Merge of main trunk, conflicts resolved.

2000-09-12 08:37:51 +00:00
parent b46ba9b1bc
commit 2be9694116
9 changed files with 201 additions and 96 deletions
--- a/4
+++ b/4
@@ -4,6 +4,10 @@

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
  *) Add a few more EBCDIC conditionals that make `req' and `x509'
     work better on such systems.
     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
--- a/4
+++ b/4
@@ -284,8 +284,8 @@ my %table=(
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
--- a/13
+++ b/13
@@ -1,11 +1,22 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/09/11 13:28:30 $
+  ______________                           $Date: 2000/09/12 08:37:49 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.6:  Under development (in release cycle)...
                       Proposed release date September 24, 2000
+                       0.9.6-beta1 is available:
+			OpenBSD-x86 2.7			- failed (ftime/TIMEB)
+			hpux-parisc-cc 10.20		- passed
+			hpux-parisc-gcc 10.20		- passed
+			hpux-gcc			- passed
+			hpux-brokengcc			- failed (BN_sqr)
+			linux-elf			- passed
+			linux-sparcv7			- passed
+			Solaris [engine]		- failed (speed cswift)
+			sco5-gcc			- passed
+			sco5-cc				- passed
    o  OpenSSL 0.9.5a: Released on April     1st, 2000
    o  OpenSSL 0.9.5:  Released on February 28th, 2000
    o  OpenSSL 0.9.4:  Released on August   09th, 1999
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,6 +36,7 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored

+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -88,7 +88,7 @@
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS)
+#if !defined(_UNICOS) && !defined(__OpenBSD__)
 # define TIMEB
 #endif

@@ -1167,49 +1167,73 @@ int MAIN(int argc, char **argv)
 		int ret;
 		if (!rsa_doit[j]) continue;
 		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
-		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
-			RSA_SECONDS);
-/*		RSA_blinding_on(rsa_key[j],NULL); */
-		Time_F(START,usertime);
-		for (count=0,run=1; COND(rsa_c[j][0]); count++)
+		if (ret == 0)
 			{
-			ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
-								 rsa_key[j]);
-			if (ret <= 0)
-				{
-				BIO_printf(bio_err,"RSA private encrypt failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
-				}
+			BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			}
+		else
+			{
+			pkey_print_message("private","rsa",
+				rsa_c[j][0],rsa_bits[j],
+				RSA_SECONDS);
+/*			RSA_blinding_on(rsa_key[j],NULL); */
+			Time_F(START,usertime);
+			for (count=0,run=1; COND(rsa_c[j][0]); count++)
+				{
+				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
+					&rsa_num, rsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"RSA sign failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
+				}
+			d=Time_F(STOP,usertime);
+			BIO_printf(bio_err,
+				"%ld %d bit private RSA's in %.2fs\n",
+				count,rsa_bits[j],d);
+			rsa_results[j][0]=d/(double)count;
+			rsa_count=count;
 			}
-		d=Time_F(STOP,usertime);
-		BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
-			count,rsa_bits[j],d);
-		rsa_results[j][0]=d/(double)count;
-		rsa_count=count;

 #if 1
 		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
-		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
-			RSA_SECONDS);
-		Time_F(START,usertime);
-		for (count=0,run=1; COND(rsa_c[j][1]); count++)
+		if (ret <= 0)
 			{
-			ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
-								rsa_key[j]);
-			if (ret <= 0)
-				{
-				BIO_printf(bio_err,"RSA verify failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
-				}
+			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
+			ERR_print_errors(bio_err);
+			dsa_doit[j] = 0;
+			}
+		else
+			{
+			pkey_print_message("public","rsa",
+				rsa_c[j][1],rsa_bits[j],
+				RSA_SECONDS);
+			Time_F(START,usertime);
+			for (count=0,run=1; COND(rsa_c[j][1]); count++)
+				{
+				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+					rsa_num, rsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"RSA verify failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
+				}
+			d=Time_F(STOP,usertime);
+			BIO_printf(bio_err,
+				"%ld %d bit public RSA's in %.2fs\n",
+				count,rsa_bits[j],d);
+			rsa_results[j][1]=d/(double)count;
 			}
-		d=Time_F(STOP,usertime);
-		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
-			count,rsa_bits[j],d);
-		rsa_results[j][1]=d/(double)count;
 #endif

 		if (rsa_count <= 1)
@@ -1231,54 +1255,77 @@ int MAIN(int argc, char **argv)
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
+		int ret;

 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
-		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 			&kk,dsa_key[j]);
-		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
-			DSA_SECONDS);
-		Time_F(START,usertime);
-		for (count=0,run=1; COND(dsa_c[j][0]); count++)
+		if (ret == 0)
 			{
-			rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-				&kk,dsa_key[j]);
-			if (rsa_num == 0)
-				{
-				BIO_printf(bio_err,"DSA sign failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
-				}
+			BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			}
+		else
+			{
+			pkey_print_message("sign","dsa",
+				dsa_c[j][0],dsa_bits[j],
+				DSA_SECONDS);
+			Time_F(START,usertime);
+			for (count=0,run=1; COND(dsa_c[j][0]); count++)
+				{
+				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+					&kk,dsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"DSA sign failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
+				}
+			d=Time_F(STOP,usertime);
+			BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+				count,dsa_bits[j],d);
+			dsa_results[j][0]=d/(double)count;
+			rsa_count=count;
 			}
-		d=Time_F(STOP,usertime);
-		BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
-			count,dsa_bits[j],d);
-		dsa_results[j][0]=d/(double)count;
-		rsa_count=count;

-		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+		ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
 			kk,dsa_key[j]);
-		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
-			DSA_SECONDS);
-		Time_F(START,usertime);
-		for (count=0,run=1; COND(dsa_c[j][1]); count++)
+		if (ret <= 0)
 			{
-			rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-				kk,dsa_key[j]);
-			if (rsa_num2 == 0)
-				{
-				BIO_printf(bio_err,"DSA verify failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
-				}
+			BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");
+			ERR_print_errors(bio_err);
+			dsa_doit[j] = 0;
+			}
+		else
+			{
+			pkey_print_message("verify","dsa",
+				dsa_c[j][1],dsa_bits[j],
+				DSA_SECONDS);
+			Time_F(START,usertime);
+			for (count=0,run=1; COND(dsa_c[j][1]); count++)
+				{
+				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+					kk,dsa_key[j]);
+				if (ret <= 0)
+					{
+					BIO_printf(bio_err,
+						"DSA verify failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
+				}
+			d=Time_F(STOP,usertime);
+			BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+				count,dsa_bits[j],d);
+			dsa_results[j][1]=d/(double)count;
 			}
-		d=Time_F(STOP,usertime);
-		BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
-			count,dsa_bits[j],d);
-		dsa_results[j][1]=d/(double)count;

 		if (rsa_count <= 1)
 			{
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -61,8 +61,6 @@
 #include <stdlib.h>
 #include <string.h>

-#include "openssl/e_os.h"
-
 #ifdef VMS
 #include <unixio.h>
 #endif
@@ -75,6 +73,7 @@
 # include <sys/stat.h>
 #endif

+#include <openssl/e_os.h>
 #include <openssl/crypto.h>
 #include <openssl/rand.h>

--- a/doc/crypto/BIO_read.pod
+++ b/doc/crypto/BIO_read.pod
@@ -32,11 +32,12 @@ BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>

 All these functions return either the amount of data successfully read or
 written (if the return value is positive) or that no data was successfully
-read or written (if the result is zero or negative).
+read or written if the result is 0 or -1. If the return value is -2 then
+the operation is not implemented in the specific BIO type.

 =head1 NOTES

-A negative or zero return is not necessarily an indication of an error. In
+A 0 or -1 return is not necessarily an indication of an error. In
 particular when the source/sink is non-blocking or of a certain type (for
 example an SSL BIO can retry even if the underlying connection is blocking)
 it may merely be an indication that no data is currently available and that
--- a/doc/crypto/BIO_should_retry.pod
+++ b/doc/crypto/BIO_should_retry.pod
@@ -91,10 +91,10 @@ done:
 } while((len <= 0) && BIO_should_retry(bio));

 While an application may retry a failed non blocking call immediately
-this is likely to be very inefficient because the call is likely to
-fail repeatedly until data can be processed. An application will normally
-wait until the necessary condition is satisfied. How this is done depends
-on the underlying I/O structure.
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.

 For example if the cause is ultimately a socket and BIO_should_read()
 is true then a call to select() may be made to wait until data is
@@ -114,7 +114,7 @@ able to pass any data to the application until a complete block has
 been read.

 It is possible for a BIO to block indefinitely if the underlying I/O
-structure cannot process the data. This depends on the behaviour of
+structure cannot process or return any data. This depends on the behaviour of
 the platforms I/O functions. This is often not desirable: one solution
 is to use non blocking I/O and use a timeout on the select() (or
 equivalent) call.
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -40,7 +40,14 @@
 #   symbol name replacements for platforms where the names are too long for the
 #   compiler or linker, or if the systems is case insensitive and there is a
 #   clash.  This script assumes those redefinitions are place in the file
-#   crypto/idhacks.h.
+#   crypto/symhacks.h.
+#   The semantics for the platforms list is a bit complicated.  The rule of
+#   thumb is that the list is exclusive, but it seems to mean different things.
+#   So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists
+#   on all platforms except those listed.  If the list is all positives (like
+#   "VMS,WIN16"), the symbol exists only on those platforms and nowhere else.
+#   The combination of positives and negatives will act as if the positives
+#   weren't there.
 # - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
 # - "algorithms" is a comma-separated list of algorithm names.  This helps
 #   exclude symbols that are part of an algorithm that some user wants to
@@ -96,6 +103,8 @@ foreach (@ARGV, split(/ /, $options))
 		$NT = 1;
 	}
 	$VMS=1 if $_ eq "VMS";
+	$rsaref=1 if $_ eq "rsaref";
+
 	$do_ssl=1 if $_ eq "ssleay";
 	$do_ssl=1 if $_ eq "ssl";
 	$do_crypto=1 if $_ eq "libeay";
@@ -104,7 +113,6 @@ foreach (@ARGV, split(/ /, $options))
 	$do_rewrite=1 if $_ eq "rewrite";
 	$do_ctest=1 if $_ eq "ctest";
 	$do_ctestall=1 if $_ eq "ctestall";
-	$rsaref=1 if $_ eq "rsaref";
 	#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";

 	if    (/^no-rc2$/)      { $no_rc2=1; }
@@ -693,15 +701,49 @@ EOF
 					if(!$do_update);
 		} else {
 			(my $n, my $i) = split /\\/, $nums{$s};
+			my %pf = ();
 			my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1));
-			printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$s,$n
-			    # It is very important to check NT before W32
-			    if ($NT && (!@p || (grep(/^WINNT$/,@p)
-						&& !grep(/^!WINNT$/,@p)))
-				|| $W32 && (!@p || (grep(/^WIN32$/,@p)
-						    && !grep(/^!WIN32$/,@p)))
-				|| $W16 && (!@p || (grep(/^WIN16$/,@p)
-						    && !grep(/^!WIN16$/,@p))));
+			# @p_purged must contain hardware platforms only
+			my @p_purged = ();
+			foreach $ptmp (@p) {
+				next if $ptmp =~ /^!?RSAREF$/;
+				push @p_purged, $ptmp;
+			}
+			my $negatives = !!grep(/^!/,@p);
+			# It is very important to check NT before W32
+			if ((($NT && (!@p_purged
+				      || (!$negatives && grep(/^WINNT$/,@p))
+				      || ($negatives && !grep(/^!WINNT$/,@p))))
+			     || ($W32 && (!@p_purged
+					  || (!$negatives && grep(/^WIN32$/,@p))
+					  || ($negatives && !grep(/^!WIN32$/,@p))))
+			     || ($W16 && (!@p_purged
+					  || (!$negatives && grep(/^WIN16$/,@p))
+					  || ($negatives && !grep(/^!WIN16$/,@p)))))
+			    && (!@p
+				|| (!$negatives
+				    && ($rsaref || !grep(/^RSAREF$/,@p)))
+				|| ($negatives
+				    && (!$rsaref || !grep(/^!RSAREF$/,@p))))) {
+				printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$s,$n;
+#			} else {
+#				print STDERR "DEBUG: \"$sym\" (@p):",
+#				" rsaref:", !!(!@p
+#					       || (!$negatives
+#						   && ($rsaref || !grep(/^RSAREF$/,@p)))
+#					       || ($negatives
+#						   && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0,
+#				" 16:", !!($W16 && (!@p_purged
+#						    || (!$negatives && grep(/^WIN16$/,@p))
+#						    || ($negatives && !grep(/^!WIN16$/,@p)))),
+#				" 32:", !!($W32 && (!@p_purged
+#						    || (!$negatives && grep(/^WIN32$/,@p))
+#						    || ($negatives && !grep(/^!WIN32$/,@p)))),
+#				" NT:", !!($NT && (!@p_purged
+#						   || (!$negatives && grep(/^WINNT$/,@p))
+#						   || ($negatives && !grep(/^!WINNT$/,@p)))),
+#				"\n";
+			}
 		}
 	}
 	printf OUT "\n";