Changes between 0.9.01b and 0.9.1c
+ *) Fixed the nasty bug where rsaref.h was not found under compile-time
+ because the symlink to include/ was missing.
+ [Ralf S. Engelschall]
+
+ *) Incorporated the popular no-RSA/DSA-only patches
+ which allow to compile a RSA-free SSLeay.
+ [Interrader Ldt., Ralf S. Engelschall]
+
+ *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+ when "ssleay" is still not found.
+ [Ralf S. Engelschall]
+
+ *) Added more platforms to Configure: Cray T3E, HPUX 11,
+ [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
*) Updated the README file.
[Ralf S. Engelschall]
util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
[Ralf S. Engelschall]
- *) Added various platform portability fixed.
+ *) Added various platform portability fixes.
[Marc J. Cox]
*) The Genesis of the OpenTLS rpject:
# A few of my development configs
"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
+"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::",
"dist", "cc:-O -DNOPROTO::::",
# Basic configs that should work on any box
"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX from www.globus.org
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+#"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
#"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
"nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
# NCR MP-RAS UNIX ver 02.03.01
# (written by Wayne Schroeder <schroede@SDSC.EDU>)
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
+# another use. Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
# DGUX, 88100.
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
done;
links:
- /bin/rm -f Makefile;
- ./util/point.sh Makefile.ssl Makefile;
- $(TOP)/util/mklink.sh include $(EXHEADER) ;
+ /bin/rm -f Makefile
+ ./util/point.sh Makefile.ssl Makefile
+ $(TOP)/util/mklink.sh include $(EXHEADER)
@for i in $(DIRS) ;\
do \
(cd $$i; echo "making links in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' links ); \
done;
- # @(cd apps; sh ./mklinks)
- @( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
+ @(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs)
dclean:
/bin/rm -f *.bak
r->sequence=i;
}
- /* we how have a CRL */
+ /* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
if (md != NULL)
{
}
else
dgst=EVP_md5();
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst = EVP_dss1() ;
+#endif
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"verify",verify_main},
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
#ifndef NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
{FUNC_TYPE_GENERAL,"crl",crl_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
-#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
#endif
goto end;
}
fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
if (pubkey->type == EVP_PKEY_RSA)
BN_print(out,pubkey->pkey.rsa->n);
else
+#endif
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
{
BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT);
+ BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
if (ip == NULL)
server.sin_addr.s_addr=INADDR_ANY;
else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+ memcpy(&server.sin_addr,ip,4);
+#endif
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) goto err;
" missing, it is asssumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial - serial file\n",
-" -text - print the certitificate in text form\n",
+" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
NULL
links:
/bin/rm -f Makefile
- $(TOP)/util/point.sh Makefile.ssl Makefile ;
- $(TOP)/util/mklink.sh ../include $(HEADER) ;
- $(TOP)/util/mklink.sh ../test $(TEST) ;
- $(TOP)/util/mklink.sh ../apps $(APPS) ;
- $(TOP)/util/point.sh Makefile.ssl Makefile;
+ $(TOP)/util/point.sh Makefile.ssl Makefile
+ $(TOP)/util/mklink.sh ../include $(HEADER)
+ $(TOP)/util/mklink.sh ../test $(TEST)
+ $(TOP)/util/mklink.sh ../apps $(APPS)
+ $(TOP)/util/point.sh Makefile.ssl Makefile
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making links in $$i..."; \
* the Alpha, otherwise they will not. Strangly using the '8 byte'
* BF_LONG and the default 'non-pointer' inner loop is the best configuration
* for the Alpha */
-#define BF_LONG unsigned long
+#if defined(__sgi)
+# if (_MIPS_SZLONG==64)
+# define BF_LONG unsigned int
+# else
+# define BF_LONG unsigned long
+# endif
+#else
+# define BF_LONG unsigned long
+#endif
#define BF_ROUNDS 16
#define BF_BLOCK 8
-#define DATE "Tue Dec 22 15:40:03 CET 1998"
+#define DATE "Tue Dec 8 17:40:20 CET 1998"
#include <stdio.h>
#include "cryptlib.h"
#include "rand.h"
+#ifndef NO_RSA
#include "rsa.h"
+#endif
#include "evp.h"
#include "objects.h"
#include "x509.h"
{
int ret= -1;
+#ifndef NO_RSA
if (priv->type != EVP_PKEY_RSA)
{
+#endif
EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
goto err;
}
ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
err:
+#endif
return(ret);
}
#include <stdio.h>
#include "cryptlib.h"
#include "rand.h"
+#ifndef NO_RSA
#include "rsa.h"
+#endif
#include "evp.h"
#include "objects.h"
#include "x509.h"
{
int ret=0;
+#ifndef NO_RSA
if (pubk->type != EVP_PKEY_RSA)
{
+#endif
EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
goto err;
}
ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
err:
+#endif
return(ret);
}
SRC= $(LIBSRC)
-EXHEADER=
-HEADER= $(EXHEADER) rsaref.h
+EXHEADER= rsaref.h
+HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
void (*cb)()=NULL;
BIO *bio;
- if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
if (!ssl3_setup_buffers(s))
return(-1);
switch (s->state)
{
-case SSL_ST_BEFORE: str="before SSL initalisation"; break;
-case SSL_ST_ACCEPT: str="before accept initalisation"; break;
-case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
#ifndef NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
DIR=/usr/local/ssl
PATH=$DIR/bin:$PATH
+if [ ! -f "$SSLEAY" ]; then
+ found=0
+ for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+ if [ -f "$dir/$SSLEAY" ]; then
+ found=1
+ break
+ fi
+ done
+ if [ $found = 0 ]; then
+ echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2
+ exit 0
+ fi
+fi
+
SSL_DIR=$DIR/certs
if [ "$*" = "" ]; then
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
- @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+ @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;