Browse Source

Various cleanups and fixed by Marc and Ralf to start the OpenTLS project

master
Ralf S. Engelschall 24 years ago
parent
commit
651d0aff98
140 changed files with 1283 additions and 5000 deletions
  1. +144
    -0
      CHANGES
  2. +537
    -14
      CHANGES.SSLeay
  3. +0
    -316
      HISTORY
  4. +0
    -7
      HISTORY.090
  5. +0
    -0
      INSTALL.W32
  6. +59
    -0
      LICENSE
  7. +24
    -50
      MINFO
  8. +13
    -21
      Makefile.ssl
  9. +116
    -170
      README
  10. +0
    -27
      README.066
  11. +0
    -147
      README.080
  12. +0
    -8
      README.090
  13. +0
    -0
      README.PATENTS
  14. +0
    -0
      README.PROBLEMS
  15. +0
    -28
      TODO
  16. +0
    -24
      VERSION
  17. +1
    -0
      apps/.cvsignore
  18. +1
    -1
      apps/asn1pars.c
  19. +0
    -5
      apps/f
  20. +1
    -0
      crypto/.cvsignore
  21. +1
    -1
      crypto/Makefile.ssl
  22. +1
    -0
      crypto/asn1/.cvsignore
  23. +1
    -1
      crypto/asn1/asn1_lib.c
  24. +1
    -0
      crypto/bf/.cvsignore
  25. +1
    -1
      crypto/bf/bf_ecb.c
  26. +1
    -0
      crypto/bio/.cvsignore
  27. +9
    -14
      crypto/bio/bio.err
  28. +9
    -13
      crypto/bio/bio.h
  29. +0
    -5
      crypto/bio/bio_err.c
  30. +1
    -0
      crypto/bn/.cvsignore
  31. +0
    -12
      crypto/bn/asm/......add.c
  32. BIN
      crypto/bn/asm/a.out
  33. +14
    -12
      crypto/bn/bn.err
  34. +15
    -13
      crypto/bn/bn.h
  35. +14
    -12
      crypto/bn/bn.org
  36. +2
    -0
      crypto/bn/bn_err.c
  37. +1
    -1
      crypto/bn/bn_lib.c
  38. +1
    -1
      crypto/bn/bn_mont.c
  39. +17
    -17
      crypto/bn/bn_mul.c
  40. +3
    -3
      crypto/bn/bn_sqr.c
  41. +1
    -0
      crypto/buffer/.cvsignore
  42. +0
    -1
      crypto/buffer/buf_err.c
  43. +0
    -1
      crypto/buffer/buffer.err
  44. +0
    -1
      crypto/buffer/buffer.h
  45. +1
    -0
      crypto/cast/.cvsignore
  46. +1
    -1
      crypto/cast/c_ecb.c
  47. +1
    -0
      crypto/comp/.cvsignore
  48. +1
    -0
      crypto/conf/.cvsignore
  49. +1
    -1
      crypto/conf/conf.c
  50. +1
    -1
      crypto/cryptlib.h
  51. +1
    -1
      crypto/crypto.h
  52. +1
    -1
      crypto/cversion.c
  53. +1
    -1
      crypto/date.h
  54. +1
    -0
      crypto/des/.cvsignore
  55. +1
    -1
      crypto/des/ecb_enc.c
  56. +1
    -0
      crypto/dh/.cvsignore
  57. +1
    -1
      crypto/dh/dh_lib.c
  58. +1
    -0
      crypto/dsa/.cvsignore
  59. +2
    -2
      crypto/dsa/dsa_lib.c
  60. +0
    -6
      crypto/dsa/f
  61. +1
    -0
      crypto/err/.cvsignore
  62. +1
    -0
      crypto/evp/.cvsignore
  63. +1
    -1
      crypto/evp/evp_enc.c
  64. +1
    -0
      crypto/hmac/.cvsignore
  65. +1
    -0
      crypto/idea/.cvsignore
  66. +1
    -1
      crypto/idea/i_ecb.c
  67. +1
    -0
      crypto/lhash/.cvsignore
  68. +1
    -1
      crypto/lhash/lhash.c
  69. +1
    -0
      crypto/md/.cvsignore
  70. +1
    -0
      crypto/md2/.cvsignore
  71. +1
    -1
      crypto/md2/md2_dgst.c
  72. +1
    -0
      crypto/md5/.cvsignore
  73. +0
    -731
      crypto/md5/f
  74. +1
    -1
      crypto/md5/md5_dgst.c
  75. +1
    -0
      crypto/mdc2/.cvsignore
  76. +1
    -0
      crypto/objects/.cvsignore
  77. +2
    -0
      crypto/pem/.cvsignore
  78. BIN
      crypto/pem/gmon.out
  79. +1
    -1
      crypto/pem/pem_lib.c
  80. +0
    -19
      crypto/perlasm/f
  81. +0
    -5
      crypto/pkcs7/build
  82. +0
    -1
      crypto/pkcs7/pk7_doit.c
  83. +1
    -1
      crypto/pkcs7/pkcs7err.c
  84. +1
    -0
      crypto/rand/.cvsignore
  85. +3
    -3
      crypto/rand/md_rand.c
  86. +2
    -2
      crypto/rand/rand_lib.c
  87. +1
    -0
      crypto/rc2/.cvsignore
  88. +1
    -1
      crypto/rc2/rc2_ecb.c
  89. +1
    -0
      crypto/rc4/.cvsignore
  90. +1
    -1
      crypto/rc4/rc4_skey.c
  91. +1
    -0
      crypto/rc5/.cvsignore
  92. +1
    -1
      crypto/rc5/rc5_ecb.c
  93. +1
    -0
      crypto/ripemd/.cvsignore
  94. +1
    -1
      crypto/ripemd/rmd_dgst.c
  95. +1
    -0
      crypto/rsa/.cvsignore
  96. +0
    -6
      crypto/rsa/f
  97. +1
    -1
      crypto/rsa/rsa_lib.c
  98. +1
    -0
      crypto/sha/.cvsignore
  99. +0
    -2089
      crypto/sha/asm/f
  100. +1
    -1
      crypto/sha/sha1dgst.c

+ 144
- 0
CHANGES View File

@ -0,0 +1,144 @@
OpenTLS CHANGES
_______________
Changes between 0.9.01b and 0.9.1c
*) Updated the README file.
[Ralf S. Engelschall]
*) Added various .cvsignore files in the CVS repository subdirs
to make a "cvs update" really silent.
[Ralf S. Engelschall]
*) Recompiled the error-definition header files and added
missing symbols to the Win32 linker tables.
[Ralf S. Engelschall]
*) Cleaned up the top-level documents;
o new files: CHANGES and LICENSE
o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
o merged COPYRIGHT into LICENSE
o removed obsolete TODO file
o renamed MICROSOFT to INSTALL.W32
[Ralf S. Engelschall]
*) Removed dummy files from the 0.9.1b source tree:
crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
[Ralf S. Engelschall]
*) Added various platform portability fixed.
[Marc J. Cox]
*) The Genesis of the OpenTLS rpject:
We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
Joung and Tim J. Hudson created while they were working for C2Net until
summer 1998.
[The OpenTLS Project]
Changes between 0.9.0b and 0.9.1b
*) Updated a few CA certificates under certs/
[Eric A. Young]
*) Changed some BIGNUM api stuff.
[Eric A. Young]
*) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
DGUX x86, Linux Alpha, etc.
[Eric A. Young]
*) New COMP library [crypto/comp/] for SSL Record Layer Compression:
RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
available).
[Eric A. Young]
*) Add -strparse option to asn1pars program which parses nested
binary structures
[Dr Stephen Henson <shenson@bigfoot.com>]
*) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
[Eric A. Young]
*) DSA fix for "ca" program.
[Eric A. Young]
*) Added "-genkey" option to "dsaparam" program.
[Eric A. Young]
*) Added RIPE MD160 (rmd160) message digest.
[Eric A. Young]
*) Added -a (all) option to "ssleay version" command.
[Eric A. Young]
*) Added PLATFORM define which is the id given to Configure.
[Eric A. Young]
*) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
[Eric A. Young]
*) Extended the ASN.1 parser routines.
[Eric A. Young]
*) Extended BIO routines to support REUSEADDR, seek, tell, etc.
[Eric A. Young]
*) Added a BN_CTX to the BN library.
[Eric A. Young]
*) Fixed the weak key values in DES library
[Eric A. Young]
*) Changed API in EVP library for cipher aliases.
[Eric A. Young]
*) Added support for RC2/64bit cipher.
[Eric A. Young]
*) Converted the lhash library to the crypto/mem.c functions.
[Eric A. Young]
*) Added more recognized ASN.1 object ids.
[Eric A. Young]
*) Added more RSA padding checks for SSL/TLS.
[Eric A. Young]
*) Added BIO proxy/filter functionality.
[Eric A. Young]
*) Added extra_certs to SSL_CTX which can be used
send extra CA certificates to the client in the CA cert chain sending
process. It can be configured with SSL_CTX_add_extra_chain_cert().
[Eric A. Young]
*) Now Fortezza is denied in the authentication phase because
this is key exchange mechanism is not supported by SSLeay at all.
[Eric A. Young]
*) Additional PKCS1 checks.
[Eric A. Young]
*) Support the string "TLSv1" for all TLS v1 ciphers.
[Eric A. Young]
*) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
ex_data index of the SSL context in the X509_STORE_CTX ex_data.
[Eric A. Young]
*) Fixed a few memory leaks.
[Eric A. Young]
*) Fixed various code and comment typos.
[Eric A. Young]
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]

HISTORY.066 → CHANGES.SSLeay View File


+ 0
- 316
HISTORY View File

@ -1,316 +0,0 @@
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a new errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.

+ 0
- 7
HISTORY.090 View File

@ -1,7 +0,0 @@
- A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
sent in the client random, thanks to
Edward Bishop <ebishop@spyglass.com>
- Changed some BIGNUM api stuff.
- I Deleted the HISTORY.090 I was working on and when I found out, it was
permanently gone :-(

MICROSOFT → INSTALL.W32 View File


COPYRIGHT → LICENSE View File


+ 24
- 50
MINFO View File

@ -1,11 +1,11 @@
RELATIVE_DIRECTORY=.
AR=ar r
BASENAME=SSLeay
BASENAME=opentls
BF_ENC=bf_enc.o
BN_ASM=bn_asm.o
CAST_ENC=c_enc.o
CC=cl
CFLAG=
CC=cc
CFLAG=-O -DNOPROTO
DES_ENC=des_enc.o fcrypt_b.o
DIRS=crypto ssl rsaref apps test tools
EDIRS=times doc bugs util include certs ms shlib mt demos perl sf dep
@ -20,22 +20,21 @@ MAKEFILE=Makefile.ssl
MAN1=1
MAN3=3
MD5_ASM_OBJ=
MISC=COPYRIGHT Configure HISTORY.090 HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 README.090 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com config PATENTS
NAME=SSLeay-0.9.1b
NAME=opentls-0.9.1c
ONEDIRS=out tmp
PEX_LIBS=-L. -L.. -L../.. -L../../..
PLATFORM=VC-WIN32
PLATFORM=dist
RC4_ENC=rc4_enc.o
RC5_ENC=rc5_enc.o
RMD160_ASM_OBJ=
SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7 proxy comp
SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7 comp
SHA1_ASM_OBJ=
SHELL=/bin/sh
TARFILE=SSLeay-0.9.1b.tar
TARFILE=opentls-0.9.1c.tar
TOP=.
VERSION=0.9.1b
VERSION=0.9.1c
WDIRS=windows
WTARFILE=SSLeay-0.9.1b-win.tar
WTARFILE=opentls-0.9.1c-win.tar
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=crypto
ALL=Makefile README cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c cryptlib.h date.h crypto.h cryptall.h tmdiff.h
@ -62,7 +61,7 @@ MAKEDEPEND=makedepend -f Makefile.ssl
MAKEFILE=Makefile.ssl
PEX_LIBS=
RM=/bin/rm -f
SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7 proxy comp
SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7 comp
SRC=cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
TOP=..
RELATIVE_DIRECTORY=
@ -506,7 +505,7 @@ TEST=
TOP=../..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=crypto/bio
ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c bio.h bss_file.c
ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h bss_file.c
APPS=
AR=ar r
CC=cc
@ -521,12 +520,12 @@ HEADER=bio.h bss_file.c
INCLUDES=-I.. -I../../include
INSTALLTOP=/usr/local/ssl
LIB=../../libcrypto.a
LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o bss_cs4a.o
LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c
LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o
LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
MAKE=make -f Makefile.ssl
MAKEDEPEND=makedepend -f Makefile.ssl
MAKEFILE=Makefile.ssl
SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c
SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
TEST=
TOP=../..
RELATIVE_DIRECTORY=
@ -821,31 +820,6 @@ SRC=pk7_lib.c pkcs7err.c pk7_doit.c
TEST=
TOP=../..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=crypto/proxy
ALL=Makefile proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c proxy.h
APPS=
AR=ar r
CC=cc
CFLAG=-g
CFLAGS=-I.. -I../../include -g
DIR=proxy
ERR=proxy
ERRC=pxy_err
EXHEADER=proxy.h
GENERAL=Makefile
HEADER=proxy.h
INCLUDES=-I.. -I../../include
INSTALLTOP=/usr/local/ssl
LIB=../../libcrypto.a
LIBOBJ=proxy.o pxy_txt.o bf_proxy.o pxy_conf.o pxy_err.o
LIBSRC=proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c
MAKE=make -f Makefile.ssl
MAKEDEPEND=makedepend -f Makefile.ssl
MAKEFILE=Makefile.ssl
SRC=proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c
TEST=
TOP=../..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=crypto/comp
ALL=Makefile comp_lib.c c_rle.c c_zlib.c comp.h
APPS=
@ -872,7 +846,7 @@ TEST=
TOP=../..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=ssl
ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
APPS=
AR=ar r
CC=cc
@ -887,12 +861,12 @@ HEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
INCLUDES=-I../crypto -I../include
INSTALLTOP=/usr/local/ssl
LIB=../libssl.a
LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o pxy_ssl.o ssl_err.o
LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c
LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
MAKE=make -f Makefile.ssl
MAKEDEPEND=makedepend -f Makefile.ssl
MAKEFILE=Makefile.ssl
SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c
SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
TEST=ssltest.c
TOP=..
RELATIVE_DIRECTORY=
@ -922,7 +896,7 @@ TEST=
TOP=..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=apps
ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h
ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h
A_OBJ=apps.o
A_SRC=apps.c
CC=cc
@ -935,8 +909,8 @@ EXE=ssleay
EXHEADER=
EX_LIBS=
E_EXE=verify asn1pars req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o s_ speed.o s_time.o apps.o s_cb.o s_socket.o bf_perm.o version.o sess_id.o ciphers.o
E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c
E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
GENERAL=Makefile
HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h
INCLUDES=-I../include
@ -950,10 +924,10 @@ PEX_LIBS=
PROGS=ssleay.c
RM=/bin/rm -f
SCRIPTS=CA.sh der_chop
SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c
SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
SSLEAY=ssleay
S_OBJ=s_cb.o s_socket.o bf_perm.o
S_SRC=s_cb.c s_socket.c bf_perm.c
S_OBJ=s_cb.o s_socket.o
S_SRC=s_cb.c s_socket.c
TOP=..
RELATIVE_DIRECTORY=
RELATIVE_DIRECTORY=test


+ 13
- 21
Makefile.ssl View File

@ -1,7 +1,7 @@
#
# Makefile for all the SSL related library routines and utilities
VERSION = 0.9.1b
PLATFORM=debug
VERSION = 0.9.1c
PLATFORM=dist
#
# make install will install:
# libraries into $INSTALLTOP/lib
@ -62,11 +62,11 @@ PLATFORM=debug
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= gcc
CC= cc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
CFLAG= -O -DNOPROTO
PEX_LIBS= -L. -L.. -L../.. -L../../..
EX_LIBS= -lefence
EX_LIBS=
AR=ar r
# Set BN_ASM to bn_asm.o if you want to use the C version
@ -173,16 +173,11 @@ SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep
MISC= COPYRIGHT Configure HISTORY.090 HISTORY.066 INSTALL Makefile.ssl \
Makefile \
README TODO HISTORY README.066 README.080 README.090 \
VERSION PROBLEMS MINFO makefile.one e_os.h \
MICROSOFT makevms.com config PATENTS
WDIRS= windows
LIBS= libcrypto.a libssl.a
GENERAL= Makefile
BASENAME= SSLeay
BASENAME= opentls
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
@ -292,16 +287,13 @@ errors:
done;
tar:
@(cd ..;\
mv $(BASENAME) $(NAME); \
export STUFF; \
for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
do \
STUFF="$$STUFF $(NAME)/$$i"; \
done; \
tar cf $(NAME)/$(TARFILE) $$STUFF; \
mv $(NAME) $(BASENAME) )
gzip -f $(TARFILE)
@gtar --no-recursion -cvf - \
`find * -depth -print | grep -v CVS | grep -v .cvsignore | sort` |\
tardy --user_number=0 --user_name=rse \
--group_number=0 --group_name=opentls \
--prefix=opentls-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
ls -l ../$(TARFILE).gz
dist:
perl Configure dist


+ 116
- 170
README View File

@ -1,173 +1,119 @@
SSLeay 0.9.1a 06-Jul-1998
Copyright (c) 1997, Eric Young
All rights reserved.
This directory contains Eric Young's (eay@cryptsoft.com) implementation
of SSL and supporting libraries.
The current version of this library is available from
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
There are patches to a number of internet applications which can be found in
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com>
can be found at
http://www.psy.uq.oz.au/~ftp/Crypto
Additional documentation is being slowly written by Eric Young, and is being
added to http://www.cryptsoft.com/ssleay/doc. It will normally also be
available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
This Library and programs are FREE for commercial and non-commercial
usage. The only restriction is that I must be attributed with the
development of this code. See the COPYRIGHT file for more details.
Donations would still be accepted :-).
THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
The package includes
libssl.a:
My implementation of SSLv2, SSLv3 and the required code to support
both SSLv2 and SSLv3 in the one server.
libcrypto.a:
General encryption and X509 stuff needed by SSL but not
actually logically part of it. It includes routines for the following:
Ciphers
libdes - My libdes DES encryption package which has been floating
around the net for a few years. It includes 15
'modes/variations' of DES (1, 2 and 3 key versions of ecb,
cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
including desx in cbc mode,
a fast crypt(3), and routines to read passwords from the
keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
MDC2 message digest. A DES based hash that is polular on smart cards.
Public Key
RSA encryption/decryption/generation. There is no limit
on the number of bits.
DSA encryption/decryption/generation. There is no limit on the
number of bits.
Diffie-Hellman key-exchange/key generation. There is no limit
on the number of bits.
X509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ascii-binary encoding which supports encryption with
a private key.
Program to generate RSA and DSA certificate requests and to
generate RSA and DSA certificates.
Systems
The normal digital envelope routines and base64 encoding.
Higher level access to ciphers and digests by name. New ciphers can be
loaded at run time.
The BIO io system which is a simple non-blocking IO abstraction.
Current methods supported are file descriptors, sockets,
socket accept, socket connect, memory buffer, buffering,
SSL client/server, file pointer, encryption, digest,
non-blocking testing and null.
Data structures
A dynamically growing hashing system
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
Programs in this package include
enc - a general encryption program that can encrypt/decrypt using
one of 17 different cipher/mode combinations. The
input/output can also be converted to/from base64
ascii encoding.
dgst - a generate message digesting program that will generate
message digests for any of md2, md5, sha (sha-0 or sha-1)
or mdc2.
asn1parse - parse and display the structure of an asn1 encoded
binary file.
rsa - Manipulate RSA private keys.
dsa - Manipulate DSA private keys.
dh - Manipulate Diffie-Hellman parameter files.
dsaparam- Manipulate and generate DSA parameter files.
crl - Manipulate certificate revocation lists.
crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
x509 - Manipulate x509 certificates, self-sign certificates.
req - Manipulate PKCS#10 certificate requests and also
generate certificate requests.
genrsa - Generates an arbitrary sized RSA private key.
gendh - Generates a set of Diffie-Hellman parameters, the prime
will be a strong prime.
ca - Create certificates from PKCS#10 certificate requests.
This program also maintains a database of certificates
issued.
verify - Check x509 certificate signatures.
speed - Benchmark SSLeay's ciphers.
s_server- A test SSL server.
s_client- A test SSL client.
s_time - Benchmark SSL performance of SSL server programs.
errstr - Convert from SSLeay hex error codes to a readable form.
Documents avaliable are
A Postscript and html reference manual
(written by Tim Hudson tjh@cryptsoft.com).
A list of text protocol references I used.
An initial version of the library manual.
OpenTLS 0.9.1c 22-Dec-1998
Copyright (c) 1998 The OpenTLS Project
Copyright (c) 1995-1998 Eric Young
All rights reserved.
The OpenTLS Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Transport Layer Security (TLS v1) and Secure Sockets Layer (SSL v2/v3)
protocols with full-strength cryptography world-wide. The project is managed
by a worldwide community of volunteers that use the Internet to communicate,
plan, and develop the OpenTLS tookit and its related documentation.
OpenTLS is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenTLS toolkit is licensed under a BSD-style licence,
which basically means that you are free to get and use it for commercial and
non-commercial purposes.
The package includes:
libssl.a:
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
both SSLv2, SSLv3 and TLSv1 in the one server.
libcrypto.a:
General encryption and X.509 stuff needed by TLS/SSL but not actually
logically part of it. It includes routines for the following:
Ciphers
libdes - EAY's libdes DES encryption package which has been floating
around the net for a few years. It includes 15
'modes/variations' of DES (1, 2 and 3 key versions of ecb,
cbc, cfb and ofb; pcbc and a more general form of cfb and
ofb) including desx in cbc mode, a fast crypt(3), and
routines to read passwords from the keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
MDC2 message digest. A DES based hash that is polular on smart cards.
Public Key
RSA encryption/decryption/generation.
There is no limit on the number of bits.
DSA encryption/decryption/generation.
There is no limit on the number of bits.
Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ascii-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
Systems
The normal digital envelope routines and base64 encoding. Higher
level access to ciphers and digests by name. New ciphers can be
loaded at run time. The BIO io system which is a simple non-blocking
IO abstraction. Current methods supported are file descriptors,
sockets, socket accept, socket connect, memory buffer, buffering, SSL
client/server, file pointer, encryption, digest, non-blocking testing
and null.
Data structures
A dynamically growing hashing system
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
Programs in this package include:
enc - a general encryption program that can encrypt/decrypt using
one of 17 different cipher/mode combinations. The
input/output can also be converted to/from base64
ascii encoding.
dgst - a generate message digesting program that will generate
message digests for any of md2, md5, sha (sha-0 or sha-1)
or mdc2.
asn1parse - parse and display the structure of an asn1 encoded
binary file.
rsa - Manipulate RSA private keys.
dsa - Manipulate DSA private keys.
dh - Manipulate Diffie-Hellman parameter files.
dsaparam- Manipulate and generate DSA parameter files.
crl - Manipulate certificate revocation lists.
crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
x509 - Manipulate x509 certificates, self-sign certificates.
req - Manipulate PKCS#10 certificate requests and also
generate certificate requests.
genrsa - Generates an arbitrary sized RSA private key.
gendh - Generates a set of Diffie-Hellman parameters, the prime
will be a strong prime.
ca - Create certificates from PKCS#10 certificate requests.
This program also maintains a database of certificates
issued.
verify - Check x509 certificate signatures.
speed - Benchmark SSLeay's ciphers.
s_server- A test SSL server.
s_client- A test SSL client.
s_time - Benchmark SSL performance of SSL server programs.
errstr - Convert from SSLeay hex error codes to a readable form.
To install this package, read the INSTALL file.
For the Microsoft word, read MICROSOFT
This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
Multithreading has been tested under Windows NT and Solaris 2.5.1
Due to time constraints, the current release has only be rigorously tested
on Solaris 2.[45], Linux and Windows NT.
For people in the USA, it is possible to compile SSLeay to use RSA
Inc.'s public key library, RSAref. From my understanding, it is
claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
Read doc/rsaref.doc on how to build with RSAref.
Read the documentation in the doc directory. It is quite rough,
but it lists the functions, you will probably have to look at
the code to work out how to used them. I will be working on
documentation. Look at the example programs.
There should be a SSL reference manual which is being put together by
Tim Hudson (tjh@cryptsoft.com) in the same location as this
distribution. This contains a lot more information that is very
useful. For a description of X509 Certificates, their use, and
certification, read rfc1421, rfc1422, rfc1423 and rfc1424. ssl/README
also goes over the mechanism.
We have setup some mailing lists for use by people that are interested
in helping develop this code and/or ask questions.
ssl-bugs@mincom.oz.au
ssl-users@mincom.oz.au
ssl-bugs-request@mincom.oz.au
ssl-users-request@mincom.oz.au
I have recently read about a new form of software, that which is in
a permanent state of beta release. Linux and Netscape are 2 good
examples of this, and I would also add SSLeay to this category.
The Current stable release is 0.6.6. It has a few minor problems.
0.8.0 is not call compatable so make sure you have the correct version
of SSLeay to link with.
eric (Jun 1997)
Eric Young (eay@cryptsoft.com)
86 Taunton St.
Annerley 4103.
Australia.
For the Microsoft world, read INSTALL.W32 file.
For people in the USA, it is possible to compile SSLeay to use RSA Inc.'s
public key library, RSAref. From my understanding, it is claimed by RSA Inc.
to be illegal to use my public key routines inside the USA. Read
doc/rsaref.doc on how to build with RSAref.
Read the documentation in the doc directory. It is quite rough, but it lists
the functions, you will probably have to look at the code to work out how to
used them. I will be working on documentation. Look at the example programs.

+ 0
- 27
README.066 View File

@ -1,27 +0,0 @@
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
eric

+ 0
- 147
README.080 View File

@ -1,147 +0,0 @@
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO

+ 0
- 8
README.090 View File

@ -1,8 +0,0 @@
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)

PATENTS → README.PATENTS View File


PROBLEMS → README.PROBLEMS View File


+ 0
- 28
TODO View File

@ -1,28 +0,0 @@
- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
It will be reworked along with a nice general mechanism for encrypting
ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
still have not done PKCS#8 support.
- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
I will probably not get this fixed for a while, it is just there so
I could test things.
- Be able to generate DSS certificates.
- Add CRL to the X509 verification stuff, this will probably be added with
SSLv3.
+ X509 callback. I need to callback the application to retrieve certificates
and CRL.
*<- designates the things I'm activly working on.
+<- designates that which I have next in the queue.
====
X509v3 extensions
verify certificate chains
X509 cert lookup methods
RSA/DSA/DH methods mostly for smart cards
dsa cert generation

+ 0
- 24
VERSION View File

@ -1,24 +0,0 @@
SSLeay 0.8.1
- Mostly bug fixes. There is an Ephemeral DH cipher problem which
is fixed.
SSLeay 0.8.0
- New release, for those that are wondering what happend to
0.7.x, call it our internal development version :-)
- There have been lots of changes, mostly the addition of SSLv3.
- There have been many additions from people and amongst
others, C2Net has assisted greatly.
SSLeay 0.6.6
SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
if your application requires 0.6.6, use it. There have been
lots of bug fixes to 0.8.x that have not been applied to 0.6.6
so use 0.8.0+ in preference.
PORTING 0.6.6 to 0.8.0
I'll be documenting this over the next few weeks but as
pressures have been increasing for making SSLv3 support
available I'm shipping it without this documentation as I
basically have not had time to write it (too busy earning a
living :-)

+ 1
- 0
apps/.cvsignore View File

@ -0,0 +1 @@
ssleay

+ 1
- 1
apps/asn1pars.c View File

@ -57,7 +57,7 @@
*/
/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
* add the -strparse option which parses nested binarary structures
* add the -strparse option which parses nested binary structures
*/
#include <stdio.h>


+ 0
- 5
apps/f View File

@ -1,5 +0,0 @@
586
2481
1400
2064

+ 1
- 0
crypto/.cvsignore View File

@ -0,0 +1 @@
lib

+ 1
- 1
crypto/Makefile.ssl View File

@ -54,7 +54,7 @@ top:
all: date.h lib subdirs
date.h: ../Makefile.ssl ../VERSION
date.h: ../Makefile.ssl
echo "#define DATE \"`date`\"" >date.h
subdirs:


+ 1
- 0
crypto/asn1/.cvsignore View File

@ -0,0 +1 @@
lib

+ 1
- 1
crypto/asn1/asn1_lib.c View File

@ -69,7 +69,7 @@ static int asn1_get_length();
static void asn1_put_length();
#endif
char *ASN1_version="ASN1 part of SSLeay 0.9.1a 06-Jul-1998";
char *ASN1_version="ASN.1 part of SSLeay 0.9.1c 22-Dec-1998";
int ASN1_check_infinite_end(p,len)
unsigned char **p;


+ 1
- 0
crypto/bf/.cvsignore View File

@ -0,0 +1 @@
lib

+ 1
- 1
crypto/bf/bf_ecb.c View File

@ -64,7 +64,7 @@
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
char *BF_version="BlowFish part of SSLeay 0.9.1a 06-Jul-1998";
char *BF_version="BlowFish part of SSLeay 0.9.1c 22-Dec-1998";
char *BF_options()
{


+ 1
- 0
crypto/bio/.cvsignore View File

@ -0,0 +1 @@
lib

+ 9
- 14
crypto/bio/bio.err View File

@ -19,9 +19,8 @@
#define BIO_F_CONN_STATE 115
#define BIO_F_FILE_CTRL 116
#define BIO_F_MEM_WRITE 117
#define BIO_F_SOCKS4A_STATE 118
#define BIO_F_SSL_NEW 119
#define BIO_F_WSASTARTUP 120
#define BIO_F_SSL_NEW 118
#define BIO_F_WSASTARTUP 119
/* Reason codes. */
#define BIO_R_ACCEPT_ERROR 100
@ -40,14 +39,10 @@
#define BIO_R_NO_PORT_DEFINED 113
#define BIO_R_NO_PORT_SPECIFIED 114
#define BIO_R_NULL_PARAMETER 115
#define BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH 116
#define BIO_R_SOCKS_REJECTED_CONNECTION 117
#define BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER 118
#define BIO_R_SOCKS_UNKNOWN_ERROR 119
#define BIO_R_TAG_MISMATCH 120
#define BIO_R_UNABLE_TO_BIND_SOCKET 121
#define BIO_R_UNABLE_TO_CREATE_SOCKET 122
#define BIO_R_UNABLE_TO_LISTEN_SOCKET 123
#define BIO_R_UNINITALISED 124
#define BIO_R_UNSUPPORTED_METHOD 125
#define BIO_R_WSASTARTUP 126
#define BIO_R_TAG_MISMATCH 116
#define BIO_R_UNABLE_TO_BIND_SOCKET 117
#define BIO_R_UNABLE_TO_CREATE_SOCKET 118
#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
#define BIO_R_UNINITALISED 120
#define BIO_R_UNSUPPORTED_METHOD 121
#define BIO_R_WSASTARTUP 122

+ 9
- 13
crypto/bio/bio.h View File

@ -683,8 +683,8 @@ int BIO_printf();
#define BIO_F_CONN_STATE 115
#define BIO_F_FILE_CTRL 116
#define BIO_F_MEM_WRITE 117
#define BIO_F_SSL_NEW 119
#define BIO_F_WSASTARTUP 120
#define BIO_F_SSL_NEW 118
#define BIO_F_WSASTARTUP 119
/* Reason codes. */
#define BIO_R_ACCEPT_ERROR 100
@ -703,17 +703,13 @@ int BIO_printf();
#define BIO_R_NO_PORT_DEFINED 113
#define BIO_R_NO_PORT_SPECIFIED 114
#define BIO_R_NULL_PARAMETER 115
#define BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH 116
#define BIO_R_SOCKS_REJECTED_CONNECTION 117
#define BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER 118
#define BIO_R_SOCKS_UNKNOWN_ERROR 119
#define BIO_R_TAG_MISMATCH 120
#define BIO_R_UNABLE_TO_BIND_SOCKET 121
#define BIO_R_UNABLE_TO_CREATE_SOCKET 122
#define BIO_R_UNABLE_TO_LISTEN_SOCKET 123
#define BIO_R_UNINITALISED 124
#define BIO_R_UNSUPPORTED_METHOD 125
#define BIO_R_WSASTARTUP 126
#define BIO_R_TAG_MISMATCH 116
#define BIO_R_UNABLE_TO_BIND_SOCKET 117
#define BIO_R_UNABLE_TO_CREATE_SOCKET 118
#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
#define BIO_R_UNINITALISED 120
#define BIO_R_UNSUPPORTED_METHOD 121
#define BIO_R_WSASTARTUP 122
#ifdef __cplusplus
}


+ 0
- 5
crypto/bio/bio_err.c View File

@ -81,7 +81,6 @@ static ERR_STRING_DATA BIO_str_functs[]=
{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"},
{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
{ERR_PACK(0,BIO_F_SOCKS4A_STATE,0), "SOCKS4A_STATE"},
{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_NEW"},
{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"},
{0,NULL},
@ -105,10 +104,6 @@ static ERR_STRING_DATA BIO_str_reasons[]=
{BIO_R_NO_PORT_DEFINED ,"no port defined"},
{BIO_R_NO_PORT_SPECIFIED ,"no port specified"},
{BIO_R_NULL_PARAMETER ,"null parameter"},
{BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH ,"socks id and ident did not match"},
{BIO_R_SOCKS_REJECTED_CONNECTION ,"socks rejected connection"},
{BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER,"socks unable to talk to ident server"},
{BIO_R_SOCKS_UNKNOWN_ERROR ,"socks unknown error"},
{BIO_R_TAG_MISMATCH ,"tag mismatch"},
{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"},
{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"},


+ 1
- 0
crypto/bn/.cvsignore View File

@ -0,0 +1 @@
lib

+ 0
- 12
crypto/bn/asm/......add.c View File

@ -1,12 +0,0 @@
#include <stdio.h>
{
unsigned long a[10],b[10],c[10];
a[0]=0xFFFFFFFF;
a[1]=0xFFFFFFFF;
b[0]=0xFFFFFFFF;
b[1]=0xFFFFFFFF;
c[2]=bn_add_words(c,a,b,2);
printf("%08X %08X %08X\n",c[2],c[1],c[0]);
}

BIN
crypto/bn/asm/a.out View File


+ 14
- 12
crypto/bn/bn.err View File

@ -5,18 +5,20 @@
#define BN_F_BN_BLINDING_INVERT 101
#define BN_F_BN_BLINDING_NEW 102
#define BN_F_BN_BLINDING_UPDATE 103
#define BN_F_BN_BN2DEC 104
#define BN_F_BN_BN2HEX 105
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_MOD_EXP_MONT 109
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_USUB 115
#define BN_F_BN_BL_CTX_INIT 104
#define BN_F_BN_BL_CTX_NEW 105
#define BN_F_BN_BN2DEC 106
#define BN_F_BN_BN2HEX 107
#define BN_F_BN_CTX_NEW 108
#define BN_F_BN_DIV 109
#define BN_F_BN_EXPAND2 110
#define BN_F_BN_MOD_EXP_MONT 111
#define BN_F_BN_MOD_INVERSE 112
#define BN_F_BN_MOD_MUL_RECIPROCAL 113
#define BN_F_BN_MPI2BN 114
#define BN_F_BN_NEW 115
#define BN_F_BN_RAND 116
#define BN_F_BN_USUB 117
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100


+ 15
- 13
crypto/bn/bn.h View File

@ -79,7 +79,7 @@ extern "C" {
#define BN_MUL_COMBA
#define BN_SQR_COMBA
#undef BN_RECURSION
#define BN_RECURSION
#define RECP_MUL_MOD
#define MONT_MUL_MOD
@ -566,18 +566,20 @@ int BN_div_recp();
#define BN_F_BN_BLINDING_INVERT 101
#define BN_F_BN_BLINDING_NEW 102
#define BN_F_BN_BLINDING_UPDATE 103
#define BN_F_BN_BN2DEC 104
#define BN_F_BN_BN2HEX 105
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_MOD_EXP_MONT 109
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_USUB 115
#define BN_F_BN_BL_CTX_INIT 104
#define BN_F_BN_BL_CTX_NEW 105
#define BN_F_BN_BN2DEC 106
#define BN_F_BN_BN2HEX 107
#define BN_F_BN_CTX_NEW 108
#define BN_F_BN_DIV 109
#define BN_F_BN_EXPAND2 110
#define BN_F_BN_MOD_EXP_MONT 111
#define BN_F_BN_MOD_INVERSE 112
#define BN_F_BN_MOD_MUL_RECIPROCAL 113
#define BN_F_BN_MPI2BN 114
#define BN_F_BN_NEW 115
#define BN_F_BN_RAND 116
#define BN_F_BN_USUB 117
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100


+ 14
- 12
crypto/bn/bn.org View File

@ -566,18 +566,20 @@ int BN_div_recp();
#define BN_F_BN_BLINDING_INVERT 101
#define BN_F_BN_BLINDING_NEW 102
#define BN_F_BN_BLINDING_UPDATE 103
#define BN_F_BN_BN2DEC 104
#define BN_F_BN_BN2HEX 105
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_MOD_EXP_MONT 109
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_USUB 115
#define BN_F_BN_BL_CTX_INIT 104
#define BN_F_BN_BL_CTX_NEW 105
#define BN_F_BN_BN2DEC 106
#define BN_F_BN_BN2HEX 107
#define BN_F_BN_CTX_NEW 108
#define BN_F_BN_DIV 109
#define BN_F_BN_EXPAND2 110
#define BN_F_BN_MOD_EXP_MONT 111
#define BN_F_BN_MOD_INVERSE 112
#define BN_F_BN_MOD_MUL_RECIPROCAL 113
#define BN_F_BN_MPI2BN 114
#define BN_F_BN_NEW 115
#define BN_F_BN_RAND 116
#define BN_F_BN_USUB 117
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100


+ 2
- 0
crypto/bn/bn_err.c View File

@ -67,6 +67,8 @@ static ERR_STRING_DATA BN_str_functs[]=
{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"},
{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"},
{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
{ERR_PACK(0,BN_F_BN_BL_CTX_INIT,0), "BN_BL_CTX_INIT"},
{ERR_PACK(0,BN_F_BN_BL_CTX_NEW,0), "BN_BL_CTX_NEW"},
{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"},
{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"},
{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},


+ 1
- 1
crypto/bn/bn_lib.c View File

@ -60,7 +60,7 @@
#include "cryptlib.h"
#include "bn_lcl.h"
char *BN_version="Big Number part of SSLeay 0.9.1a 06-Jul-1998";
char *BN_version="Big Number part of SSLeay 0.9.1c 22-Dec-1998";
/* For a 32 bit machine
* 2 - 4 == 128


+ 1
- 1
crypto/bn/bn_mont.c View File

@ -235,7 +235,7 @@ printf("number BN_from_montgomery\n");
/* hmm... if a is between i and 2*i, things are bad */
if (a->top > i)
{
j=bn_add_words(ret->d,ret->d,&(a->d[i]),i);
j=(int)(bn_add_words(ret->d,ret->d,&(a->d[i]),i));
if (j) /* overflow */
bn_sub_words(ret->d,ret->d,mont->N.d,i);
}


+ 17
- 17
crypto/bn/bn_mul.c View File

@ -176,16 +176,16 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
* r[32] holds (b[1]*b[1])
*/
c1=bn_add_words(t,r,&(r[n2]),n2);
c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
if (neg) /* if t[32] is negative */
{
c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
}
else
{
/* Might have a carry */
c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
}
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
@ -193,7 +193,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
if (c1)
{
p= &(r[n+n2]);
@ -311,15 +311,15 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
* r[32] holds (b[1]*b[1])
*/
c1=bn_add_words(t,r,&(r[n2]),n2);
c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
*/
c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
if (c1)
{
p= &(r[n+n2]);
@ -454,7 +454,7 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
if (l != NULL)
{
lp= &(t[n2+n]);
c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
}
else
{
@ -463,7 +463,7 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
}
if (neg)
neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
else
{
bn_add_words(&(t[n2]),lp,&(t[0]),n);
@ -498,25 +498,25 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
if (l != NULL)
{
lp= &(t[n2]);
c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
}
else
{
lp= &(t[n2+n]);
c1=0;
}
c1+=bn_add_words(&(t[n2]),lp, &(r[0]),n);
c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
if (oneg)
c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);