Incorporation of RSEs assembled patches
authorRalf S. Engelschall <rse@openssl.org>
Tue, 22 Dec 1998 15:59:57 +0000 (15:59 +0000)
committerRalf S. Engelschall <rse@openssl.org>
Tue, 22 Dec 1998 15:59:57 +0000 (15:59 +0000)
19 files changed:
CHANGES
Configure
Makefile.ssl
apps/ca.c
apps/progs.h
apps/req.c
apps/s_server.c
apps/s_socket.c
apps/x509.c
crypto/Makefile.ssl
crypto/bf/blowfish.h
crypto/date.h
crypto/evp/p_dec.c
crypto/evp/p_enc.c
rsaref/Makefile.ssl
ssl/s3_pkt.c
ssl/ssl_stat.c
tools/c_rehash
util/mk1mf.pl

diff --git a/CHANGES b/CHANGES
index 5772e2a..3a09bc8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,21 @@
 
  Changes between 0.9.01b and 0.9.1c
 
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
   *) Updated the README file.
      [Ralf S. Engelschall]
 
@@ -32,7 +47,7 @@
      util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
      [Ralf S. Engelschall]
 
-  *) Added various platform portability fixed.
+  *) Added various platform portability fixes.
      [Marc J. Cox]
 
   *) The Genesis of the OpenTLS rpject:
index b1c4782..39c3f44 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -73,6 +73,7 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 # A few of my development configs
 "purify",      "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
 "debug",       "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
+"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::",
 "dist",                "cc:-O -DNOPROTO::::",
 
 # Basic configs that should work on any box
@@ -122,6 +123,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 "hpux-cc",     "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
 "hpux-kr-cc",  "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
 "hpux-gcc",    "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX from www.globus.org
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
@@ -138,7 +142,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 "NetBSD-sparc",        "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",  "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-x86",  "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 #"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
 "nextstep",    "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -165,6 +171,16 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
 "cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
 # DGUX, 88100.
 "dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
index c6b257a..7183f52 100644 (file)
@@ -229,16 +229,15 @@ files:  MINFO
        done;
 
 links:
-       /bin/rm -f Makefile;
-       ./util/point.sh Makefile.ssl Makefile;
-       $(TOP)/util/mklink.sh include $(EXHEADER) ;
+       /bin/rm -f Makefile
+       ./util/point.sh Makefile.ssl Makefile
+       $(TOP)/util/mklink.sh include $(EXHEADER)
        @for i in $(DIRS) ;\
        do \
        (cd $$i; echo "making links in $$i..."; \
        $(MAKE) SDIRS='${SDIRS}' links ); \
        done;
-       # @(cd apps; sh ./mklinks)
-       @( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
+       @(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs)
 
 dclean:
        /bin/rm -f *.bak
index 8990aa2..67b7561 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1012,7 +1012,7 @@ bad:
                        r->sequence=i;
                        }
 
-               /* we how have a CRL */
+               /* we now have a CRL */
                if (verbose) BIO_printf(bio_err,"signing CRL\n");
                if (md != NULL)
                        {
@@ -1024,6 +1024,10 @@ bad:
                        }
                else
                        dgst=EVP_md5();
+#ifndef NO_DSA
+               if (pkey->type == EVP_PKEY_DSA) 
+                   dgst = EVP_dss1() ;
+#endif
                if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
                PEM_write_bio_X509_CRL(Sout,crl);
index 578bfcf..9ed1f4b 100644 (file)
@@ -65,9 +65,7 @@ typedef struct {
 FUNCTION functions[] = {
        {FUNC_TYPE_GENERAL,"verify",verify_main},
        {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
        {FUNC_TYPE_GENERAL,"req",req_main},
-#endif
        {FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
        {FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -77,9 +75,7 @@ FUNCTION functions[] = {
        {FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
        {FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
        {FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
        {FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
        {FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -90,9 +86,7 @@ FUNCTION functions[] = {
 #ifndef NO_DSA
        {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
        {FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
 #ifndef NO_RSA
        {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
index 9af5b49..50802f5 100644 (file)
@@ -718,9 +718,11 @@ loop:
                        goto end; 
                        }
                fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
                if (pubkey->type == EVP_PKEY_RSA)
                        BN_print(out,pubkey->pkey.rsa->n);
                else
+#endif
                        fprintf(stdout,"Wrong Algorithm type");
                fprintf(stdout,"\n");
                }
index c9651b8..e96fd9c 100644 (file)
@@ -189,7 +189,7 @@ static void sv_usage()
        {
        BIO_printf(bio_err,"usage: s_server [args ...]\n");
        BIO_printf(bio_err,"\n");
-       BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
+       BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
        BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
        BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
index 4bc3fde..5c171c3 100644 (file)
@@ -332,7 +332,12 @@ char *ip;
        if (ip == NULL)
                server.sin_addr.s_addr=INADDR_ANY;
        else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
                memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+               memcpy(&server.sin_addr,ip,4);
+#endif
        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
        if (s == INVALID_SOCKET) goto err;
index 94d57bb..1d7bad1 100644 (file)
@@ -110,7 +110,7 @@ static char *x509_usage[]={
 "                   missing, it is asssumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 NULL
index f55d359..679576d 100644 (file)
@@ -74,11 +74,11 @@ files:
 
 links:
        /bin/rm -f Makefile 
-       $(TOP)/util/point.sh Makefile.ssl Makefile ;
-       $(TOP)/util/mklink.sh ../include $(HEADER) ;
-       $(TOP)/util/mklink.sh ../test $(TEST) ;
-       $(TOP)/util/mklink.sh ../apps $(APPS) ;
-       $(TOP)/util/point.sh Makefile.ssl Makefile;
+       $(TOP)/util/point.sh Makefile.ssl Makefile
+       $(TOP)/util/mklink.sh ../include $(HEADER)
+       $(TOP)/util/mklink.sh ../test $(TEST)
+       $(TOP)/util/mklink.sh ../apps $(APPS)
+       $(TOP)/util/point.sh Makefile.ssl Makefile
        @for i in $(SDIRS) ;\
        do \
        (cd $$i; echo "making links in $$i..."; \
index c4a8085..23a2bd7 100644 (file)
@@ -70,7 +70,15 @@ extern "C" {
  * the Alpha, otherwise they will not.  Strangly using the '8 byte'
  * BF_LONG and the default 'non-pointer' inner loop is the best configuration
  * for the Alpha */
-#define BF_LONG unsigned long
+#if defined(__sgi)
+#  if (_MIPS_SZLONG==64)
+#    define BF_LONG unsigned int
+#  else
+#    define BF_LONG unsigned long
+#  endif
+#else
+#  define BF_LONG unsigned long
+#endif
 
 #define BF_ROUNDS      16
 #define BF_BLOCK       8
index ed7a029..b4b9bd9 100644 (file)
@@ -1 +1 @@
-#define DATE   "Tue Dec 22 15:40:03 CET 1998"
+#define DATE   "Tue Dec  8 17:40:20 CET 1998"
index e845ce7..fca333d 100644 (file)
@@ -59,7 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "rand.h"
+#ifndef NO_RSA
 #include "rsa.h"
+#endif
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
@@ -72,13 +74,17 @@ EVP_PKEY *priv;
        {
        int ret= -1;
        
+#ifndef NO_RSA
        if (priv->type != EVP_PKEY_RSA)
                {
+#endif
                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
                goto err;
                 }
 
        ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
        return(ret);
        }
index a26bfad..a902b5e 100644 (file)
@@ -59,7 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "rand.h"
+#ifndef NO_RSA
 #include "rsa.h"
+#endif
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
@@ -72,12 +74,16 @@ EVP_PKEY *pubk;
        {
        int ret=0;
        
+#ifndef NO_RSA
        if (pubk->type != EVP_PKEY_RSA)
                {
+#endif
                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
                goto err;
                }
        ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
        return(ret);
        }
index b816b89..f75f0ea 100644 (file)
@@ -27,8 +27,8 @@ LIBOBJ= rsaref.o $(ERRC).o
 
 SRC= $(LIBSRC)
 
-EXHEADER=
-HEADER=        $(EXHEADER) rsaref.h
+EXHEADER=      rsaref.h
+HEADER=        $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
index 444263b..b7edc8f 100644 (file)
@@ -696,7 +696,7 @@ int len;
        void (*cb)()=NULL;
        BIO *bio;
 
-       if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+       if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
                if (!ssl3_setup_buffers(s))
                        return(-1);
 
index a1daf25..1401ae7 100644 (file)
@@ -66,15 +66,15 @@ SSL *s;
 
        switch (s->state)
                {
-case SSL_ST_BEFORE: str="before SSL initalisation"; break;
-case SSL_ST_ACCEPT: str="before accept initalisation"; break;
-case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
 case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
 case SSL_ST_RENEGOTIATE:       str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
 #ifndef NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
index 99ab7eb..60c2859 100644 (file)
@@ -11,6 +11,20 @@ fi
 DIR=/usr/local/ssl
 PATH=$DIR/bin:$PATH
 
+if [ ! -f "$SSLEAY" ]; then
+    found=0
+    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+        if [ -f "$dir/$SSLEAY" ]; then
+            found=1
+            break
+        fi
+    done
+    if [ $found = 0 ]; then
+        echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2
+        exit 0
+    fi
+fi
+
 SSL_DIR=$DIR/certs
 
 if [ "$*" = "" ]; then
index 8992d16..11e9c16 100755 (executable)
@@ -638,7 +638,7 @@ sub var_add
        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
 
-       @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+       @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
        @a=grep(!/^gendsa$/,@a) if $no_sha1;
        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;