generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge of main trunk, conflicts resolved.

Browse Source
This commit is contained in:
Richard Levitte
2000-09-12 08:37:51 +00:00
parent b46ba9b1bc
commit 2be9694116
9 changed files with 201 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -4,6 +4,10 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Add RAND_egd_bytes(), which gives control over the number of bytes read
from EGD.
[Ben Laurie]
*) Add a few more EBCDIC conditionals that make `req' and `x509' *) Add a few more EBCDIC conditionals that make `req' and `x509'
work better on such systems. work better on such systems.
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>] [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]

4
Configure
View File

@@ -284,8 +284,8 @@ my %table=(
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler. # bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",

13
STATUS
View File

@@ -1,11 +1,22 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2000/09/11 13:28:30 $ ______________ $Date: 2000/09/12 08:37:49 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 0.9.6: Under development (in release cycle)... o OpenSSL 0.9.6: Under development (in release cycle)...
Proposed release date September 24, 2000 Proposed release date September 24, 2000
0.9.6-beta1 is available:
OpenBSD-x86 2.7 - failed (ftime/TIMEB)
hpux-parisc-cc 10.20 - passed
hpux-parisc-gcc 10.20 - passed
hpux-gcc - passed
hpux-brokengcc - failed (BN_sqr)
linux-elf - passed
linux-sparcv7 - passed
Solaris [engine] - failed (speed cswift)
sco5-gcc - passed
sco5-cc - passed
o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000
o OpenSSL 0.9.4: Released on August 09th, 1999 o OpenSSL 0.9.4: Released on August 09th, 1999

1
apps/CA.pl.in
View File

@@ -36,6 +36,7 @@
# default openssl.cnf file has setup as per the following # default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored # demoCA ... where everything is stored
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; $DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG"; $REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG";

195
apps/speed.c
View File

@@ -88,7 +88,7 @@
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
# define TIMES # define TIMES
#endif #endif
#if !defined(_UNICOS) #if !defined(_UNICOS) && !defined(__OpenBSD__)
# define TIMEB # define TIMEB
#endif #endif
@@ -1167,49 +1167,73 @@ int MAIN(int argc, char **argv)
int ret; int ret;
if (!rsa_doit[j]) continue; if (!rsa_doit[j]) continue;
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]); ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j], if (ret == 0)
RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
{ {
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
rsa_key[j]); ERR_print_errors(bio_err);
if (ret <= 0) rsa_count=1;
{ }
BIO_printf(bio_err,"RSA private encrypt failure\n"); else
ERR_print_errors(bio_err); {
count=1; pkey_print_message("private","rsa",
break; rsa_c[j][0],rsa_bits[j],
} RSA_SECONDS);
/* RSA_blinding_on(rsa_key[j],NULL); */
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][0]); count++)
{
ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
&rsa_num, rsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"RSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,
"%ld %d bit private RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][0]=d/(double)count;
rsa_count=count;
} }
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][0]=d/(double)count;
rsa_count=count;
#if 1 #if 1
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j], if (ret <= 0)
RSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
{ {
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
rsa_key[j]); ERR_print_errors(bio_err);
if (ret <= 0) dsa_doit[j] = 0;
{ }
BIO_printf(bio_err,"RSA verify failure\n"); else
ERR_print_errors(bio_err); {
count=1; pkey_print_message("public","rsa",
break; rsa_c[j][1],rsa_bits[j],
} RSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(rsa_c[j][1]); count++)
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
rsa_num, rsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"RSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,
"%ld %d bit public RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][1]=d/(double)count;
} }
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
count,rsa_bits[j],d);
rsa_results[j][1]=d/(double)count;
#endif #endif
if (rsa_count <= 1) if (rsa_count <= 1)
@@ -1231,54 +1255,77 @@ int MAIN(int argc, char **argv)
for (j=0; j<DSA_NUM; j++) for (j=0; j<DSA_NUM; j++)
{ {
unsigned int kk; unsigned int kk;
int ret;
if (!dsa_doit[j]) continue; if (!dsa_doit[j]) continue;
DSA_generate_key(dsa_key[j]); DSA_generate_key(dsa_key[j]);
/* DSA_sign_setup(dsa_key[j],NULL); */ /* DSA_sign_setup(dsa_key[j],NULL); */
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]); &kk,dsa_key[j]);
pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j], if (ret == 0)
DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][0]); count++)
{ {
rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
&kk,dsa_key[j]); ERR_print_errors(bio_err);
if (rsa_num == 0) rsa_count=1;
{ }
BIO_printf(bio_err,"DSA sign failure\n"); else
ERR_print_errors(bio_err); {
count=1; pkey_print_message("sign","dsa",
break; dsa_c[j][0],dsa_bits[j],
} DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][0]); count++)
{
ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
if (ret == 0)
{
BIO_printf(bio_err,
"DSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][0]=d/(double)count;
rsa_count=count;
} }
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][0]=d/(double)count;
rsa_count=count;
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]); kk,dsa_key[j]);
pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j], if (ret <= 0)
DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][1]); count++)
{ {
rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
kk,dsa_key[j]); ERR_print_errors(bio_err);
if (rsa_num2 == 0) dsa_doit[j] = 0;
{ }
BIO_printf(bio_err,"DSA verify failure\n"); else
ERR_print_errors(bio_err); {
count=1; pkey_print_message("verify","dsa",
break; dsa_c[j][1],dsa_bits[j],
} DSA_SECONDS);
Time_F(START,usertime);
for (count=0,run=1; COND(dsa_c[j][1]); count++)
{
ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
if (ret <= 0)
{
BIO_printf(bio_err,
"DSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][1]=d/(double)count;
} }
d=Time_F(STOP,usertime);
BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
count,dsa_bits[j],d);
dsa_results[j][1]=d/(double)count;
if (rsa_count <= 1) if (rsa_count <= 1)
{ {

3
crypto/rand/randfile.c
View File

@@ -61,8 +61,6 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "openssl/e_os.h"
#ifdef VMS #ifdef VMS
#include <unixio.h> #include <unixio.h>
#endif #endif
@@ -75,6 +73,7 @@
# include <sys/stat.h> # include <sys/stat.h>
#endif #endif
#include <openssl/e_os.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/rand.h> #include <openssl/rand.h>

5
doc/crypto/BIO_read.pod
View File

@@ -32,11 +32,12 @@ BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>
All these functions return either the amount of data successfully read or All these functions return either the amount of data successfully read or
written (if the return value is positive) or that no data was successfully written (if the return value is positive) or that no data was successfully
read or written (if the result is zero or negative). read or written if the result is 0 or -1. If the return value is -2 then
the operation is not implemented in the specific BIO type.
=head1 NOTES =head1 NOTES
A negative or zero return is not necessarily an indication of an error. In A 0 or -1 return is not necessarily an indication of an error. In
particular when the source/sink is non-blocking or of a certain type (for particular when the source/sink is non-blocking or of a certain type (for
example an SSL BIO can retry even if the underlying connection is blocking) example an SSL BIO can retry even if the underlying connection is blocking)
it may merely be an indication that no data is currently available and that it may merely be an indication that no data is currently available and that

10
doc/crypto/BIO_should_retry.pod
View File

@@ -91,10 +91,10 @@ done:
} while((len <= 0) && BIO_should_retry(bio)); } while((len <= 0) && BIO_should_retry(bio));
While an application may retry a failed non blocking call immediately While an application may retry a failed non blocking call immediately
this is likely to be very inefficient because the call is likely to this is likely to be very inefficient because the call will fail
fail repeatedly until data can be processed. An application will normally repeatedly until data can be processed or is available. An application
wait until the necessary condition is satisfied. How this is done depends will normally wait until the necessary condition is satisfied. How
on the underlying I/O structure. this is done depends on the underlying I/O structure.
For example if the cause is ultimately a socket and BIO_should_read() For example if the cause is ultimately a socket and BIO_should_read()
is true then a call to select() may be made to wait until data is is true then a call to select() may be made to wait until data is
@@ -114,7 +114,7 @@ able to pass any data to the application until a complete block has
been read. been read.
It is possible for a BIO to block indefinitely if the underlying I/O It is possible for a BIO to block indefinitely if the underlying I/O
structure cannot process the data. This depends on the behaviour of structure cannot process or return any data. This depends on the behaviour of
the platforms I/O functions. This is often not desirable: one solution the platforms I/O functions. This is often not desirable: one solution
is to use non blocking I/O and use a timeout on the select() (or is to use non blocking I/O and use a timeout on the select() (or
equivalent) call. equivalent) call.

62
util/mkdef.pl
View File

@@ -40,7 +40,14 @@
# symbol name replacements for platforms where the names are too long for the # symbol name replacements for platforms where the names are too long for the
# compiler or linker, or if the systems is case insensitive and there is a # compiler or linker, or if the systems is case insensitive and there is a
# clash. This script assumes those redefinitions are place in the file # clash. This script assumes those redefinitions are place in the file
# crypto/idhacks.h. # crypto/symhacks.h.
# The semantics for the platforms list is a bit complicated. The rule of
# thumb is that the list is exclusive, but it seems to mean different things.
# So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists
# on all platforms except those listed. If the list is all positives (like
# "VMS,WIN16"), the symbol exists only on those platforms and nowhere else.
# The combination of positives and negatives will act as if the positives
# weren't there.
# - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious. # - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious.
# - "algorithms" is a comma-separated list of algorithm names. This helps # - "algorithms" is a comma-separated list of algorithm names. This helps
# exclude symbols that are part of an algorithm that some user wants to # exclude symbols that are part of an algorithm that some user wants to
@@ -96,6 +103,8 @@ foreach (@ARGV, split(/ /, $options))
$NT = 1; $NT = 1;
} }
$VMS=1 if $_ eq "VMS"; $VMS=1 if $_ eq "VMS";
$rsaref=1 if $_ eq "rsaref";
$do_ssl=1 if $_ eq "ssleay"; $do_ssl=1 if $_ eq "ssleay";
$do_ssl=1 if $_ eq "ssl"; $do_ssl=1 if $_ eq "ssl";
$do_crypto=1 if $_ eq "libeay"; $do_crypto=1 if $_ eq "libeay";
@@ -104,7 +113,6 @@ foreach (@ARGV, split(/ /, $options))
$do_rewrite=1 if $_ eq "rewrite"; $do_rewrite=1 if $_ eq "rewrite";
$do_ctest=1 if $_ eq "ctest"; $do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall"; $do_ctestall=1 if $_ eq "ctestall";
$rsaref=1 if $_ eq "rsaref";
#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK"; #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
if (/^no-rc2$/) { $no_rc2=1; } if (/^no-rc2$/) { $no_rc2=1; }
@@ -693,15 +701,49 @@ EOF
if(!$do_update); if(!$do_update);
} else { } else {
(my $n, my $i) = split /\\/, $nums{$s}; (my $n, my $i) = split /\\/, $nums{$s};
my %pf = ();
my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1));
printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n # @p_purged must contain hardware platforms only
# It is very important to check NT before W32 my @p_purged = ();
if ($NT && (!@p || (grep(/^WINNT$/,@p) foreach $ptmp (@p) {
&& !grep(/^!WINNT$/,@p))) next if $ptmp =~ /^!?RSAREF$/;
|| $W32 && (!@p || (grep(/^WIN32$/,@p) push @p_purged, $ptmp;
&& !grep(/^!WIN32$/,@p))) }
|| $W16 && (!@p || (grep(/^WIN16$/,@p) my $negatives = !!grep(/^!/,@p);
&& !grep(/^!WIN16$/,@p)))); # It is very important to check NT before W32
if ((($NT && (!@p_purged
|| (!$negatives && grep(/^WINNT$/,@p))
|| ($negatives && !grep(/^!WINNT$/,@p))))
|| ($W32 && (!@p_purged
|| (!$negatives && grep(/^WIN32$/,@p))
|| ($negatives && !grep(/^!WIN32$/,@p))))
|| ($W16 && (!@p_purged
|| (!$negatives && grep(/^WIN16$/,@p))
|| ($negatives && !grep(/^!WIN16$/,@p)))))
&& (!@p
|| (!$negatives
&& ($rsaref || !grep(/^RSAREF$/,@p)))
|| ($negatives
&& (!$rsaref || !grep(/^!RSAREF$/,@p))))) {
printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n;
# } else {
# print STDERR "DEBUG: \"$sym\" (@p):",
# " rsaref:", !!(!@p
# || (!$negatives
# && ($rsaref || !grep(/^RSAREF$/,@p)))
# || ($negatives
# && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0,
# " 16:", !!($W16 && (!@p_purged
# || (!$negatives && grep(/^WIN16$/,@p))
# || ($negatives && !grep(/^!WIN16$/,@p)))),
# " 32:", !!($W32 && (!@p_purged
# || (!$negatives && grep(/^WIN32$/,@p))
# || ($negatives && !grep(/^!WIN32$/,@p)))),
# " NT:", !!($NT && (!@p_purged
# || (!$negatives && grep(/^WINNT$/,@p))
# || ($negatives && !grep(/^!WINNT$/,@p)))),
# "\n";
}
} }
} }
printf OUT "\n"; printf OUT "\n";