OpenSSL is compiled with NO_RSA, no RSA operations can be used: including
key generation storage and display of RSA keys. Since these operations are
not covered by the RSA patent (my understanding is it only covers encrypt,
decrypt, sign and verify) they can be included: this is an often requested
feature, attempts to use the patented operations return an error code.
This is enabled by setting RSA_NULL. This means that if a particular application
has its own legal US RSA implementation then it can use that instead by setting
it as the default RSA method.
Still experimental and needs some fiddling of the other libraries so they have
some options that don't attempt to use RSA if it isn't allowed.
I've chosen to nest two functions in order to save about 4K. As a result
s1-win32.asm doesn't look right (nested PROC/ENDP SEGMENT/ENDS) and it's
probably impossible to compile. I assume I have to reconsider... But not
today...
"Clean-up" stands for the fact that it's using common message digest
template ../md32_common.h and sha[1_]dgst.c are reduced down to
'#define SHA_[01]' and then '#include "sha_locl.h"'. It stands "(LP64)"
there because it's 64 bit platforms which benefit most from the tune-up.
The updated code exhibits 40% performance improvement on IRIX64
(sounds too good, huh? I probably should double check if it's not
some cache trashing that was holding it back before), 28% - on
Alpha Linux and 12% - Solaris 7/64.
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
