mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 12:12:15 +02:00
Updated PolarSSL to 1.2.7.
Still to do: enable POLARSSL_HAVE_ASM in polarssl/config.h after ARM bignum multiply is fixed.
This commit is contained in:
parent
926504ec4c
commit
e7b0794b31
@ -1,5 +1,5 @@
|
||||
export LZO_VERSION=lzo-2.06
|
||||
export SNAPPY_VERSION=snappy-1.0.5
|
||||
export POLARSSL_VERSION=polarssl-1.1.6
|
||||
export POLARSSL_VERSION=polarssl-1.2.7
|
||||
export OPENSSL_VERSION=openssl-1.0.1c
|
||||
export BOOST_VERSION=boost_1_51_0
|
||||
|
@ -103,7 +103,7 @@ namespace openvpn {
|
||||
# undef OPENVPN_CIPHER_SELECT
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return cipher_->name();
|
||||
|
@ -159,7 +159,7 @@ namespace openvpn {
|
||||
# undef OPENVPN_DIGEST_SELECT
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return digest_->name();
|
||||
|
@ -44,7 +44,7 @@ namespace openvpn {
|
||||
throw openssl_cipher_not_found(name);
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return EVP_CIPHER_name (cipher_);
|
||||
|
@ -48,7 +48,7 @@ namespace openvpn {
|
||||
throw openssl_digest_not_found(name);
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return EVP_MD_name(digest_);
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include <polarssl/cipher.h>
|
||||
|
||||
#include <boost/noncopyable.hpp>
|
||||
#include <boost/algorithm/string.hpp> // for boost::algorithm::starts_with, to_upper_copy
|
||||
|
||||
#include <openvpn/common/types.hpp>
|
||||
#include <openvpn/common/exception.hpp>
|
||||
@ -37,15 +38,16 @@ namespace openvpn {
|
||||
|
||||
Cipher(const std::string& name)
|
||||
{
|
||||
cipher_ = cipher_info_from_string(name.c_str());
|
||||
const std::string translated_name = openvpn_to_cipher_name(name.c_str());
|
||||
cipher_ = cipher_info_from_string(translated_name.c_str());
|
||||
if (!cipher_)
|
||||
throw polarssl_cipher_not_found(name);
|
||||
throw polarssl_cipher_not_found(translated_name);
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return cipher_->name;
|
||||
return cipher_name_to_openvpn(cipher_->name);
|
||||
}
|
||||
|
||||
size_t key_length() const
|
||||
@ -89,6 +91,23 @@ namespace openvpn {
|
||||
#endif
|
||||
}
|
||||
|
||||
static std::string openvpn_to_cipher_name(const std::string& name)
|
||||
{
|
||||
const std::string n = boost::algorithm::to_upper_copy(name);
|
||||
if (boost::algorithm::starts_with(n, "BF-"))
|
||||
return "BLOWFISH-" + n.substr(3);
|
||||
else
|
||||
return n;
|
||||
}
|
||||
|
||||
static std::string cipher_name_to_openvpn(const std::string& name)
|
||||
{
|
||||
if (boost::algorithm::starts_with(name, "BLOWFISH-"))
|
||||
return "BF-" + name.substr(9);
|
||||
else
|
||||
return name;
|
||||
}
|
||||
|
||||
const cipher_info_t *cipher_;
|
||||
};
|
||||
|
||||
|
@ -43,7 +43,7 @@ namespace openvpn {
|
||||
throw polarssl_digest_not_found(name);
|
||||
}
|
||||
|
||||
const char *name() const
|
||||
std::string name() const
|
||||
{
|
||||
check_initialized();
|
||||
return md_get_name(digest_);
|
||||
|
@ -5,7 +5,7 @@
|
||||
// Copyright (c) 2012 OpenVPN Technologies, Inc. All rights reserved.
|
||||
//
|
||||
|
||||
// Wrap the PolarSSL SSL API as defined in <polarssl/ssl.h>
|
||||
// Wrap the PolarSSL 1.2 SSL API as defined in <polarssl/ssl.h>
|
||||
// so that it can be used as the SSL layer by the OpenVPN core.
|
||||
|
||||
#ifndef OPENVPN_POLARSSL_SSL_SSLCTX_H
|
||||
@ -13,6 +13,7 @@
|
||||
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <sstream>
|
||||
#include <cstring>
|
||||
|
||||
#include <polarssl/ssl.h>
|
||||
@ -46,15 +47,6 @@
|
||||
|
||||
namespace openvpn {
|
||||
|
||||
namespace polarssl_ctx_private {
|
||||
static const int default_ciphersuites[] = // CONST GLOBAL
|
||||
{
|
||||
SSL_EDH_RSA_AES_256_SHA,
|
||||
SSL_EDH_RSA_AES_128_SHA,
|
||||
0
|
||||
};
|
||||
};
|
||||
|
||||
// Represents an SSL configuration that can be used
|
||||
// to instantiate actual SSL sessions.
|
||||
template <typename RAND_API>
|
||||
@ -332,10 +324,7 @@ namespace openvpn {
|
||||
// allocate session object, but don't support SSL-level session resume
|
||||
sess = new ssl_session;
|
||||
std::memset(sess, 0, sizeof(*sess));
|
||||
ssl_set_session(ssl, 0, 0, sess);
|
||||
|
||||
// set list of allowed ciphersuites
|
||||
ssl_set_ciphersuites(ssl, polarssl_ctx_private::default_ciphersuites);
|
||||
ssl_set_session(ssl, sess);
|
||||
|
||||
// set CA chain
|
||||
if (c.ca_chain)
|
||||
@ -350,7 +339,7 @@ namespace openvpn {
|
||||
{
|
||||
// set our own certificate, supporting chain (i.e. extra-certs), and external private key
|
||||
if (c.crt_chain)
|
||||
ssl_set_own_cert_pkcs11(ssl, c.crt_chain->get(), &ctx->p11);
|
||||
ssl_set_own_cert_alt(ssl, c.crt_chain->get(), ctx, epki_decrypt, epki_sign, epki_key_len);
|
||||
else
|
||||
throw PolarSSLException("cert is undefined");
|
||||
}
|
||||
@ -478,12 +467,6 @@ namespace openvpn {
|
||||
// Verify that cert is defined
|
||||
if (!config.crt_chain)
|
||||
throw PolarSSLException("cert is undefined");
|
||||
|
||||
// PKCS11 setup (always done, even if non-external-pki)
|
||||
p11.parameter = this;
|
||||
p11.f_decrypt = epki_decrypt;
|
||||
p11.f_sign = epki_sign;
|
||||
p11.len = config.crt_chain->get()->rsa.len;
|
||||
}
|
||||
}
|
||||
|
||||
@ -497,6 +480,11 @@ namespace openvpn {
|
||||
}
|
||||
|
||||
private:
|
||||
size_t key_len() const
|
||||
{
|
||||
return config.crt_chain->get()->rsa.len;
|
||||
}
|
||||
|
||||
// ns-cert-type verification
|
||||
|
||||
bool ns_cert_type_defined() const
|
||||
@ -639,14 +627,45 @@ namespace openvpn {
|
||||
return std::string("");
|
||||
}
|
||||
|
||||
static int verify_callback(void *arg, x509_cert *cert, int depth, int preverify_ok)
|
||||
static std::string fmt_polarssl_verify_flags(const int flags)
|
||||
{
|
||||
std::ostringstream os;
|
||||
if (flags & BADCERT_EXPIRED)
|
||||
os << "CERT_EXPIRED ";
|
||||
if (flags & BADCERT_REVOKED)
|
||||
os << "CERT_REVOKED ";
|
||||
if (flags & BADCERT_CN_MISMATCH)
|
||||
os << "CN_MISMATCH ";
|
||||
if (flags & BADCERT_NOT_TRUSTED)
|
||||
os << "CERT_NOT_TRUSTED ";
|
||||
if (flags & BADCRL_NOT_TRUSTED)
|
||||
os << "CRL_NOT_TRUSTED ";
|
||||
if (flags & BADCRL_EXPIRED)
|
||||
os << "CRL_EXPIRED ";
|
||||
if (flags & BADCERT_MISSING)
|
||||
os << "CERT_MISSING ";
|
||||
if (flags & BADCERT_SKIP_VERIFY)
|
||||
os << "CERT_SKIP_VERIFY ";
|
||||
if (flags & BADCERT_OTHER)
|
||||
os << "CERT_OTHER ";
|
||||
return os.str();
|
||||
}
|
||||
|
||||
static int verify_callback(void *arg, x509_cert *cert, int depth, int *flags)
|
||||
{
|
||||
PolarSSLContext *self = (PolarSSLContext *)arg;
|
||||
bool fail = false;
|
||||
|
||||
OPENVPN_LOG_SSL("VERIFY "
|
||||
<< (preverify_ok ? "OK" : "FAIL")
|
||||
<< ": depth=" << depth
|
||||
<< std::endl << cert_info(cert));
|
||||
// log status
|
||||
{
|
||||
std::string status_str = "OK";
|
||||
if (*flags)
|
||||
status_str = "FAIL " + fmt_polarssl_verify_flags(*flags);
|
||||
OPENVPN_LOG_SSL("VERIFY "
|
||||
<< status_str
|
||||
<< ": depth=" << depth
|
||||
<< std::endl << cert_info(cert));
|
||||
}
|
||||
|
||||
// leaf-cert verification
|
||||
if (depth == 0)
|
||||
@ -655,21 +674,21 @@ namespace openvpn {
|
||||
if (self->ns_cert_type_defined() && !self->verify_ns_cert_type(cert))
|
||||
{
|
||||
OPENVPN_LOG_SSL("VERIFY FAIL -- bad ns-cert-type in leaf certificate");
|
||||
preverify_ok = false;
|
||||
fail = true;
|
||||
}
|
||||
|
||||
// verify X509 key usage
|
||||
if (self->x509_cert_ku_defined() && !self->verify_x509_cert_ku(cert))
|
||||
{
|
||||
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 key usage in leaf certificate");
|
||||
preverify_ok = false;
|
||||
fail = true;
|
||||
}
|
||||
|
||||
// verify X509 extended key usage
|
||||
if (self->x509_cert_eku_defined() && !self->verify_x509_cert_eku(cert))
|
||||
{
|
||||
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 extended key usage in leaf certificate");
|
||||
preverify_ok = false;
|
||||
fail = true;
|
||||
}
|
||||
|
||||
// verify tls-remote
|
||||
@ -681,12 +700,14 @@ namespace openvpn {
|
||||
if (!TLSRemote::test(self->config.tls_remote, subject, common_name))
|
||||
{
|
||||
OPENVPN_LOG_SSL("VERIFY FAIL -- tls-remote match failed");
|
||||
preverify_ok = false;
|
||||
fail = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return preverify_ok ? 0 : POLARSSL_ERR_SSL_PEER_VERIFY_FAILED;
|
||||
if (fail)
|
||||
*flags |= BADCERT_OTHER;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static std::string cert_info(const x509_cert *cert, const char *prefix = NULL)
|
||||
@ -703,26 +724,28 @@ namespace openvpn {
|
||||
{
|
||||
}
|
||||
|
||||
static int epki_decrypt(pkcs11_context *ctx,
|
||||
static int epki_decrypt(void *arg,
|
||||
int mode,
|
||||
size_t *olen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned int output_max_len)
|
||||
size_t output_max_len)
|
||||
{
|
||||
OPENVPN_LOG_SSL("PolarSSLContext::epki_decrypt is unimplemented, mode=" << mode
|
||||
<< " output_max_len=" << output_max_len);
|
||||
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
static int epki_sign(pkcs11_context *ctx,
|
||||
static int epki_sign(void *arg,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
int hash_id,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig)
|
||||
{
|
||||
PolarSSLContext *self = (PolarSSLContext *) ctx->parameter;
|
||||
PolarSSLContext *self = (PolarSSLContext *) arg;
|
||||
try {
|
||||
if (mode == RSA_PRIVATE && hash_id == SIG_RSA_RAW)
|
||||
{
|
||||
@ -737,7 +760,7 @@ namespace openvpn {
|
||||
throw polarssl_external_pki("could not obtain signature");
|
||||
|
||||
/* decode base64 signature to binary */
|
||||
const int len = ctx->len;
|
||||
const size_t len = self->key_len();
|
||||
Buffer sigbuf(sig, len, false);
|
||||
base64->decode(sigbuf, sig_b64);
|
||||
|
||||
@ -762,8 +785,13 @@ namespace openvpn {
|
||||
}
|
||||
}
|
||||
|
||||
static size_t epki_key_len(void *arg)
|
||||
{
|
||||
PolarSSLContext *self = (PolarSSLContext *) arg;
|
||||
return self->key_len();
|
||||
}
|
||||
|
||||
Config config;
|
||||
pkcs11_context p11;
|
||||
};
|
||||
|
||||
} // namespace openvpn
|
||||
|
@ -15,7 +15,7 @@
|
||||
#include <vector>
|
||||
|
||||
#include <boost/cstdint.hpp> // for boost::uint32_t, uint64_t
|
||||
#include <boost/algorithm/string.hpp> // for boost::to_upper_copy
|
||||
#include <boost/algorithm/string.hpp> // for boost::algorithm::to_upper_copy
|
||||
|
||||
#include <openvpn/common/types.hpp>
|
||||
#include <openvpn/common/exception.hpp>
|
||||
@ -79,7 +79,7 @@ namespace openvpn {
|
||||
// concatenate uppercase(username) + domain,
|
||||
// convert to utf-16, and run it through HMAC-MD5
|
||||
// keyed to md4_hash
|
||||
const std::string ud = boost::to_upper_copy(username) + domain;
|
||||
const std::string ud = boost::algorithm::to_upper_copy(username) + domain;
|
||||
BufferPtr ud_u = Unicode::string_to_utf16(ud);
|
||||
typename CRYPTO_API::HMACContext hmac_ctx1(CRYPTO_API::Digest::md5(), md4_hash, 16);
|
||||
hmac_ctx1.update(ud_u->c_data(), ud_u->size());
|
||||
|
@ -1,16 +1,34 @@
|
||||
# cmake -DENABLE_TESTING=1 -DMINICRYPTO_DIR=$MINICRYPTO_DIR -DOPENSSL_AES_NI=1 ../polarssl-1.1.1 && make
|
||||
|
||||
cmake_minimum_required(VERSION 2.6)
|
||||
project(POLARSSL C)
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{LIB_FPIC} $ENV{LIB_OPT_LEVEL} $ENV{PLATFORM_FLAGS} $ENV{OTHER_COMPILER_FLAGS} -Wall -W -Wdeclaration-after-statement")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
enable_testing()
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
# JY Added
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{LIB_FPIC} $ENV{LIB_OPT_LEVEL} $ENV{PLATFORM_FLAGS} $ENV{OTHER_COMPILER_FLAGS} -Wall -W -Wdeclaration-after-statement")
|
||||
|
||||
# JY Commented out
|
||||
#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
|
||||
#set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
|
||||
#set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_SHARED_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
|
||||
|
||||
option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
|
||||
|
||||
option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
|
||||
|
||||
# JY added
|
||||
if(ENABLE_SERVER)
|
||||
add_definitions(-DPOLARSSL_SSL_SRV_C)
|
||||
endif()
|
||||
|
||||
# JY added
|
||||
if(MINICRYPTO)
|
||||
if(MINICRYPTO_DIR)
|
||||
add_library(minicrypto STATIC IMPORTED)
|
||||
@ -24,27 +42,27 @@ if(MINICRYPTO)
|
||||
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA1)
|
||||
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA2)
|
||||
add_definitions(-DPOLARSSL_USE_OPENSSL_SHA4)
|
||||
add_definitions(-DPOLARSSL_USE_OPENSSL_BF)
|
||||
if(OPENSSL_AES_NI)
|
||||
add_definitions(-DPOLARSSL_USE_OPENSSL_AES_NI)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# JY added
|
||||
if(EXTERNAL_RNG)
|
||||
add_definitions(-DEXTERNAL_RNG)
|
||||
endif()
|
||||
|
||||
# include self-test functions only (for cross development)
|
||||
# include self-test functions only (for cross development) (JY added)
|
||||
if(ENABLE_SELF_TEST)
|
||||
add_definitions(-DPOLARSSL_SELF_TEST)
|
||||
endif()
|
||||
|
||||
# include full testing infrastructure
|
||||
# include full testing infrastructure (JY added)
|
||||
if(ENABLE_TESTING)
|
||||
add_definitions(-DENABLE_TESTING)
|
||||
enable_testing()
|
||||
endif()
|
||||
|
||||
|
||||
if(LIB_INSTALL_DIR)
|
||||
else()
|
||||
set(LIB_INSTALL_DIR lib)
|
||||
@ -52,13 +70,25 @@ endif()
|
||||
|
||||
include_directories(include/)
|
||||
|
||||
if(ENABLE_ZLIB_SUPPORT)
|
||||
find_package(ZLIB)
|
||||
|
||||
if(ZLIB_FOUND)
|
||||
include_directories(ZLIB_INCLUDE_DIR)
|
||||
endif(ZLIB_FOUND)
|
||||
endif(ENABLE_ZLIB_SUPPORT)
|
||||
|
||||
add_subdirectory(library)
|
||||
add_subdirectory(include)
|
||||
|
||||
# include full testing infrastructure
|
||||
# include full testing infrastructure (JY modified)
|
||||
if(ENABLE_TESTING)
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
add_subdirectory(tests)
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
add_subdirectory(programs)
|
||||
endif()
|
||||
|
||||
ADD_CUSTOM_TARGET(apidoc
|
||||
COMMAND doxygen doxygen/polarssl.doxyfile
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
@ -38,6 +38,13 @@ mkdir $DIST
|
||||
if [ "$NO_WIPE" = "1" ]; then
|
||||
echo RETAIN existing source
|
||||
cd $POLARSSL_VERSION
|
||||
elif [ "$NO_WIPE" = "partial" ]; then
|
||||
echo RETAIN existing source but copy config.h and CMakeLists.txt
|
||||
cd $POLARSSL_VERSION
|
||||
|
||||
# define configs
|
||||
cp $PD/config.h include/polarssl/
|
||||
cp $PD/CMakeLists.txt .
|
||||
else
|
||||
echo WIPE and reunzip source
|
||||
rm -rf $POLARSSL_VERSION
|
||||
@ -50,18 +57,8 @@ else
|
||||
rm $(find . -type f | grep Makefile)
|
||||
|
||||
# patch it
|
||||
cd library
|
||||
#echo PATCH trustex.patch
|
||||
#patch <$PD/trustex.patch
|
||||
cd ..
|
||||
echo PATCH polarssl-enum.patch
|
||||
patch -p1 <$PD/polarssl-enum.patch
|
||||
echo PATCH polarssl-const-ciphersuite.patch
|
||||
patch -p1 <$PD/polarssl-const-ciphersuite.patch
|
||||
echo PATCH polarssl-epki.patch
|
||||
patch -p1 <$PD/polarssl-epki.patch
|
||||
#echo PATCH polarssl-invalid-mac.patch
|
||||
#patch -p1 <$PD/polarssl-invalid-mac.patch
|
||||
#echo PATCH X.patch
|
||||
#patch -p1 <$PD/X.patch
|
||||
|
||||
# do the big polar-openssl patch
|
||||
if [ "$USE_MINICRYPTO" = "1" ]; then
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
POLARSSL_SRC=$HOME/src/mac/polarssl-1.1.6
|
||||
POLARSSL_SRC=$HOME/src/mac/polarssl-1.2.7
|
||||
PD=$O3/polarssl
|
||||
PB=$(basename $POLARSSL_SRC)
|
||||
|
||||
@ -13,10 +13,7 @@ cp -a $POLARSSL_SRC polarssl.new
|
||||
tar xfz $DL/$PB-gpl.tgz
|
||||
|
||||
cd $PB
|
||||
rm $(find . -type f | grep Makefile)
|
||||
patch -p1 <$PD/polarssl-enum.patch
|
||||
patch -p1 <$PD/polarssl-const-ciphersuite.patch
|
||||
patch -p1 <$PD/polarssl-epki.patch
|
||||
rm $(find . -type f | grep -E 'Makefile|\.orig$|\.rej$')
|
||||
rm CMakeLists.txt include/polarssl/config.h
|
||||
|
||||
cd ../polarssl.new
|
||||
|
@ -3,7 +3,7 @@
|
||||
*
|
||||
* \brief Configuration options (set of defines)
|
||||
*
|
||||
* Copyright (C) 2006-2011, Brainspark B.V.
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
@ -35,33 +35,6 @@
|
||||
#define _CRT_SECURE_NO_DEPRECATE 1
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ERROR_STRERROR_DUMMY
|
||||
*
|
||||
* Enable a dummy error function to make use of error_strerror() in
|
||||
* third party libraries easier.
|
||||
*
|
||||
* Disable if you run into name conflicts and want to really remove the
|
||||
* error_strerror()
|
||||
*/
|
||||
#define POLARSSL_ERROR_STRERROR_DUMMY
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_DEBUG_ALL
|
||||
*
|
||||
* Enable the debug messages in SSL module for all issues.
|
||||
* Debug messages have been disabled in some places to prevent timing
|
||||
* attacks due to (unbalanced) debugging function calls.
|
||||
*
|
||||
* If you need all error reporting you should enable this during debugging,
|
||||
* but remove this for production servers that should log as well.
|
||||
*
|
||||
* Uncomment this macro to report all debug messages on errors introducing
|
||||
* a timing side-channel.
|
||||
*
|
||||
#define POLARSSL_SSL_DEBUG_ALL
|
||||
*/
|
||||
|
||||
/**
|
||||
* \name SECTION: System support
|
||||
*
|
||||
@ -90,12 +63,9 @@
|
||||
/**
|
||||
* \def POLARSSL_HAVE_LONGLONG
|
||||
*
|
||||
* The compiler supports the use of long long.
|
||||
*
|
||||
* Uncomment if the compiler supports long long.
|
||||
#define POLARSSL_HAVE_LONGLONG
|
||||
* The compiler supports the 'long long' type.
|
||||
* (Only used on 32-bit platforms)
|
||||
*/
|
||||
// JY added
|
||||
#define POLARSSL_HAVE_LONGLONG
|
||||
|
||||
/**
|
||||
@ -113,12 +83,13 @@
|
||||
* include/polarssl/bn_mul.h
|
||||
*
|
||||
*/
|
||||
#define POLARSSL_HAVE_ASM
|
||||
// JY fixme
|
||||
//#define POLARSSL_HAVE_ASM
|
||||
|
||||
/**
|
||||
* \def POLARSSL_HAVE_SSE2
|
||||
*
|
||||
* CPI supports SSE2 instruction set.
|
||||
* CPU supports SSE2 instruction set.
|
||||
*
|
||||
* Uncomment if the CPU supports SSE2 (IA-32 specific).
|
||||
*
|
||||
@ -161,13 +132,47 @@
|
||||
//#define POLARSSL_CIPHER_MODE_CTR
|
||||
|
||||
/**
|
||||
* \def POLARSSL_DEBUG_MSG
|
||||
* \def POLARSSL_CIPHER_NULL_CIPHER
|
||||
*
|
||||
* Requires: POLARSSL_DEBUG_C
|
||||
* Enable NULL cipher.
|
||||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* encryption or channels without any security!
|
||||
*
|
||||
* Enable all SSL/TLS debugging messages.
|
||||
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
||||
* the following ciphersuites:
|
||||
* TLS_RSA_WITH_NULL_MD5
|
||||
* TLS_RSA_WITH_NULL_SHA
|
||||
* TLS_RSA_WITH_NULL_SHA256
|
||||
*
|
||||
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||
#define POLARSSL_CIPHER_NULL_CIPHER
|
||||
*/
|
||||
#define POLARSSL_DEBUG_MSG
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||
*
|
||||
* Enable weak ciphersuites in SSL / TLS
|
||||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* channels with virtually no security at all!
|
||||
*
|
||||
* This enables the following ciphersuites:
|
||||
* TLS_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
*
|
||||
* Uncomment this macro to enable weak ciphersuites
|
||||
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ERROR_STRERROR_DUMMY
|
||||
*
|
||||
* Enable a dummy error function to make use of error_strerror() in
|
||||
* third party libraries easier.
|
||||
*
|
||||
* Disable if you run into name conflicts and want to really remove the
|
||||
* error_strerror()
|
||||
*/
|
||||
#define POLARSSL_ERROR_STRERROR_DUMMY
|
||||
|
||||
/**
|
||||
* \def POLARSSL_GENPRIME
|
||||
@ -246,6 +251,57 @@
|
||||
#define POLARSSL_SELF_TEST
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
* Enable sending of alert messages in case of encountered errors as per RFC.
|
||||
* If you choose not to send the alert messages, PolarSSL can still communicate
|
||||
* with other servers, only debugging of failures is harder.
|
||||
*
|
||||
* The advantage of not sending alert messages, is that no information is given
|
||||
* about reasons for failures thus preventing adversaries of gaining intel.
|
||||
*
|
||||
* Enable sending of all alert messages
|
||||
*/
|
||||
#define POLARSSL_SSL_ALERT_MESSAGES
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_DEBUG_ALL
|
||||
*
|
||||
* Enable the debug messages in SSL module for all issues.
|
||||
* Debug messages have been disabled in some places to prevent timing
|
||||
* attacks due to (unbalanced) debugging function calls.
|
||||
*
|
||||
* If you need all error reporting you should enable this during debugging,
|
||||
* but remove this for production servers that should log as well.
|
||||
*
|
||||
* Uncomment this macro to report all debug messages on errors introducing
|
||||
* a timing side-channel.
|
||||
*
|
||||
#define POLARSSL_SSL_DEBUG_ALL
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_HW_RECORD_ACCEL
|
||||
*
|
||||
* Enable hooking functions in SSL module for hardware acceleration of
|
||||
* individual records.
|
||||
*
|
||||
* Uncomment this macro to enable hooking functions.
|
||||
#define POLARSSL_SSL_HW_RECORD_ACCEL
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
*
|
||||
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
|
||||
* SSL Server module (POLARSSL_SSL_SRV_C)
|
||||
*
|
||||
* Comment this macro to disable support for SSLv2 Client Hello messages.
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
|
||||
|
||||
/**
|
||||
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
*
|
||||
@ -256,6 +312,22 @@
|
||||
*
|
||||
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ZLIB_SUPPORT
|
||||
*
|
||||
* If set, the SSL/TLS module uses ZLIB to support compression and
|
||||
* decompression of packet data.
|
||||
*
|
||||
* Used in: library/ssl_tls.c
|
||||
* library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
*
|
||||
* This feature requires zlib library and headers to be present.
|
||||
*
|
||||
* Uncomment to enable use of ZLIB
|
||||
#define POLARSSL_ZLIB_SUPPORT
|
||||
*/
|
||||
/* \} name */
|
||||
|
||||
/**
|
||||
@ -275,10 +347,20 @@
|
||||
* library/pem.c
|
||||
* library/ctr_drbg.c
|
||||
*
|
||||
* This module enables the following ciphersuites:
|
||||
* SSL_RSA_AES_128_SHA
|
||||
* SSL_RSA_AES_256_SHA
|
||||
* SSL_EDH_RSA_AES_256_SHA
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
*
|
||||
* PEM uses AES for decrypting encrypted keys.
|
||||
*/
|
||||
#define POLARSSL_AES_C
|
||||
|
||||
@ -291,8 +373,8 @@
|
||||
* Caller: library/ssl_tls.c
|
||||
*
|
||||
* This module enables the following ciphersuites:
|
||||
* SSL_RSA_RC4_128_MD5
|
||||
* SSL_RSA_RC4_128_SHA
|
||||
* TLS_RSA_WITH_RC4_128_MD5
|
||||
* TLS_RSA_WITH_RC4_128_SHA
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_ARC4_C
|
||||
@ -307,6 +389,16 @@
|
||||
*/
|
||||
#define POLARSSL_ASN1_PARSE_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ASN1_WRITE_C
|
||||
*
|
||||
* Enable the generic ASN1 writer.
|
||||
*
|
||||
* Module: library/asn1write.c
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_ASN1_WRITE_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_BASE64_C
|
||||
*
|
||||
@ -322,7 +414,7 @@
|
||||
/**
|
||||
* \def POLARSSL_BIGNUM_C
|
||||
*
|
||||
* Enable the multo-precision integer library.
|
||||
* Enable the multi-precision integer library.
|
||||
*
|
||||
* Module: library/bignum.c
|
||||
* Caller: library/dhm.c
|
||||
@ -334,6 +426,15 @@
|
||||
*/
|
||||
#define POLARSSL_BIGNUM_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_BLOWFISH_C
|
||||
*
|
||||
* Enable the Blowfish block cipher.
|
||||
*
|
||||
* Module: library/blowfish.c
|
||||
*/
|
||||
#define POLARSSL_BLOWFISH_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_CAMELLIA_C
|
||||
*
|
||||
@ -342,10 +443,16 @@
|
||||
* Module: library/camellia.c
|
||||
* Caller: library/ssl_tls.c
|
||||
*
|
||||
* This module enabled the following cipher suites:
|
||||
* SSL_RSA_CAMELLIA_128_SHA
|
||||
* SSL_RSA_CAMELLIA_256_SHA
|
||||
* SSL_EDH_RSA_CAMELLIA_256_SHA
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_CAMELLIA_C
|
||||
@ -414,13 +521,16 @@
|
||||
* Enable the DES block cipher.
|
||||
*
|
||||
* Module: library/des.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/pem.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module enables the following ciphersuites:
|
||||
* SSL_RSA_DES_168_SHA
|
||||
* SSL_EDH_RSA_DES_168_SHA
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* PEM uses DES/3DES for decrypting encrypted keys.
|
||||
*/
|
||||
// JY changed -- needed for PEM key decryption
|
||||
#define POLARSSL_DES_C
|
||||
|
||||
/**
|
||||
@ -432,10 +542,20 @@
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
*
|
||||
* This module enables the following ciphersuites:
|
||||
* SSL_EDH_RSA_DES_168_SHA
|
||||
* SSL_EDH_RSA_AES_256_SHA
|
||||
* SSL_EDH_RSA_CAMELLIA_256_SHA
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
#define POLARSSL_DHM_C
|
||||
|
||||
@ -465,6 +585,22 @@
|
||||
*/
|
||||
#define POLARSSL_ERROR_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_GCM_C
|
||||
*
|
||||
* Enable the Galois/Counter Mode (GCM) for AES
|
||||
*
|
||||
* Module: library/gcm.c
|
||||
*
|
||||
* Requires: POLARSSL_AES_C
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
*/
|
||||
#define POLARSSL_GCM_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_HAVEGE_C
|
||||
*
|
||||
@ -525,10 +661,12 @@
|
||||
* Enable the MD5 hash algorithm
|
||||
*
|
||||
* Module: library/md5.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* Caller: library/pem.c
|
||||
* library/ssl_tls.c
|
||||
* library/x509parse.c
|
||||
*
|
||||
* This module is required for SSL/TLS and X.509.
|
||||
* PEM uses MD5 for decrypting encrypted keys.
|
||||
*/
|
||||
#define POLARSSL_MD5_C
|
||||
|
||||
@ -558,6 +696,19 @@
|
||||
// JY removed
|
||||
//#define POLARSSL_PADLOCK_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_PBKDF2_C
|
||||
*
|
||||
* Enable PKCS#5 PBKDF2 key derivation function
|
||||
*
|
||||
* Module: library/pbkdf2.c
|
||||
*
|
||||
* Requires: POLARSSL_MD_C
|
||||
*
|
||||
* This module adds support for the PKCS#5 PBKDF2 key derivation function.
|
||||
#define POLARSSL_PBKDF2_C
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def POLARSSL_PEM_C
|
||||
*
|
||||
@ -575,7 +726,7 @@
|
||||
/**
|
||||
* \def POLARSSL_PKCS11_C
|
||||
*
|
||||
* Enable support for PKCS#11 smartcard support.
|
||||
* Enable wrapper for PKCS#11 smartcard support.
|
||||
*
|
||||
* Module: library/ssl_srv.c
|
||||
* Caller: library/ssl_cli.c
|
||||
@ -583,26 +734,10 @@
|
||||
*
|
||||
* Requires: POLARSSL_SSL_TLS_C
|
||||
*
|
||||
* This module is required for SSL/TLS PKCS #11 smartcard support.
|
||||
* This module enables SSL/TLS PKCS #11 smartcard support.
|
||||
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
|
||||
*/
|
||||
// JY added
|
||||
#define POLARSSL_PKCS11_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
|
||||
*
|
||||
* Enable support for generic external private key implementations.
|
||||
*
|
||||
* Module: library/ssl_srv.c
|
||||
* Caller: library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
*
|
||||
* Requires: POLARSSL_PKCS11_C
|
||||
*
|
||||
*/
|
||||
// JY added
|
||||
#define POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
|
||||
|
||||
/**
|
||||
* \def POLARSSL_RSA_C
|
||||
@ -646,6 +781,7 @@
|
||||
* library/x509parse.c
|
||||
*
|
||||
* This module adds support for SHA-224 and SHA-256.
|
||||
* This module is required for the SSL/TLS 1.2 PRF function.
|
||||
*/
|
||||
#define POLARSSL_SHA2_C
|
||||
|
||||
@ -662,6 +798,19 @@
|
||||
*/
|
||||
#define POLARSSL_SHA4_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_CACHE_C
|
||||
*
|
||||
* Enable simple SSL cache implementation.
|
||||
*
|
||||
* Module: library/ssl_cache.c
|
||||
* Caller:
|
||||
*
|
||||
* Requires: POLARSSL_SSL_CACHE_C
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_SSL_CACHE_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_CLI_C
|
||||
*
|
||||
@ -676,7 +825,7 @@
|
||||
*/
|
||||
#define POLARSSL_SSL_CLI_C
|
||||
|
||||
/*
|
||||
/**
|
||||
* \def POLARSSL_SSL_SRV_C
|
||||
*
|
||||
* Enable the SSL/TLS server code.
|
||||
@ -746,6 +895,20 @@
|
||||
*/
|
||||
#define POLARSSL_X509_PARSE_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_X509_WRITE_C
|
||||
*
|
||||
* Enable X.509 buffer writing.
|
||||
*
|
||||
* Module: library/x509write.c
|
||||
*
|
||||
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
|
||||
*
|
||||
* This module is required for X.509 certificate request writing.
|
||||
*/
|
||||
// JY removed
|
||||
//#define POLARSSL_X509_WRITE_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_XTEA_C
|
||||
*
|
||||
@ -758,4 +921,8 @@
|
||||
//#define POLARSSL_XTEA_C
|
||||
/* \} name */
|
||||
|
||||
#endif
|
||||
// JY added
|
||||
#define POLARSSL_BLOWFISH_NAME "BF"
|
||||
#define POLARSSL_BLOWFISH_DEFAULT_KEY_LEN 128
|
||||
|
||||
#endif /* config.h */
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/aes.h
|
||||
--- polarssl-1.1.6/include/polarssl/aes.h 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/aes.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -35,6 +35,12 @@
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/aes.h polarssl.new/include/polarssl/aes.h
|
||||
--- polarssl-1.2.7/include/polarssl/aes.h 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/aes.h 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -42,6 +42,12 @@
|
||||
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
@ -14,7 +14,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/ae
|
||||
/**
|
||||
* \brief AES context structure
|
||||
*/
|
||||
@@ -162,6 +168,9 @@
|
||||
@@ -169,6 +175,9 @@
|
||||
unsigned char stream_block[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
@ -24,15 +24,15 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes.h polarssl.new/include/polarssl/ae
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
@@ -172,5 +181,4 @@
|
||||
@@ -179,5 +188,4 @@
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
-
|
||||
#endif /* aes.h */
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/aes_openssl.h polarssl.new/include/polarssl/aes_openssl.h
|
||||
--- polarssl-1.1.6/include/polarssl/aes_openssl.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/aes_openssl.h 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/aes_openssl.h polarssl.new/include/polarssl/aes_openssl.h
|
||||
--- polarssl-1.2.7/include/polarssl/aes_openssl.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/aes_openssl.h 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -0,0 +1,145 @@
|
||||
+/*
|
||||
+ * Use OpenSSL implementation of AES methods to get asm and hardware acceleration.
|
||||
@ -179,144 +179,10 @@ diff -uNr polarssl-1.1.6/include/polarssl/aes_openssl.h polarssl.new/include/pol
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/bf.h polarssl.new/include/polarssl/bf.h
|
||||
--- polarssl-1.1.6/include/polarssl/bf.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/bf.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -0,0 +1,95 @@
|
||||
+#ifndef POLARSSL_BF_H
|
||||
+#define POLARSSL_BF_H
|
||||
+
|
||||
+#if defined(POLARSSL_USE_OPENSSL_BF)
|
||||
+
|
||||
+#include <string.h>
|
||||
+
|
||||
+#define BF_ENCRYPT 1
|
||||
+#define BF_DECRYPT 0
|
||||
+
|
||||
+/*
|
||||
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
|
||||
+ * ! BF_LONG_LOG2 has to be defined along. !
|
||||
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
+ */
|
||||
+
|
||||
+#if defined(__LP32__)
|
||||
+#define BF_LONG unsigned long
|
||||
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
|
||||
+#define BF_LONG unsigned long
|
||||
+#define BF_LONG_LOG2 3
|
||||
+/*
|
||||
+ * _CRAY note. I could declare short, but I have no idea what impact
|
||||
+ * does it have on performance on none-T3E machines. I could declare
|
||||
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
|
||||
+ * So I've chosen long...
|
||||
+ * <appro@fy.chalmers.se>
|
||||
+ */
|
||||
+#else
|
||||
+#define BF_LONG unsigned int
|
||||
+#endif
|
||||
+
|
||||
+#define BF_ROUNDS 16
|
||||
+#define BF_BLOCK 8
|
||||
+
|
||||
+/**
|
||||
+ * \brief BF context structure
|
||||
+ */
|
||||
+typedef struct
|
||||
+{
|
||||
+ BF_LONG P[BF_ROUNDS+2];
|
||||
+ BF_LONG S[4*256];
|
||||
+}
|
||||
+bf_context;
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif
|
||||
+
|
||||
+void BF_set_key(bf_context *key, int len, const unsigned char *data);
|
||||
+
|
||||
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
+ const bf_context *key, int enc);
|
||||
+
|
||||
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
|
||||
+ const bf_context *schedule, unsigned char *ivec, int enc);
|
||||
+
|
||||
+static inline int bf_setkey_enc( bf_context *ctx, const unsigned char *key, unsigned int keysize )
|
||||
+{
|
||||
+ BF_set_key(ctx, keysize / 8, key);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static inline int bf_setkey_dec( bf_context *ctx, const unsigned char *key, unsigned int keysize )
|
||||
+{
|
||||
+ BF_set_key(ctx, keysize / 8, key);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static inline int bf_crypt_ecb( bf_context *ctx,
|
||||
+ int mode,
|
||||
+ const unsigned char input[8],
|
||||
+ unsigned char output[8] )
|
||||
+{
|
||||
+ BF_ecb_encrypt(input, output, ctx, mode);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static inline int bf_crypt_cbc( bf_context *ctx,
|
||||
+ int mode,
|
||||
+ size_t length,
|
||||
+ unsigned char iv[8],
|
||||
+ const unsigned char *input,
|
||||
+ unsigned char *output )
|
||||
+{
|
||||
+ BF_cbc_encrypt(input, output, length, ctx, iv, mode);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
+#endif
|
||||
+#endif /* bf.h */
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/cipher.h polarssl.new/include/polarssl/cipher.h
|
||||
--- polarssl-1.1.6/include/polarssl/cipher.h 2013-03-13 23:33:17.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/cipher.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -52,6 +52,7 @@
|
||||
POLARSSL_CIPHER_ID_DES,
|
||||
POLARSSL_CIPHER_ID_3DES,
|
||||
POLARSSL_CIPHER_ID_CAMELLIA,
|
||||
+ POLARSSL_CIPHER_ID_BF,
|
||||
} cipher_id_t;
|
||||
|
||||
typedef enum {
|
||||
@@ -76,7 +77,8 @@
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CTR,
|
||||
POLARSSL_CIPHER_DES_CBC,
|
||||
POLARSSL_CIPHER_DES_EDE_CBC,
|
||||
- POLARSSL_CIPHER_DES_EDE3_CBC
|
||||
+ POLARSSL_CIPHER_DES_EDE3_CBC,
|
||||
+ POLARSSL_CIPHER_BF_128_CBC,
|
||||
} cipher_type_t;
|
||||
|
||||
typedef enum {
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/cipher_wrap.h polarssl.new/include/polarssl/cipher_wrap.h
|
||||
--- polarssl-1.1.6/include/polarssl/cipher_wrap.h 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/cipher_wrap.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -84,6 +84,10 @@
|
||||
|
||||
#endif /* defined(POLARSSL_DES_C) */
|
||||
|
||||
+#if defined(POLARSSL_USE_OPENSSL_BF)
|
||||
+extern const cipher_info_t bf_128_cbc_info;
|
||||
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/sha1.h
|
||||
--- polarssl-1.1.6/include/polarssl/sha1.h 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha1.h 2013-03-13 23:22:29.000000000 -0600
|
||||
@@ -31,6 +31,33 @@
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha1.h polarssl.new/include/polarssl/sha1.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha1.h 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha1.h 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -38,6 +38,33 @@
|
||||
|
||||
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
|
||||
|
||||
@ -350,7 +216,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
*/
|
||||
@@ -45,10 +72,36 @@
|
||||
@@ -52,10 +79,36 @@
|
||||
}
|
||||
sha1_context;
|
||||
|
||||
@ -387,7 +253,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
@@ -73,6 +126,11 @@
|
||||
@@ -80,6 +133,11 @@
|
||||
*/
|
||||
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
|
||||
|
||||
@ -399,7 +265,7 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
*
|
||||
@@ -145,9 +203,6 @@
|
||||
@@ -152,9 +210,6 @@
|
||||
*/
|
||||
int sha1_self_test( int verbose );
|
||||
|
||||
@ -409,10 +275,10 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha1.h polarssl.new/include/polarssl/s
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/sha2.h
|
||||
--- polarssl-1.1.6/include/polarssl/sha2.h 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha2.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -31,6 +31,37 @@
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha2.h polarssl.new/include/polarssl/sha2.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha2.h 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha2.h 2013-05-31 00:01:17.000000000 -0600
|
||||
@@ -38,6 +38,39 @@
|
||||
|
||||
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
|
||||
|
||||
@ -445,12 +311,14 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/s
|
||||
+int SHA256_Update(struct openssl_sha2_context *c, const void *data, size_t len);
|
||||
+int SHA256_Final(unsigned char *md, struct openssl_sha2_context *c);
|
||||
+
|
||||
+void sha256_block_data_order(struct openssl_sha2_context *c, const void *p, size_t num);
|
||||
+
|
||||
+#else
|
||||
+
|
||||
/**
|
||||
* \brief SHA-256 context structure
|
||||
*/
|
||||
@@ -46,10 +77,40 @@
|
||||
@@ -53,10 +86,45 @@
|
||||
}
|
||||
sha2_context;
|
||||
|
||||
@ -486,26 +354,44 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha2.h polarssl.new/include/polarssl/s
|
||||
+ SHA256_Final(output, &ctx->octx);
|
||||
+}
|
||||
+
|
||||
+static inline void sha2_process( sha2_context *ctx, const unsigned char data[64] )
|
||||
+{
|
||||
+ sha256_block_data_order(&ctx->octx, data, 1);
|
||||
+}
|
||||
+
|
||||
+#else
|
||||
+
|
||||
/**
|
||||
* \brief SHA-256 context setup
|
||||
*
|
||||
@@ -75,6 +136,8 @@
|
||||
@@ -82,6 +150,11 @@
|
||||
*/
|
||||
void sha2_finish( sha2_context *ctx, unsigned char output[32] );
|
||||
|
||||
+/* Internal use */
|
||||
+void sha2_process( sha2_context *ctx, const unsigned char data[64] );
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
/**
|
||||
* \brief Output = SHA-256( input buffer )
|
||||
*
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/sha4.h polarssl.new/include/polarssl/sha4.h
|
||||
--- polarssl-1.1.6/include/polarssl/sha4.h 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha4.h 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -39,6 +39,40 @@
|
||||
#define long64 long long
|
||||
@@ -160,9 +233,6 @@
|
||||
*/
|
||||
int sha2_self_test( int verbose );
|
||||
|
||||
-/* Internal use */
|
||||
-void sha2_process( sha2_context *ctx, const unsigned char data[64] );
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha4.h polarssl.new/include/polarssl/sha4.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha4.h 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/include/polarssl/sha4.h 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -39,6 +39,40 @@
|
||||
|
||||
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
|
||||
|
||||
+#ifdef POLARSSL_USE_OPENSSL_SHA4
|
||||
+
|
||||
@ -594,9 +480,9 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha4.h polarssl.new/include/polarssl/s
|
||||
/**
|
||||
* \brief Output = SHA-512( input buffer )
|
||||
*
|
||||
diff -uNr polarssl-1.1.6/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
|
||||
--- polarssl-1.1.6/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -0,0 +1,38 @@
|
||||
+#ifndef POLARSSL_SHA_OPENSSL_H
|
||||
+#define POLARSSL_SHA_OPENSSL_H
|
||||
@ -636,35 +522,19 @@ diff -uNr polarssl-1.1.6/include/polarssl/sha_openssl.h polarssl.new/include/pol
|
||||
+#endif
|
||||
+
|
||||
+#endif
|
||||
diff -uNr polarssl-1.1.6/library/CMakeLists.txt polarssl.new/library/CMakeLists.txt
|
||||
--- polarssl-1.1.6/library/CMakeLists.txt 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/CMakeLists.txt 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -51,6 +51,12 @@
|
||||
|
||||
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
||||
+if(OPENSSL_DIR)
|
||||
+target_link_libraries(polarssl minicrypto)
|
||||
+else()
|
||||
+target_link_libraries(polarssl)
|
||||
+endif()
|
||||
+
|
||||
install(TARGETS polarssl
|
||||
DESTINATION ${LIB_INSTALL_DIR}
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
diff -uNr polarssl-1.1.6/library/aes.c polarssl.new/library/aes.c
|
||||
--- polarssl-1.1.6/library/aes.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/aes.c 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -36,6 +36,8 @@
|
||||
#include "polarssl/aes.h"
|
||||
diff -uNr polarssl-1.2.7/library/aes.c polarssl.new/library/aes.c
|
||||
--- polarssl-1.2.7/library/aes.c 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/library/aes.c 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -38,6 +38,8 @@
|
||||
#include "polarssl/padlock.h"
|
||||
#endif
|
||||
|
||||
+#if !defined(POLARSSL_USE_OPENSSL_AES)
|
||||
+
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
*/
|
||||
@@ -901,6 +903,7 @@
|
||||
@@ -914,6 +916,7 @@
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_CIPHER_MODE_CTR */
|
||||
@ -672,138 +542,9 @@ diff -uNr polarssl-1.1.6/library/aes.c polarssl.new/library/aes.c
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
diff -uNr polarssl-1.1.6/library/cipher.c polarssl.new/library/cipher.c
|
||||
--- polarssl-1.1.6/library/cipher.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/cipher.c 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -86,6 +86,10 @@
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC,
|
||||
#endif /* defined(POLARSSL_DES_C) */
|
||||
|
||||
+#if defined(POLARSSL_USE_OPENSSL_BF)
|
||||
+ POLARSSL_CIPHER_BF_128_CBC,
|
||||
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
|
||||
+
|
||||
0
|
||||
};
|
||||
|
||||
@@ -164,6 +168,11 @@
|
||||
return &des_ede3_cbc_info;
|
||||
#endif
|
||||
|
||||
+#if defined(POLARSSL_USE_OPENSSL_BF)
|
||||
+ case POLARSSL_CIPHER_BF_128_CBC:
|
||||
+ return &bf_128_cbc_info;
|
||||
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
|
||||
+
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
@@ -237,6 +246,11 @@
|
||||
if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
|
||||
return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
|
||||
#endif
|
||||
+
|
||||
+#if defined(POLARSSL_USE_OPENSSL_BF)
|
||||
+ if( !strcasecmp( "BF-CBC", cipher_name ) )
|
||||
+ return cipher_info_from_type( POLARSSL_CIPHER_BF_128_CBC );
|
||||
+#endif /* defined(POLARSSL_USE_OPENSSL_BF) */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -uNr polarssl-1.1.6/library/cipher_wrap.c polarssl.new/library/cipher_wrap.c
|
||||
--- polarssl-1.1.6/library/cipher_wrap.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/cipher_wrap.c 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -549,4 +549,87 @@
|
||||
};
|
||||
#endif
|
||||
|
||||
+#ifdef POLARSSL_USE_OPENSSL_BF
|
||||
+
|
||||
+#include "polarssl/bf.h"
|
||||
+
|
||||
+int bf_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
|
||||
+ unsigned char *iv, const unsigned char *input, unsigned char *output )
|
||||
+{
|
||||
+ return bf_crypt_cbc( (bf_context *) ctx, operation, length, iv, input, output );
|
||||
+}
|
||||
+
|
||||
+int bf_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
|
||||
+ size_t *iv_off, unsigned char *iv, const unsigned char *input,
|
||||
+ unsigned char *output )
|
||||
+{
|
||||
+ ((void) ctx);
|
||||
+ ((void) operation);
|
||||
+ ((void) length);
|
||||
+ ((void) iv_off);
|
||||
+ ((void) iv);
|
||||
+ ((void) input);
|
||||
+ ((void) output);
|
||||
+
|
||||
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
+}
|
||||
+
|
||||
+int bf_crypt_ctr_wrap( void *ctx, size_t length,
|
||||
+ size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
|
||||
+ const unsigned char *input, unsigned char *output )
|
||||
+{
|
||||
+ ((void) ctx);
|
||||
+ ((void) length);
|
||||
+ ((void) nc_off);
|
||||
+ ((void) nonce_counter);
|
||||
+ ((void) stream_block);
|
||||
+ ((void) input);
|
||||
+ ((void) output);
|
||||
+
|
||||
+ return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
+}
|
||||
+
|
||||
+int bf_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
|
||||
+{
|
||||
+ return bf_setkey_dec( (bf_context *) ctx, key, key_length );
|
||||
+}
|
||||
+
|
||||
+int bf_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
|
||||
+{
|
||||
+ return bf_setkey_enc( (bf_context *) ctx, key, key_length );
|
||||
+}
|
||||
+
|
||||
+static void * bf_ctx_alloc( void )
|
||||
+{
|
||||
+ return malloc( sizeof( bf_context ) );
|
||||
+}
|
||||
+
|
||||
+static void bf_ctx_free( void *ctx )
|
||||
+{
|
||||
+ free( ctx );
|
||||
+}
|
||||
+
|
||||
+const cipher_base_t bf_info = {
|
||||
+ POLARSSL_CIPHER_ID_BF,
|
||||
+ bf_crypt_cbc_wrap,
|
||||
+ bf_crypt_cfb128_wrap,
|
||||
+ bf_crypt_ctr_wrap,
|
||||
+ bf_setkey_enc_wrap,
|
||||
+ bf_setkey_dec_wrap,
|
||||
+ bf_ctx_alloc,
|
||||
+ bf_ctx_free
|
||||
+};
|
||||
+
|
||||
+const cipher_info_t bf_128_cbc_info = {
|
||||
+ POLARSSL_CIPHER_BF_128_CBC,
|
||||
+ POLARSSL_MODE_CBC,
|
||||
+ 128,
|
||||
+ "BF-CBC",
|
||||
+ 8,
|
||||
+ 8,
|
||||
+ &bf_info
|
||||
+};
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
#endif
|
||||
diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
|
||||
--- polarssl-1.1.6/library/sha1.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/sha1.c 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/library/sha1.c polarssl.new/library/sha1.c
|
||||
--- polarssl-1.2.7/library/sha1.c 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/library/sha1.c 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -38,6 +38,8 @@
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
@ -814,7 +555,7 @@ diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
@@ -313,6 +315,8 @@
|
||||
PUT_ULONG_BE( ctx->state[4], output, 16 );
|
||||
PUT_UINT32_BE( ctx->state[4], output, 16 );
|
||||
}
|
||||
|
||||
+#endif /* !POLARSSL_USE_OPENSSL_SHA1 */
|
||||
@ -822,9 +563,9 @@ diff -uNr polarssl-1.1.6/library/sha1.c polarssl.new/library/sha1.c
|
||||
/*
|
||||
* output = SHA-1( input buffer )
|
||||
*/
|
||||
diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
|
||||
--- polarssl-1.1.6/library/sha2.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/sha2.c 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/library/sha2.c polarssl.new/library/sha2.c
|
||||
--- polarssl-1.2.7/library/sha2.c 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/library/sha2.c 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -38,6 +38,8 @@
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
@ -835,7 +576,7 @@ diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
@@ -314,6 +316,8 @@
|
||||
PUT_ULONG_BE( ctx->state[7], output, 28 );
|
||||
PUT_UINT32_BE( ctx->state[7], output, 28 );
|
||||
}
|
||||
|
||||
+#endif /* !POLARSSL_USE_OPENSSL_SHA2 */
|
||||
@ -843,9 +584,9 @@ diff -uNr polarssl-1.1.6/library/sha2.c polarssl.new/library/sha2.c
|
||||
/*
|
||||
* output = SHA-256( input buffer )
|
||||
*/
|
||||
diff -uNr polarssl-1.1.6/library/sha4.c polarssl.new/library/sha4.c
|
||||
--- polarssl-1.1.6/library/sha4.c 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/sha4.c 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/library/sha4.c polarssl.new/library/sha4.c
|
||||
--- polarssl-1.2.7/library/sha4.c 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/library/sha4.c 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -38,6 +38,8 @@
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
@ -864,44 +605,65 @@ diff -uNr polarssl-1.1.6/library/sha4.c polarssl.new/library/sha4.c
|
||||
/*
|
||||
* output = SHA-512( input buffer )
|
||||
*/
|
||||
diff -uNr polarssl-1.1.6/library/ssl_tls.c polarssl.new/library/ssl_tls.c
|
||||
--- polarssl-1.1.6/library/ssl_tls.c 2013-03-13 23:33:17.000000000 -0600
|
||||
+++ polarssl.new/library/ssl_tls.c 2013-03-13 22:43:06.000000000 -0600
|
||||
@@ -1595,8 +1595,10 @@
|
||||
diff -uNr polarssl-1.2.7/library/ssl_tls.c polarssl.new/library/ssl_tls.c
|
||||
--- polarssl-1.2.7/library/ssl_tls.c 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/library/ssl_tls.c 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -2550,8 +2550,10 @@
|
||||
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
|
||||
md5->state, sizeof( md5->state ) );
|
||||
md5.state, sizeof( md5.state ) );
|
||||
|
||||
+#ifndef POLARSSL_USE_OPENSSL_SHA1
|
||||
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
|
||||
sha1->state, sizeof( sha1->state ) );
|
||||
sha1.state, sizeof( sha1.state ) );
|
||||
+#endif
|
||||
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
diff -uNr polarssl-1.1.6/library/ssl_tls.c.orig polarssl.new/library/ssl_tls.c.orig
|
||||
--- polarssl-1.1.6/library/ssl_tls.c.orig 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/library/ssl_tls.c.orig 2013-03-13 22:21:58.000000000 -0600
|
||||
@@ -1911,7 +1911,7 @@
|
||||
ssl->session = session;
|
||||
}
|
||||
sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT"
|
||||
: (char *) "SRVR";
|
||||
@@ -2621,8 +2623,10 @@
|
||||
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
|
||||
md5.state, sizeof( md5.state ) );
|
||||
|
||||
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
|
||||
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
|
||||
{
|
||||
ssl->ciphersuites = ciphersuites;
|
||||
}
|
||||
diff -uNr polarssl-1.1.6/tests/suites/test_suite_aes.function polarssl.new/tests/suites/test_suite_aes.function
|
||||
--- polarssl-1.1.6/tests/suites/test_suite_aes.function 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/tests/suites/test_suite_aes.function 2013-03-13 22:21:58.000000000 -0600
|
||||
+#ifndef POLARSSL_USE_OPENSSL_SHA1
|
||||
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
|
||||
sha1.state, sizeof( sha1.state ) );
|
||||
+#endif
|
||||
|
||||
sender = ( from == SSL_IS_CLIENT )
|
||||
? (char *) "client finished"
|
||||
@@ -2666,8 +2670,10 @@
|
||||
* Hash( handshake ) )[0.11]
|
||||
*/
|
||||
|
||||
+#ifndef POLARSSL_USE_OPENSSL_SHA2
|
||||
SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
|
||||
sha2.state, sizeof( sha2.state ) );
|
||||
+#endif
|
||||
|
||||
sender = ( from == SSL_IS_CLIENT )
|
||||
? (char *) "client finished"
|
||||
@@ -2710,8 +2716,10 @@
|
||||
* Hash( handshake ) )[0.11]
|
||||
*/
|
||||
|
||||
+#ifndef POLARSSL_USE_OPENSSL_SHA4
|
||||
SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
|
||||
sha4.state, sizeof( sha4.state ) );
|
||||
+#endif
|
||||
|
||||
sender = ( from == SSL_IS_CLIENT )
|
||||
? (char *) "client finished"
|
||||
diff -uNr polarssl-1.2.7/tests/suites/test_suite_aes.function polarssl.new/tests/suites/test_suite_aes.function
|
||||
--- polarssl-1.2.7/tests/suites/test_suite_aes.function 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/tests/suites/test_suite_aes.function 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -1,4 +1,5 @@
|
||||
BEGIN_HEADER
|
||||
+#include <polarssl/config.h>
|
||||
#include <polarssl/aes.h>
|
||||
END_HEADER
|
||||
|
||||
diff -uNr polarssl-1.1.6/tests/suites/test_suite_ctr_drbg.function polarssl.new/tests/suites/test_suite_ctr_drbg.function
|
||||
--- polarssl-1.1.6/tests/suites/test_suite_ctr_drbg.function 2013-03-11 10:02:58.000000000 -0600
|
||||
+++ polarssl.new/tests/suites/test_suite_ctr_drbg.function 2013-03-13 22:21:58.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function polarssl.new/tests/suites/test_suite_ctr_drbg.function
|
||||
--- polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function 2013-04-13 03:56:17.000000000 -0600
|
||||
+++ polarssl.new/tests/suites/test_suite_ctr_drbg.function 2013-05-30 23:42:06.000000000 -0600
|
||||
@@ -1,4 +1,5 @@
|
||||
BEGIN_HEADER
|
||||
+#include <polarssl/config.h>
|
||||
|
Loading…
Reference in New Issue
Block a user