The correct test for a windows build is if defined(_WIN32), not just
if _WIN32. Fix a few places in the build which do the wrong thing, as
it gives compiler warnings.
All of the hcrypto source files were updated with commit
0f97855826 to include roken.h. This
means that hash.h no longer needs to include the roken header.
Remove the multiple inclusion.
Some portions of libhcrypto are reused by other projects in
diverse environments, including within operating system kernel modules.
In some such build environments, hardening measures such as grsecurity
can (randomly) reorder structure elements, so as to make it harder
for an attacker to determine the offset from a known field's address
to a different field that is needed for an attack.
However, doing so requires the use of C99 designated initializers
to make the source code compatible with such structure rearrangement,
as opposed to the "traditional" C aggregate type initializers, which
just list fields in order. This feature is also available as a
GCC extension since early versions of GCC. However, it is not
provided by many common versions of visual studio (and presumably
also not by the vendor compiler for various commercial Unixes),
so the traditional initializers must remain, behind a conditional.
__GNUC__ or __STDC_VERSION__ >= 199901 should be enough to get
most cases with support for designated initializers, at least
for now.
Signed-off-by: Nicolas Williams <nico@twosigma.com>
For consistency make "-I" part of the macro value set by autoconf.
For now, don't attempt to handle OpenSSL rpath in cf/crypto.m4.
That's much easier by just setting LDFLAGS when running configure.
Otherwise too many Makefiles to edit and libtool and automake do
their best to undo the rpath.
When building evp-openssl.c without support for OpenSSL it is necessary
to include evp-hcrypto.h to define the HCRYPTO_FALLBACK functions.
Change-Id: Ifd51f9fcd2b1805a534a9f88992162818afffe7d
Coverity complains about the leakage of 'handle' when the identifier
goes out of scope. Change handle into a static global to hold the
value instead of a stack variable.
Change-Id: I040707ac731558f7d523f128a006a80b98d45b79
The Windows and PKCS#11 backends do this. The Common Crypto (OS X)
backend does not. Ideally this should be a ./configure option, and that
might be the next step, but right now we need this fallback in order to
get tests passing in Travis-CI.
This adds a new backend for libhcrypto: the OpenSSL backend.
Now libhcrypto has these backends:
- hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
- Common Crypto (OS X)
- PKCS#11 (specifically for Solaris, but not Solaris-specific)
- Windows CNG (Windows)
- OpenSSL (generic)
The ./configure --with-openssl=... option no longer disables the use of
hcrypto. Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto. The libhcrypto framework is now always used.
OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.
Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC. Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
All source files in lib/hcrypto should be built the same way.
Since this source directory is dependent on libroken then all source
files must be built using the roken.h declarations and included headers.
Also, there is no config.h in the local directory so angle brackets
include of quotes should be used.
Finally, because roken.h includes stdio.h, stdlib.h, stdarg.h, limits.h,
strings.h, sys/types.h, etc., do not include them separately.
Start all source files with
#include <config.h>
#include <roken.h>
Change-Id: I09ab47f8a5472018efe6c8b59a0e51fde8f24724
The build was failing at lib/hcrypto/evp-pkcs11.c because roken.h was
being included after <assert.h>. It's not clear why that would be a
problem.
Here are some of the errors and warnings that resulted from including
<roken.h> after <assert.h> in evp-pkcs11.c:
evp-pkcs11.c C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(91) : warning C4005: 'AF_IPX' : macro redefinition s C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\winsock.h(460) : see previous definition of 'AF_IPX'
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(124) : warning C4005: 'AF_MAX' : macro redefinition
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\winsock.h(479) : see previous definition of 'AF_MAX'
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(168) : warning C4005: 'SO_DONTLINGER' : macro redefinition
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\winsock.h(402) : see previous definition of 'SO_DONTLINGER'
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(212) : error C2011: 'sockaddr' : 'struct' type redefinition
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\winsock.h(485) : see declaration of 'sockaddr'
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(390) : error C2059: syntax error : 'constant'
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\ws2def.h(524) : warning C4005: 'IN_CLASSA' : macro redefinition
C:\Program Files\Microsoft SDKs\Windows\v7.1\INCLUDE\winsock.h(287) : see previous definition of 'IN_CLASSA'
When __APPLE__ is defined and HCRYPTO_DEF_PROVIDER is not defined,
define HCRYPTO_DEF_PROVIDER to be "cc" so that Apple's CommonCrypto
implementations are used instead of the built-in "hcrypto"
implementations.
Change-Id: I393e5fc3f6c3b9339c96db58d926ff8ea1867cbb
The EGD daemon is completely unmaintained and has not seen a release
since 13 years which is not an acceptable timeframe for cryptographic
software. It is not packaged in any linux distribution I know of
and definitely not in *BSD.
LibreSSL has already dropped support for RAND_egd.
