11 @@ -66,8 +67,7 @@ int ciphers[] =
12 static x509_cert certificate;
13 static rsa_context key;
14 bool_t builtInTestCertificate;
16 -havege_state hs; /* exported to crypt.c */
17 +static int urandom_fd;
21 @@ -83,9 +83,13 @@ char *my_dhm_G = "4";
22 static void initTestCert()
25 +#ifdef POLARSSL_CERTS_C
26 builtInTestCertificate = true;
27 rc = x509parse_crt(&certificate, (unsigned char *)test_srv_crt,
28 strlen(test_srv_crt));
33 Log_fatal("Could not parse built-in test certificate");
35 @@ -93,9 +97,12 @@ static void initTestCert()
36 static void initTestKey()
40 +#ifdef POLARSSL_CERTS_C
41 rc = x509parse_key(&key, (unsigned char *)test_srv_key,
42 strlen(test_srv_key), NULL, 0);
47 Log_fatal("Could not parse built-in test RSA key");
49 @@ -135,6 +142,19 @@ static void initKey()
50 Log_fatal("Could not read RSA key file %s", keyfile);
53 +int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
58 + cur = read(urandom_fd, dest, len);
67 static void pssl_debug(void *ctx, int level, const char *str)
69 @@ -154,8 +174,11 @@ void SSLi_init(void)
76 + urandom_fd = open("/dev/urandom", O_RDONLY);
78 + Log_fatal("Cannot open /dev/urandom");
80 #ifdef POLARSSL_VERSION_MAJOR
81 version_get_string(verstring);
82 Log_info("PolarSSL library version %s initialized", verstring);
83 @@ -173,7 +196,7 @@ void SSLi_deinit(void)
84 /* Create SHA1 of last certificate in the peer's chain. */
85 bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
88 + const x509_cert *cert;
89 #ifdef POLARSSL_API_V1_2
90 cert = ssl_get_peer_cert(ssl);
92 @@ -206,7 +229,7 @@ SSL_handle_t *SSLi_newconnection(int *fd
93 ssl_set_endpoint(ssl, SSL_IS_SERVER);
94 ssl_set_authmode(ssl, SSL_VERIFY_OPTIONAL);
96 - ssl_set_rng(ssl, HAVEGE_RAND, &hs);
97 + ssl_set_rng(ssl, urandom_bytes, NULL);
98 ssl_set_dbg(ssl, pssl_debug, NULL);
99 ssl_set_bio(ssl, net_recv, fd, net_send, fd);
105 #if (POLARSSL_VERSION_MAJOR == 0)
106 #define POLARSSL_API_V0
107 - #define HAVEGE_RAND (havege_rand)
108 - #define RAND_bytes(_dst_, _size_) do { \
110 - for (i = 0; i < _size_; i++) { \
111 - _dst_[i] = havege_rand(&hs); \
115 #define POLARSSL_API_V1
116 - #if (POLARSSL_VERSION_MINOR >= 1)
117 - #define HAVEGE_RAND (havege_random)
118 - #define RAND_bytes(_dst_, _size_) do { \
119 - havege_random(&hs, _dst_, _size_); \
122 - #define HAVEGE_RAND (havege_rand)
123 - #define RAND_bytes(_dst_, _size_) do { \
125 - for (i = 0; i < _size_; i++) { \
126 - _dst_[i] = havege_rand(&hs); \
130 #if (POLARSSL_VERSION_MINOR >= 2)
131 #define POLARSSL_API_V1_2
136 +#define RAND_bytes(_dst_, _size_) urandom_bytes(NULL, _dst_, _size_)
137 +int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
140 #include <openssl/x509v3.h>
141 #include <openssl/ssl.h>