From 968dfc4cf7d9151bb9fedb701bf68dcc2b4fc916 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 7 May 2012 18:19:48 -0700
Subject: [PATCH 1/2] fortress ssh build fixes

---
 configure.ac         | 10 ++++++++--
 cyassl/openssl/dsa.h |  2 ++
 src/ssl.c            |  1 +
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1f3e8b5e9..16b7cf5d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.1.3],[http://www.yassl.com])
+AC_INIT([cyassl],[2.1.4],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
@@ -186,7 +186,7 @@ AC_ARG_ENABLE(fortress,
 
 if test "$ENABLED_FORTRESS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA34 -DCYASSL_KEY_GEN"
 fi
 
 
@@ -336,6 +336,12 @@ then
     AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512"
 fi
 
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
+
 AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
 
 
diff --git a/cyassl/openssl/dsa.h b/cyassl/openssl/dsa.h
index 8bea7c2cf..817f1fa14 100644
--- a/cyassl/openssl/dsa.h
+++ b/cyassl/openssl/dsa.h
@@ -36,6 +36,8 @@ CYASSL_API int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA*, int bits,
                    unsigned long* hRet, void* cb);
 
 CYASSL_API int CyaSSL_DSA_LoadDer(CYASSL_DSA*, const unsigned char*, int sz);
+CYASSL_API int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
+                                  CYASSL_DSA* dsa);
 
 #define DSA_new CyaSSL_DSA_new
 #define DSA_free CyaSSL_DSA_free
diff --git a/src/ssl.c b/src/ssl.c
index 312d45b23..cd955dd79 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -47,6 +47,7 @@
     #include <cyassl/openssl/bn.h>
     #include <cyassl/openssl/dh.h>
     #include <cyassl/openssl/rsa.h>
+    #include <cyassl/openssl/pem.h>
     /* openssl headers end, cyassl internal headers next */
     #include <cyassl/ctaocrypt/hmac.h>
     #include <cyassl/ctaocrypt/random.h>

From a97dbb8a14493b971c00ae514ad131344fcb246a Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 7 May 2012 19:36:19 -0700
Subject: [PATCH 2/2] global rng added to RAND_bytes

---
 src/ssl.c | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index cd955dd79..8af1e2903 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4448,19 +4448,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
     }
 
 
-    int CyaSSL_RAND_bytes(unsigned char* buf, int num)
-    {
-        RNG rng;
-
-        CYASSL_ENTER("RAND_bytes");
-        if (InitRng(&rng))
-           return 0;
-
-        RNG_GenerateBlock(&rng, buf, num);
-
-        return 1;
-    }
-
 
     void CyaSSL_RAND_add(const void* add, int len, double entropy)
     {
@@ -5684,6 +5671,26 @@ static int initGlobalRNG = 0;
     }
 
 
+    int CyaSSL_RAND_bytes(unsigned char* buf, int num)
+    {
+        RNG    tmpRNG;
+        RNG*   rng = &tmpRNG; 
+
+        CYASSL_ENTER("RAND_bytes");
+        if (InitRng(&tmpRNG) != 0) {
+            CYASSL_MSG("Bad RNG Init, trying global");
+            if (initGlobalRNG == 0) {
+                CYASSL_MSG("Global RNG no Init");
+                return 0; 
+            }
+            rng = &globalRNG;
+        }
+
+        RNG_GenerateBlock(rng, buf, num);
+
+        return 1;
+    }
+
     CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
     {
         static int ctx;  /* ctaocrypt doesn't now need ctx */