4.0 -"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", -"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::", +"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32", +"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32", "VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", "VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", "VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", "VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Borland C++ 4.5 -"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::", +"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32", "BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Mingw32 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl # and its library files in util/pl/*) -"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", +"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", # CygWin32 -"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", +"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", From e147c6fef8d0982c29a75251c54f8e23ef5a3056 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 13 Sep 2000 11:33:09 +0000 Subject: [PATCH 17/21] Update info on what has been fixed, and switch format for failure data --- STATUS | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/STATUS b/STATUS index 520b485b4..527116a96 100644 --- a/STATUS +++ b/STATUS @@ -1,23 +1,24 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/13 01:50:24 $ + ______________ $Date: 2000/09/13 11:33:09 $ DEVELOPMENT STATE o OpenSSL 0.9.6: Under development (in release cycle)... Proposed release date September 24, 2000 0.9.6-beta1 is available: - OpenBSD-x86 2.7 - failed (ftime/TIMEB) - [FIXED] + OpenBSD-x86 2.7 - failed + ftime not supported [FIXED] hpux-parisc-cc 10.20 - passed hpux-parisc-gcc 10.20 - passed hpux-gcc - passed - hpux-brokengcc - failed (BN_sqr) + hpux-brokengcc - failed + BN_sqr fails in test linux-elf - passed linux-sparcv7 - passed linux-ppc - passed - Solaris [engine] - failed (speed cswift) - [FIXED] + Solaris [engine] - failed + speed cswift gives odd errors [FIXED] solaris-sparcv8-gcc - passed solaris-sparcv9-gcc - passed solaris-sparcv9-cc - passed @@ -25,10 +26,12 @@ sco5-gcc - passed sco5-cc - passed FreeBSD - passed - Win32 VC++ - failed (PCURSORINFO) - RAND_poll() problem on Win2000 + Win32 VC++ - failed + PCURSORINFO not defined unless Win2000 [FIXED] + RAND_poll() problem on Win2000 [FIXED] CygWin32 - test failed - MingW32 - failed (thelp32.h) + MingW32 - failed + thelp32.h aix-gcc (AIX 4.3.2) - passed o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 From 270f4f6d63c175580ebc8ebe5a9b3715a5833b46 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 13 Sep 2000 11:35:54 +0000 Subject: [PATCH 18/21] Update info on what has been fixed --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 527116a96..8e82f4587 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/13 11:33:09 $ + ______________ $Date: 2000/09/13 11:35:54 $ DEVELOPMENT STATE @@ -29,6 +29,7 @@ Win32 VC++ - failed PCURSORINFO not defined unless Win2000 [FIXED] RAND_poll() problem on Win2000 [FIXED] + DSO method always DSO_METHOD_null [FIXED] CygWin32 - test failed MingW32 - failed thelp32.h From e37c27d2390cd7460360af8d9c9af1e67c4a911b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 13 Sep 2000 12:14:39 +0000 Subject: [PATCH 19/21] One more passed test --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 8e82f4587..af8f92189 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/13 11:35:54 $ + ______________ $Date: 2000/09/13 12:14:39 $ DEVELOPMENT STATE @@ -11,6 +11,7 @@ ftime not supported [FIXED] hpux-parisc-cc 10.20 - passed hpux-parisc-gcc 10.20 - passed + hpux-parisc-gcc 11.00 - passed hpux-gcc - passed hpux-brokengcc - failed BN_sqr fails in test From 24b8bf2163e6a2985313eefc4557316ee39e43c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Wed, 13 Sep 2000 14:24:07 +0000 Subject: [PATCH 20/21] Point to Peter Gutmann's revised paper. The copy at www.usenix.org is the old version. --- crypto/rand/rand_win.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 7d61bce35..82955d8d3 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -264,6 +264,7 @@ int RAND_poll(void) * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) From 02ef611ef337943e46a03239e87825b4b202cfa7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 13 Sep 2000 17:27:42 +0000 Subject: [PATCH 21/21] BIO_s_fd() manual page. --- doc/crypto/BIO_s_fd.pod | 88 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 doc/crypto/BIO_s_fd.pod diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod new file mode 100644 index 000000000..5c7c55fa8 --- /dev/null +++ b/doc/crypto/BIO_s_fd.pod @@ -0,0 +1,88 @@ +=pod + +=head1 NAME + + BIO_s_fd - file descriptor BIO + +=head1 SYNOPSIS + + #include + + BIO_METHOD * BIO_s_fd(void); + + #define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) + #define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + + #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) + #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + + BIO *BIO_new_fd(int fd, int close_flag); + +=head1 DESCRIPTION + +BIO_f_fd() returns the file descriptor BIO method. This is a wrapper +round the platforms file descriptor routines such as read() and write(). + +BIO_read() and BIO_write() read or write the underlying descriptor. +BIO_puts() is supported but BIO_gets() is not. + +If the close flag is set then then close() is called on the underlying +file descriptor when the BIO is freed. + +BIO_reset() attempts to change the file pointer to the start of file +using lseek(fd, 0, 0). + +BIO_seek() sets the file pointer to position B from start of file +using lseek(fd, ofs, 0). + +BIO_tell() returns the current file position by calling lseek(fd, 0, 1). + +BIO_set_fd() sets the file descriptor of BIO B to B and the close +flag to B. + +BIO_get_fd() places the file descriptor in B if it is not NULL, it also +returns the file descriptor. If B is not NULL it should be of type +(int *). + +BIO_new_fd() returns a file desciptor BIO using B and B. + +=head1 NOTES + +The behaviour of BIO_read() and BIO_write() depends on the behaviour of the +platforms read() and write() calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the BIO will behave in the +manner described in the L and L +manual pages. + +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. + +=head1 RETURN VALUES + +BIO_s_fd() returns the file descriptor BIO method. + +BIO_reset() returns zero for success and -1 if an error occurred. +BIO_seek() and BIO_tell() return the current file position or -1 +is an error occurred. These values reflect the underlying lseek() +behaviour. + +BIO_set_fd() always returns 1. + +BIO_get_fd() returns the file descriptor or -1 if the BIO has not +been initialised. + +BIO_new_fd() returns the newly allocated BIO or NULL is an error +occurred. + +=head1 EXAMPLE + +This is a file descriptor BIO version of "Hello World": + + BIO *out; + out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); + BIO_printf(out, "Hello World\n"); + BIO_free(out); + +=head1 SEE ALSO + +TBA