In message <[EMAIL PROTECTED]> on Mon, 24 Nov 2003 10:47:10 +0100 (CET), Richard
Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
levitte> Listen, I'll code and show you the patch, then you can judge for
levitte> yourself. Deal?
It was even easier than I thought. I changed my mind on one point and
had the seeding of the internal OpenSSL pool be performed in
hwcrhk_init(). That way, there's no need for any extra flags or
anything like that.
Attached are diff for 0.9.8-dev, 0.9.7-stable and 0.9.6-stable [engine].
Please take a look when you can.
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Index: engines/e_ncipher.c
===================================================================
RCS file: /e/openssl/cvs/openssl/engines/e_ncipher.c,v
retrieving revision 1.9
diff -u -r1.9 e_ncipher.c
--- engines/e_ncipher.c 26 Jun 2003 07:10:10 -0000 1.9
+++ engines/e_ncipher.c 24 Nov 2003 12:15:18 -0000
@@ -213,7 +213,7 @@
hwcrhk_rand_bytes,
NULL,
NULL,
- hwcrhk_rand_bytes,
+ NULL,
hwcrhk_rand_status,
};
@@ -329,6 +329,9 @@
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
#endif
+#ifndef OPENSSL_NO_RAND
+ const RAND_METHOD *meth3;
+#endif
if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
#ifndef OPENSSL_NO_RSA
@@ -369,6 +372,15 @@
hwcrhk_dh.compute_key = meth2->compute_key;
#endif
+#ifndef OPENSSL_NO_RAND
+ /* Much the same for RAND */
+ meth3 = RAND_SSLeay();
+ hwcrhk_rand.seed = meth3->seed;
+ hwcrhk_rand.cleanup = meth3->cleanup;
+ hwcrhk_rand.add = meth3->add;
+ hwcrhk_rand.pseudorand = meth3->pseudorand;
+#endif
+
/* Ensure the hwcrhk error handling is set up */
ERR_load_HWCRHK_strings();
return 1;
@@ -509,6 +521,10 @@
#endif
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
+#ifndef OPENSSL_NO_RAND
+ int rand_cnt;
+ RAND_METHOD *rand_method = RAND_SSLeay();
+#endif
if(hwcrhk_dso != NULL)
{
@@ -593,6 +609,29 @@
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
+#endif
+
+#ifndef OPENSSL_NO_RAND
+ /* Let's seed the OpenSSL pool with a bit of hardware randomness
+ for a maximum of 32 rounds. Beyond that, the OpenSSL random
+ pool should be good, and if not, we assume something is seriously
+ wrong with OpenSSL (for now, we let it be and let the user discover
+ it through normal means. That may need to change). */
+ rand_cnt = 32;
+ do
+ {
+ unsigned char buf[8];
+
+ /* If something went wrong, it's OK to just return a fault.
+ All that may happen is that the OpenSSL randomness pool
+ is a bit more seeded, and that can't really be a bad thing,
+ right? */
+ if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
+ goto err;
+
+ rand_method->seed(buf, sizeof(buf));
+ }
+ while(rand_cnt-- > 0 && rand_method->status());
#endif
return 1;
err:
Index: crypto/engine/hw_ncipher.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/engine/Attic/hw_ncipher.c,v
retrieving revision 1.26.2.7
diff -u -r1.26.2.7 hw_ncipher.c
--- crypto/engine/hw_ncipher.c 12 Dec 2002 17:41:34 -0000 1.26.2.7
+++ crypto/engine/hw_ncipher.c 24 Nov 2003 12:15:25 -0000
@@ -220,7 +220,7 @@
hwcrhk_rand_bytes,
NULL,
NULL,
- hwcrhk_rand_bytes,
+ NULL,
hwcrhk_rand_status,
};
@@ -336,6 +336,9 @@
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
#endif
+#ifndef OPENSSL_NO_RAND
+ const RAND_METHOD *meth3;
+#endif
if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
!ENGINE_set_name(e, engine_hwcrhk_name) ||
#ifndef OPENSSL_NO_RSA
@@ -376,6 +379,15 @@
hwcrhk_dh.compute_key = meth2->compute_key;
#endif
+#ifndef OPENSSL_NO_RAND
+ /* Much the same for RAND */
+ meth3 = RAND_SSLeay();
+ hwcrhk_rand.seed = meth3->seed;
+ hwcrhk_rand.cleanup = meth3->cleanup;
+ hwcrhk_rand.add = meth3->add;
+ hwcrhk_rand.pseudorand = meth3->pseudorand;
+#endif
+
/* Ensure the hwcrhk error handling is set up */
ERR_load_HWCRHK_strings();
return 1;
@@ -516,6 +528,10 @@
#endif
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
+#ifndef OPENSSL_NO_RAND
+ int rand_cnt;
+ RAND_METHOD *rand_method = RAND_SSLeay();
+#endif
if(hwcrhk_dso != NULL)
{
@@ -608,6 +624,28 @@
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
+#endif
+#ifndef OPENSSL_NO_RAND
+ /* Let's seed the OpenSSL pool with a bit of hardware randomness
+ for a maximum of 32 rounds. Beyond that, the OpenSSL random
+ pool should be good, and if not, we assume something is seriously
+ wrong with OpenSSL (for now, we let it be and let the user discover
+ it through normal means. That may need to change). */
+ rand_cnt = 32;
+ do
+ {
+ unsigned char buf[8];
+
+ /* If something went wrong, it's OK to just return a fault.
+ All that may happen is that the OpenSSL randomness pool
+ is a bit more seeded, and that can't really be a bad thing,
+ right? */
+ if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
+ goto err;
+
+ rand_method->seed(buf, sizeof(buf));
+ }
+ while(rand_cnt-- > 0 && rand_method->status());
#endif
return 1;
err:
Index: crypto/engine/hw_ncipher.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/engine/Attic/hw_ncipher.c,v
retrieving revision 1.1.2.21.4.5
diff -u -r1.1.2.21.4.5 hw_ncipher.c
--- crypto/engine/hw_ncipher.c 5 Dec 2002 00:57:41 -0000 1.1.2.21.4.5
+++ crypto/engine/hw_ncipher.c 24 Nov 2003 12:15:30 -0000
@@ -164,7 +164,7 @@
hwcrhk_rand_bytes,
NULL,
NULL,
- hwcrhk_rand_bytes,
+ NULL,
hwcrhk_rand_status,
};
@@ -293,6 +293,7 @@
{
RSA_METHOD *meth1;
DH_METHOD *meth2;
+ const RAND_METHOD *meth3;
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
@@ -311,6 +312,14 @@
meth2 = DH_OpenSSL();
hwcrhk_dh.generate_key = meth2->generate_key;
hwcrhk_dh.compute_key = meth2->compute_key;
+
+ /* Much the same for RAND */
+ meth3 = RAND_SSLeay();
+ hwcrhk_rand.seed = meth3->seed;
+ hwcrhk_rand.cleanup = meth3->cleanup;
+ hwcrhk_rand.add = meth3->add;
+ hwcrhk_rand.pseudorand = meth3->pseudorand;
+
return &engine_hwcrhk;
}
@@ -386,6 +395,8 @@
HWCryptoHook_RSAUnloadKey_t *p7;
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
+ int rand_cnt;
+ RAND_METHOD *rand_method = RAND_SSLeay();
if(hwcrhk_dso != NULL)
{
@@ -466,6 +477,28 @@
hndidx = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
+
+ /* Let's seed the OpenSSL pool with a bit of hardware randomness
+ for a maximum of 32 rounds. Beyond that, the OpenSSL random
+ pool should be good, and if not, we assume something is seriously
+ wrong with OpenSSL (for now, we let it be and let the user discover
+ it through normal means. That may need to change). */
+ rand_cnt = 32;
+ do
+ {
+ unsigned char buf[8];
+
+ /* If something went wrong, it's OK to just return a fault.
+ All that may happen is that the OpenSSL randomness pool
+ is a bit more seeded, and that can't really be a bad thing,
+ right? */
+ if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
+ goto err;
+
+ rand_method->seed(buf, sizeof(buf));
+ }
+ while(rand_cnt-- > 0 && rand_method->status());
+
return 1;
err:
if(hwcrhk_dso)
