"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wmissing-declarations -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-declarations -Wno-long-long -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
+#ifdef FLAT_INC
#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
#include <openssl/buffer.h>
#include <openssl/bio.h>
* and a FILE pointer.
*/
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0 /* Not used */
+static int send_mem_chars(void *arg, const void *buf, int len)
{
unsigned char **out = arg;
if(!out) return 1;
*out += len;
return 1;
}
+#endif
-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
{
if(!arg) return 1;
if(BIO_write(arg, buf, len) != len) return 0;
return 1;
}
-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
{
if(!arg) return 1;
if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
* #01234 format.
*/
-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+ ASN1_STRING *str)
{
/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
* the DER encoding to readily obtained
#include <string.h>
#include <stdlib.h>
+#ifdef FLAT_INC
#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
#ifdef NO_BF
int main(int argc, char *argv[])
}
static LDOUBLE
-pow10(int exp)
+pow10(int in_exp)
{
LDOUBLE result = 1;
- while (exp) {
+ while (in_exp) {
result *= 10;
- exp--;
+ in_exp--;
}
return result;
}
#include <stdlib.h>
#include <string.h>
+#ifdef FLAT_INC
#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
#include <openssl/crypto.h>
#include <openssl/buffer.h>
hwcrhk_rand_bytes,
NULL,
NULL,
- hwcrhk_rand_bytes,
+ NULL,
hwcrhk_rand_status,
};
{
RSA_METHOD *meth1;
DH_METHOD *meth2;
+ const RAND_METHOD *meth3;
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
meth2 = DH_OpenSSL();
hwcrhk_dh.generate_key = meth2->generate_key;
hwcrhk_dh.compute_key = meth2->compute_key;
+
+ /* Much the same for RAND */
+ meth3 = RAND_SSLeay();
+ hwcrhk_rand.seed = meth3->seed;
+ hwcrhk_rand.cleanup = meth3->cleanup;
+ hwcrhk_rand.add = meth3->add;
+ hwcrhk_rand.pseudorand = meth3->pseudorand;
+
return &engine_hwcrhk;
}
HWCryptoHook_RSAUnloadKey_t *p7;
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
+ int rand_cnt;
+ RAND_METHOD *rand_method = RAND_SSLeay();
if(hwcrhk_dso != NULL)
{
hndidx = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
+
+ /* Let's seed the OpenSSL pool with a bit of hardware randomness
+ for a maximum of 32 rounds. Beyond that, the OpenSSL random
+ pool should be good, and if not, we assume something is seriously
+ wrong with OpenSSL (for now, we let it be and let the user discover
+ it through normal means. That may need to change). */
+ rand_cnt = 32;
+ do
+ {
+ unsigned char buf[8];
+
+ /* If something went wrong, it's OK to just return a fault.
+ All that may happen is that the OpenSSL randomness pool
+ is a bit more seeded, and that can't really be a bad thing,
+ right? */
+ if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
+ goto err;
+
+ rand_method->seed(buf, sizeof(buf));
+ }
+ while(rand_cnt-- > 0 && rand_method->status());
+
return 1;
err:
if(hwcrhk_dso)
}
else
{
- snprintf(b->data,"%s%c%08lx.%s%d",
+ sprintf(b->data,"%s%c%08lx.%s%d",
ctx->dirs[i],c,h,postfix,k);
}
k++;
COMP_METHOD *comp;
const EVP_MD *m;
MD5_CTX md;
- int exp,n,i,j,k,cl;
+ int is_exp,n,i,j,k,cl;
- exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
if (s->s3->tmp.new_compression == NULL)
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+ j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
}
memcpy(mac_secret,ms,i);
- if (exp)
+ if (is_exp)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
- char *ver,*exp;
+ char *ver,*exp_str;
char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp=is_export?" export":"";
+ exp_str=is_export?" export":"";
if (alg & SSL_SSLV2)
ver="SSLv2";
else if (len < 128)
return("Buffer too small");
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
return(buf);
}
projects / oweals / openssl.git / commitdiff