From a9c33b529e32d3bc0686e7a7ce8225c13629f0f6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 07:38:47 +0000 Subject: [PATCH] Merge from main trunk. No conflicts. --- Configure | 3 + Makefile.org | 2 +- TABLE | 20 +++++ apps/s_socket.c | 2 + apps/speed.c | 2 +- config | 4 + crypto/bio/bss_conn.c | 2 +- crypto/des/read_pwd.c | 6 ++ crypto/rand/rand_win.c | 176 ++++++++++++++++++++++++---------------- doc/ssl/SSL_accept.pod | 7 +- doc/ssl/SSL_connect.pod | 7 +- doc/ssl/SSL_read.pod | 12 ++- doc/ssl/SSL_write.pod | 12 ++- e_os.h | 7 +- ssl/ssl2.h | 4 + 15 files changed, 187 insertions(+), 79 deletions(-) diff --git a/Configure b/Configure index 8c4a728799..c9c1f127cb 100755 --- a/Configure +++ b/Configure @@ -265,6 +265,9 @@ my %table=( #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", # Use unified settings above instead. +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with # the new compiler # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version diff --git a/Makefile.org b/Makefile.org index a2077b0b53..d1fd33e56c 100644 --- a/Makefile.org +++ b/Makefile.org @@ -62,7 +62,7 @@ AR=ar r RANLIB= ranlib PERL= perl TAR= tar -TARFLAGS= --norecurse +TARFLAGS= --no-recursion # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o diff --git a/TABLE b/TABLE index 359ad0eccb..b272b927fa 100644 --- a/TABLE +++ b/TABLE @@ -140,6 +140,26 @@ $dso_scheme = $shared_target= $shared_cflag = +*** MPE/iX-gcc +$cc = gcc +$cflags = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB +$unistd = +$thread_cflag = (unknown) +$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = + *** Mingw32 $cc = gcc $cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall diff --git a/apps/s_socket.c b/apps/s_socket.c index 0238566a81..9812e6d505 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port) s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); if (s == INVALID_SOCKET) { perror("socket"); return(0); } +#ifndef MPE i=0; i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); if (i < 0) { perror("keepalive"); return(0); } +#endif if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) { close(s); perror("connect"); return(0); } diff --git a/apps/speed.c b/apps/speed.c index 05a960c7d1..0f93525209 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -88,7 +88,7 @@ #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) # define TIMEB #endif diff --git a/config b/config index 115957f6cc..5920084e82 100755 --- a/config +++ b/config @@ -71,6 +71,10 @@ fi # Now we simply scan though... In most cases, the SYSTEM info is enough # case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in + MPE/iX:*) + MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'` + echo "parisc-hp-MPE/iX"; exit 0 + ;; A/UX:*) echo "m68k-apple-aux3"; exit 0 ;; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index e092528b3e..a6b77a2cb9 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) } c->state=BIO_CONN_S_CONNECT; -#ifdef SO_KEEPALIVE +#if defined(SO_KEEPALIVE) && !defined(MPE) i=1; i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); if (i < 0) diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 9555abe3a5..c27ec336e7 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -271,7 +271,9 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #elif defined(MAC_OS_pre_X) tty=stdin; #else +#ifndef MPE if ((tty=fopen("/dev/tty","r")) == NULL) +#endif tty=stdin; #endif @@ -312,8 +314,12 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #if defined(TTY_set) && !defined(VMS) if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1)) +#ifdef MPE + ; /* MPE lies -- echo really has been disabled */ +#else return(-1); #endif +#endif #ifdef VMS tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d3fe50d341..9f2dcff9a9 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -171,13 +171,16 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include #include -#if 0 /* Some compilers use LMSTR, others (VC6, for example) use LPTSTR. - * This part is disabled until a fix is found. +#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) - (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*); + (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); -#endif /* 0 */ +#endif /* 1 */ int RAND_poll(void) { @@ -191,12 +194,20 @@ int RAND_poll(void) CRYPTACQUIRECONTEXT acquire = 0; CRYPTGENRANDOM gen = 0; CRYPTRELEASECONTEXT release = 0; -#if 0 /* This part is disabled until a fix for the problem with the - * definition of NETSTATGET is found. +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed */ NETSTATGET netstatget = 0; NETFREE netfree = 0; -#endif /* 0 */ +#endif /* 1 */ + + /* Determine the OS version we are on so we can turn off things + * that do not work properly. + */ + OSVERSIONINFO osverinfo ; + osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; + GetVersionEx( &osverinfo ) ; /* load functions dynamically - not available on all systems */ advapi = LoadLibrary("ADVAPI32.DLL"); @@ -204,9 +215,9 @@ int RAND_poll(void) user = LoadLibrary("USER32.DLL"); netapi = LoadLibrary("NETAPI32.DLL"); -#if 0 /* This part is disabled until a fix for the problem with the - * definition of NETSTATGET is found. Also, note that VC6 doesn't - * understand strings starting with L". +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed */ if (netapi) { @@ -217,57 +228,68 @@ int RAND_poll(void) if (netstatget && netfree) { LPBYTE outbuf; - /* NetStatisticsGet() is a Unicode only function */ + /* NetStatisticsGet() is a Unicode only function + * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 + * contains 17 fields. We treat each field as a source of + * one byte of entropy. + */ + if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0); + RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); netfree(outbuf); } if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_SERVER_0), 0); + RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); netfree(outbuf); } } if (netapi) FreeLibrary(netapi); -#endif /* 0 */ +#endif /* 1 */ -#if 0 /* It appears like this can cause an exception deep within ADVAPI32.DLL - * at random times. Reported by Jeffrey Altman. - */ - /* Read Performance Statistics from NT/2000 registry */ - /* The size of the performance data can vary from call to call */ - /* so we must guess the size of the buffer to use and increase */ - /* its size if we get an ERROR_MORE_DATA return instead of */ - /* ERROR_SUCCESS. */ - { - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) + /* It appears like this can cause an exception deep within ADVAPI32.DLL + * at random times on Windows 2000. Reported by Jeffrey Altman. + * Only use it on NT. + */ + if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && + osverinfo.dwMajorVersion < 5) { - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, 0); + /* Read Performance Statistics from NT/2000 registry + * The size of the performance data can vary from call + * to call so we must guess the size of the buffer to use + * and increase its size if we get an ERROR_MORE_DATA + * return instead of ERROR_SUCCESS. + */ + LONG rc=ERROR_MORE_DATA; + char * buf=NULL; + DWORD bufsz=0; + DWORD length; + + while (rc == ERROR_MORE_DATA) + { + buf = realloc(buf,bufsz+8192); + if (!buf) + break; + bufsz += 8192; + + length = bufsz; + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + NULL, NULL, buf, &length); + } + if (rc == ERROR_SUCCESS) + { + /* For entropy count assume only least significant + * byte of each DWORD is random. + */ + RAND_add(&length, sizeof(length), 0); + RAND_add(buf, length, length / 4.0); + } + if (buf) + free(buf); } - if (buf) - free(buf); - } -#endif /* 0 */ if (advapi) { @@ -282,12 +304,13 @@ int RAND_poll(void) if (acquire && gen && release) { /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), 0); + RAND_add(buf, sizeof(buf), sizeof(buf)); #ifdef DEBUG printf("randomness from PROV_RSA_FULL\n"); #endif @@ -300,7 +323,7 @@ int RAND_poll(void) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), 0); + RAND_add(buf, sizeof(buf), sizeof(buf)); #ifdef DEBUG printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -321,7 +344,7 @@ int RAND_poll(void) /* process ID */ w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 0); + RAND_add(&w, sizeof(w), 1); if (user) { @@ -334,41 +357,37 @@ int RAND_poll(void) queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); if (win) - { + { /* window handle */ h = win(); RAND_add(&h, sizeof(h), 0); - } - + } if (cursor) { /* unfortunately, its not safe to call GetCursorInfo() * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) cursor = 0; } - if (cursor) { /* cursor position */ + /* assume 2 bytes of entropy */ CURSORINFO ci; ci.cbSize = sizeof(CURSORINFO); if (cursor(&ci)) - RAND_add(&ci, ci.cbSize, 0); + RAND_add(&ci, ci.cbSize, 2); } if (queue) { /* message queue status */ + /* assume 1 byte of entropy */ w = queue(QS_ALLEVENTS); - RAND_add(&w, sizeof(w), 0); + RAND_add(&w, sizeof(w), 1); } FreeLibrary(user); @@ -406,7 +425,7 @@ int RAND_poll(void) MODULEENTRY32 m; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); @@ -425,11 +444,18 @@ int RAND_poll(void) != NULL) { /* heap list and heap walking */ + /* HEAPLIST32 contains 3 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + * HEAPENTRY32 contains 5 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + */ hlist.dwSize = sizeof(HEAPLIST32); if (heaplist_first(handle, &hlist)) do { - RAND_add(&hlist, hlist.dwSize, 0); + RAND_add(&hlist, hlist.dwSize, 3); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, @@ -438,34 +464,46 @@ int RAND_poll(void) int entrycnt = 50; do RAND_add(&hentry, - hentry.dwSize, 0); + hentry.dwSize, 5); while (heap_next(&hentry) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist)); - + /* process walking */ + /* PROCESSENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ p.dwSize = sizeof(PROCESSENTRY32); if (process_first(handle, &p)) do - RAND_add(&p, p.dwSize, 0); + RAND_add(&p, p.dwSize, 9); while (process_next(handle, &p)); - + /* thread walking */ + /* THREADENTRY32 contains 6 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ t.dwSize = sizeof(THREADENTRY32); if (thread_first(handle, &t)) do - RAND_add(&t, t.dwSize, 0); + RAND_add(&t, t.dwSize, 6); while (thread_next(handle, &t)); - + /* module walking */ + /* MODULEENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ m.dwSize = sizeof(MODULEENTRY32); if (module_first(handle, &m)) do - RAND_add(&m, m.dwSize, 1); + RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - + CloseHandle(handle); } diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index fc6a57b5da..0c79ac515e 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -14,8 +14,11 @@ SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must already have been set and assigned to the -B by setting an underlying B. The behaviour of SSL_accept() depends -on the underlying BIO. +B by setting an underlying B. + +=head1 NOTES + +The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the handshake has been finished or an error occurred, except for SGC (Server diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 7123bf3257..debe41744f 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -14,8 +14,11 @@ SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the B by setting an -underlying B. The behaviour of SSL_connect() depends on the underlying -BIO. +underlying B. + +=head1 NOTES + +The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B, SSL_connect() will only return once the handshake has been finished or an error occurred. diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 3b082a7c90..708b20fdb5 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -13,7 +13,11 @@ SSL_read - read bytes from a TLS/SSL connection. =head1 DESCRIPTION SSL_read() tries to read B bytes from the specified B into the -buffer B. If necessary, SSL_read() will negotiate a TLS/SSL session, if +buffer B. + +=head1 NOTES + +If necessary, SSL_read() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect() or SSL_accept(). If the peer requests a re-negotiation, it will be performed transparently during the SSL_read() operation. The behaviour of SSL_read() depends on the @@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +=head1 IMPORTANT + +When an SSL_read() operation has to be repeated because of +B or B, it must be repeated +with the same arguments. + =head1 RETURN VALUES The following return values can occur: diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index b086258e82..0a1adaba73 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -13,7 +13,11 @@ SSL_read - write bytes to a TLS/SSL connection. =head1 DESCRIPTION SSL_write() writes B bytes from the buffer B into the specified -B. If necessary, SSL_write() will negotiate a TLS/SSL session, if +B connection. + +=head1 NOTES + +If necessary, SSL_write() will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect() or SSL_accept(). If the peer requests a re-negotiation, it will be performed transparently during the SSL_write() operation. The behaviour of SSL_write() depends on the @@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +=head1 IMPORTANT + +When an SSL_write() operation has to be repeated because of +B or B, it must be repeated +with the same arguments. + =head1 RETURN VALUES The following return values can occur: diff --git a/e_os.h b/e_os.h index 77efc6e35b..0c0784f9a9 100644 --- a/e_os.h +++ b/e_os.h @@ -275,6 +275,9 @@ extern "C" { # define NO_SYS_PARAM_H # else /* !defined VMS */ +# ifdef MPE +# define NO_SYS_PARAM_H +# endif # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD # else @@ -344,7 +347,9 @@ extern HINSTANCE _hInstance; # ifndef NO_SYS_PARAM_H # include # endif -# include /* Needed under linux for FD_XXX */ +# ifndef MPE +# include /* Needed under linux for FD_XXX */ +# endif # include # if defined(VMS) && !defined(__DECC) diff --git a/ssl/ssl2.h b/ssl/ssl2.h index 01d41c88c5..df7d03c18f 100644 --- a/ssl/ssl2.h +++ b/ssl/ssl2.h @@ -133,7 +133,11 @@ extern "C" { /* Upper/Lower Bounds */ #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 +#ifdef MPE +#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 +#else #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 +#endif #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ #define SSL2_CHALLENGE_LENGTH 16 -- 2.25.1