[PATCH] SSE2 inner loop for bn_mul_add_words

[dean gaudet]

hi there, i tried sending this ages ago but i guess some spam filters
probably lost it... i see i have to be subscribed to post stuff.

on a p4 2.4GHz, here's the before:

  signverifysign/s verify/s
rsa 1024 bits   0.0044s   0.0002s225.5   4139.4

and after:

  signverifysign/s verify/s
rsa 1024 bits   0.0033s   0.0002s306.7   6264.2

see hacked patch below.

-dean

Date: Sun, 23 Mar 2003 22:08:25 -0800 (PST)
From: dean gaudet <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: SSE2 inner loop for bn_mul_add_words

for kicks i decided to see if it really was possible to get RSA speedups
using the SSE2 PMULUDQ and PADDQ instructions ... and i'm seeing a 30%+
1024-bit sign/s improvement on the p4 systems i've measured on.

but i'm too lazy to try to understand the perl asm generation crud, and
don't want to figure out how/if you folks would prefer to switch between
routines optimized for specific platforms.  so what i present here is a
total hack patch against a .s file.  do with as you please :)

note that i use %mm registers rather than %xmm registers because this
code is completely dominated by the carry-propagation, which is a series
of 64-bit adds followed by shift-right 32 ... and if you attempt to
do this with 128-bit registers you waste a lot of slots mucking about
packing and shuffling and such.

even still, this is SSE2-only code because the PMULUDQ and PADDQ
instructions don't exist in MMX/SSE.  (which means the only released
processors it will run on are p4 and banias^Wpentium-m... it shows
similar improvements on unreleased processors i can't talk about :)

if you look closely i'm doing only 32-bit loads and stores ... the
implicit zero-extension on the 32-bit load beats out any sort of creative
attempt to do 64-bit loads and shuffle the halves around.

it's unlikely that this technique can speed up the simple add/sub
routines -- unless there are situations where multiple add/sub could be
done in parallel... in the MMX hardware you can effectively parallelize
non-dependent carry propagation -- something you can't do in the ALUs
due to the conflict on EFLAGS.CF.

this code probably still has slack which could be improved on...  such as
moving the emms somewhere much higher in the call stack... it's required
before any fp code is run.  and rearranging the loop so that it overlaps
multiplication better with the carry chain propagation.

-dean

p.s. i'm not on the mailing list, so please CC me in any reply.

--- openssl-0.9.7a/crypto/bn/asm/bn86-elf.s 2003-03-23 21:29:16.0 -0800
+++ openssl-0.9.7a/crypto/bn/asm/bn86-elf.s.dg2 2003-03-23 21:18:05.0 -0800
@@ -26,94 +26,76 @@
movl32(%esp),   %ebp
pushl   %ecx
jz  .L000maw_finish
-.L001maw_loop:
-   movl%ecx,   (%esp)

-   movl(%ebx), %eax
-   mull%ebp
-   addl%esi,   %eax
-   movl(%edi), %esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   (%edi)
-   movl%edx,   %esi
+   movd %ebp,%mm0
+   pxor %mm1,%mm1  /* mm1 = carry in */

-   movl4(%ebx),%eax
-   mull%ebp
-   addl%esi,   %eax
-   movl4(%edi),%esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   4(%edi)
-   movl%edx,   %esi
-
-   movl8(%ebx),%eax
-   mull%ebp
-   addl%esi,   %eax
-   movl8(%edi),%esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   8(%edi)
-   movl%edx,   %esi
-
-   movl12(%ebx),   %eax
-   mull%ebp
-   addl%esi,   %eax
-   movl12(%edi),   %esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   12(%edi)
-   movl%edx,   %esi
-
-   movl16(%ebx),   %eax
-   mull%ebp
-   addl%esi,   %eax
-   movl16(%edi),   %esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   16(%edi)
-   movl%edx,   %esi
-
-   movl20(%ebx),   %eax
-   mull%ebp
-   addl%esi,   %eax
-   movl20(%edi),   %esi
-   adcl$0, %edx
-   addl%esi,   %eax
-   adcl$0, %edx
-   movl%eax,   20(%edi)
-   movl%edx,   %esi
-
-   movl24(%ebx),   %eax
-   mull%ebp
-   addl%esi,   %eax
-   movl24(%edi),   %esi
-   a

read private key out

[Wu Junwei]

(B
(B
(BHi,all
(B 
(BI have a question on reading the private key out from a certificate 
(Bfile.
(B 
(BI 'd like to read a private key in a certificate file and returns the 
(Bprivate key data and length in memroy, which functions in OpenSSL should I 
(Bchoose to use?
(B 
(Bd2i/i2d_PKCS8PrivateKey_xx or PEM_read_bio_PrivateKey ?
(B 
(BCan some one kindly tell me the difference among them?
(B 
(BThanks.
(Bwjw
(B 
(B 

[openssl.org #629] Custom error handling

[Richard Levitte via RT]

Just for the sake of keeping history with this ticket: I've concerns
with ERR_disable() in relation to the OpenSSL code checking for certain
errors in some places.  If error setting is disabled, we might very well
end up with unwanted problems.  Sure, it can be fixed by temporarely
re-enabling error setting, but that requires an extra effort from
OpenSSL developpers, and this is easily forgotten.

[levitte - Wed Jun 11 22:55:38 2003]:

> I've implemented ERR_set_mark() and ERR_pop_to_mark(), which can be
>used
> for similar functionality.  I'll look into ERR_disable() and
> ERR_enable() as well, but that requires quite a lot more work.
> 
> If the implemented functions are enough for you for now, I'll resolve
> this ticket.
> 
> [EMAIL PROTECTED] - Mon May 26 09:16:48 2003]:
> 
> > Hi,
> > I would like to implement some kind of error locking function:
> >
> > SYSerr(x,x);
> > ERR_disable(); //We don't want anymore error feedback from this
>point
> > //call to functions that can potentialy generate some more errors
> > ERR_enable(); //Re-enable error feedback
> >
> > In this exemple the last error will be the one generated by
> >"SYSerr(x,x);".
> >
> > I tried to implement a custom error handling function,
> >int_thread_get_item equivalent that would return NULL, if the
> >thread error handling was locked, but any call to
> > ERR_clear_error destroyed the "SYSerr(x,x);" error.
> >
> > The custom error handling doesn't seem to be really supported
>(ERR_FNS
> >is opaque..., etc), altough the bases are there, could it be
> >possible to either fully support custom error handling, or to add
> >the ERR_enable/ERR_disable.
> >
> > Thanks,
> > Frédéric Giudicelli
> > http://www.newpki.org
> >
> 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #617] bug in x509_trs.c (openssl-0.9.7b)

[Richard Levitte via RT]

Any results?

[levitte - Wed Jun 11 23:24:18 2003]:

> I've added ean entry for X509_TRUST_OBJECT_SIGN in trstandard[]. 
Please
> test tomorrow's snapshot.
> 
> [EMAIL PROTECTED] - Fri May 16 12:54:13 2003]:
> 
> > Hi All,
> > 
> > The X509_TRUST_OBJECT_SIGN, which is defined in crypto/x509/x509.h,
is
> >not
> > included in the trstandard table defined in crypto/x509/x509_trs.c.
> >The
> > number of trust options and the number of entries and their order in
> >this
> > table should match (maybe this should be pointed out in a comment in
> > x509.h).
> > 
> > This may cause a segmentation fault if somebody calls
> > X509_TRUST_get0(X509_TRUST_OCSP_REQUEST) and uses the return value.
> >Probably
> > nobody does.
> > 
> > Regards,
> > Zoltan
> > 
> > 
> > Open Time Stamping Authority project
> > http://www.opentsa.org/
> > 
> >
__
> > OpenSSL Project
http://www.openssl.org
> > Development Mailing List  
[EMAIL PROTECTED]
> > Automated List Manager  
[EMAIL PROTECTED]
> 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #587] bug report: key length checking

[Richard Levitte via RT]

Quite right.  I've no applied a patch to change this, please test
tomorrows snapshot.

Ticket resolved.

[EMAIL PROTECTED] - Thu Apr 17 21:37:09 2003]:

> Is it correct to use EVP_PKEY_size, which returns the maximum size of
a
> signature in bytes, to check the key length against the 512 bits
limit?
> 
> In crypto\evp\evp.h:
>   #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
> 
> In crypto\x509\x509type.c:
> int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
> {
> ...
>   if (EVP_PKEY_size(pk) <= 512)
>   ret|=EVP_PKT_EXP;
>   ...
> }
> 
> 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #644] [PATCH] implementation of crl numbers in openssl-0.9.7b (and cvs branch)

[Richard Levitte via RT]

I'm stealing this ticket from Steve, hope he doesn't mind.

Patch for the 0.9.8-dev development line applied.  I've placed the
gzip-tarred 0.9.7b patch in our contribution directory
(http://www.openssl.org/contrib), since we don't add new features in a
released branch.

This ticket is hereby resolved.  Please test tomorrows snapshot, and
report bugs as a new ticket.

Thank you.

>[EMAIL PROTECTED] - Mon Jun 16 11:29:52 2003]:

> > Thanks for the contribution, most of the changes seem reasonable and
> > should certainly make it into 0.9.8.
> 
> Great !
> 
> > However I think that X509_CRL_set_crlnumber() should instead
> > convert the
> > BIGNUM to an ASN1_INTEGER then make use of the standard function
> > X509_CRL_add1_ext_i2d() passing the ASN1_INTEGER into the value
> > parameter. This should set the CRL number using a portable call and
> > avoid having to access structure internals.
> 
> You're totally right, that's much better now.
> 
> > Also if you do that the changes in v3_int.c are no longer needed.
> 
> Yes.
> 
> Here are the (smaller) patchs with your comments taken into account.
> (based on openssl-0.9.7b and cvs of june, 12).
> 
> Best regards,
> 
>   Laurent.
> 
> ---
> Email : Laurent Genier <[EMAIL PROTECTED]>
> INTRINsec  Sécurité informatique
> 205 avenue Georges Clemenceau 92024 Nanterre Cedex - 01 41 91 77 77
> Visitez notre laboratoire de veille : http://citadelle.intrinsec.com
> 


-- 
Richard Levitte
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [PATCH] NetWare Support for OpenSSL 0.9.7

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 09:35:20 -0600, "Verdon Walker" 
<[EMAIL PROTECTED]> said:

VWalker> The first error I see with the latest developement snapshot when compiling 
for Windows is:
VWalker> 
VWalker> cl /Fotmp32.dbg\ech_ossl.obj  -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi 
/Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN 
-DDEBUG -DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\ecdh\ech_ossl.c
VWalker> ech_ossl.c
VWalker> .\crypto\ecdh\ech_ossl.c(176) : error C2220: warning treated as error - no 
object file generated
VWalker> .\crypto\ecdh\ech_ossl.c(176) : warning C4018: '!=' : signed/unsigned mismatch
VWalker> NMAKE : fatal error U1077: 'cl' : return code '0x2'
VWalker> 
VWalker> I addressed that by casting the results from BN_bn2bin() to a size_t and then 
proceeded until I saw the following:

I'll commit that change in a few minutes.

VWalker> cl /Fotmp32.dbg\eng_dyn.obj  -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd 
/Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\engine\eng_dyn.c
VWalker> eng_dyn.c
VWalker> .\crypto\engine\eng_dyn.c(281) : error C2220: warning treated as error - no 
object file generated
VWalker> .\crypto\engine\eng_dyn.c(281) : warning C4028: formal parameter 5 different 
from declaration
VWalker> .\crypto\engine\eng_dyn.c(281) : warning C4024: 'ENGINE_set_ctrl_function' : 
different types for formal and actual parameter 2
VWalker> NMAKE : fatal error U1077: 'cl' : return code '0x2'
VWalker> 
VWalker> I solved this by changing the definition of "dynamic_ctrl" from:
VWalker> 
VWalker> static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
VWalker> 
VWalker> to:
VWalker> 
VWalker> static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

I'll commit that change too.

VWalker> I then proceeded until I ran into:
VWalker> 
VWalker> cl /Fotmp32.dbg\ectest.obj -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd 
/Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\ec\ectest.c
VWalker> ectest.c
VWalker> .\crypto\ec\ectest.c(193) : error C2220: warning treated as error - no object 
file generated
VWalker> .\crypto\ec\ectest.c(193) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(199) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(201) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(202) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(203) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(207) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> .\crypto\ec\ectest.c(209) : warning C4098: 'prime_field_tests' : 'void' 
function returning a value
VWalker> and on and on and on
VWalker> 
VWalker> because the macro "ABORT" does an "EXIT(1)". Since "ABORT" is only used 
inside of void functions, I simply commented the "EXIT(1)" out to get around this. I 
then proceeded until:

Actually, in the Windows section of e_os.h, EXIT() is incorrectly
defined to "return(n)".  It should, as far as I understand, be
"exit(n)".  I'll commit that change.

VWalker> cl /Fotmp32.dbg\evp_test.obj -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd 
/Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\evp\evp_test.c
VWalker> evp_test.c
VWalker> link /nologo /subsystem:console /machine:I386 /opt:ref /debug 
/out:out32.dbg\evp_test.exe @c:\temp\nme02284.
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_ubsec
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_sureware
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_nuron
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_chil
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_cswift
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_atalla
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_aep
VWalker> libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_4758cca
VWalker> out32.dbg\evp_test.exe : fatal error LNK1120: 8 unresolved externals
VWalker> NMAKE : fatal error U1077: 'link' : return code '0x460'
VWalker> 
VWalker> I fixed this by defining "OPENSSL_NO_STATIC_ENGINE" inside of "ms\32all.bat" 
which I use when building windows. I then seemed in really good shape until f

Re: [PATCH] NetWare Support for OpenSSL 0.9.7

[Verdon Walker]

I meant to send this to the group last week and accidentally sent it only to Richard. 
It looks like all these problems still exist in the latest development snapshot so I 
figured I resend to the group in case it got lost.

The first error I see with the latest developement snapshot when compiling for Windows 
is:

cl /Fotmp32.dbg\ech_ossl.obj  -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd /Od 
/nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\ecdh\ech_ossl.c
ech_ossl.c
.\crypto\ecdh\ech_ossl.c(176) : error C2220: warning treated as error - no object file 
generated
.\crypto\ecdh\ech_ossl.c(176) : warning C4018: '!=' : signed/unsigned mismatch
NMAKE : fatal error U1077: 'cl' : return code '0x2'

I addressed that by casting the results from BN_bn2bin() to a size_t and then 
proceeded until I saw the following:

cl /Fotmp32.dbg\eng_dyn.obj  -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd /Od 
/nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\engine\eng_dyn.c
eng_dyn.c
.\crypto\engine\eng_dyn.c(281) : error C2220: warning treated as error - no object 
file generated
.\crypto\engine\eng_dyn.c(281) : warning C4028: formal parameter 5 different from 
declaration
.\crypto\engine\eng_dyn.c(281) : warning C4024: 'ENGINE_set_ctrl_function' : different 
types for formal and actual parameter 2
NMAKE : fatal error U1077: 'cl' : return code '0x2'

I solved this by changing the definition of "dynamic_ctrl" from:

static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

to:

static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));

I then proceeded until I ran into:

cl /Fotmp32.dbg\ectest.obj -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd /Od 
/nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\ec\ectest.c
ectest.c
.\crypto\ec\ectest.c(193) : error C2220: warning treated as error - no object file 
generated
.\crypto\ec\ectest.c(193) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(199) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(201) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(202) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(203) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(207) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
.\crypto\ec\ectest.c(209) : warning C4098: 'prime_field_tests' : 'void' function 
returning a value
and on and on and on

because the macro "ABORT" does an "EXIT(1)". Since "ABORT" is only used inside of void 
functions, I simply commented the "EXIT(1)" out to get around this. I then proceeded 
until:

cl /Fotmp32.dbg\evp_test.obj -Iinc32 -Itmp32.dbg /MDd /W3 /WX /Zi /Yd /Od 
/nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG 
-DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5  -c .\crypto\evp\evp_test.c
evp_test.c
link /nologo /subsystem:console /machine:I386 /opt:ref /debug 
/out:out32.dbg\evp_test.exe @c:\temp\nme02284.
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_ubsec
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_sureware
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_nuron
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol _ENGINE_load_chil
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_cswift
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_atalla
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol _ENGINE_load_aep
libeay32.lib(eng_all.obj) : error LNK2001: unresolved external symbol 
_ENGINE_load_4758cca
out32.dbg\evp_test.exe : fatal error LNK1120: 8 unresolved externals
NMAKE : fatal error U1077: 'link' : return code '0x460'

I fixed this by defining "OPENSSL_NO_STATIC_ENGINE" inside of "ms\32all.bat" which I 
use when building windows. I then seemed in really good shape until finally I got:

link /debug /nologo /subsystem:console /machine:I386 /opt:ref /debug /dll 
/out:out32dll.dbg\libeay32.dll /def:ms/LIBEAY32.def @c:\temp\nma01556.
LIBEAY32.def : error LNK2001: unresolved external symbol ENGINE_load_4758cca
LIBEAY32.def : error LNK2001: unresolved external symbol ENGINE_load_aep
LIBEAY32.def : error LNK2001: unresolved external symbol ENGINE_load_atalla
LIBEAY32.def : error LNK2001: unresolved external symbol ENGINE_load_chil
LIBEAY32.def : error LNK2001: unresolved external symbol ENGINE_load_cswift
LIBEAY32.def : error LNK2001: unresolved external symbol ENG

Re: [openssl.org #646] Fix for Linux problems using TERMIOS

[Richard Levitte - VMS Whacker via RT]

In message <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 08:51:58 +0200 (METDST), "Bob 
Hepple via RT" <[EMAIL PROTECTED]> said:

rt> I am busy porting OpenSSL to the Eracom hardware engine and have run into
rt> a problem when entering PINS (ie using fgets() without echo). Thought I'd
rt> share the workaround and invite comment ...
rt> 
rt> Normally, openssl does not need to access this function so I imagine it
rt> has not been much debugged. But with this hardware engine I need to be
rt> able to input a PIN without echo and since there is a mechanism in openssl
rt> to do just that, naturally I prefer to use it rather than write more code.

Uhmm, you're doing the prompting through a UI_METHOD, I assume (more
precisely, the one returned by UI_OpenSSL()).  All OpenSSL application
prompting for pass phrases ('openssl genrsa' and lots of other
commands) use that same mechanism, so I'm quite surprised this hasn't
been heard of before.

Have you tested if 'openssl genrsa' works?  If it does, perhaps you
should figure out what you do differently from the OpenSSL
application.  You probably want to check out the function
setup_ui_method() and related static functions in apps/apps.c, or
check out the nCipher engine, which I'm pretty sure does things
properly (at least last time I tested).

rt> Normally, Linux is configured with -DTERMIO set. This causes fgets() to
rt> return an error (it returns NULL and feof() is set) when NOECHO is used in
rt> crypto/ui/ui_openssl:read_string_inner()
rt> 
rt> If I compile with -DTERMIOS instead, there is no error. So my question is
rt> in 3 parts:
rt> 
rt> 1. what is the 'correct' way to specify TERMIOS instead of TERMIO? I have
rt> tried setting the TERMIOS parameter in util/pl/linux.pl to no avail. I am
rt> currently changing all the  linux configurations in the 'Configure' script
rt> and this seems to work, but it's messy.

There's some preprocessor code in crypto/ui/ui_openssl.c that forces
TERMIO for Linux.  You might want to disable that, or make it force
TERMIOS instead.

rt> 2. Since this fixes the problem, can this setting please be used as the
rt> default in future?

Will it work on all Linux variants, including somewhat aged Linux
systems?

rt> 3. Why use TERMIO when TERMIOS is available on Linux?

Because once upon a time, when the original code was constructed,
there was only TERMIO, I assume.  Noone has complained since, so...

rt> ... and yes, the current stat of the port is available as a source code
rt> patch at http://www.eracom-tech.com/downloads/downloads.php

I think "available" depends on who you are.  I just tried, and was
redirected to http://www.eracom-tech.com/login/userlogin.php...

Anyhow, whenever it really becomes available, I think I can take a
look and see if I can spot something.

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #646] Fix for Linux problems using TERMIOS

[Richard Levitte - VMS Whacker]

In message <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 08:51:58 +0200 (METDST), "Bob 
Hepple via RT" <[EMAIL PROTECTED]> said:

rt> I am busy porting OpenSSL to the Eracom hardware engine and have run into
rt> a problem when entering PINS (ie using fgets() without echo). Thought I'd
rt> share the workaround and invite comment ...
rt> 
rt> Normally, openssl does not need to access this function so I imagine it
rt> has not been much debugged. But with this hardware engine I need to be
rt> able to input a PIN without echo and since there is a mechanism in openssl
rt> to do just that, naturally I prefer to use it rather than write more code.

Uhmm, you're doing the prompting through a UI_METHOD, I assume (more
precisely, the one returned by UI_OpenSSL()).  All OpenSSL application
prompting for pass phrases ('openssl genrsa' and lots of other
commands) use that same mechanism, so I'm quite surprised this hasn't
been heard of before.

Have you tested if 'openssl genrsa' works?  If it does, perhaps you
should figure out what you do differently from the OpenSSL
application.  You probably want to check out the function
setup_ui_method() and related static functions in apps/apps.c, or
check out the nCipher engine, which I'm pretty sure does things
properly (at least last time I tested).

rt> Normally, Linux is configured with -DTERMIO set. This causes fgets() to
rt> return an error (it returns NULL and feof() is set) when NOECHO is used in
rt> crypto/ui/ui_openssl:read_string_inner()
rt> 
rt> If I compile with -DTERMIOS instead, there is no error. So my question is
rt> in 3 parts:
rt> 
rt> 1. what is the 'correct' way to specify TERMIOS instead of TERMIO? I have
rt> tried setting the TERMIOS parameter in util/pl/linux.pl to no avail. I am
rt> currently changing all the  linux configurations in the 'Configure' script
rt> and this seems to work, but it's messy.

There's some preprocessor code in crypto/ui/ui_openssl.c that forces
TERMIO for Linux.  You might want to disable that, or make it force
TERMIOS instead.

rt> 2. Since this fixes the problem, can this setting please be used as the
rt> default in future?

Will it work on all Linux variants, including somewhat aged Linux
systems?

rt> 3. Why use TERMIO when TERMIOS is available on Linux?

Because once upon a time, when the original code was constructed,
there was only TERMIO, I assume.  Noone has complained since, so...

rt> ... and yes, the current stat of the port is available as a source code
rt> patch at http://www.eracom-tech.com/downloads/downloads.php

I think "available" depends on who you are.  I just tried, and was
redirected to http://www.eracom-tech.com/login/userlogin.php...

Anyhow, whenever it really becomes available, I think I can take a
look and see if I can spot something.

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: about i2d_Private() in i2d_pr.c

[Nils Larsch]

Wu Junwei wrote:
Hi,all
 
in OpenSSL version 0.9.7b,
 
I'd like to know , in i2d_PrivateKey() in i2d_pr.c , why it only deals 
with the EVP_PKEY_RSA and EVP_PKEY_DSA key?
Because these are the only kind of private key types implemented
in OpenSSL 0.9.7.
There are some other key kinds , such as DH key, why this function does 
not deal with?
There's seems to be no need for them (you can use the DSA private
structure as a replacement, but that's not really optimal).
Nils

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]