From 2e00df0f1e1d63f23f7c9b75a8a6b12e54d972c1 Mon Sep 17 00:00:00 2001 From: nbd Date: Wed, 30 Jan 2013 20:07:35 +0000 Subject: [PATCH] umurmur: add support for the new polarssl library git-svn-id: svn://svn.openwrt.org/openwrt/packages@35413 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- net/umurmur/patches/100-polarssl_backport.patch | 74 +++++++++++ .../patches/110-reduced_polarssl_support.patch | 141 +++++++++++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 net/umurmur/patches/100-polarssl_backport.patch create mode 100644 net/umurmur/patches/110-reduced_polarssl_support.patch diff --git a/net/umurmur/patches/100-polarssl_backport.patch b/net/umurmur/patches/100-polarssl_backport.patch new file mode 100644 index 000000000..1c28ab3b0 --- /dev/null +++ b/net/umurmur/patches/100-polarssl_backport.patch @@ -0,0 +1,74 @@ +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -46,20 +46,23 @@ + #include + #include + ++#ifdef POLARSSL_API_V1_2 ++int ciphers[] = ++{ ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_AES_128_CBC_SHA, ++ 0 ++}; ++#else + int ciphers[] = + { + SSL_EDH_RSA_AES_256_SHA, +- SSL_EDH_RSA_CAMELLIA_256_SHA, +- SSL_EDH_RSA_DES_168_SHA, + SSL_RSA_AES_256_SHA, +- SSL_RSA_CAMELLIA_256_SHA, + SSL_RSA_AES_128_SHA, +- SSL_RSA_CAMELLIA_128_SHA, +- SSL_RSA_DES_168_SHA, +- SSL_RSA_RC4_128_SHA, +- SSL_RSA_RC4_128_MD5, + 0 + }; ++#endif + static x509_cert certificate; + static rsa_context key; + bool_t builtInTestCertificate; +@@ -170,8 +173,13 @@ void SSLi_deinit(void) + /* Create SHA1 of last certificate in the peer's chain. */ + bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) + { +- x509_cert *cert = ssl->peer_cert; +- if (!ssl->peer_cert) { ++ x509_cert *cert; ++#ifdef POLARSSL_API_V1_2 ++ cert = ssl_get_peer_cert(ssl); ++#else ++ cert = ssl->peer_cert; ++#endif ++ if (!cert) { + return false; + } + sha1(cert->raw.p, cert->raw.len, hash); +@@ -207,7 +215,12 @@ SSL_handle_t *SSLi_newconnection(int *fd + #else + ssl_set_ciphers(ssl, ciphers); + #endif ++ ++#ifdef POLARSSL_API_V1_2 ++ ssl_set_session(ssl, ssn); ++#else + ssl_set_session(ssl, 0, 0, ssn); ++#endif + + ssl_set_ca_chain(ssl, &certificate, NULL, NULL); + ssl_set_own_cert(ssl, &certificate, &key); +--- a/src/ssl.h ++++ b/src/ssl.h +@@ -68,6 +68,9 @@ + } \ + } while (0) + #endif ++ #if (POLARSSL_VERSION_MINOR >= 2) ++ #define POLARSSL_API_V1_2 ++ #endif + #endif + #endif + diff --git a/net/umurmur/patches/110-reduced_polarssl_support.patch b/net/umurmur/patches/110-reduced_polarssl_support.patch new file mode 100644 index 000000000..6f7de2539 --- /dev/null +++ b/net/umurmur/patches/110-reduced_polarssl_support.patch @@ -0,0 +1,141 @@ +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -30,6 +30,7 @@ + */ + #include + #include ++#include + + #include "conf.h" + #include "log.h" +@@ -66,8 +67,7 @@ int ciphers[] = + static x509_cert certificate; + static rsa_context key; + bool_t builtInTestCertificate; +- +-havege_state hs; /* exported to crypt.c */ ++static int urandom_fd; + + /* DH prime */ + char *my_dhm_P = +@@ -83,9 +83,13 @@ char *my_dhm_G = "4"; + static void initTestCert() + { + int rc; ++#ifdef POLARSSL_CERTS_C + builtInTestCertificate = true; + rc = x509parse_crt(&certificate, (unsigned char *)test_srv_crt, + strlen(test_srv_crt)); ++#else ++ rc = -1; ++#endif + if (rc != 0) + Log_fatal("Could not parse built-in test certificate"); + } +@@ -93,9 +97,12 @@ static void initTestCert() + static void initTestKey() + { + int rc; +- ++#ifdef POLARSSL_CERTS_C + rc = x509parse_key(&key, (unsigned char *)test_srv_key, + strlen(test_srv_key), NULL, 0); ++#else ++ rc = -1; ++#endif + if (rc != 0) + Log_fatal("Could not parse built-in test RSA key"); + } +@@ -135,6 +142,19 @@ static void initKey() + Log_fatal("Could not read RSA key file %s", keyfile); + } + ++int urandom_bytes(void *ctx, unsigned char *dest, size_t len) ++{ ++ int cur; ++ ++ while (len) { ++ cur = read(urandom_fd, dest, len); ++ if (cur < 0) ++ continue; ++ ++ len -= cur; ++ } ++} ++ + #define DEBUG_LEVEL 0 + static void pssl_debug(void *ctx, int level, const char *str) + { +@@ -154,8 +174,11 @@ void SSLi_init(void) + } + else + initKey(); +- havege_init(&hs); +- ++ ++ urandom_fd = open("/dev/urandom", O_RDONLY); ++ if (urandom_fd < 0) ++ Log_fatal("Cannot open /dev/urandom"); ++ + #ifdef POLARSSL_VERSION_MAJOR + version_get_string(verstring); + Log_info("PolarSSL library version %s initialized", verstring); +@@ -173,7 +196,7 @@ void SSLi_deinit(void) + /* Create SHA1 of last certificate in the peer's chain. */ + bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) + { +- x509_cert *cert; ++ const x509_cert *cert; + #ifdef POLARSSL_API_V1_2 + cert = ssl_get_peer_cert(ssl); + #else +@@ -206,7 +229,7 @@ SSL_handle_t *SSLi_newconnection(int *fd + ssl_set_endpoint(ssl, SSL_IS_SERVER); + ssl_set_authmode(ssl, SSL_VERIFY_OPTIONAL); + +- ssl_set_rng(ssl, HAVEGE_RAND, &hs); ++ ssl_set_rng(ssl, urandom_bytes, NULL); + ssl_set_dbg(ssl, pssl_debug, NULL); + ssl_set_bio(ssl, net_recv, fd, net_send, fd); + +--- a/src/ssl.h ++++ b/src/ssl.h +@@ -45,35 +45,17 @@ + #else + #if (POLARSSL_VERSION_MAJOR == 0) + #define POLARSSL_API_V0 +- #define HAVEGE_RAND (havege_rand) +- #define RAND_bytes(_dst_, _size_) do { \ +- int i; \ +- for (i = 0; i < _size_; i++) { \ +- _dst_[i] = havege_rand(&hs); \ +- } \ +- } while (0) + #else + #define POLARSSL_API_V1 +- #if (POLARSSL_VERSION_MINOR >= 1) +- #define HAVEGE_RAND (havege_random) +- #define RAND_bytes(_dst_, _size_) do { \ +- havege_random(&hs, _dst_, _size_); \ +- } while (0) +- #else +- #define HAVEGE_RAND (havege_rand) +- #define RAND_bytes(_dst_, _size_) do { \ +- int i; \ +- for (i = 0; i < _size_; i++) { \ +- _dst_[i] = havege_rand(&hs); \ +- } \ +- } while (0) +- #endif + #if (POLARSSL_VERSION_MINOR >= 2) + #define POLARSSL_API_V1_2 + #endif + #endif + #endif + ++#define RAND_bytes(_dst_, _size_) urandom_bytes(NULL, _dst_, _size_) ++int urandom_bytes(void *ctx, unsigned char *dest, size_t len); ++ + #else /* OpenSSL */ + #include + #include -- 2.11.0