Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+ from EGD.
+ [Ben Laurie]
+
*) Add a few more EBCDIC conditionals that make `req' and `x509'
work better on such systems.
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
OpenSSL STATUS Last modified at
- ______________ $Date: 2000/09/11 13:28:30 $
+ ______________ $Date: 2000/09/12 08:37:49 $
DEVELOPMENT STATE
o OpenSSL 0.9.6: Under development (in release cycle)...
Proposed release date September 24, 2000
+ 0.9.6-beta1 is available:
+ OpenBSD-x86 2.7 - failed (ftime/TIMEB)
+ hpux-parisc-cc 10.20 - passed
+ hpux-parisc-gcc 10.20 - passed
+ hpux-gcc - passed
+ hpux-brokengcc - failed (BN_sqr)
+ linux-elf - passed
+ linux-sparcv7 - passed
+ Solaris [engine] - failed (speed cswift)
+ sco5-gcc - passed
+ sco5-cc - passed
o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000
o OpenSSL 0.9.4: Released on August 09th, 1999
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
# define TIMES
#endif
-#if !defined(_UNICOS)
+#if !defined(_UNICOS) && !defined(__OpenBSD__)
# define TIMEB
#endif
int ret;
if (!rsa_doit[j]) continue;
ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
- pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
- RSA_SECONDS);
-/* RSA_blinding_on(rsa_key[j],NULL); */
- Time_F(START,usertime);
- for (count=0,run=1; COND(rsa_c[j][0]); count++)
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
{
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
- rsa_key[j]);
- if (ret <= 0)
+ pkey_print_message("private","rsa",
+ rsa_c[j][0],rsa_bits[j],
+ RSA_SECONDS);
+/* RSA_blinding_on(rsa_key[j],NULL); */
+ Time_F(START,usertime);
+ for (count=0,run=1; COND(rsa_c[j][0]); count++)
{
- BIO_printf(bio_err,"RSA private encrypt failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
+ ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
+ &rsa_num, rsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,
+ "RSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
}
+ d=Time_F(STOP,usertime);
+ BIO_printf(bio_err,
+ "%ld %d bit private RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][0]=d/(double)count;
+ rsa_count=count;
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][0]=d/(double)count;
- rsa_count=count;
#if 1
ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
- pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
- RSA_SECONDS);
- Time_F(START,usertime);
- for (count=0,run=1; COND(rsa_c[j][1]); count++)
+ if (ret <= 0)
{
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
- rsa_key[j]);
- if (ret <= 0)
+ BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ dsa_doit[j] = 0;
+ }
+ else
+ {
+ pkey_print_message("public","rsa",
+ rsa_c[j][1],rsa_bits[j],
+ RSA_SECONDS);
+ Time_F(START,usertime);
+ for (count=0,run=1; COND(rsa_c[j][1]); count++)
{
- BIO_printf(bio_err,"RSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
+ ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ rsa_num, rsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,
+ "RSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
}
+ d=Time_F(STOP,usertime);
+ BIO_printf(bio_err,
+ "%ld %d bit public RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][1]=d/(double)count;
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][1]=d/(double)count;
#endif
if (rsa_count <= 1)
for (j=0; j<DSA_NUM; j++)
{
unsigned int kk;
+ int ret;
if (!dsa_doit[j]) continue;
DSA_generate_key(dsa_key[j]);
/* DSA_sign_setup(dsa_key[j],NULL); */
- rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
&kk,dsa_key[j]);
- pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START,usertime);
- for (count=0,run=1; COND(dsa_c[j][0]); count++)
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count=1;
+ }
+ else
{
- rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (rsa_num == 0)
+ pkey_print_message("sign","dsa",
+ dsa_c[j][0],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START,usertime);
+ for (count=0,run=1; COND(dsa_c[j][0]); count++)
{
- BIO_printf(bio_err,"DSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
+ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+ &kk,dsa_key[j]);
+ if (ret == 0)
+ {
+ BIO_printf(bio_err,
+ "DSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
}
+ d=Time_F(STOP,usertime);
+ BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][0]=d/(double)count;
+ rsa_count=count;
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][0]=d/(double)count;
- rsa_count=count;
- rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+ ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
kk,dsa_key[j]);
- pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START,usertime);
- for (count=0,run=1; COND(dsa_c[j][1]); count++)
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ dsa_doit[j] = 0;
+ }
+ else
{
- rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (rsa_num2 == 0)
+ pkey_print_message("verify","dsa",
+ dsa_c[j][1],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START,usertime);
+ for (count=0,run=1; COND(dsa_c[j][1]); count++)
{
- BIO_printf(bio_err,"DSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
+ ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+ kk,dsa_key[j]);
+ if (ret <= 0)
+ {
+ BIO_printf(bio_err,
+ "DSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
}
+ d=Time_F(STOP,usertime);
+ BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][1]=d/(double)count;
}
- d=Time_F(STOP,usertime);
- BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][1]=d/(double)count;
if (rsa_count <= 1)
{
#include <stdlib.h>
#include <string.h>
-#include "openssl/e_os.h"
-
#ifdef VMS
#include <unixio.h>
#endif
# include <sys/stat.h>
#endif
+#include <openssl/e_os.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
All these functions return either the amount of data successfully read or
written (if the return value is positive) or that no data was successfully
-read or written (if the result is zero or negative).
+read or written if the result is 0 or -1. If the return value is -2 then
+the operation is not implemented in the specific BIO type.
=head1 NOTES
-A negative or zero return is not necessarily an indication of an error. In
+A 0 or -1 return is not necessarily an indication of an error. In
particular when the source/sink is non-blocking or of a certain type (for
example an SSL BIO can retry even if the underlying connection is blocking)
it may merely be an indication that no data is currently available and that
} while((len <= 0) && BIO_should_retry(bio));
While an application may retry a failed non blocking call immediately
-this is likely to be very inefficient because the call is likely to
-fail repeatedly until data can be processed. An application will normally
-wait until the necessary condition is satisfied. How this is done depends
-on the underlying I/O structure.
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.
For example if the cause is ultimately a socket and BIO_should_read()
is true then a call to select() may be made to wait until data is
been read.
It is possible for a BIO to block indefinitely if the underlying I/O
-structure cannot process the data. This depends on the behaviour of
+structure cannot process or return any data. This depends on the behaviour of
the platforms I/O functions. This is often not desirable: one solution
is to use non blocking I/O and use a timeout on the select() (or
equivalent) call.
# symbol name replacements for platforms where the names are too long for the
# compiler or linker, or if the systems is case insensitive and there is a
# clash. This script assumes those redefinitions are place in the file
-# crypto/idhacks.h.
+# crypto/symhacks.h.
+# The semantics for the platforms list is a bit complicated. The rule of
+# thumb is that the list is exclusive, but it seems to mean different things.
+# So, if the list is all negatives (like "!VMS,!WIN16"), the symbol exists
+# on all platforms except those listed. If the list is all positives (like
+# "VMS,WIN16"), the symbol exists only on those platforms and nowhere else.
+# The combination of positives and negatives will act as if the positives
+# weren't there.
# - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious.
# - "algorithms" is a comma-separated list of algorithm names. This helps
# exclude symbols that are part of an algorithm that some user wants to
$NT = 1;
}
$VMS=1 if $_ eq "VMS";
+ $rsaref=1 if $_ eq "rsaref";
+
$do_ssl=1 if $_ eq "ssleay";
$do_ssl=1 if $_ eq "ssl";
$do_crypto=1 if $_ eq "libeay";
$do_rewrite=1 if $_ eq "rewrite";
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
- $rsaref=1 if $_ eq "rsaref";
#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
if (/^no-rc2$/) { $no_rc2=1; }
if(!$do_update);
} else {
(my $n, my $i) = split /\\/, $nums{$s};
+ my %pf = ();
my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1));
- printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n
- # It is very important to check NT before W32
- if ($NT && (!@p || (grep(/^WINNT$/,@p)
- && !grep(/^!WINNT$/,@p)))
- || $W32 && (!@p || (grep(/^WIN32$/,@p)
- && !grep(/^!WIN32$/,@p)))
- || $W16 && (!@p || (grep(/^WIN16$/,@p)
- && !grep(/^!WIN16$/,@p))));
+ # @p_purged must contain hardware platforms only
+ my @p_purged = ();
+ foreach $ptmp (@p) {
+ next if $ptmp =~ /^!?RSAREF$/;
+ push @p_purged, $ptmp;
+ }
+ my $negatives = !!grep(/^!/,@p);
+ # It is very important to check NT before W32
+ if ((($NT && (!@p_purged
+ || (!$negatives && grep(/^WINNT$/,@p))
+ || ($negatives && !grep(/^!WINNT$/,@p))))
+ || ($W32 && (!@p_purged
+ || (!$negatives && grep(/^WIN32$/,@p))
+ || ($negatives && !grep(/^!WIN32$/,@p))))
+ || ($W16 && (!@p_purged
+ || (!$negatives && grep(/^WIN16$/,@p))
+ || ($negatives && !grep(/^!WIN16$/,@p)))))
+ && (!@p
+ || (!$negatives
+ && ($rsaref || !grep(/^RSAREF$/,@p)))
+ || ($negatives
+ && (!$rsaref || !grep(/^!RSAREF$/,@p))))) {
+ printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n;
+# } else {
+# print STDERR "DEBUG: \"$sym\" (@p):",
+# " rsaref:", !!(!@p
+# || (!$negatives
+# && ($rsaref || !grep(/^RSAREF$/,@p)))
+# || ($negatives
+# && (!$rsaref || !grep(/^!RSAREF$/,@p))))?1:0,
+# " 16:", !!($W16 && (!@p_purged
+# || (!$negatives && grep(/^WIN16$/,@p))
+# || ($negatives && !grep(/^!WIN16$/,@p)))),
+# " 32:", !!($W32 && (!@p_purged
+# || (!$negatives && grep(/^WIN32$/,@p))
+# || ($negatives && !grep(/^!WIN32$/,@p)))),
+# " NT:", !!($NT && (!@p_purged
+# || (!$negatives && grep(/^WINNT$/,@p))
+# || ($negatives && !grep(/^!WINNT$/,@p)))),
+# "\n";
+ }
}
}
printf OUT "\n";
projects / oweals / openssl.git / commitdiff