mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code

Updated PolarSSL to 1.2.7.

Browse Source 
Still to do: enable POLARSSL_HAVE_ASM in polarssl/config.h
after ARM bignum multiply is fixed.
This commit is contained in:
James Yonan 2013-05-31 07:44:02 +00:00
parent 926504ec4c
commit e7b0794b31
19 changed files with 507 additions and 507 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib-versions
View File

@ -1,5 +1,5 @@
export LZO_VERSION=lzo-2.06
export SNAPPY_VERSION=snappy-1.0.5
export POLARSSL_VERSION=polarssl-1.1.6
export POLARSSL_VERSION=polarssl-1.2.7
export OPENSSL_VERSION=openssl-1.0.1c
export BOOST_VERSION=boost_1_51_0

2
openvpn/applecrypto/crypto/cipher.hpp
View File

@ -103,7 +103,7 @@ namespace openvpn {
# undef OPENVPN_CIPHER_SELECT
}
const char *name() const
std::string name() const
{
check_initialized();
return cipher_->name();

2
openvpn/applecrypto/crypto/digest.hpp
View File

@ -159,7 +159,7 @@ namespace openvpn {
# undef OPENVPN_DIGEST_SELECT
}
const char *name() const
std::string name() const
{
check_initialized();
return digest_->name();

2
openvpn/openssl/crypto/cipher.hpp
View File

@ -44,7 +44,7 @@ namespace openvpn {
throw openssl_cipher_not_found(name);
}
const char *name() const
std::string name() const
{
check_initialized();
return EVP_CIPHER_name (cipher_);

2
openvpn/openssl/crypto/digest.hpp
View File

@ -48,7 +48,7 @@ namespace openvpn {
throw openssl_digest_not_found(name);
}
const char *name() const
std::string name() const
{
check_initialized();
return EVP_MD_name(digest_);

27
openvpn/polarssl/crypto/cipher.hpp
View File

@ -16,6 +16,7 @@
#include <polarssl/cipher.h>
#include <boost/noncopyable.hpp>
#include <boost/algorithm/string.hpp> // for boost::algorithm::starts_with, to_upper_copy
#include <openvpn/common/types.hpp>
#include <openvpn/common/exception.hpp>
@ -37,15 +38,16 @@ namespace openvpn {
Cipher(const std::string& name)
{
cipher_ = cipher_info_from_string(name.c_str());
const std::string translated_name = openvpn_to_cipher_name(name.c_str());
cipher_ = cipher_info_from_string(translated_name.c_str());
if (!cipher_)
throw polarssl_cipher_not_found(name);
throw polarssl_cipher_not_found(translated_name);
}
const char *name() const
std::string name() const
{
check_initialized();
return cipher_->name;
return cipher_name_to_openvpn(cipher_->name);
}
size_t key_length() const
@ -89,6 +91,23 @@ namespace openvpn {
#endif
}
static std::string openvpn_to_cipher_name(const std::string& name)
{
const std::string n = boost::algorithm::to_upper_copy(name);
if (boost::algorithm::starts_with(n, "BF-"))
return "BLOWFISH-" + n.substr(3);
else
return n;
}
static std::string cipher_name_to_openvpn(const std::string& name)
{
if (boost::algorithm::starts_with(name, "BLOWFISH-"))
return "BF-" + name.substr(9);
else
return name;
}
const cipher_info_t *cipher_;
};

2
openvpn/polarssl/crypto/digest.hpp
View File

@ -43,7 +43,7 @@ namespace openvpn {
throw polarssl_digest_not_found(name);
}
const char *name() const
std::string name() const
{
check_initialized();
return md_get_name(digest_);

102
openvpn/polarssl/ssl/sslctx.hpp
View File

@ -5,7 +5,7 @@
// Copyright (c) 2012 OpenVPN Technologies, Inc. All rights reserved.
//
// Wrap the PolarSSL SSL API as defined in <polarssl/ssl.h>
// Wrap the PolarSSL 1.2 SSL API as defined in <polarssl/ssl.h>
// so that it can be used as the SSL layer by the OpenVPN core.
#ifndef OPENVPN_POLARSSL_SSL_SSLCTX_H
@ -13,6 +13,7 @@
#include <vector>
#include <string>
#include <sstream>
#include <cstring>
#include <polarssl/ssl.h>
@ -46,15 +47,6 @@
namespace openvpn {
namespace polarssl_ctx_private {
static const int default_ciphersuites[] = // CONST GLOBAL
{
SSL_EDH_RSA_AES_256_SHA,
SSL_EDH_RSA_AES_128_SHA,
0
};
};
// Represents an SSL configuration that can be used
// to instantiate actual SSL sessions.
template <typename RAND_API>
@ -332,10 +324,7 @@ namespace openvpn {
// allocate session object, but don't support SSL-level session resume
sess = new ssl_session;
std::memset(sess, 0, sizeof(*sess));
ssl_set_session(ssl, 0, 0, sess);
// set list of allowed ciphersuites
ssl_set_ciphersuites(ssl, polarssl_ctx_private::default_ciphersuites);
ssl_set_session(ssl, sess);
// set CA chain
if (c.ca_chain)
@ -350,7 +339,7 @@ namespace openvpn {
{
// set our own certificate, supporting chain (i.e. extra-certs), and external private key
if (c.crt_chain)
ssl_set_own_cert_pkcs11(ssl, c.crt_chain->get(), &ctx->p11);
ssl_set_own_cert_alt(ssl, c.crt_chain->get(), ctx, epki_decrypt, epki_sign, epki_key_len);
else
throw PolarSSLException("cert is undefined");
}
@ -478,12 +467,6 @@ namespace openvpn {
// Verify that cert is defined
if (!config.crt_chain)
throw PolarSSLException("cert is undefined");
// PKCS11 setup (always done, even if non-external-pki)
p11.parameter = this;
p11.f_decrypt = epki_decrypt;
p11.f_sign = epki_sign;
p11.len = config.crt_chain->get()->rsa.len;
}
}
@ -497,6 +480,11 @@ namespace openvpn {
}
private:
size_t key_len() const
{
return config.crt_chain->get()->rsa.len;
}
// ns-cert-type verification
bool ns_cert_type_defined() const
@ -639,14 +627,45 @@ namespace openvpn {
return std::string("");
}
static int verify_callback(void *arg, x509_cert *cert, int depth, int preverify_ok)
static std::string fmt_polarssl_verify_flags(const int flags)
{
std::ostringstream os;
if (flags & BADCERT_EXPIRED)
os << "CERT_EXPIRED ";
if (flags & BADCERT_REVOKED)
os << "CERT_REVOKED ";
if (flags & BADCERT_CN_MISMATCH)
os << "CN_MISMATCH ";
if (flags & BADCERT_NOT_TRUSTED)
os << "CERT_NOT_TRUSTED ";
if (flags & BADCRL_NOT_TRUSTED)
os << "CRL_NOT_TRUSTED ";
if (flags & BADCRL_EXPIRED)
os << "CRL_EXPIRED ";
if (flags & BADCERT_MISSING)
os << "CERT_MISSING ";
if (flags & BADCERT_SKIP_VERIFY)
os << "CERT_SKIP_VERIFY ";
if (flags & BADCERT_OTHER)
os << "CERT_OTHER ";
return os.str();
}
static int verify_callback(void *arg, x509_cert *cert, int depth, int *flags)
{
PolarSSLContext *self = (PolarSSLContext *)arg;
bool fail = false;
OPENVPN_LOG_SSL("VERIFY "
<< (preverify_ok ? "OK" : "FAIL")
<< ": depth=" << depth
<< std::endl << cert_info(cert));
// log status
{
std::string status_str = "OK";
if (*flags)
status_str = "FAIL " + fmt_polarssl_verify_flags(*flags);
OPENVPN_LOG_SSL("VERIFY "
<< status_str
<< ": depth=" << depth
<< std::endl << cert_info(cert));
}
// leaf-cert verification
if (depth == 0)
@ -655,21 +674,21 @@ namespace openvpn {
if (self->ns_cert_type_defined() && !self->verify_ns_cert_type(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad ns-cert-type in leaf certificate");
preverify_ok = false;
fail = true;
}
// verify X509 key usage
if (self->x509_cert_ku_defined() && !self->verify_x509_cert_ku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 key usage in leaf certificate");
preverify_ok = false;
fail = true;
}
// verify X509 extended key usage
if (self->x509_cert_eku_defined() && !self->verify_x509_cert_eku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 extended key usage in leaf certificate");
preverify_ok = false;
fail = true;
}
// verify tls-remote
@ -681,12 +700,14 @@ namespace openvpn {
if (!TLSRemote::test(self->config.tls_remote, subject, common_name))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- tls-remote match failed");
preverify_ok = false;
fail = true;
}
}
}
return preverify_ok ? 0 : POLARSSL_ERR_SSL_PEER_VERIFY_FAILED;
if (fail)
*flags |= BADCERT_OTHER;
return 0;
}
static std::string cert_info(const x509_cert *cert, const char *prefix = NULL)
@ -703,26 +724,28 @@ namespace openvpn {
{
}
static int epki_decrypt(pkcs11_context *ctx,
static int epki_decrypt(void *arg,
int mode,
size_t *olen,
const unsigned char *input,
unsigned char *output,
unsigned int output_max_len)
size_t output_max_len)
{
OPENVPN_LOG_SSL("PolarSSLContext::epki_decrypt is unimplemented, mode=" << mode
<< " output_max_len=" << output_max_len);
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
}
static int epki_sign(pkcs11_context *ctx,
static int epki_sign(void *arg,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
int hash_id,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig)
{
PolarSSLContext *self = (PolarSSLContext *) ctx->parameter;
PolarSSLContext *self = (PolarSSLContext *) arg;
try {
if (mode == RSA_PRIVATE && hash_id == SIG_RSA_RAW)
{
@ -737,7 +760,7 @@ namespace openvpn {
throw polarssl_external_pki("could not obtain signature");
/* decode base64 signature to binary */
const int len = ctx->len;
const size_t len = self->key_len();
Buffer sigbuf(sig, len, false);
base64->decode(sigbuf, sig_b64);
@ -762,8 +785,13 @@ namespace openvpn {
}
}
static size_t epki_key_len(void *arg)
{
PolarSSLContext *self = (PolarSSLContext *) arg;
return self->key_len();
}
Config config;
pkcs11_context p11;
};
} // namespace openvpn

4
openvpn/proxy/ntlm.hpp
View File

@ -15,7 +15,7 @@
#include <vector>
#include <boost/cstdint.hpp> // for boost::uint32_t, uint64_t
#include <boost/algorithm/string.hpp> // for boost::to_upper_copy
#include <boost/algorithm/string.hpp> // for boost::algorithm::to_upper_copy
#include <openvpn/common/types.hpp>
#include <openvpn/common/exception.hpp>
@ -79,7 +79,7 @@ namespace openvpn {
// concatenate uppercase(username) + domain,
// convert to utf-16, and run it through HMAC-MD5
// keyed to md4_hash
const std::string ud = boost::to_upper_copy(username) + domain;
const std::string ud = boost::algorithm::to_upper_copy(username) + domain;
BufferPtr ud_u = Unicode::string_to_utf16(ud);
typename CRYPTO_API::HMACContext hmac_ctx1(CRYPTO_API::Digest::md5(), md4_hash, 16);
hmac_ctx1.update(ud_u->c_data(), ud_u->size());

50
polarssl/CMakeLists.txt
View File

@ -1,16 +1,34 @@
# cmake -DENABLE_TESTING=1 -DMINICRYPTO_DIR=$MINICRYPTO_DIR -DOPENSSL_AES_NI=1 ../polarssl-1.1.1 && make
cmake_minimum_required(VERSION 2.6)
project(POLARSSL C)
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{LIB_FPIC} $ENV{LIB_OPT_LEVEL} $ENV{PLATFORM_FLAGS} $ENV{OTHER_COMPILER_FLAGS} -Wall -W -Wdeclaration-after-statement")
endif(CMAKE_COMPILER_IS_GNUCC)
enable_testing()
if(CMAKE_COMPILER_IS_GNUCC)
# JY Added
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{LIB_FPIC} $ENV{LIB_OPT_LEVEL} $ENV{PLATFORM_FLAGS} $ENV{OTHER_COMPILER_FLAGS} -Wall -W -Wdeclaration-after-statement")
# JY Commented out
#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
#set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
#set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_SHARED_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")
endif(CMAKE_COMPILER_IS_GNUCC)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
# JY added
if(ENABLE_SERVER)
add_definitions(-DPOLARSSL_SSL_SRV_C)
endif()
# JY added
if(MINICRYPTO)
if(MINICRYPTO_DIR)
add_library(minicrypto STATIC IMPORTED)
@ -24,27 +42,27 @@ if(MINICRYPTO)
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA1)
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA2)
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA4)
add_definitions(-DPOLARSSL_USE_OPENSSL_BF)
if(OPENSSL_AES_NI)
add_definitions(-DPOLARSSL_USE_OPENSSL_AES_NI)
endif()
endif()
# JY added
if(EXTERNAL_RNG)
add_definitions(-DEXTERNAL_RNG)
endif()
# include self-test functions only (for cross development)
# include self-test functions only (for cross development) (JY added)
if(ENABLE_SELF_TEST)
add_definitions(-DPOLARSSL_SELF_TEST)
endif()
# include full testing infrastructure
# include full testing infrastructure (JY added)
if(ENABLE_TESTING)
add_definitions(-DENABLE_TESTING)
enable_testing()
endif()
if(LIB_INSTALL_DIR)
else()
set(LIB_INSTALL_DIR lib)
@ -52,13 +70,25 @@ endif()
include_directories(include/)
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
if(ZLIB_FOUND)
include_directories(ZLIB_INCLUDE_DIR)
endif(ZLIB_FOUND)
endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library)
add_subdirectory(include)
# include full testing infrastructure
# include full testing infrastructure (JY modified)
if(ENABLE_TESTING)
if(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(programs)
endif()
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen doxygen/polarssl.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})

21
polarssl/build-polarssl
View File

@ -38,6 +38,13 @@ mkdir $DIST
if [ "$NO_WIPE" = "1" ]; then
echo RETAIN existing source
cd $POLARSSL_VERSION
elif [ "$NO_WIPE" = "partial" ]; then
echo RETAIN existing source but copy config.h and CMakeLists.txt
cd $POLARSSL_VERSION
# define configs
cp $PD/config.h include/polarssl/
cp $PD/CMakeLists.txt .
else
echo WIPE and reunzip source
rm -rf $POLARSSL_VERSION
@ -50,18 +57,8 @@ else
rm $(find . -type f | grep Makefile)
# patch it
cd library
#echo PATCH trustex.patch
#patch <$PD/trustex.patch
cd ..
echo PATCH polarssl-enum.patch
patch -p1 <$PD/polarssl-enum.patch
echo PATCH polarssl-const-ciphersuite.patch
patch -p1 <$PD/polarssl-const-ciphersuite.patch
echo PATCH polarssl-epki.patch
patch -p1 <$PD/polarssl-epki.patch
#echo PATCH polarssl-invalid-mac.patch
#patch -p1 <$PD/polarssl-invalid-mac.patch
#echo PATCH X.patch
#patch -p1 <$PD/X.patch
# do the big polar-openssl patch
if [ "$USE_MINICRYPTO" = "1" ]; then

7
polarssl/build-polarssl-patch
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
POLARSSL_SRC=$HOME/src/mac/polarssl-1.1.6
POLARSSL_SRC=$HOME/src/mac/polarssl-1.2.7
PD=$O3/polarssl
PB=$(basename $POLARSSL_SRC)
@ -13,10 +13,7 @@ cp -a $POLARSSL_SRC polarssl.new
tar xfz $DL/$PB-gpl.tgz
cd $PB
rm $(find . -type f | grep Makefile)
patch -p1 <$PD/polarssl-enum.patch
patch -p1 <$PD/polarssl-const-ciphersuite.patch
patch -p1 <$PD/polarssl-epki.patch
rm $(find . -type f | grep -E 'Makefile|\.orig$|\.rej$')
rm CMakeLists.txt include/polarssl/config.h
cd ../polarssl.new

327
polarssl/config.h
View File

@ -3,7 +3,7 @@
*
* \brief Configuration options (set of defines)
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -35,33 +35,6 @@
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
/**
* \def POLARSSL_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of error_strerror() in
* third party libraries easier.
*
* Disable if you run into name conflicts and want to really remove the
* error_strerror()
*/
#define POLARSSL_ERROR_STRERROR_DUMMY
/**
* \def POLARSSL_SSL_DEBUG_ALL
*
* Enable the debug messages in SSL module for all issues.
* Debug messages have been disabled in some places to prevent timing
* attacks due to (unbalanced) debugging function calls.
*
* If you need all error reporting you should enable this during debugging,
* but remove this for production servers that should log as well.
*
* Uncomment this macro to report all debug messages on errors introducing
* a timing side-channel.
*
#define POLARSSL_SSL_DEBUG_ALL
*/
/**
* \name SECTION: System support
*
@ -90,12 +63,9 @@
/**
* \def POLARSSL_HAVE_LONGLONG
*
* The compiler supports the use of long long.
*
* Uncomment if the compiler supports long long.
#define POLARSSL_HAVE_LONGLONG
* The compiler supports the 'long long' type.
* (Only used on 32-bit platforms)
*/
// JY added
#define POLARSSL_HAVE_LONGLONG
/**
@ -113,12 +83,13 @@
* include/polarssl/bn_mul.h
*
*/
#define POLARSSL_HAVE_ASM
// JY fixme
//#define POLARSSL_HAVE_ASM
/**
* \def POLARSSL_HAVE_SSE2
*
* CPI supports SSE2 instruction set.
* CPU supports SSE2 instruction set.
*
* Uncomment if the CPU supports SSE2 (IA-32 specific).
*
@ -161,13 +132,47 @@
//#define POLARSSL_CIPHER_MODE_CTR
/**
* \def POLARSSL_DEBUG_MSG
* \def POLARSSL_CIPHER_NULL_CIPHER
*
* Requires: POLARSSL_DEBUG_C
* Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security!
*
* Enable all SSL/TLS debugging messages.
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/
#define POLARSSL_DEBUG_MSG
/**
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
*
* Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for
* channels with virtually no security at all!
*
* This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA
*
* Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/
/**
* \def POLARSSL_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of error_strerror() in
* third party libraries easier.
*
* Disable if you run into name conflicts and want to really remove the
* error_strerror()
*/
#define POLARSSL_ERROR_STRERROR_DUMMY
/**
* \def POLARSSL_GENPRIME
@ -246,6 +251,57 @@
#define POLARSSL_SELF_TEST
#endif
/**
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
* If you choose not to send the alert messages, PolarSSL can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
* about reasons for failures thus preventing adversaries of gaining intel.
*
* Enable sending of all alert messages
*/
#define POLARSSL_SSL_ALERT_MESSAGES
/**
* \def POLARSSL_SSL_DEBUG_ALL
*
* Enable the debug messages in SSL module for all issues.
* Debug messages have been disabled in some places to prevent timing
* attacks due to (unbalanced) debugging function calls.
*
* If you need all error reporting you should enable this during debugging,
* but remove this for production servers that should log as well.
*
* Uncomment this macro to report all debug messages on errors introducing
* a timing side-channel.
*
#define POLARSSL_SSL_DEBUG_ALL
*/
/**
* \def POLARSSL_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
* individual records.
*
* Uncomment this macro to enable hooking functions.
#define POLARSSL_SSL_HW_RECORD_ACCEL
*/
/**
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
*
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (POLARSSL_SSL_SRV_C)
*
* Comment this macro to disable support for SSLv2 Client Hello messages.
*/
// JY removed
//#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
@ -256,6 +312,22 @@
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
/**
* \def POLARSSL_ZLIB_SUPPORT
*
* If set, the SSL/TLS module uses ZLIB to support compression and
* decompression of packet data.
*
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
* This feature requires zlib library and headers to be present.
*
* Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT
*/
/* \} name */
/**
@ -275,10 +347,20 @@
* library/pem.c
* library/ctr_drbg.c
*
* This module enables the following ciphersuites:
* SSL_RSA_AES_128_SHA
* SSL_RSA_AES_256_SHA
* SSL_EDH_RSA_AES_256_SHA
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*
* PEM uses AES for decrypting encrypted keys.
*/
#define POLARSSL_AES_C
@ -291,8 +373,8 @@
* Caller: library/ssl_tls.c
*
* This module enables the following ciphersuites:
* SSL_RSA_RC4_128_MD5
* SSL_RSA_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA
*/
// JY removed
//#define POLARSSL_ARC4_C
@ -307,6 +389,16 @@
*/
#define POLARSSL_ASN1_PARSE_C
/**
* \def POLARSSL_ASN1_WRITE_C
*
* Enable the generic ASN1 writer.
*
* Module: library/asn1write.c
*/
// JY removed
//#define POLARSSL_ASN1_WRITE_C
/**
* \def POLARSSL_BASE64_C
*
@ -322,7 +414,7 @@
/**
* \def POLARSSL_BIGNUM_C
*
* Enable the multo-precision integer library.
* Enable the multi-precision integer library.
*
* Module: library/bignum.c
* Caller: library/dhm.c
@ -334,6 +426,15 @@
*/
#define POLARSSL_BIGNUM_C
/**
* \def POLARSSL_BLOWFISH_C
*
* Enable the Blowfish block cipher.
*
* Module: library/blowfish.c
*/
#define POLARSSL_BLOWFISH_C
/**
* \def POLARSSL_CAMELLIA_C
*
@ -342,10 +443,16 @@
* Module: library/camellia.c
* Caller: library/ssl_tls.c
*
* This module enabled the following cipher suites:
* SSL_RSA_CAMELLIA_128_SHA
* SSL_RSA_CAMELLIA_256_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
*/
// JY removed
//#define POLARSSL_CAMELLIA_C
@ -414,13 +521,16 @@
* Enable the DES block cipher.
*
* Module: library/des.c
* Caller: library/ssl_tls.c
* Caller: library/pem.c
* library/ssl_tls.c
*
* This module enables the following ciphersuites:
* SSL_RSA_DES_168_SHA
* SSL_EDH_RSA_DES_168_SHA
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* PEM uses DES/3DES for decrypting encrypted keys.
*/
// JY changed -- needed for PEM key decryption
#define POLARSSL_DES_C
/**
@ -432,10 +542,20 @@
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* This module enables the following ciphersuites:
* SSL_EDH_RSA_DES_168_SHA
* SSL_EDH_RSA_AES_256_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_DHE_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_DHM_C
@ -465,6 +585,22 @@
*/
#define POLARSSL_ERROR_C
/**
* \def POLARSSL_GCM_C
*
* Enable the Galois/Counter Mode (GCM) for AES
*
* Module: library/gcm.c
*
* Requires: POLARSSL_AES_C
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_GCM_C
/**
* \def POLARSSL_HAVEGE_C
*
@ -525,10 +661,12 @@
* Enable the MD5 hash algorithm
*
* Module: library/md5.c
* Caller: library/ssl_tls.c
* Caller: library/pem.c
* library/ssl_tls.c
* library/x509parse.c
*
* This module is required for SSL/TLS and X.509.
* PEM uses MD5 for decrypting encrypted keys.
*/
#define POLARSSL_MD5_C
@ -558,6 +696,19 @@
// JY removed
//#define POLARSSL_PADLOCK_C
/**
* \def POLARSSL_PBKDF2_C
*
* Enable PKCS#5 PBKDF2 key derivation function
*
* Module: library/pbkdf2.c
*
* Requires: POLARSSL_MD_C
*
* This module adds support for the PKCS#5 PBKDF2 key derivation function.
#define POLARSSL_PBKDF2_C
*/
/**
* \def POLARSSL_PEM_C
*
@ -575,7 +726,7 @@
/**
* \def POLARSSL_PKCS11_C
*
* Enable support for PKCS#11 smartcard support.
* Enable wrapper for PKCS#11 smartcard support.
*
* Module: library/ssl_srv.c
* Caller: library/ssl_cli.c
@ -583,26 +734,10 @@
*
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS PKCS #11 smartcard support.
* This module enables SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
*/
// JY added
#define POLARSSL_PKCS11_C
/**
* \def POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
*
* Enable support for generic external private key implementations.
*
* Module: library/ssl_srv.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_PKCS11_C
*
*/
// JY added
#define POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
/**
* \def POLARSSL_RSA_C
@ -646,6 +781,7 @@
* library/x509parse.c
*
* This module adds support for SHA-224 and SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function.
*/
#define POLARSSL_SHA2_C
@ -662,6 +798,19 @@
*/
#define POLARSSL_SHA4_C
/**
* \def POLARSSL_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
*
* Module: library/ssl_cache.c
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
*/
// JY removed
//#define POLARSSL_SSL_CACHE_C
/**
* \def POLARSSL_SSL_CLI_C
*
@ -676,7 +825,7 @@
*/
#define POLARSSL_SSL_CLI_C
/*
/**
* \def POLARSSL_SSL_SRV_C
*
* Enable the SSL/TLS server code.
@ -746,6 +895,20 @@
*/
#define POLARSSL_X509_PARSE_C
/**
* \def POLARSSL_X509_WRITE_C
*
* Enable X.509 buffer writing.
*
* Module: library/x509write.c
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* This module is required for X.509 certificate request writing.
*/
// JY removed
//#define POLARSSL_X509_WRITE_C
/**
* \def POLARSSL_XTEA_C
*
@ -758,4 +921,8 @@
//#define POLARSSL_XTEA_C
/* \} name */
#endif
// JY added
#define POLARSSL_BLOWFISH_NAME "BF"
#define POLARSSL_BLOWFISH_DEFAULT_KEY_LEN 128
#endif /* config.h */

464
polarssl/polar-openssl.patch
View File

@ -1,7 +1,7 @@
diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/aes.h
--- polarssl-1.1.6/include/polarssl/aes.h 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/include/polarssl/aes.h 2013-03-13 22:21:58.000000000 -0600
@@ -35,6 +35,12 @@
diff -uNr polarssl-1.2.7/include/polarssl/aes.h polarssl.new/include/polarssl/aes.h
--- polarssl-1.2.7/include/polarssl/aes.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/aes.h 2013-05-30 23:42:06.000000000 -0600
@@ -42,6 +42,12 @@
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
@ -14,7 +14,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/ae
/**
* \brief AES context structure
*/
@@ -162,6 +168,9 @@
@@ -169,6 +175,9 @@
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
@ -24,15 +24,15 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/ae
/**
* \brief Checkup routine
*
@@ -172,5 +181,4 @@
@@ -179,5 +188,4 @@
#ifdef __cplusplus
}
#endif
-
#endif /* aes.h */
diff -uNr polarssl-1.1.6/include/polarssl/aes_openssl.h polarssl.new/include/polarssl/aes_openssl.h
--- polarssl-1.1.6/include/polarssl/aes_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/aes_openssl.h 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/include/polarssl/aes_openssl.h polarssl.new/include/polarssl/aes_openssl.h
--- polarssl-1.2.7/include/polarssl/aes_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/aes_openssl.h 2013-05-30 23:42:06.000000000 -0600
@@ -0,0 +1,145 @@
+/*
+ * Use OpenSSL implementation of AES methods to get asm and hardware acceleration.
@ -179,144 +179,10 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes_openssl.h polarssl.new/include/pol
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.1.6/include/polarssl/bf.h polarssl.new/include/polarssl/bf.h
--- polarssl-1.1.6/include/polarssl/bf.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/bf.h 2013-03-13 22:21:58.000000000 -0600
@@ -0,0 +1,95 @@
+#ifndef POLARSSL_BF_H
+#define POLARSSL_BF_H
+
+#if defined(POLARSSL_USE_OPENSSL_BF)
+
+#include <string.h>
+
+#define BF_ENCRYPT 1
+#define BF_DECRYPT 0
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(__LP32__)
+#define BF_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro@fy.chalmers.se>
+ */
+#else
+#define BF_LONG unsigned int
+#endif
+
+#define BF_ROUNDS 16
+#define BF_BLOCK 8
+
+/**
+ * \brief BF context structure
+ */
+typedef struct
+{
+ BF_LONG P[BF_ROUNDS+2];
+ BF_LONG S[4*256];
+}
+bf_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void BF_set_key(bf_context *key, int len, const unsigned char *data);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const bf_context *key, int enc);
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const bf_context *schedule, unsigned char *ivec, int enc);
+
+static inline int bf_setkey_enc( bf_context *ctx, const unsigned char *key, unsigned int keysize )
+{
+ BF_set_key(ctx, keysize / 8, key);
+ return 0;
+}
+
+static inline int bf_setkey_dec( bf_context *ctx, const unsigned char *key, unsigned int keysize )
+{
+ BF_set_key(ctx, keysize / 8, key);
+ return 0;
+}
+
+static inline int bf_crypt_ecb( bf_context *ctx,
+ int mode,
+ const unsigned char input[8],
+ unsigned char output[8] )
+{
+ BF_ecb_encrypt(input, output, ctx, mode);
+ return 0;
+}
+
+static inline int bf_crypt_cbc( bf_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[8],
+ const unsigned char *input,
+ unsigned char *output )
+{
+ BF_cbc_encrypt(input, output, length, ctx, iv, mode);
+ return 0;
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+#endif /* bf.h */
diff -uNr polarssl-1.1.6/include/polarssl/cipher.h polarssl.new/include/polarssl/cipher.h
--- polarssl-1.1.6/include/polarssl/cipher.h 2013-03-13 23:33:17.000000000 -0600
+++ polarssl.new/include/polarssl/cipher.h 2013-03-13 22:21:58.000000000 -0600
@@ -52,6 +52,7 @@
POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA,
+ POLARSSL_CIPHER_ID_BF,
} cipher_id_t;
typedef enum {
@@ -76,7 +77,8 @@
POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_CBC,
- POLARSSL_CIPHER_DES_EDE3_CBC
+ POLARSSL_CIPHER_DES_EDE3_CBC,
+ POLARSSL_CIPHER_BF_128_CBC,
} cipher_type_t;
typedef enum {
diff -uNr polarssl-1.1.6/include/polarssl/cipher_wrap.h polarssl.new/include/polarssl/cipher_wrap.h
--- polarssl-1.1.6/include/polarssl/cipher_wrap.h 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/include/polarssl/cipher_wrap.h 2013-03-13 22:21:58.000000000 -0600
@@ -84,6 +84,10 @@
#endif /* defined(POLARSSL_DES_C) */
+#if defined(POLARSSL_USE_OPENSSL_BF)
+extern const cipher_info_t bf_128_cbc_info;
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
+
#ifdef __cplusplus
}
#endif
diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/sha1.h
--- polarssl-1.1.6/include/polarssl/sha1.h 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/include/polarssl/sha1.h 2013-03-13 23:22:29.000000000 -0600
@@ -31,6 +31,33 @@
diff -uNr polarssl-1.2.7/include/polarssl/sha1.h polarssl.new/include/polarssl/sha1.h
--- polarssl-1.2.7/include/polarssl/sha1.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha1.h 2013-05-30 23:42:06.000000000 -0600
@@ -38,6 +38,33 @@
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
@ -350,7 +216,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
/**
* \brief SHA-1 context structure
*/
@@ -45,10 +72,36 @@
@@ -52,10 +79,36 @@
}
sha1_context;
@ -387,7 +253,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
/**
* \brief SHA-1 context setup
*
@@ -73,6 +126,11 @@
@@ -80,6 +133,11 @@
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
@ -399,7 +265,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
/**
* \brief Output = SHA-1( input buffer )
*
@@ -145,9 +203,6 @@
@@ -152,9 +210,6 @@
*/
int sha1_self_test( int verbose );
@ -409,10 +275,10 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
#ifdef __cplusplus
}
#endif
diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/sha2.h
--- polarssl-1.1.6/include/polarssl/sha2.h 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/include/polarssl/sha2.h 2013-03-13 22:21:58.000000000 -0600
@@ -31,6 +31,37 @@
diff -uNr polarssl-1.2.7/include/polarssl/sha2.h polarssl.new/include/polarssl/sha2.h
--- polarssl-1.2.7/include/polarssl/sha2.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha2.h 2013-05-31 00:01:17.000000000 -0600
@@ -38,6 +38,39 @@
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
@ -445,12 +311,14 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/s
+int SHA256_Update(struct openssl_sha2_context *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, struct openssl_sha2_context *c);
+
+void sha256_block_data_order(struct openssl_sha2_context *c, const void *p, size_t num);
+
+#else
+
/**
* \brief SHA-256 context structure
*/
@@ -46,10 +77,40 @@
@@ -53,10 +86,45 @@
}
sha2_context;
@ -486,26 +354,44 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/s
+ SHA256_Final(output, &ctx->octx);
+}
+
+static inline void sha2_process( sha2_context *ctx, const unsigned char data[64] )
+{
+ sha256_block_data_order(&ctx->octx, data, 1);
+}
+
+#else
+
/**
* \brief SHA-256 context setup
*
@@ -75,6 +136,8 @@
@@ -82,6 +150,11 @@
*/
void sha2_finish( sha2_context *ctx, unsigned char output[32] );
+/* Internal use */
+void sha2_process( sha2_context *ctx, const unsigned char data[64] );
+
+#endif
+
/**
* \brief Output = SHA-256( input buffer )
*
diff -uNr polarssl-1.1.6/include/polarssl/sha4.h polarssl.new/include/polarssl/sha4.h
--- polarssl-1.1.6/include/polarssl/sha4.h 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/include/polarssl/sha4.h 2013-03-13 22:21:58.000000000 -0600
@@ -39,6 +39,40 @@
#define long64 long long
@@ -160,9 +233,6 @@
*/
int sha2_self_test( int verbose );
-/* Internal use */
-void sha2_process( sha2_context *ctx, const unsigned char data[64] );
-
#ifdef __cplusplus
}
#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha4.h polarssl.new/include/polarssl/sha4.h
--- polarssl-1.2.7/include/polarssl/sha4.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha4.h 2013-05-30 23:42:06.000000000 -0600
@@ -39,6 +39,40 @@
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
+#ifdef POLARSSL_USE_OPENSSL_SHA4
+
@ -594,9 +480,9 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha4.h polarssl.new/include/polarssl/s
/**
* \brief Output = SHA-512( input buffer )
*
diff -uNr polarssl-1.1.6/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
--- polarssl-1.1.6/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
--- polarssl-1.2.7/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-05-30 23:42:06.000000000 -0600
@@ -0,0 +1,38 @@
+#ifndef POLARSSL_SHA_OPENSSL_H
+#define POLARSSL_SHA_OPENSSL_H
@ -636,35 +522,19 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha_openssl.h polarssl.new/include/pol
+#endif
+
+#endif
diff -uNr polarssl-1.1.6/library/CMakeLists.txt polarssl.new/library/CMakeLists.txt
--- polarssl-1.1.6/library/CMakeLists.txt 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/CMakeLists.txt 2013-03-13 22:21:58.000000000 -0600
@@ -51,6 +51,12 @@
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
+if(OPENSSL_DIR)
+target_link_libraries(polarssl minicrypto)
+else()
+target_link_libraries(polarssl)
+endif()
+
install(TARGETS polarssl
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff -uNr polarssl-1.1.6/library/aes.c polarssl.new/library/aes.c
--- polarssl-1.1.6/library/aes.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/aes.c 2013-03-13 22:21:58.000000000 -0600
@@ -36,6 +36,8 @@
#include "polarssl/aes.h"
diff -uNr polarssl-1.2.7/library/aes.c polarssl.new/library/aes.c
--- polarssl-1.2.7/library/aes.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/aes.c 2013-05-30 23:42:06.000000000 -0600
@@ -38,6 +38,8 @@
#include "polarssl/padlock.h"
#endif
+#if !defined(POLARSSL_USE_OPENSSL_AES)
+
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -901,6 +903,7 @@
@@ -914,6 +916,7 @@
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CTR */
@ -672,138 +542,9 @@ diff -uNr polarssl-1.1.6/library/aes.c polarssl.new/library/aes.c
#if defined(POLARSSL_SELF_TEST)
diff -uNr polarssl-1.1.6/library/cipher.c polarssl.new/library/cipher.c
--- polarssl-1.1.6/library/cipher.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/cipher.c 2013-03-13 22:21:58.000000000 -0600
@@ -86,6 +86,10 @@
POLARSSL_CIPHER_DES_EDE3_CBC,
#endif /* defined(POLARSSL_DES_C) */
+#if defined(POLARSSL_USE_OPENSSL_BF)
+ POLARSSL_CIPHER_BF_128_CBC,
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
+
0
};
@@ -164,6 +168,11 @@
return &des_ede3_cbc_info;
#endif
+#if defined(POLARSSL_USE_OPENSSL_BF)
+ case POLARSSL_CIPHER_BF_128_CBC:
+ return &bf_128_cbc_info;
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
+
default:
return NULL;
}
@@ -237,6 +246,11 @@
if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
#endif
+
+#if defined(POLARSSL_USE_OPENSSL_BF)
+ if( !strcasecmp( "BF-CBC", cipher_name ) )
+ return cipher_info_from_type( POLARSSL_CIPHER_BF_128_CBC );
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
return NULL;
}
diff -uNr polarssl-1.1.6/library/cipher_wrap.c polarssl.new/library/cipher_wrap.c
--- polarssl-1.1.6/library/cipher_wrap.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/cipher_wrap.c 2013-03-13 22:21:58.000000000 -0600
@@ -549,4 +549,87 @@
};
#endif
+#ifdef POLARSSL_USE_OPENSSL_BF
+
+#include "polarssl/bf.h"
+
+int bf_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+ return bf_crypt_cbc( (bf_context *) ctx, operation, length, iv, input, output );
+}
+
+int bf_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
+ size_t *iv_off, unsigned char *iv, const unsigned char *input,
+ unsigned char *output )
+{
+ ((void) ctx);
+ ((void) operation);
+ ((void) length);
+ ((void) iv_off);
+ ((void) iv);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+int bf_crypt_ctr_wrap( void *ctx, size_t length,
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
+ const unsigned char *input, unsigned char *output )
+{
+ ((void) ctx);
+ ((void) length);
+ ((void) nc_off);
+ ((void) nonce_counter);
+ ((void) stream_block);
+ ((void) input);
+ ((void) output);
+
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+}
+
+int bf_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return bf_setkey_dec( (bf_context *) ctx, key, key_length );
+}
+
+int bf_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
+{
+ return bf_setkey_enc( (bf_context *) ctx, key, key_length );
+}
+
+static void * bf_ctx_alloc( void )
+{
+ return malloc( sizeof( bf_context ) );
+}
+
+static void bf_ctx_free( void *ctx )
+{
+ free( ctx );
+}
+
+const cipher_base_t bf_info = {
+ POLARSSL_CIPHER_ID_BF,
+ bf_crypt_cbc_wrap,
+ bf_crypt_cfb128_wrap,
+ bf_crypt_ctr_wrap,
+ bf_setkey_enc_wrap,
+ bf_setkey_dec_wrap,
+ bf_ctx_alloc,
+ bf_ctx_free
+};
+
+const cipher_info_t bf_128_cbc_info = {
+ POLARSSL_CIPHER_BF_128_CBC,
+ POLARSSL_MODE_CBC,
+ 128,
+ "BF-CBC",
+ 8,
+ 8,
+ &bf_info
+};
+
+#endif
+
#endif
diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
--- polarssl-1.1.6/library/sha1.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/sha1.c 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/library/sha1.c polarssl.new/library/sha1.c
--- polarssl-1.2.7/library/sha1.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha1.c 2013-05-30 23:42:06.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
@ -814,7 +555,7 @@ diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
* 32-bit integer manipulation macros (big endian)
*/
@@ -313,6 +315,8 @@
PUT_ULONG_BE( ctx->state[4], output, 16 );
PUT_UINT32_BE( ctx->state[4], output, 16 );
}
+#endif /* !POLARSSL_USE_OPENSSL_SHA1 */
@ -822,9 +563,9 @@ diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
/*
* output = SHA-1( input buffer )
*/
diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
--- polarssl-1.1.6/library/sha2.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/sha2.c 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/library/sha2.c polarssl.new/library/sha2.c
--- polarssl-1.2.7/library/sha2.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha2.c 2013-05-30 23:42:06.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
@ -835,7 +576,7 @@ diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
* 32-bit integer manipulation macros (big endian)
*/
@@ -314,6 +316,8 @@
PUT_ULONG_BE( ctx->state[7], output, 28 );
PUT_UINT32_BE( ctx->state[7], output, 28 );
}
+#endif /* !POLARSSL_USE_OPENSSL_SHA2 */
@ -843,9 +584,9 @@ diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
/*
* output = SHA-256( input buffer )
*/
diff -uNr polarssl-1.1.6/library/sha4.c polarssl.new/library/sha4.c
--- polarssl-1.1.6/library/sha4.c 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/sha4.c 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/library/sha4.c polarssl.new/library/sha4.c
--- polarssl-1.2.7/library/sha4.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha4.c 2013-05-30 23:42:06.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
@ -864,44 +605,65 @@ diff -uNr polarssl-1.1.6/library/sha4.c polarssl.new/library/sha4.c
/*
* output = SHA-512( input buffer )
*/
diff -uNr polarssl-1.1.6/library/ssl_tls.c polarssl.new/library/ssl_tls.c
--- polarssl-1.1.6/library/ssl_tls.c 2013-03-13 23:33:17.000000000 -0600
+++ polarssl.new/library/ssl_tls.c 2013-03-13 22:43:06.000000000 -0600
@@ -1595,8 +1595,10 @@
diff -uNr polarssl-1.2.7/library/ssl_tls.c polarssl.new/library/ssl_tls.c
--- polarssl-1.2.7/library/ssl_tls.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/ssl_tls.c 2013-05-30 23:42:06.000000000 -0600
@@ -2550,8 +2550,10 @@
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5->state, sizeof( md5->state ) );
md5.state, sizeof( md5.state ) );
+#ifndef POLARSSL_USE_OPENSSL_SHA1
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1->state, sizeof( sha1->state ) );
sha1.state, sizeof( sha1.state ) );
+#endif
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
diff -uNr polarssl-1.1.6/library/ssl_tls.c.orig polarssl.new/library/ssl_tls.c.orig
--- polarssl-1.1.6/library/ssl_tls.c.orig 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/library/ssl_tls.c.orig 2013-03-13 22:21:58.000000000 -0600
@@ -1911,7 +1911,7 @@
ssl->session = session;
}
sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT"
: (char *) "SRVR";
@@ -2621,8 +2623,10 @@
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
{
ssl->ciphersuites = ciphersuites;
}
diff -uNr polarssl-1.1.6/tests/suites/test_suite_aes.function polarssl.new/tests/suites/test_suite_aes.function
--- polarssl-1.1.6/tests/suites/test_suite_aes.function 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_aes.function 2013-03-13 22:21:58.000000000 -0600
+#ifndef POLARSSL_USE_OPENSSL_SHA1
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
@@ -2666,8 +2670,10 @@
* Hash( handshake ) )[0.11]
*/
+#ifndef POLARSSL_USE_OPENSSL_SHA2
SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
sha2.state, sizeof( sha2.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
@@ -2710,8 +2716,10 @@
* Hash( handshake ) )[0.11]
*/
+#ifndef POLARSSL_USE_OPENSSL_SHA4
SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
sha4.state, sizeof( sha4.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
diff -uNr polarssl-1.2.7/tests/suites/test_suite_aes.function polarssl.new/tests/suites/test_suite_aes.function
--- polarssl-1.2.7/tests/suites/test_suite_aes.function 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_aes.function 2013-05-30 23:42:06.000000000 -0600
@@ -1,4 +1,5 @@
BEGIN_HEADER
+#include <polarssl/config.h>
#include <polarssl/aes.h>
END_HEADER
diff -uNr polarssl-1.1.6/tests/suites/test_suite_ctr_drbg.function polarssl.new/tests/suites/test_suite_ctr_drbg.function
--- polarssl-1.1.6/tests/suites/test_suite_ctr_drbg.function 2013-03-11 10:02:58.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_ctr_drbg.function 2013-03-13 22:21:58.000000000 -0600
diff -uNr polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function polarssl.new/tests/suites/test_suite_ctr_drbg.function
--- polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_ctr_drbg.function 2013-05-30 23:42:06.000000000 -0600
@@ -1,4 +1,5 @@
BEGIN_HEADER
+#include <polarssl/config.h>

0
polarssl/polarssl-const-ciphersuite.patch → polarssl/unused/polarssl-const-ciphersuite.patch
View File

0
polarssl/polarssl-enum.patch → polarssl/unused/polarssl-enum.patch
View File

0
polarssl/polarssl-epki.patch → polarssl/unused/polarssl-epki.patch
View File

0
polarssl/polarssl-invalid-mac.patch → polarssl/unused/polarssl-invalid-mac.patch
View File

0
polarssl/trustex.patch → polarssl/unused/trustex.patch
View File