提交 13e91dd3 编写于 作者: R Ralf S. Engelschall

Incorporation of RSEs assembled patches

上级 8c6c8d80
......@@ -5,6 +5,21 @@
Changes between 0.9.01b and 0.9.1c
*) Fixed the nasty bug where rsaref.h was not found under compile-time
because the symlink to include/ was missing.
[Ralf S. Engelschall]
*) Incorporated the popular no-RSA/DSA-only patches
which allow to compile a RSA-free SSLeay.
[Interrader Ldt., Ralf S. Engelschall]
*) Fixed nasty rehash problem under `make -f Makefile.ssl links'
when "ssleay" is still not found.
[Ralf S. Engelschall]
*) Added more platforms to Configure: Cray T3E, HPUX 11,
[Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
*) Updated the README file.
[Ralf S. Engelschall]
......@@ -32,7 +47,7 @@
util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
[Ralf S. Engelschall]
*) Added various platform portability fixed.
*) Added various platform portability fixes.
[Marc J. Cox]
*) The Genesis of the OpenTLS rpject:
......
......@@ -73,6 +73,7 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
# A few of my development configs
"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::",
"dist", "cc:-O -DNOPROTO::::",
# Basic configs that should work on any box
......@@ -122,6 +123,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# HPUX from www.globus.org
"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
......@@ -138,7 +142,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
#"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
#"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
"nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
# NCR MP-RAS UNIX ver 02.03.01
......@@ -165,6 +171,16 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
# (written by Wayne Schroeder <schroede@SDSC.EDU>)
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
#
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
#
# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
# another use. Basically, the problem is that the T3E uses some bit fields
# for some st_addr stuff, and then sizeof and address-of fails
# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
# did not like it.
"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
# DGUX, 88100.
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
......
......@@ -229,16 +229,15 @@ files: MINFO
done;
links:
/bin/rm -f Makefile;
./util/point.sh Makefile.ssl Makefile;
$(TOP)/util/mklink.sh include $(EXHEADER) ;
/bin/rm -f Makefile
./util/point.sh Makefile.ssl Makefile
$(TOP)/util/mklink.sh include $(EXHEADER)
@for i in $(DIRS) ;\
do \
(cd $$i; echo "making links in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' links ); \
done;
# @(cd apps; sh ./mklinks)
@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
@(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs)
dclean:
/bin/rm -f *.bak
......
......@@ -1012,7 +1012,7 @@ bad:
r->sequence=i;
}
/* we how have a CRL */
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
if (md != NULL)
{
......@@ -1024,6 +1024,10 @@ bad:
}
else
dgst=EVP_md5();
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
dgst = EVP_dss1() ;
#endif
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
......
......@@ -65,9 +65,7 @@ typedef struct {
FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"verify",verify_main},
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"req",req_main},
#endif
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
#ifndef NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
......@@ -77,9 +75,7 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"ca",ca_main},
#endif
{FUNC_TYPE_GENERAL,"crl",crl_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
......@@ -90,9 +86,7 @@ FUNCTION functions[] = {
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"x509",x509_main},
#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
#endif
......
......@@ -718,9 +718,11 @@ loop:
goto end;
}
fprintf(stdout,"Modulus=");
#ifndef NO_RSA
if (pubkey->type == EVP_PKEY_RSA)
BN_print(out,pubkey->pkey.rsa->n);
else
#endif
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
......
......@@ -189,7 +189,7 @@ static void sv_usage()
{
BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT);
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
......
......@@ -332,7 +332,12 @@ char *ip;
if (ip == NULL)
server.sin_addr.s_addr=INADDR_ANY;
else
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
#ifndef BIT_FIELD_LIMITS
memcpy(&server.sin_addr.s_addr,ip,4);
#else
memcpy(&server.sin_addr,ip,4);
#endif
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) goto err;
......
......@@ -110,7 +110,7 @@ static char *x509_usage[]={
" missing, it is asssumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial - serial file\n",
" -text - print the certitificate in text form\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
NULL
......
......@@ -74,11 +74,11 @@ files:
links:
/bin/rm -f Makefile
$(TOP)/util/point.sh Makefile.ssl Makefile ;
$(TOP)/util/mklink.sh ../include $(HEADER) ;
$(TOP)/util/mklink.sh ../test $(TEST) ;
$(TOP)/util/mklink.sh ../apps $(APPS) ;
$(TOP)/util/point.sh Makefile.ssl Makefile;
$(TOP)/util/point.sh Makefile.ssl Makefile
$(TOP)/util/mklink.sh ../include $(HEADER)
$(TOP)/util/mklink.sh ../test $(TEST)
$(TOP)/util/mklink.sh ../apps $(APPS)
$(TOP)/util/point.sh Makefile.ssl Makefile
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making links in $$i..."; \
......
......@@ -70,7 +70,15 @@ extern "C" {
* the Alpha, otherwise they will not. Strangly using the '8 byte'
* BF_LONG and the default 'non-pointer' inner loop is the best configuration
* for the Alpha */
#define BF_LONG unsigned long
#if defined(__sgi)
# if (_MIPS_SZLONG==64)
# define BF_LONG unsigned int
# else
# define BF_LONG unsigned long
# endif
#else
# define BF_LONG unsigned long
#endif
#define BF_ROUNDS 16
#define BF_BLOCK 8
......
#define DATE "Tue Dec 22 15:40:03 CET 1998"
#define DATE "Tue Dec 8 17:40:20 CET 1998"
......@@ -59,7 +59,9 @@
#include <stdio.h>
#include "cryptlib.h"
#include "rand.h"
#ifndef NO_RSA
#include "rsa.h"
#endif
#include "evp.h"
#include "objects.h"
#include "x509.h"
......@@ -72,13 +74,17 @@ EVP_PKEY *priv;
{
int ret= -1;
#ifndef NO_RSA
if (priv->type != EVP_PKEY_RSA)
{
#endif
EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef NO_RSA
goto err;
}
ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
err:
#endif
return(ret);
}
......@@ -59,7 +59,9 @@
#include <stdio.h>
#include "cryptlib.h"
#include "rand.h"
#ifndef NO_RSA
#include "rsa.h"
#endif
#include "evp.h"
#include "objects.h"
#include "x509.h"
......@@ -72,12 +74,16 @@ EVP_PKEY *pubk;
{
int ret=0;
#ifndef NO_RSA
if (pubk->type != EVP_PKEY_RSA)
{
#endif
EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef NO_RSA
goto err;
}
ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
err:
#endif
return(ret);
}
......@@ -27,8 +27,8 @@ LIBOBJ= rsaref.o $(ERRC).o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER) rsaref.h
EXHEADER= rsaref.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
......
......@@ -696,7 +696,7 @@ int len;
void (*cb)()=NULL;
BIO *bio;
if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
if (!ssl3_setup_buffers(s))
return(-1);
......
......@@ -66,15 +66,15 @@ SSL *s;
switch (s->state)
{
case SSL_ST_BEFORE: str="before SSL initalisation"; break;
case SSL_ST_ACCEPT: str="before accept initalisation"; break;
case SSL_ST_CONNECT: str="before connect initalisation"; break;
case SSL_ST_BEFORE: str="before SSL initialization"; break;
case SSL_ST_ACCEPT: str="before accept initialization"; break;
case SSL_ST_CONNECT: str="before connect initialization"; break;
case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
#ifndef NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
......
......@@ -11,6 +11,20 @@ fi
DIR=/usr/local/ssl
PATH=$DIR/bin:$PATH
if [ ! -f "$SSLEAY" ]; then
found=0
for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
if [ -f "$dir/$SSLEAY" ]; then
found=1
break
fi
done
if [ $found = 0 ]; then
echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2
exit 0
fi
fi
SSL_DIR=$DIR/certs
if [ "$*" = "" ]; then
......
......@@ -638,7 +638,7 @@ sub var_add
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册