Revision - 34f39b0 - util/incore update that allows FINGERPRINT_premain-free build. – ENEA Mirror of the Software Heritage archive

Revision 34f39b062c76fbd3082521b26edee7f53afc061d authored by Andy Polyakov on 11 May 2015, 10:16:01 UTC, committed by Andy Polyakov on 13 May 2015, 14:48:08 UTC

util/incore update that allows FINGERPRINT_premain-free build.

As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

1 parent 6db8e3b

Files
Changes

Permalinks

easy-tls.h

/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
 * easy-tls.h -- generic TLS proxy.
 * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
 */
/*
 * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
 */

#ifndef HEADER_TLS_H
#define HEADER_TLS_H

#ifndef HEADER_SSL_H
typedef struct ssl_ctx_st SSL_CTX;
#endif

#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */

void tls_set_dhe1024(int i, void* apparg);
/* Generate DHE parameters:
 * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
 * tls_create_ctx calls this with random non-negative i if the application
 * has never called it.*/

void tls_rand_seed(void);
int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
void tls_rand_seed_from_memory(const void *buf, size_t n);

struct tls_create_ctx_args 
{
    int client_p;
    const char *certificate_file;
    const char *key_file;
    const char *ca_file;
    int verify_depth;
    int fail_unless_verified;
    int export_p;
};
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
/* struct tls_create_ctx_args is similar to a conventional argument list,
 * but it can provide default values and allows for future extension. */
SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);

struct tls_start_proxy_args
{
    int fd;
    int client_p;
    SSL_CTX *ctx;
    pid_t *pid;
    int *infofd;
};
struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
/* tls_start_proxy return value *MUST* be checked!
 * 0 means ok, otherwise we've probably run out of some resources. */
int tls_start_proxy(struct tls_start_proxy_args, void *apparg);

#endif

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...