diff --git a/CHANGES b/CHANGES index 5772e2a1a9071d8eb43bfc9ddcb9b1f930691550..3a09bc806f8fe5ce9faaa358cc15202c0e1fbc5a 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,21 @@ Changes between 0.9.01b and 0.9.1c + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + *) Updated the README file. [Ralf S. Engelschall] @@ -32,7 +47,7 @@ util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f [Ralf S. Engelschall] - *) Added various platform portability fixed. + *) Added various platform portability fixes. [Marc J. Cox] *) The Genesis of the OpenTLS rpject: diff --git a/Configure b/Configure index b1c47828a65e3e31a8b705085c1db999d14a3413..39c3f445855e2b930957d94eac75aedf30db7cf3 100755 --- a/Configure +++ b/Configure @@ -73,6 +73,7 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b # A few of my development configs "purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::", +"debug-rse","gcc:-DTERMIOS -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG -g -ggdb3 -Wall:::::", "dist", "cc:-O -DNOPROTO::::", # Basic configs that should work on any box @@ -122,6 +123,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b "hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::", "hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::", "hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +# HPUX from www.globus.org +"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::DES_PTR DES_UNROLL DES_RISC1:::", +"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with # the new compiler @@ -138,7 +142,9 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", "NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:", -"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +#"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", +"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", #"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm", "nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::", # NCR MP-RAS UNIX ver 02.03.01 @@ -165,6 +171,16 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b # (written by Wayne Schroeder ) "cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::", +# +# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) +# +# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added +# another use. Basically, the problem is that the T3E uses some bit fields +# for some st_addr stuff, and then sizeof and address-of fails +# I could not use the ams/alpha.o option because the Cray assembler, 'cam' +# did not like it. +"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::", + # DGUX, 88100. "dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::", "dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", diff --git a/Makefile.ssl b/Makefile.ssl index c6b257a760fdf8e091c75f93b3eb7debfe272548..7183f52dfbe94bcb28d7d88cb05392d5540e3c7d 100644 --- a/Makefile.ssl +++ b/Makefile.ssl @@ -229,16 +229,15 @@ files: MINFO done; links: - /bin/rm -f Makefile; - ./util/point.sh Makefile.ssl Makefile; - $(TOP)/util/mklink.sh include $(EXHEADER) ; + /bin/rm -f Makefile + ./util/point.sh Makefile.ssl Makefile + $(TOP)/util/mklink.sh include $(EXHEADER) @for i in $(DIRS) ;\ do \ (cd $$i; echo "making links in $$i..."; \ $(MAKE) SDIRS='${SDIRS}' links ); \ done; - # @(cd apps; sh ./mklinks) - @( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs ) + @(SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs) dclean: /bin/rm -f *.bak diff --git a/apps/ca.c b/apps/ca.c index 8990aa20a7d9358912e594af1213ab8e8b272e87..67b7561c4fecefb4bd89def93a343e584dceba20 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1012,7 +1012,7 @@ bad: r->sequence=i; } - /* we how have a CRL */ + /* we now have a CRL */ if (verbose) BIO_printf(bio_err,"signing CRL\n"); if (md != NULL) { @@ -1024,6 +1024,10 @@ bad: } else dgst=EVP_md5(); +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + dgst = EVP_dss1() ; +#endif if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); diff --git a/apps/progs.h b/apps/progs.h index 578bfcf510a963dd064d2bc85554a77a8678e0a8..9ed1f4bf5a7a217cb12a5d3bc2cb584f24fa6ba2 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -65,9 +65,7 @@ typedef struct { FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"verify",verify_main}, {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, -#ifndef NO_RSA {FUNC_TYPE_GENERAL,"req",req_main}, -#endif {FUNC_TYPE_GENERAL,"dgst",dgst_main}, #ifndef NO_DH {FUNC_TYPE_GENERAL,"dh",dh_main}, @@ -77,9 +75,7 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"gendh",gendh_main}, #endif {FUNC_TYPE_GENERAL,"errstr",errstr_main}, -#ifndef NO_RSA {FUNC_TYPE_GENERAL,"ca",ca_main}, -#endif {FUNC_TYPE_GENERAL,"crl",crl_main}, #ifndef NO_RSA {FUNC_TYPE_GENERAL,"rsa",rsa_main}, @@ -90,9 +86,7 @@ FUNCTION functions[] = { #ifndef NO_DSA {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, #endif -#ifndef NO_RSA {FUNC_TYPE_GENERAL,"x509",x509_main}, -#endif #ifndef NO_RSA {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, #endif diff --git a/apps/req.c b/apps/req.c index 9af5b49570bcb10662e787ee8dc68cf12f03775d..50802f52ca269426cdeda174ba73124f88334a46 100644 --- a/apps/req.c +++ b/apps/req.c @@ -718,9 +718,11 @@ loop: goto end; } fprintf(stdout,"Modulus="); +#ifndef NO_RSA if (pubkey->type == EVP_PKEY_RSA) BN_print(out,pubkey->pkey.rsa->n); else +#endif fprintf(stdout,"Wrong Algorithm type"); fprintf(stdout,"\n"); } diff --git a/apps/s_server.c b/apps/s_server.c index c9651b84af6ed5cef3ffd370ec123e39cbb94abb..e96fd9cdb80c78f94ec9b618bb46599bb9d2f499 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -189,7 +189,7 @@ static void sv_usage() { BIO_printf(bio_err,"usage: s_server [args ...]\n"); BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT); + BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); diff --git a/apps/s_socket.c b/apps/s_socket.c index 4bc3fde9252391515404c11672119ac6702fb4e6..5c171c31ae70cc2fd8ab255842c3e9faa0df023d 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -332,7 +332,12 @@ char *ip; if (ip == NULL) server.sin_addr.s_addr=INADDR_ANY; else +/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +#ifndef BIT_FIELD_LIMITS memcpy(&server.sin_addr.s_addr,ip,4); +#else + memcpy(&server.sin_addr,ip,4); +#endif s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); if (s == INVALID_SOCKET) goto err; diff --git a/apps/x509.c b/apps/x509.c index 94d57bb3d23441964a1c3881f18d3239597c8379..1d7bad111a8fcce99073e133bde05c632f252612 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -110,7 +110,7 @@ static char *x509_usage[]={ " missing, it is asssumed to be in the CA file.\n", " -CAcreateserial - create serial number file if it does not exist\n", " -CAserial - serial file\n", -" -text - print the certitificate in text form\n", +" -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n", NULL diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index f55d3594ec01200f6d62a18161f93da1d9a50825..679576d0fbd5b206f48585eb261fb0074b96763b 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -74,11 +74,11 @@ files: links: /bin/rm -f Makefile - $(TOP)/util/point.sh Makefile.ssl Makefile ; - $(TOP)/util/mklink.sh ../include $(HEADER) ; - $(TOP)/util/mklink.sh ../test $(TEST) ; - $(TOP)/util/mklink.sh ../apps $(APPS) ; - $(TOP)/util/point.sh Makefile.ssl Makefile; + $(TOP)/util/point.sh Makefile.ssl Makefile + $(TOP)/util/mklink.sh ../include $(HEADER) + $(TOP)/util/mklink.sh ../test $(TEST) + $(TOP)/util/mklink.sh ../apps $(APPS) + $(TOP)/util/point.sh Makefile.ssl Makefile @for i in $(SDIRS) ;\ do \ (cd $$i; echo "making links in $$i..."; \ diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index c4a8085a29c1c4d2ec78a11ff89ebbe4ebe156ea..23a2bd7d1eeb6ddf961d63f16d32fc8c342f28a5 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -70,7 +70,15 @@ extern "C" { * the Alpha, otherwise they will not. Strangly using the '8 byte' * BF_LONG and the default 'non-pointer' inner loop is the best configuration * for the Alpha */ -#define BF_LONG unsigned long +#if defined(__sgi) +# if (_MIPS_SZLONG==64) +# define BF_LONG unsigned int +# else +# define BF_LONG unsigned long +# endif +#else +# define BF_LONG unsigned long +#endif #define BF_ROUNDS 16 #define BF_BLOCK 8 diff --git a/crypto/date.h b/crypto/date.h index ed7a02988c63cb7b2ea0ada634f0817b90dfd37f..b4b9bd96dd6cb7d1d548ef3e1bb8bb0df28a4b1b 100644 --- a/crypto/date.h +++ b/crypto/date.h @@ -1 +1 @@ -#define DATE "Tue Dec 22 15:40:03 CET 1998" +#define DATE "Tue Dec 8 17:40:20 CET 1998" diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index e845ce70c707babca1c5b4b753f410003b9b7093..fca333d78ae9f69c427d4c17b26a299624f73612 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -59,7 +59,9 @@ #include #include "cryptlib.h" #include "rand.h" +#ifndef NO_RSA #include "rsa.h" +#endif #include "evp.h" #include "objects.h" #include "x509.h" @@ -72,13 +74,17 @@ EVP_PKEY *priv; { int ret= -1; +#ifndef NO_RSA if (priv->type != EVP_PKEY_RSA) { +#endif EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); +#ifndef NO_RSA goto err; } ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); err: +#endif return(ret); } diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index a26bfad02aa2a74f959f694d1815d204f39792fd..a902b5ebdfe7429151b7d69bf5c3555f65104f95 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -59,7 +59,9 @@ #include #include "cryptlib.h" #include "rand.h" +#ifndef NO_RSA #include "rsa.h" +#endif #include "evp.h" #include "objects.h" #include "x509.h" @@ -72,12 +74,16 @@ EVP_PKEY *pubk; { int ret=0; +#ifndef NO_RSA if (pubk->type != EVP_PKEY_RSA) { +#endif EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); +#ifndef NO_RSA goto err; } ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); err: +#endif return(ret); } diff --git a/rsaref/Makefile.ssl b/rsaref/Makefile.ssl index b816b89f6624d76ef3a0cce4b74f802934c0efb5..f75f0eac327daddd1cf32ae01558c75e64c20ac8 100644 --- a/rsaref/Makefile.ssl +++ b/rsaref/Makefile.ssl @@ -27,8 +27,8 @@ LIBOBJ= rsaref.o $(ERRC).o SRC= $(LIBSRC) -EXHEADER= -HEADER= $(EXHEADER) rsaref.h +EXHEADER= rsaref.h +HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 444263b709f6ba9cfc3a178d3d9b41c2511f40a9..b7edc8faf32ae4ddc1a0768b7f0dc967bcf2f173 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -696,7 +696,7 @@ int len; void (*cb)()=NULL; BIO *bio; - if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ if (!ssl3_setup_buffers(s)) return(-1); diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index a1daf25dd4302130f0a90c31cf7a9f5577a7159f..1401ae724afe839a337a8da455d0fb433ca6db78 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -66,15 +66,15 @@ SSL *s; switch (s->state) { -case SSL_ST_BEFORE: str="before SSL initalisation"; break; -case SSL_ST_ACCEPT: str="before accept initalisation"; break; -case SSL_ST_CONNECT: str="before connect initalisation"; break; +case SSL_ST_BEFORE: str="before SSL initialization"; break; +case SSL_ST_ACCEPT: str="before accept initialization"; break; +case SSL_ST_CONNECT: str="before connect initialization"; break; case SSL_ST_OK: str="SSL negotiation finished successfully"; break; case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; -case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break; -case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break; -case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break; -case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break; +case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; +case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; +case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; +case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; #ifndef NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; diff --git a/tools/c_rehash b/tools/c_rehash index 99ab7ebaa18777d81cea29d7034382dad2712067..60c28595bd026f2a5f84d986fa1ca7dbbfc9dfcb 100644 --- a/tools/c_rehash +++ b/tools/c_rehash @@ -11,6 +11,20 @@ fi DIR=/usr/local/ssl PATH=$DIR/bin:$PATH +if [ ! -f "$SSLEAY" ]; then + found=0 + for dir in . `echo $PATH | sed -e 's/:/ /g'`; do + if [ -f "$dir/$SSLEAY" ]; then + found=1 + break + fi + done + if [ $found = 0 ]; then + echo "c_rehash: rehashing skipped ('ssleay' program still not available)" 1>&2 + exit 0 + fi +fi + SSL_DIR=$DIR/certs if [ "$*" = "" ]; then diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 8992d1683d2ed10df7a4d6c3eb98360136798464..11e9c16a1e4d2d8cace30e0c337822fd718319d7 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -638,7 +638,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; - @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; + @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;