Loading CHANGES +56 −18 Original line number Diff line number Diff line Loading @@ -4,19 +4,43 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Remove lots of duplicated code from the EVP library. For example *every* cipher init() function handles the 'iv' in the same way according to the cipher mode. They also all do nothing if the 'key' parameter is NULL and for CFB and OFB modes they zero ctx->num. *) New function BN_mod_exp_mont_word for small bases (roughly 20% faster than BN_mod_exp_mont even though it does not use windowing). [Bodo Moeller] Most of the routines have the same form and so can be declared in terms of macros. *) CygWin32 support. [John Jarvie <jjarvie@newsguy.com>] By shifting this to the top level EVP_CipherInit() it can be removed from all individual ciphers. If the cipher wants to handle IVs or keys differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT flags. [Steve Henson] *) The type-safe stack code has been rejigged. It is now only compiled in when OpenSSL is configured with the DEBUG_SAFESTACK option and by default all type-specific stack functions are "#define"d back to standard stack functions. This results in more streamlined output but retains the type-safety checking possibilities of the original approach. [Geoff Thorpe] *) The STACK code has been cleaned up, and certain type declarations that didn't make a lot of sense have been brought in line. This has also involved a cleanup of sorts in safestack.h to more correctly map type-safe stack functions onto their plain stack counterparts. This work has also resulted in a variety of "const"ifications of lots of the code, especially "_cmp" operations which should normally be prototyped with "const" parameters anyway. [Geoff Thorpe] *) When generating bytes for the first time in md_rand.c, 'stir the pool' by seeding with STATE_SIZE dummy bytes (with zero entropy count). (The PRNG state consists of two parts, the large pool 'state' and 'md', where all of 'md' is used each time the PRNG is used, but 'state' is used only indexed by a cyclic counter. As entropy may not be well distributed from the beginning, 'md' is important as a chaining variable. However, the output function chains only half of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains all of 'md', and seeding with STATE_SIZE dummy bytes will result in all of 'state' being rewritten, with the new values depending on virtually all of 'md'. This overcomes the 80 bit limitation.) [Bodo Moeller] *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when the handshake is continued after ssl_verify_cert_chain(); Loading @@ -24,15 +48,29 @@ can lead to 'unexplainable' connection aborts later. [Bodo Moeller; problem tracked down by Lutz Jaenicke] *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow various cipher parameters to be set in the EVP interface. Initially support added for variable key length ciphers via the EVP_CIPHER_CTX_set_key_length() function. Other cipher specific parameters will be added later via the new catchall 'ctrl' function. *) Major EVP API cipher revision. Add hooks for extra EVP features. This allows various cipher parameters to be set in the EVP interface. Support added for variable key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and setting of RC2 and RC5 parameters. Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length ciphers. Remove lots of duplicated code from the EVP library. For example *every* cipher init() function handles the 'iv' in the same way according to the cipher mode. They also all do nothing if the 'key' parameter is NULL and for CFB and OFB modes they zero ctx->num. New functionality allows removal of S/MIME code RC2 hack. Still needs support in other library functions, and allow parameter setting for algorithms like RC2, RC5. Most of the routines have the same form and so can be declared in terms of macros. By shifting this to the top level EVP_CipherInit() it can be removed from all individual ciphers. If the cipher wants to handle IVs or keys differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT flags. Change lots of functions like EVP_EncryptUpdate() to now return a value: although software versions of the algorithms cannot fail Loading Configure +26 −17 Original line number Diff line number Diff line Loading @@ -39,6 +39,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # -<xxx> +<xxx> compiler options are passed through # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items # provided to stack calls. Generates unique stack functions for # each possible stack type. # DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h # DES_RISC1 use different DES_ENCRYPT macro that helps reduce register # dependancies but needs to more registers, good for RISC CPU's Loading Loading @@ -104,8 +107,8 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", Loading Loading @@ -165,7 +168,7 @@ my %table=( # Sunos configs, assuming sparc for the gcc one. ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::", "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):-liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. Loading @@ -175,11 +178,11 @@ my %table=( # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", #### Unified HP-UX ANSI C configs. # Special notes: Loading Loading @@ -265,10 +268,10 @@ my %table=( # # <appro@fy.chalmers.se> # "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", # assembler versions -- currently defunct: ##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", Loading Loading @@ -296,7 +299,7 @@ my %table=( "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", # Linux on ARM "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::dlfcn", "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn", # UnixWare 2.0 "unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", Loading Loading @@ -364,12 +367,14 @@ my %table=( "BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::", "BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # CygWin32 # Mingw32 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl # and its library files in util/pl/*) "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", # CygWin32 "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::", Loading @@ -388,7 +393,7 @@ my %table=( ); my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 BC-16 CygWin32 Mingw32); BC-16 Mingw32); my $prefix=""; my $openssldir=""; Loading Loading @@ -435,6 +440,7 @@ my $openssl_other_defines=""; my $libs=""; my $target=""; my $options=""; my $symlink=1; foreach (@ARGV) { s /^-no-/no-/; # some people just can't read the instructions Loading @@ -450,6 +456,8 @@ foreach (@ARGV) { $no_threads=1; } elsif (/^threads$/) { $threads=1; } elsif (/^no-symlinks$/) { $symlink=0; } elsif (/^no-(.+)$/) { my $algo=$1; Loading Loading @@ -902,7 +910,8 @@ if($IsWindows) { EOF close(OUT); } else { (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?; (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $? if $symlink; ### (system 'make depend') == 0 or exit $? if $depflags ne ""; # Run "make depend" manually if you want to be able to delete # the source code files of ciphers you left out. Loading FAQ +18 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,8 @@ OpenSSL - Frequently Asked Questions * Why can't I make an SSL connection using a DSA certificate? * How can I remove the passphrase on a private key? * Why can't the OpenSSH configure script detect OpenSSL? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Which is the current version of OpenSSL? Loading Loading @@ -305,3 +307,19 @@ applied to the OpenSSH distribution: fi LIBS="$LIBS -lcrypto" ----- snip:end ----- * Why does the OpenSSL test fail with "bc: command not found"? You didn't install "bc", the Unix calculator. If you want to run the tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. * Why does the OpenSSL test fail with "bc: 1 no implemented"? On some SCO installations or versions, bc has a bug that gets triggered when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc and compile/install it. For example, GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used. INSTALL.W32 +46 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,52 @@ > cd out > ..\ms\test GNU C (CygWin32) --------------- CygWin32 provides a bash shell and GNU tools environment running on NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL with CygWin is closer to a GNU bash environment such as Linux rather than other W32 makes that are based on a single makefile approach. CygWin32 implements Posix/Unix calls through cygwin1.dll, and is contrasted to Mingw32 which links dynamically to msvcrt.dll or crtdll.dll. To build OpenSSL using CygWin32: * Install CygWin32 (see http://sourceware.cygnus.com/cygwin) * Install Perl and ensure it is in the path * Run the CygWin bash shell * $ tar zxvf openssl-x.x.x.tar.gz $ cd openssl-x.x.x $ ./Configure no-threads CygWin32 [...] $ make [...] $ make test $ make install This will create a default install in /usr/local/ssl. CygWin32 Notes: "make test" and normal file operations may fail in directories mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin stripping of carriage returns. To avoid this ensure that a binary mount is used, e.g. mount -b c:\somewhere /home. As of version 1.1.1 CygWin32 is relatively unstable in its handling of cr/lf issues. These make procedures succeeded with versions 1.1 and the snapshot 20000524 (Slow!). "bc" is not provided in the CygWin32 distribution. This causes a non-fatal error in "make test" but is otherwise harmless. If desired, GNU bc can be built with CygWin32 without change. Troubleshooting --------------- Loading Makefile.org +4 −1 Original line number Diff line number Diff line Loading @@ -299,6 +299,9 @@ tags: errors: perl util/mkerr.pl -recurse -write stacks: perl util/mkstack.pl -recurse util/libeay.num:: perl util/mkdef.pl crypto update Loading @@ -312,7 +315,7 @@ TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ perl Configure TABLE) > TABLE update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE tar: @$(TAR) $(TARFLAGS) -cvf - \ Loading Loading
CHANGES +56 −18 Original line number Diff line number Diff line Loading @@ -4,19 +4,43 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Remove lots of duplicated code from the EVP library. For example *every* cipher init() function handles the 'iv' in the same way according to the cipher mode. They also all do nothing if the 'key' parameter is NULL and for CFB and OFB modes they zero ctx->num. *) New function BN_mod_exp_mont_word for small bases (roughly 20% faster than BN_mod_exp_mont even though it does not use windowing). [Bodo Moeller] Most of the routines have the same form and so can be declared in terms of macros. *) CygWin32 support. [John Jarvie <jjarvie@newsguy.com>] By shifting this to the top level EVP_CipherInit() it can be removed from all individual ciphers. If the cipher wants to handle IVs or keys differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT flags. [Steve Henson] *) The type-safe stack code has been rejigged. It is now only compiled in when OpenSSL is configured with the DEBUG_SAFESTACK option and by default all type-specific stack functions are "#define"d back to standard stack functions. This results in more streamlined output but retains the type-safety checking possibilities of the original approach. [Geoff Thorpe] *) The STACK code has been cleaned up, and certain type declarations that didn't make a lot of sense have been brought in line. This has also involved a cleanup of sorts in safestack.h to more correctly map type-safe stack functions onto their plain stack counterparts. This work has also resulted in a variety of "const"ifications of lots of the code, especially "_cmp" operations which should normally be prototyped with "const" parameters anyway. [Geoff Thorpe] *) When generating bytes for the first time in md_rand.c, 'stir the pool' by seeding with STATE_SIZE dummy bytes (with zero entropy count). (The PRNG state consists of two parts, the large pool 'state' and 'md', where all of 'md' is used each time the PRNG is used, but 'state' is used only indexed by a cyclic counter. As entropy may not be well distributed from the beginning, 'md' is important as a chaining variable. However, the output function chains only half of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains all of 'md', and seeding with STATE_SIZE dummy bytes will result in all of 'state' being rewritten, with the new values depending on virtually all of 'md'. This overcomes the 80 bit limitation.) [Bodo Moeller] *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when the handshake is continued after ssl_verify_cert_chain(); Loading @@ -24,15 +48,29 @@ can lead to 'unexplainable' connection aborts later. [Bodo Moeller; problem tracked down by Lutz Jaenicke] *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow various cipher parameters to be set in the EVP interface. Initially support added for variable key length ciphers via the EVP_CIPHER_CTX_set_key_length() function. Other cipher specific parameters will be added later via the new catchall 'ctrl' function. *) Major EVP API cipher revision. Add hooks for extra EVP features. This allows various cipher parameters to be set in the EVP interface. Support added for variable key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and setting of RC2 and RC5 parameters. Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length ciphers. Remove lots of duplicated code from the EVP library. For example *every* cipher init() function handles the 'iv' in the same way according to the cipher mode. They also all do nothing if the 'key' parameter is NULL and for CFB and OFB modes they zero ctx->num. New functionality allows removal of S/MIME code RC2 hack. Still needs support in other library functions, and allow parameter setting for algorithms like RC2, RC5. Most of the routines have the same form and so can be declared in terms of macros. By shifting this to the top level EVP_CipherInit() it can be removed from all individual ciphers. If the cipher wants to handle IVs or keys differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT flags. Change lots of functions like EVP_EncryptUpdate() to now return a value: although software versions of the algorithms cannot fail Loading
Configure +26 −17 Original line number Diff line number Diff line Loading @@ -39,6 +39,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # -<xxx> +<xxx> compiler options are passed through # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items # provided to stack calls. Generates unique stack functions for # each possible stack type. # DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h # DES_RISC1 use different DES_ENCRYPT macro that helps reduce register # dependancies but needs to more registers, good for RISC CPU's Loading Loading @@ -104,8 +107,8 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", Loading Loading @@ -165,7 +168,7 @@ my %table=( # Sunos configs, assuming sparc for the gcc one. ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::", "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):-liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. Loading @@ -175,11 +178,11 @@ my %table=( # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", #### Unified HP-UX ANSI C configs. # Special notes: Loading Loading @@ -265,10 +268,10 @@ my %table=( # # <appro@fy.chalmers.se> # "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", # assembler versions -- currently defunct: ##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", Loading Loading @@ -296,7 +299,7 @@ my %table=( "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", # Linux on ARM "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::dlfcn", "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn", # UnixWare 2.0 "unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", Loading Loading @@ -364,12 +367,14 @@ my %table=( "BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::", "BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # CygWin32 # Mingw32 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl # and its library files in util/pl/*) "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", # CygWin32 "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::", Loading @@ -388,7 +393,7 @@ my %table=( ); my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 BC-16 CygWin32 Mingw32); BC-16 Mingw32); my $prefix=""; my $openssldir=""; Loading Loading @@ -435,6 +440,7 @@ my $openssl_other_defines=""; my $libs=""; my $target=""; my $options=""; my $symlink=1; foreach (@ARGV) { s /^-no-/no-/; # some people just can't read the instructions Loading @@ -450,6 +456,8 @@ foreach (@ARGV) { $no_threads=1; } elsif (/^threads$/) { $threads=1; } elsif (/^no-symlinks$/) { $symlink=0; } elsif (/^no-(.+)$/) { my $algo=$1; Loading Loading @@ -902,7 +910,8 @@ if($IsWindows) { EOF close(OUT); } else { (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?; (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $? if $symlink; ### (system 'make depend') == 0 or exit $? if $depflags ne ""; # Run "make depend" manually if you want to be able to delete # the source code files of ciphers you left out. Loading
FAQ +18 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,8 @@ OpenSSL - Frequently Asked Questions * Why can't I make an SSL connection using a DSA certificate? * How can I remove the passphrase on a private key? * Why can't the OpenSSH configure script detect OpenSSL? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Which is the current version of OpenSSL? Loading Loading @@ -305,3 +307,19 @@ applied to the OpenSSH distribution: fi LIBS="$LIBS -lcrypto" ----- snip:end ----- * Why does the OpenSSL test fail with "bc: command not found"? You didn't install "bc", the Unix calculator. If you want to run the tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. * Why does the OpenSSL test fail with "bc: 1 no implemented"? On some SCO installations or versions, bc has a bug that gets triggered when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". The best way to deal with this is to find another implementation of bc and compile/install it. For example, GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used.
INSTALL.W32 +46 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,52 @@ > cd out > ..\ms\test GNU C (CygWin32) --------------- CygWin32 provides a bash shell and GNU tools environment running on NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL with CygWin is closer to a GNU bash environment such as Linux rather than other W32 makes that are based on a single makefile approach. CygWin32 implements Posix/Unix calls through cygwin1.dll, and is contrasted to Mingw32 which links dynamically to msvcrt.dll or crtdll.dll. To build OpenSSL using CygWin32: * Install CygWin32 (see http://sourceware.cygnus.com/cygwin) * Install Perl and ensure it is in the path * Run the CygWin bash shell * $ tar zxvf openssl-x.x.x.tar.gz $ cd openssl-x.x.x $ ./Configure no-threads CygWin32 [...] $ make [...] $ make test $ make install This will create a default install in /usr/local/ssl. CygWin32 Notes: "make test" and normal file operations may fail in directories mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin stripping of carriage returns. To avoid this ensure that a binary mount is used, e.g. mount -b c:\somewhere /home. As of version 1.1.1 CygWin32 is relatively unstable in its handling of cr/lf issues. These make procedures succeeded with versions 1.1 and the snapshot 20000524 (Slow!). "bc" is not provided in the CygWin32 distribution. This causes a non-fatal error in "make test" but is otherwise harmless. If desired, GNU bc can be built with CygWin32 without change. Troubleshooting --------------- Loading
Makefile.org +4 −1 Original line number Diff line number Diff line Loading @@ -299,6 +299,9 @@ tags: errors: perl util/mkerr.pl -recurse -write stacks: perl util/mkstack.pl -recurse util/libeay.num:: perl util/mkdef.pl crypto update Loading @@ -312,7 +315,7 @@ TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ perl Configure TABLE) > TABLE update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE tar: @$(TAR) $(TARFLAGS) -cvf - \ Loading
