Incorporation of RSEs assembled patches

CHANGES

@@ -5,6 +5,21 @@
 
  Changes between 0.9.01b and 0.9.1c
 
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
   *) Updated the README file.
      [Ralf S. Engelschall]
 
@@ -32,7 +47,7 @@
      util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
      [Ralf S. Engelschall]
 
-  *) Added various platform portability fixed.
+  *) Added various platform portability fixes.
      [Marc J. Cox]
 
   *) The Genesis of the OpenTLS rpject:

Configure

@@ -73,6 +73,7 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 # A few of my development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
+"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::",
 "dist",		"cc:-O -DNOPROTO::::",
 
 # Basic configs that should work on any box
@@ -122,6 +123,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 "hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
 "hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
 "hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HPUX from www.globus.org
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
@@ -138,7 +142,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 #"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
 "nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -165,6 +171,16 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
 "cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",

Makefile.ssl

@@ -229,16 +229,15 @@ files:  MINFO
 	done;
 
 links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh include $(EXHEADER) ;
+	/bin/rm -f Makefile
+	./util/point.sh Makefile.ssl Makefile
+	$(TOP)/util/mklink.sh include $(EXHEADER)
 	@for i in $(DIRS) ;\
 	do \
 	(cd $$i; echo "making links in $$i..."; \
 	$(MAKE) SDIRS='${SDIRS}' links ); \
 	done;
-	# @(cd apps; sh ./mklinks)
-	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
+	@(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs)
 
 dclean:
 	/bin/rm -f *.bak

apps/ca.c

@@ -1012,7 +1012,7 @@ bad:
 			r->sequence=i;
 			}
 
-		/* we how have a CRL */
+		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
 		if (md != NULL)
 			{
@@ -1024,6 +1024,10 @@ bad:
 			}
 		else
 			dgst=EVP_md5();
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA) 
+		    dgst = EVP_dss1() ;
+#endif
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);

apps/progs.h

@@ -65,9 +65,7 @@ typedef struct {
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -77,9 +75,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -90,9 +86,7 @@ FUNCTION functions[] = {
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif

apps/req.c

@@ -718,9 +718,11 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
+#endif
 			fprintf(stdout,"Wrong Algorithm type");
 		fprintf(stdout,"\n");
 		}

apps/s_server.c

@@ -189,7 +189,7 @@ static void sv_usage()
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");

apps/s_socket.c

@@ -332,7 +332,12 @@ char *ip;
 	if (ip == NULL)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
 		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;

apps/x509.c

@@ -110,7 +110,7 @@ static char *x509_usage[]={
 "                   missing, it is asssumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
 NULL

crypto/Makefile.ssl

@@ -74,11 +74,11 @@ files:
 
 links:
 	/bin/rm -f Makefile 
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(HEADER) ;
-	$(TOP)/util/mklink.sh ../test $(TEST) ;
-	$(TOP)/util/mklink.sh ../apps $(APPS) ;
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
+	$(TOP)/util/point.sh Makefile.ssl Makefile
+	$(TOP)/util/mklink.sh ../include $(HEADER)
+	$(TOP)/util/mklink.sh ../test $(TEST)
+	$(TOP)/util/mklink.sh ../apps $(APPS)
+	$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making links in $$i..."; \

crypto/bf/blowfish.h

@@ -70,7 +70,15 @@ extern "C" {
  * the Alpha, otherwise they will not.  Strangly using the '8 byte'
  * BF_LONG and the default 'non-pointer' inner loop is the best configuration
  * for the Alpha */
-#define BF_LONG unsigned long
+#if defined(__sgi)
+#  if (_MIPS_SZLONG==64)
+#    define BF_LONG unsigned int
+#  else
+#    define BF_LONG unsigned long
+#  endif
+#else
+#  define BF_LONG unsigned long
+#endif
 
 #define BF_ROUNDS	16
 #define BF_BLOCK	8

crypto/date.h

-#define DATE	"Tue Dec 22 15:40:03 CET 1998"
+#define DATE	"Tue Dec  8 17:40:20 CET 1998"

crypto/evp/p_dec.c

@@ -59,7 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "rand.h"
+#ifndef NO_RSA
 #include "rsa.h"
+#endif
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
@@ -72,13 +74,17 @@ EVP_PKEY *priv;
 	{
 	int ret= -1;
 	
+#ifndef NO_RSA
 	if (priv->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
 		goto err;
                 }
 
 	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}

crypto/evp/p_enc.c

@@ -59,7 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "rand.h"
+#ifndef NO_RSA
 #include "rsa.h"
+#endif
 #include "evp.h"
 #include "objects.h"
 #include "x509.h"
@@ -72,12 +74,16 @@ EVP_PKEY *pubk;
 	{
 	int ret=0;
 	
+#ifndef NO_RSA
 	if (pubk->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
 		goto err;
 		}
 	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}

rsaref/Makefile.ssl

@@ -27,8 +27,8 @@ LIBOBJ= rsaref.o $(ERRC).o
 
 SRC= $(LIBSRC)
 
-EXHEADER=
-HEADER=	$(EXHEADER) rsaref.h
+EXHEADER=	rsaref.h
+HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 

ssl/s3_pkt.c

@@ -696,7 +696,7 @@ int len;
 	void (*cb)()=NULL;
 	BIO *bio;
 
-	if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+	if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 

ssl/ssl_stat.c

@@ -66,15 +66,15 @@ SSL *s;
 
 	switch (s->state)
 		{
-case SSL_ST_BEFORE: str="before SSL initalisation"; break;
-case SSL_ST_ACCEPT: str="before accept initalisation"; break;
-case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
 case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
 case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
 #ifndef NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;

tools/c_rehash

@@ -11,6 +11,20 @@ fi
 DIR=/usr/local/ssl
 PATH=$DIR/bin:$PATH
 
+if [ ! -f "$SSLEAY" ]; then
+    found=0
+    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+        if [ -f "$dir/$SSLEAY" ]; then
+            found=1
+            break
+        fi
+    done
+    if [ $found = 0 ]; then
+        echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2
+        exit 0
+    fi
+fi
+
 SSL_DIR=$DIR/certs
 
 if [ "$*" = "" ]; then

util/mk1mf.pl

@@ -638,7 +638,7 @@ sub var_add
 	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
 	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
 
-	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
 	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
 	@a=grep(!/^gendsa$/,@a) if $no_sha1;
 	@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;