Recent changes from 0.9.6-stable.
This commit is contained in:
Richard Levitte
parent
e7534d6060
commit
2f1d799c7f
@ -132,7 +132,7 @@ my %table=(
|
||||
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wmissing-declarations -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-declarations -Wno-long-long -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"dist", "cc:-O::(unknown):::::",
|
||||
|
||||
# Basic configs that should work on any (32 and less bit) box
|
||||
|
||||
@ -59,7 +59,11 @@
|
||||
#ifndef HEADER_APPS_H
|
||||
#define HEADER_APPS_H
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/bio.h>
|
||||
|
||||
@ -78,7 +78,8 @@
|
||||
* and a FILE pointer.
|
||||
*/
|
||||
|
||||
int send_mem_chars(void *arg, const void *buf, int len)
|
||||
#if 0 /* Not used */
|
||||
static int send_mem_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
unsigned char **out = arg;
|
||||
if(!out) return 1;
|
||||
@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
|
||||
*out += len;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int send_bio_chars(void *arg, const void *buf, int len)
|
||||
static int send_bio_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(BIO_write(arg, buf, len) != len) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int send_fp_chars(void *arg, const void *buf, int len)
|
||||
static int send_fp_chars(void *arg, const void *buf, int len)
|
||||
{
|
||||
if(!arg) return 1;
|
||||
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
|
||||
@ -240,7 +242,8 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
|
||||
* #01234 format.
|
||||
*/
|
||||
|
||||
int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
|
||||
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
|
||||
ASN1_STRING *str)
|
||||
{
|
||||
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
|
||||
* the DER encoding to readily obtained
|
||||
|
||||
@ -63,7 +63,11 @@
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#ifdef NO_BF
|
||||
int main(int argc, char *argv[])
|
||||
|
||||
@ -565,12 +565,12 @@ abs_val(LDOUBLE value)
|
||||
}
|
||||
|
||||
static LDOUBLE
|
||||
pow10(int exp)
|
||||
pow10(int in_exp)
|
||||
{
|
||||
LDOUBLE result = 1;
|
||||
while (exp) {
|
||||
while (in_exp) {
|
||||
result *= 10;
|
||||
exp--;
|
||||
in_exp--;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
@ -62,7 +62,11 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
@ -164,7 +164,7 @@ static RAND_METHOD hwcrhk_rand =
|
||||
hwcrhk_rand_bytes,
|
||||
NULL,
|
||||
NULL,
|
||||
hwcrhk_rand_bytes,
|
||||
NULL,
|
||||
hwcrhk_rand_status,
|
||||
};
|
||||
|
||||
@ -293,6 +293,7 @@ ENGINE *ENGINE_ncipher()
|
||||
{
|
||||
RSA_METHOD *meth1;
|
||||
DH_METHOD *meth2;
|
||||
const RAND_METHOD *meth3;
|
||||
|
||||
/* We know that the "PKCS1_SSLeay()" functions hook properly
|
||||
* to the cswift-specific mod_exp and mod_exp_crt so we use
|
||||
@ -311,6 +312,14 @@ ENGINE *ENGINE_ncipher()
|
||||
meth2 = DH_OpenSSL();
|
||||
hwcrhk_dh.generate_key = meth2->generate_key;
|
||||
hwcrhk_dh.compute_key = meth2->compute_key;
|
||||
|
||||
/* Much the same for RAND */
|
||||
meth3 = RAND_SSLeay();
|
||||
hwcrhk_rand.seed = meth3->seed;
|
||||
hwcrhk_rand.cleanup = meth3->cleanup;
|
||||
hwcrhk_rand.add = meth3->add;
|
||||
hwcrhk_rand.pseudorand = meth3->pseudorand;
|
||||
|
||||
return &engine_hwcrhk;
|
||||
}
|
||||
|
||||
@ -386,6 +395,8 @@ static int hwcrhk_init()
|
||||
HWCryptoHook_RSAUnloadKey_t *p7;
|
||||
HWCryptoHook_RandomBytes_t *p8;
|
||||
HWCryptoHook_ModExpCRT_t *p9;
|
||||
int rand_cnt;
|
||||
RAND_METHOD *rand_method = RAND_SSLeay();
|
||||
|
||||
if(hwcrhk_dso != NULL)
|
||||
{
|
||||
@ -466,6 +477,28 @@ static int hwcrhk_init()
|
||||
hndidx = RSA_get_ex_new_index(0,
|
||||
"nFast HWCryptoHook RSA key handle",
|
||||
NULL, NULL, hwcrhk_ex_free);
|
||||
|
||||
/* Let's seed the OpenSSL pool with a bit of hardware randomness
|
||||
for a maximum of 32 rounds. Beyond that, the OpenSSL random
|
||||
pool should be good, and if not, we assume something is seriously
|
||||
wrong with OpenSSL (for now, we let it be and let the user discover
|
||||
it through normal means. That may need to change). */
|
||||
rand_cnt = 32;
|
||||
do
|
||||
{
|
||||
unsigned char buf[8];
|
||||
|
||||
/* If something went wrong, it's OK to just return a fault.
|
||||
All that may happen is that the OpenSSL randomness pool
|
||||
is a bit more seeded, and that can't really be a bad thing,
|
||||
right? */
|
||||
if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
|
||||
goto err;
|
||||
|
||||
rand_method->seed(buf, sizeof(buf));
|
||||
}
|
||||
while(rand_cnt-- > 0 && rand_method->status());
|
||||
|
||||
return 1;
|
||||
err:
|
||||
if(hwcrhk_dso)
|
||||
|
||||
@ -329,7 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
|
||||
}
|
||||
else
|
||||
{
|
||||
snprintf(b->data,"%s%c%08lx.%s%d",
|
||||
sprintf(b->data,"%s%c%08lx.%s%d",
|
||||
ctx->dirs[i],c,h,postfix,k);
|
||||
}
|
||||
k++;
|
||||
|
||||
12
ssl/s3_enc.c
12
ssl/s3_enc.c
@ -188,9 +188,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
COMP_METHOD *comp;
|
||||
const EVP_MD *m;
|
||||
MD5_CTX md;
|
||||
int exp,n,i,j,k,cl;
|
||||
int is_exp,n,i,j,k,cl;
|
||||
|
||||
exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c=s->s3->tmp.new_sym_enc;
|
||||
m=s->s3->tmp.new_hash;
|
||||
if (s->s3->tmp.new_compression == NULL)
|
||||
@ -262,9 +262,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
p=s->s3->tmp.key_block;
|
||||
i=EVP_MD_size(m);
|
||||
cl=EVP_CIPHER_key_length(c);
|
||||
j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
||||
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
|
||||
k=EVP_CIPHER_iv_length(c);
|
||||
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
||||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
|
||||
@ -292,7 +292,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
||||
}
|
||||
|
||||
memcpy(mac_secret,ms,i);
|
||||
if (exp)
|
||||
if (is_exp)
|
||||
{
|
||||
/* In here I set both the read and write key/iv to the
|
||||
* same value since only the correct one will be used :-).
|
||||
|
||||
@ -870,7 +870,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
{
|
||||
int is_export,pkl,kl;
|
||||
char *ver,*exp;
|
||||
char *ver,*exp_str;
|
||||
char *kx,*au,*enc,*mac;
|
||||
unsigned long alg,alg2,alg_s;
|
||||
static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
|
||||
@ -882,7 +882,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
is_export=SSL_C_IS_EXPORT(cipher);
|
||||
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
|
||||
exp=is_export?" export":"";
|
||||
exp_str=is_export?" export":"";
|
||||
|
||||
if (alg & SSL_SSLV2)
|
||||
ver="SSLv2";
|
||||
@ -983,7 +983,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
else if (len < 128)
|
||||
return("Buffer too small");
|
||||
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
|
||||
return(buf);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user