Recent changes from 0.9.6-stable.
This commit is contained in:
Richard Levitte
parent
e7534d6060
commit
2f1d799c7f
@ -132,7 +132,7 @@ my %table=(
|
|||||||
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wmissing-declarations -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-declarations -Wno-long-long -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||||
"dist", "cc:-O::(unknown):::::",
|
"dist", "cc:-O::(unknown):::::",
|
||||||
|
|
||||||
# Basic configs that should work on any (32 and less bit) box
|
# Basic configs that should work on any (32 and less bit) box
|
||||||
|
|||||||
@ -59,7 +59,11 @@
|
|||||||
#ifndef HEADER_APPS_H
|
#ifndef HEADER_APPS_H
|
||||||
#define HEADER_APPS_H
|
#define HEADER_APPS_H
|
||||||
|
|
||||||
|
#ifdef FLAT_INC
|
||||||
#include "e_os.h"
|
#include "e_os.h"
|
||||||
|
#else
|
||||||
|
#include "../e_os.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#include <openssl/buffer.h>
|
#include <openssl/buffer.h>
|
||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
|
|||||||
@ -78,7 +78,8 @@
|
|||||||
* and a FILE pointer.
|
* and a FILE pointer.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int send_mem_chars(void *arg, const void *buf, int len)
|
#if 0 /* Not used */
|
||||||
|
static int send_mem_chars(void *arg, const void *buf, int len)
|
||||||
{
|
{
|
||||||
unsigned char **out = arg;
|
unsigned char **out = arg;
|
||||||
if(!out) return 1;
|
if(!out) return 1;
|
||||||
@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
|
|||||||
*out += len;
|
*out += len;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int send_bio_chars(void *arg, const void *buf, int len)
|
static int send_bio_chars(void *arg, const void *buf, int len)
|
||||||
{
|
{
|
||||||
if(!arg) return 1;
|
if(!arg) return 1;
|
||||||
if(BIO_write(arg, buf, len) != len) return 0;
|
if(BIO_write(arg, buf, len) != len) return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int send_fp_chars(void *arg, const void *buf, int len)
|
static int send_fp_chars(void *arg, const void *buf, int len)
|
||||||
{
|
{
|
||||||
if(!arg) return 1;
|
if(!arg) return 1;
|
||||||
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
||||||
@ -240,7 +242,8 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
|
|||||||
* #01234 format.
|
* #01234 format.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
|
||||||
|
ASN1_STRING *str)
|
||||||
{
|
{
|
||||||
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
||||||
* the DER encoding to readily obtained
|
* the DER encoding to readily obtained
|
||||||
|
|||||||
@ -63,7 +63,11 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
#ifdef FLAT_INC
|
||||||
#include "e_os.h"
|
#include "e_os.h"
|
||||||
|
#else
|
||||||
|
#include "../e_os.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef NO_BF
|
#ifdef NO_BF
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
|
|||||||
@ -565,12 +565,12 @@ abs_val(LDOUBLE value)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static LDOUBLE
|
static LDOUBLE
|
||||||
pow10(int exp)
|
pow10(int in_exp)
|
||||||
{
|
{
|
||||||
LDOUBLE result = 1;
|
LDOUBLE result = 1;
|
||||||
while (exp) {
|
while (in_exp) {
|
||||||
result *= 10;
|
result *= 10;
|
||||||
exp--;
|
in_exp--;
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -62,7 +62,11 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#ifdef FLAT_INC
|
||||||
#include "e_os.h"
|
#include "e_os.h"
|
||||||
|
#else
|
||||||
|
#include "../e_os.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/buffer.h>
|
#include <openssl/buffer.h>
|
||||||
|
|||||||
@ -164,7 +164,7 @@ static RAND_METHOD hwcrhk_rand =
|
|||||||
hwcrhk_rand_bytes,
|
hwcrhk_rand_bytes,
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
hwcrhk_rand_bytes,
|
NULL,
|
||||||
hwcrhk_rand_status,
|
hwcrhk_rand_status,
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -293,6 +293,7 @@ ENGINE *ENGINE_ncipher()
|
|||||||
{
|
{
|
||||||
RSA_METHOD *meth1;
|
RSA_METHOD *meth1;
|
||||||
DH_METHOD *meth2;
|
DH_METHOD *meth2;
|
||||||
|
const RAND_METHOD *meth3;
|
||||||
|
|
||||||
/* We know that the "PKCS1_SSLeay()" functions hook properly
|
/* We know that the "PKCS1_SSLeay()" functions hook properly
|
||||||
* to the cswift-specific mod_exp and mod_exp_crt so we use
|
* to the cswift-specific mod_exp and mod_exp_crt so we use
|
||||||
@ -311,6 +312,14 @@ ENGINE *ENGINE_ncipher()
|
|||||||
meth2 = DH_OpenSSL();
|
meth2 = DH_OpenSSL();
|
||||||
hwcrhk_dh.generate_key = meth2->generate_key;
|
hwcrhk_dh.generate_key = meth2->generate_key;
|
||||||
hwcrhk_dh.compute_key = meth2->compute_key;
|
hwcrhk_dh.compute_key = meth2->compute_key;
|
||||||
|
|
||||||
|
/* Much the same for RAND */
|
||||||
|
meth3 = RAND_SSLeay();
|
||||||
|
hwcrhk_rand.seed = meth3->seed;
|
||||||
|
hwcrhk_rand.cleanup = meth3->cleanup;
|
||||||
|
hwcrhk_rand.add = meth3->add;
|
||||||
|
hwcrhk_rand.pseudorand = meth3->pseudorand;
|
||||||
|
|
||||||
return &engine_hwcrhk;
|
return &engine_hwcrhk;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -386,6 +395,8 @@ static int hwcrhk_init()
|
|||||||
HWCryptoHook_RSAUnloadKey_t *p7;
|
HWCryptoHook_RSAUnloadKey_t *p7;
|
||||||
HWCryptoHook_RandomBytes_t *p8;
|
HWCryptoHook_RandomBytes_t *p8;
|
||||||
HWCryptoHook_ModExpCRT_t *p9;
|
HWCryptoHook_ModExpCRT_t *p9;
|
||||||
|
int rand_cnt;
|
||||||
|
RAND_METHOD *rand_method = RAND_SSLeay();
|
||||||
|
|
||||||
if(hwcrhk_dso != NULL)
|
if(hwcrhk_dso != NULL)
|
||||||
{
|
{
|
||||||
@ -466,6 +477,28 @@ static int hwcrhk_init()
|
|||||||
hndidx = RSA_get_ex_new_index(0,
|
hndidx = RSA_get_ex_new_index(0,
|
||||||
"nFast HWCryptoHook RSA key handle",
|
"nFast HWCryptoHook RSA key handle",
|
||||||
NULL, NULL, hwcrhk_ex_free);
|
NULL, NULL, hwcrhk_ex_free);
|
||||||
|
|
||||||
|
/* Let's seed the OpenSSL pool with a bit of hardware randomness
|
||||||
|
for a maximum of 32 rounds. Beyond that, the OpenSSL random
|
||||||
|
pool should be good, and if not, we assume something is seriously
|
||||||
|
wrong with OpenSSL (for now, we let it be and let the user discover
|
||||||
|
it through normal means. That may need to change). */
|
||||||
|
rand_cnt = 32;
|
||||||
|
do
|
||||||
|
{
|
||||||
|
unsigned char buf[8];
|
||||||
|
|
||||||
|
/* If something went wrong, it's OK to just return a fault.
|
||||||
|
All that may happen is that the OpenSSL randomness pool
|
||||||
|
is a bit more seeded, and that can't really be a bad thing,
|
||||||
|
right? */
|
||||||
|
if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
rand_method->seed(buf, sizeof(buf));
|
||||||
|
}
|
||||||
|
while(rand_cnt-- > 0 && rand_method->status());
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
err:
|
err:
|
||||||
if(hwcrhk_dso)
|
if(hwcrhk_dso)
|
||||||
|
|||||||
@ -329,7 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
snprintf(b->data,"%s%c%08lx.%s%d",
|
sprintf(b->data,"%s%c%08lx.%s%d",
|
||||||
ctx->dirs[i],c,h,postfix,k);
|
ctx->dirs[i],c,h,postfix,k);
|
||||||
}
|
}
|
||||||
k++;
|
k++;
|
||||||
|
|||||||
12
ssl/s3_enc.c
12
ssl/s3_enc.c
@ -188,9 +188,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
COMP_METHOD *comp;
|
COMP_METHOD *comp;
|
||||||
const EVP_MD *m;
|
const EVP_MD *m;
|
||||||
MD5_CTX md;
|
MD5_CTX md;
|
||||||
int exp,n,i,j,k,cl;
|
int is_exp,n,i,j,k,cl;
|
||||||
|
|
||||||
exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||||
c=s->s3->tmp.new_sym_enc;
|
c=s->s3->tmp.new_sym_enc;
|
||||||
m=s->s3->tmp.new_hash;
|
m=s->s3->tmp.new_hash;
|
||||||
if (s->s3->tmp.new_compression == NULL)
|
if (s->s3->tmp.new_compression == NULL)
|
||||||
@ -262,9 +262,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
p=s->s3->tmp.key_block;
|
p=s->s3->tmp.key_block;
|
||||||
i=EVP_MD_size(m);
|
i=EVP_MD_size(m);
|
||||||
cl=EVP_CIPHER_key_length(c);
|
cl=EVP_CIPHER_key_length(c);
|
||||||
j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
|
||||||
k=EVP_CIPHER_iv_length(c);
|
k=EVP_CIPHER_iv_length(c);
|
||||||
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
||||||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
|
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
|
||||||
@ -292,7 +292,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
}
|
}
|
||||||
|
|
||||||
memcpy(mac_secret,ms,i);
|
memcpy(mac_secret,ms,i);
|
||||||
if (exp)
|
if (is_exp)
|
||||||
{
|
{
|
||||||
/* In here I set both the read and write key/iv to the
|
/* In here I set both the read and write key/iv to the
|
||||||
* same value since only the correct one will be used :-).
|
* same value since only the correct one will be used :-).
|
||||||
|
|||||||
@ -870,7 +870,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
|||||||
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||||
{
|
{
|
||||||
int is_export,pkl,kl;
|
int is_export,pkl,kl;
|
||||||
char *ver,*exp;
|
char *ver,*exp_str;
|
||||||
char *kx,*au,*enc,*mac;
|
char *kx,*au,*enc,*mac;
|
||||||
unsigned long alg,alg2,alg_s;
|
unsigned long alg,alg2,alg_s;
|
||||||
static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
|
static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
|
||||||
@ -882,7 +882,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
|||||||
is_export=SSL_C_IS_EXPORT(cipher);
|
is_export=SSL_C_IS_EXPORT(cipher);
|
||||||
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
|
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||||
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
|
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
|
||||||
exp=is_export?" export":"";
|
exp_str=is_export?" export":"";
|
||||||
|
|
||||||
if (alg & SSL_SSLV2)
|
if (alg & SSL_SSLV2)
|
||||||
ver="SSLv2";
|
ver="SSLv2";
|
||||||
@ -983,7 +983,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
|||||||
else if (len < 128)
|
else if (len < 128)
|
||||||
return("Buffer too small");
|
return("Buffer too small");
|
||||||
|
|
||||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
|
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
|
||||||
return(buf);
|
return(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user