diff options
| author | Richard Levitte <levitte@openssl.org> | 2000-09-12 08:37:51 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2000-09-12 08:37:51 +0000 |
| commit | 2be96941164571dfbdf180a00b6ea4d00af53a1a (patch) | |
| tree | 0d6b3cd63f4fcaf8494ce62a3d976c3a917617e7 | |
| parent | b46ba9b1bcd1431b3675cacfab3c3666703a3685 (diff) | |
| download | openssl-2be96941164571dfbdf180a00b6ea4d00af53a1a.tar.gz | |
Merge of main trunk, conflicts resolved.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rwxr-xr-x | Configure | 4 | ||||
| -rw-r--r-- | STATUS | 13 | ||||
| -rw-r--r-- | apps/CA.pl.in | 1 | ||||
| -rw-r--r-- | apps/speed.c | 179 | ||||
| -rw-r--r-- | crypto/rand/randfile.c | 3 | ||||
| -rw-r--r-- | doc/crypto/BIO_read.pod | 5 | ||||
| -rw-r--r-- | doc/crypto/BIO_should_retry.pod | 10 | ||||
| -rwxr-xr-x | util/mkdef.pl | 62 |
9 files changed, 193 insertions, 88 deletions
@@ -4,6 +4,10 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Add RAND_egd_bytes(), which gives control over the number of bytes read + from EGD. + [Ben Laurie] + *) Add a few more EBCDIC conditionals that make `req' and `x509' work better on such systems. [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>] @@ -284,8 +284,8 @@ my %table=( # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # bn86-elf.o file file since it is hand tweaked assembler. "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", @@ -1,11 +1,22 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/11 13:28:30 $ + ______________ $Date: 2000/09/12 08:37:49 $ DEVELOPMENT STATE o OpenSSL 0.9.6: Under development (in release cycle)... Proposed release date September 24, 2000 + 0.9.6-beta1 is available: + OpenBSD-x86 2.7 - failed (ftime/TIMEB) + hpux-parisc-cc 10.20 - passed + hpux-parisc-gcc 10.20 - passed + hpux-gcc - passed + hpux-brokengcc - failed (BN_sqr) + linux-elf - passed + linux-sparcv7 - passed + Solaris [engine] - failed (speed cswift) + sco5-gcc - passed + sco5-cc - passed o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 7781067d6a..f1ac7e7726 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -36,6 +36,7 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; $DAYS="-days 365"; $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; diff --git a/apps/speed.c b/apps/speed.c index e52767153b..d8d1b6d46d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -88,7 +88,7 @@ #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) +#if !defined(_UNICOS) && !defined(__OpenBSD__) # define TIMEB #endif @@ -1167,49 +1167,73 @@ int MAIN(int argc, char **argv) int ret; if (!rsa_doit[j]) continue; ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]); - pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j], - RSA_SECONDS); -/* RSA_blinding_on(rsa_key[j],NULL); */ - Time_F(START,usertime); - for (count=0,run=1; COND(rsa_c[j][0]); count++) + if (ret == 0) + { + BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else { - ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, - rsa_key[j]); - if (ret <= 0) + pkey_print_message("private","rsa", + rsa_c[j][0],rsa_bits[j], + RSA_SECONDS); +/* RSA_blinding_on(rsa_key[j],NULL); */ + Time_F(START,usertime); + for (count=0,run=1; COND(rsa_c[j][0]); count++) { - BIO_printf(bio_err,"RSA private encrypt failure\n"); - ERR_print_errors(bio_err); - count=1; - break; + ret=RSA_sign(NID_md5_sha1, buf,36, buf2, + &rsa_num, rsa_key[j]); + if (ret == 0) + { + BIO_printf(bio_err, + "RSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } } + d=Time_F(STOP,usertime); + BIO_printf(bio_err, + "%ld %d bit private RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][0]=d/(double)count; + rsa_count=count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n", - count,rsa_bits[j],d); - rsa_results[j][0]=d/(double)count; - rsa_count=count; #if 1 ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j], - RSA_SECONDS); - Time_F(START,usertime); - for (count=0,run=1; COND(rsa_c[j][1]); count++) + if (ret <= 0) { - ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, - rsa_key[j]); - if (ret <= 0) + BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n"); + ERR_print_errors(bio_err); + dsa_doit[j] = 0; + } + else + { + pkey_print_message("public","rsa", + rsa_c[j][1],rsa_bits[j], + RSA_SECONDS); + Time_F(START,usertime); + for (count=0,run=1; COND(rsa_c[j][1]); count++) { - BIO_printf(bio_err,"RSA verify failure\n"); - ERR_print_errors(bio_err); - count=1; - break; + ret=RSA_verify(NID_md5_sha1, buf,36, buf2, + rsa_num, rsa_key[j]); + if (ret == 0) + { + BIO_printf(bio_err, + "RSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } } + d=Time_F(STOP,usertime); + BIO_printf(bio_err, + "%ld %d bit public RSA's in %.2fs\n", + count,rsa_bits[j],d); + rsa_results[j][1]=d/(double)count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n", - count,rsa_bits[j],d); - rsa_results[j][1]=d/(double)count; #endif if (rsa_count <= 1) @@ -1231,54 +1255,77 @@ int MAIN(int argc, char **argv) for (j=0; j<DSA_NUM; j++) { unsigned int kk; + int ret; if (!dsa_doit[j]) continue; DSA_generate_key(dsa_key[j]); /* DSA_sign_setup(dsa_key[j],NULL); */ - rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, + ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, &kk,dsa_key[j]); - pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j], - DSA_SECONDS); - Time_F(START,usertime); - for (count=0,run=1; COND(dsa_c[j][0]); count++) + if (ret == 0) + { + BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count=1; + } + else { - rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, - &kk,dsa_key[j]); - if (rsa_num == 0) + pkey_print_message("sign","dsa", + dsa_c[j][0],dsa_bits[j], + DSA_SECONDS); + Time_F(START,usertime); + for (count=0,run=1; COND(dsa_c[j][0]); count++) { - BIO_printf(bio_err,"DSA sign failure\n"); - ERR_print_errors(bio_err); - count=1; - break; + ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, + &kk,dsa_key[j]); + if (ret == 0) + { + BIO_printf(bio_err, + "DSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } } + d=Time_F(STOP,usertime); + BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n", + count,dsa_bits[j],d); + dsa_results[j][0]=d/(double)count; + rsa_count=count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n", - count,dsa_bits[j],d); - dsa_results[j][0]=d/(double)count; - rsa_count=count; - rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, + ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, kk,dsa_key[j]); - pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j], - DSA_SECONDS); - Time_F(START,usertime); - for (count=0,run=1; COND(dsa_c[j][1]); count++) + if (ret <= 0) + { + BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n"); + ERR_print_errors(bio_err); + dsa_doit[j] = 0; + } + else { - rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, - kk,dsa_key[j]); - if (rsa_num2 == 0) + pkey_print_message("verify","dsa", + dsa_c[j][1],dsa_bits[j], + DSA_SECONDS); + Time_F(START,usertime); + for (count=0,run=1; COND(dsa_c[j][1]); count++) { - BIO_printf(bio_err,"DSA verify failure\n"); - ERR_print_errors(bio_err); - count=1; - break; + ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, + kk,dsa_key[j]); + if (ret <= 0) + { + BIO_printf(bio_err, + "DSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; + } } + d=Time_F(STOP,usertime); + BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n", + count,dsa_bits[j],d); + dsa_results[j][1]=d/(double)count; } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n", - count,dsa_bits[j],d); - dsa_results[j][1]=d/(double)count; if (rsa_count <= 1) { diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index f6dc880fed..528e410f74 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -61,8 +61,6 @@ #include <stdlib.h> #include <string.h> -#include "openssl/e_os.h" - #ifdef VMS #include <unixio.h> #endif @@ -75,6 +73,7 @@ # include <sys/stat.h> #endif +#include <openssl/e_os.h> #include <openssl/crypto.h> #include <openssl/rand.h> diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod index 16787e386e..6c001a3092 100644 --- a/doc/crypto/BIO_read.pod +++ b/doc/crypto/BIO_read.pod @@ -32,11 +32,12 @@ BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b> All these functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully -read or written (if the result is zero or negative). +read or written if the result is 0 or -1. If the return value is -2 then +the operation is not implemented in the specific BIO type. =head1 NOTES -A negative or zero return is not necessarily an indication of an error. In +A 0 or -1 return is not necessarily an indication of an error. In particular when the source/sink is non-blocking or of a certain type (for example an SSL BIO can retry even if the underlying connection is blocking) it may merely be an indication that no data is currently available and that diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod index a4c464ffa1..ab67a46114 100644 --- a/doc/crypto/BIO_should_retry.pod +++ b/doc/crypto/BIO_should_retry.pod @@ -91,10 +91,10 @@ done: } while((len <= 0) && BIO_should_retry(bio)); While an application may retry a failed non blocking call immediately -this is likely to be very inefficient because the call is likely to -fail repeatedly until data can be processed. An application will normally -wait until the necessary condition is satisfied. How this is done depends -on the underlying I/O structure. +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. For example if the cause is ultimately a socket and BIO_should_read() is true then a call to select() may be made to wait until data is @@ -114,7 +114,7 @@ able to pass any data to the application until a complete block has been read. It is possible for a BIO to block indefinitely if the underlying I/O -structure cannot process the data. This depends on the behaviour of +structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution is to use non blocking I/O and use a timeout on the select() (or equivalent) call. diff --git a/util/mkdef.pl b/util/mkdef.pl index 8703b7377d..4809db4405 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -40,7 +40,14 @@ # symbol name replacements for platforms where the names are too long for the # compiler or linker, or if the systems is case insensitive and there is a # clash. This script assumes those redefinitions are place in the file -# crypto/idhacks.h. +# crypto/symhacks.h. +# The semantics for the platforms list is a bit complicated. The rule of +# thumb is that the list is exclusive, but it seems to mean different things. +# So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists +# on all platforms except those listed. If the list is all positives (like +# "VMS,WIN16"), the symbol exists only on those platforms and nowhere else. +# The combination of positives and negatives will act as if the positives +# weren't there. # - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious. # - "algorithms" is a comma-separated list of algorithm names. This helps # exclude symbols that are part of an algorithm that some user wants to @@ -96,6 +103,8 @@ foreach (@ARGV, split(/ /, $options)) $NT = 1; } $VMS=1 if $_ eq "VMS"; + $rsaref=1 if $_ eq "rsaref"; + $do_ssl=1 if $_ eq "ssleay"; $do_ssl=1 if $_ eq "ssl"; $do_crypto=1 if $_ eq "libeay"; @@ -104,7 +113,6 @@ foreach (@ARGV, split(/ /, $options)) $do_rewrite=1 if $_ eq "rewrite"; $do_ctest=1 if $_ eq "ctest"; $do_ctestall=1 if $_ eq "ctestall"; - $rsaref=1 if $_ eq "rsaref"; #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK"; if (/^no-rc2$/) { $no_rc2=1; } @@ -693,15 +701,49 @@ EOF if(!$do_update); } else { (my $n, my $i) = split /\\/, $nums{$s}; + my %pf = (); my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); - printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n - # It is very important to check NT before W32 - if ($NT && (!@p || (grep(/^WINNT$/,@p) - && !grep(/^!WINNT$/,@p))) - || $W32 && (!@p || (grep(/^WIN32$/,@p) - && !grep(/^!WIN32$/,@p))) - || $W16 && (!@p || (grep(/^WIN16$/,@p) - && !grep(/^!WIN16$/,@p)))); + # @p_purged must contain hardware platforms only + my @p_purged = (); + foreach $ptmp (@p) { + next if $ptmp =~ /^!?RSAREF$/; + push @p_purged, $ptmp; + } + my $negatives = !!grep(/^!/,@p); + # It is very important to check NT before W32 + if ((($NT && (!@p_purged + || (!$negatives && grep(/^WINNT$/,@p)) + || ($negatives && !grep(/^!WINNT$/,@p)))) + || ($W32 && (!@p_purged + || (!$negatives && grep(/^WIN32$/,@p)) + || ($negatives && !grep(/^!WIN32$/,@p)))) + || ($W16 && (!@p_purged + || (!$negatives && grep(/^WIN16$/,@p)) + || ($negatives && !grep(/^!WIN16$/,@p))))) + && (!@p + || (!$negatives + && ($rsaref || !grep(/^RSAREF$/,@p))) + || ($negatives + && (!$rsaref || !grep(/^!RSAREF$/,@p))))) { + printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; +# } else { +# print STDERR "DEBUG: \"$sym\" (@p):", +# " rsaref:", !!(!@p +# || (!$negatives +# && ($rsaref || !grep(/^RSAREF$/,@p))) +# || ($negatives +# && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0, +# " 16:", !!($W16 && (!@p_purged +# || (!$negatives && grep(/^WIN16$/,@p)) +# || ($negatives && !grep(/^!WIN16$/,@p)))), +# " 32:", !!($W32 && (!@p_purged +# || (!$negatives && grep(/^WIN32$/,@p)) +# || ($negatives && !grep(/^!WIN32$/,@p)))), +# " NT:", !!($NT && (!@p_purged +# || (!$negatives && grep(/^WINNT$/,@p)) +# || ($negatives && !grep(/^!WINNT$/,@p)))), +# "\n"; + } } } printf OUT "\n"; |