Incorporation of RSEs assembled patches
This commit is contained in:
parent
8c6c8d80b7
commit
13e91dd365
19 changed files with 103 additions and 34 deletions
17
CHANGES
17
CHANGES
|
@ -5,6 +5,21 @@
|
|||
|
||||
Changes between 0.9.01b and 0.9.1c
|
||||
|
||||
*) Fixed the nasty bug where rsaref.h was not found under compile-time
|
||||
because the symlink to include/ was missing.
|
||||
[Ralf S. Engelschall]
|
||||
|
||||
*) Incorporated the popular no-RSA/DSA-only patches
|
||||
which allow to compile a RSA-free SSLeay.
|
||||
[Interrader Ldt., Ralf S. Engelschall]
|
||||
|
||||
*) Fixed nasty rehash problem under `make -f Makefile.ssl links'
|
||||
when "ssleay" is still not found.
|
||||
[Ralf S. Engelschall]
|
||||
|
||||
*) Added more platforms to Configure: Cray T3E, HPUX 11,
|
||||
[Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
|
||||
|
||||
*) Updated the README file.
|
||||
[Ralf S. Engelschall]
|
||||
|
||||
|
@ -32,7 +47,7 @@
|
|||
util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
|
||||
[Ralf S. Engelschall]
|
||||
|
||||
*) Added various platform portability fixed.
|
||||
*) Added various platform portability fixes.
|
||||
[Marc J. Cox]
|
||||
|
||||
*) The Genesis of the OpenTLS rpject:
|
||||
|
|
18
Configure
18
Configure
|
@ -73,6 +73,7 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
|
|||
# A few of my development configs
|
||||
"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
|
||||
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
|
||||
"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::",
|
||||
"dist", "cc:-O -DNOPROTO::::",
|
||||
|
||||
# Basic configs that should work on any box
|
||||
|
@ -122,6 +123,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
|
|||
"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
|
||||
"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
|
||||
"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
|
||||
# HPUX from www.globus.org
|
||||
"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
|
||||
"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
|
||||
|
||||
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
|
||||
# the new compiler
|
||||
|
@ -138,7 +142,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
|
|||
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
||||
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
|
||||
"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
|
||||
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
|
||||
#"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
|
||||
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
|
||||
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
|
||||
#"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
|
||||
"nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
|
||||
# NCR MP-RAS UNIX ver 02.03.01
|
||||
|
@ -165,6 +171,16 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
|
|||
# (written by Wayne Schroeder <schroede@SDSC.EDU>)
|
||||
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
|
||||
|
||||
#
|
||||
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
|
||||
#
|
||||
# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
|
||||
# another use. Basically, the problem is that the T3E uses some bit fields
|
||||
# for some st_addr stuff, and then sizeof and address-of fails
|
||||
# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
|
||||
# did not like it.
|
||||
"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
|
||||
|
||||
# DGUX, 88100.
|
||||
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
|
||||
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
|
||||
|
|
|
@ -229,16 +229,15 @@ files: MINFO
|
|||
done;
|
||||
|
||||
links:
|
||||
/bin/rm -f Makefile;
|
||||
./util/point.sh Makefile.ssl Makefile;
|
||||
$(TOP)/util/mklink.sh include $(EXHEADER) ;
|
||||
/bin/rm -f Makefile
|
||||
./util/point.sh Makefile.ssl Makefile
|
||||
$(TOP)/util/mklink.sh include $(EXHEADER)
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making links in $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' links ); \
|
||||
done;
|
||||
# @(cd apps; sh ./mklinks)
|
||||
@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
|
||||
@(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs)
|
||||
|
||||
dclean:
|
||||
/bin/rm -f *.bak
|
||||
|
|
|
@ -1012,7 +1012,7 @@ bad:
|
|||
r->sequence=i;
|
||||
}
|
||||
|
||||
/* we how have a CRL */
|
||||
/* we now have a CRL */
|
||||
if (verbose) BIO_printf(bio_err,"signing CRL\n");
|
||||
if (md != NULL)
|
||||
{
|
||||
|
@ -1024,6 +1024,10 @@ bad:
|
|||
}
|
||||
else
|
||||
dgst=EVP_md5();
|
||||
#ifndef NO_DSA
|
||||
if (pkey->type == EVP_PKEY_DSA)
|
||||
dgst = EVP_dss1() ;
|
||||
#endif
|
||||
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
|
||||
|
||||
PEM_write_bio_X509_CRL(Sout,crl);
|
||||
|
|
|
@ -65,9 +65,7 @@ typedef struct {
|
|||
FUNCTION functions[] = {
|
||||
{FUNC_TYPE_GENERAL,"verify",verify_main},
|
||||
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"req",req_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
|
||||
#ifndef NO_DH
|
||||
{FUNC_TYPE_GENERAL,"dh",dh_main},
|
||||
|
@ -77,9 +75,7 @@ FUNCTION functions[] = {
|
|||
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"ca",ca_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"crl",crl_main},
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
|
||||
|
@ -90,9 +86,7 @@ FUNCTION functions[] = {
|
|||
#ifndef NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"x509",x509_main},
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
|
||||
#endif
|
||||
|
|
|
@ -718,9 +718,11 @@ loop:
|
|||
goto end;
|
||||
}
|
||||
fprintf(stdout,"Modulus=");
|
||||
#ifndef NO_RSA
|
||||
if (pubkey->type == EVP_PKEY_RSA)
|
||||
BN_print(out,pubkey->pkey.rsa->n);
|
||||
else
|
||||
#endif
|
||||
fprintf(stdout,"Wrong Algorithm type");
|
||||
fprintf(stdout,"\n");
|
||||
}
|
||||
|
|
|
@ -189,7 +189,7 @@ static void sv_usage()
|
|||
{
|
||||
BIO_printf(bio_err,"usage: s_server [args ...]\n");
|
||||
BIO_printf(bio_err,"\n");
|
||||
BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT);
|
||||
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
|
||||
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
|
||||
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
|
||||
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
|
||||
|
|
|
@ -332,7 +332,12 @@ char *ip;
|
|||
if (ip == NULL)
|
||||
server.sin_addr.s_addr=INADDR_ANY;
|
||||
else
|
||||
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
|
||||
#ifndef BIT_FIELD_LIMITS
|
||||
memcpy(&server.sin_addr.s_addr,ip,4);
|
||||
#else
|
||||
memcpy(&server.sin_addr,ip,4);
|
||||
#endif
|
||||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
|
||||
if (s == INVALID_SOCKET) goto err;
|
||||
|
|
|
@ -110,7 +110,7 @@ static char *x509_usage[]={
|
|||
" missing, it is asssumed to be in the CA file.\n",
|
||||
" -CAcreateserial - create serial number file if it does not exist\n",
|
||||
" -CAserial - serial file\n",
|
||||
" -text - print the certitificate in text form\n",
|
||||
" -text - print the certificate in text form\n",
|
||||
" -C - print out C code forms\n",
|
||||
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
|
||||
NULL
|
||||
|
|
|
@ -74,11 +74,11 @@ files:
|
|||
|
||||
links:
|
||||
/bin/rm -f Makefile
|
||||
$(TOP)/util/point.sh Makefile.ssl Makefile ;
|
||||
$(TOP)/util/mklink.sh ../include $(HEADER) ;
|
||||
$(TOP)/util/mklink.sh ../test $(TEST) ;
|
||||
$(TOP)/util/mklink.sh ../apps $(APPS) ;
|
||||
$(TOP)/util/point.sh Makefile.ssl Makefile;
|
||||
$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
$(TOP)/util/mklink.sh ../include $(HEADER)
|
||||
$(TOP)/util/mklink.sh ../test $(TEST)
|
||||
$(TOP)/util/mklink.sh ../apps $(APPS)
|
||||
$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making links in $$i..."; \
|
||||
|
|
|
@ -70,7 +70,15 @@ extern "C" {
|
|||
* the Alpha, otherwise they will not. Strangly using the '8 byte'
|
||||
* BF_LONG and the default 'non-pointer' inner loop is the best configuration
|
||||
* for the Alpha */
|
||||
#define BF_LONG unsigned long
|
||||
#if defined(__sgi)
|
||||
# if (_MIPS_SZLONG==64)
|
||||
# define BF_LONG unsigned int
|
||||
# else
|
||||
# define BF_LONG unsigned long
|
||||
# endif
|
||||
#else
|
||||
# define BF_LONG unsigned long
|
||||
#endif
|
||||
|
||||
#define BF_ROUNDS 16
|
||||
#define BF_BLOCK 8
|
||||
|
|
|
@ -1 +1 @@
|
|||
#define DATE "Tue Dec 22 15:40:03 CET 1998"
|
||||
#define DATE "Tue Dec 8 17:40:20 CET 1998"
|
||||
|
|
|
@ -59,7 +59,9 @@
|
|||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include "rand.h"
|
||||
#ifndef NO_RSA
|
||||
#include "rsa.h"
|
||||
#endif
|
||||
#include "evp.h"
|
||||
#include "objects.h"
|
||||
#include "x509.h"
|
||||
|
@ -72,13 +74,17 @@ EVP_PKEY *priv;
|
|||
{
|
||||
int ret= -1;
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (priv->type != EVP_PKEY_RSA)
|
||||
{
|
||||
#endif
|
||||
EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
|
||||
#ifndef NO_RSA
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
|
||||
err:
|
||||
#endif
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -59,7 +59,9 @@
|
|||
#include <stdio.h>
|
||||
#include "cryptlib.h"
|
||||
#include "rand.h"
|
||||
#ifndef NO_RSA
|
||||
#include "rsa.h"
|
||||
#endif
|
||||
#include "evp.h"
|
||||
#include "objects.h"
|
||||
#include "x509.h"
|
||||
|
@ -72,12 +74,16 @@ EVP_PKEY *pubk;
|
|||
{
|
||||
int ret=0;
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (pubk->type != EVP_PKEY_RSA)
|
||||
{
|
||||
#endif
|
||||
EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
|
||||
#ifndef NO_RSA
|
||||
goto err;
|
||||
}
|
||||
ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
|
||||
err:
|
||||
#endif
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -27,8 +27,8 @@ LIBOBJ= rsaref.o $(ERRC).o
|
|||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER=
|
||||
HEADER= $(EXHEADER) rsaref.h
|
||||
EXHEADER= rsaref.h
|
||||
HEADER= $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
|
|
|
@ -696,7 +696,7 @@ int len;
|
|||
void (*cb)()=NULL;
|
||||
BIO *bio;
|
||||
|
||||
if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
|
||||
if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
|
||||
if (!ssl3_setup_buffers(s))
|
||||
return(-1);
|
||||
|
||||
|
|
|
@ -66,15 +66,15 @@ SSL *s;
|
|||
|
||||
switch (s->state)
|
||||
{
|
||||
case SSL_ST_BEFORE: str="before SSL initalisation"; break;
|
||||
case SSL_ST_ACCEPT: str="before accept initalisation"; break;
|
||||
case SSL_ST_CONNECT: str="before connect initalisation"; break;
|
||||
case SSL_ST_BEFORE: str="before SSL initialization"; break;
|
||||
case SSL_ST_ACCEPT: str="before accept initialization"; break;
|
||||
case SSL_ST_CONNECT: str="before connect initialization"; break;
|
||||
case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
|
||||
case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
|
||||
case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
|
||||
case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
|
||||
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
|
||||
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
|
||||
case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
|
||||
case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
|
||||
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
|
||||
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
|
||||
#ifndef NO_SSL2
|
||||
case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
|
||||
case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
|
||||
|
|
|
@ -11,6 +11,20 @@ fi
|
|||
DIR=/usr/local/ssl
|
||||
PATH=$DIR/bin:$PATH
|
||||
|
||||
if [ ! -f "$SSLEAY" ]; then
|
||||
found=0
|
||||
for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
|
||||
if [ -f "$dir/$SSLEAY" ]; then
|
||||
found=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ $found = 0 ]; then
|
||||
echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
SSL_DIR=$DIR/certs
|
||||
|
||||
if [ "$*" = "" ]; then
|
||||
|
|
|
@ -638,7 +638,7 @@ sub var_add
|
|||
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
|
||||
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
|
||||
|
||||
@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
|
||||
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
|
||||
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
|
||||
@a=grep(!/^gendsa$/,@a) if $no_sha1;
|
||||
@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
|
||||
|
|
Loading…
Reference in a new issue