projects / openwrt / svn-archive / archive.git / blob
? search:


6f7de253973ec817b467602a17d9e5ea539010a8
[openwrt/svn-archive/archive.git] / net / umurmur / patches / 110-reduced_polarssl_support.patch
1 --- a/src/ssl.c
2 +++ b/src/ssl.c
3 @@ -30,6 +30,7 @@
4 */
5 #include <string.h>
6 #include <stdlib.h>
7 +#include <fcntl.h>
8
9 #include "conf.h"
10 #include "log.h"
11 @@ -66,8 +67,7 @@ int ciphers[] =
12 static x509_cert certificate;
13 static rsa_context key;
14 bool_t builtInTestCertificate;
15 -
16 -havege_state hs; /* exported to crypt.c */
17 +static int urandom_fd;
18
19 /* DH prime */
20 char *my_dhm_P =
21 @@ -83,9 +83,13 @@ char *my_dhm_G = "4";
22 static void initTestCert()
23 {
24 int rc;
25 +#ifdef POLARSSL_CERTS_C
26 builtInTestCertificate = true;
27 rc = x509parse_crt(&certificate, (unsigned char *)test_srv_crt,
28 strlen(test_srv_crt));
29 +#else
30 + rc = -1;
31 +#endif
32 if (rc != 0)
33 Log_fatal("Could not parse built-in test certificate");
34 }
35 @@ -93,9 +97,12 @@ static void initTestCert()
36 static void initTestKey()
37 {
38 int rc;
39 -
40 +#ifdef POLARSSL_CERTS_C
41 rc = x509parse_key(&key, (unsigned char *)test_srv_key,
42 strlen(test_srv_key), NULL, 0);
43 +#else
44 + rc = -1;
45 +#endif
46 if (rc != 0)
47 Log_fatal("Could not parse built-in test RSA key");
48 }
49 @@ -135,6 +142,19 @@ static void initKey()
50 Log_fatal("Could not read RSA key file %s", keyfile);
51 }
52
53 +int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
54 +{
55 + int cur;
56 +
57 + while (len) {
58 + cur = read(urandom_fd, dest, len);
59 + if (cur < 0)
60 + continue;
61 +
62 + len -= cur;
63 + }
64 +}
65 +
66 #define DEBUG_LEVEL 0
67 static void pssl_debug(void *ctx, int level, const char *str)
68 {
69 @@ -154,8 +174,11 @@ void SSLi_init(void)
70 }
71 else
72 initKey();
73 - havege_init(&hs);
74 -
75 +
76 + urandom_fd = open("/dev/urandom", O_RDONLY);
77 + if (urandom_fd < 0)
78 + Log_fatal("Cannot open /dev/urandom");
79 +
80 #ifdef POLARSSL_VERSION_MAJOR
81 version_get_string(verstring);
82 Log_info("PolarSSL library version %s initialized", verstring);
83 @@ -173,7 +196,7 @@ void SSLi_deinit(void)
84 /* Create SHA1 of last certificate in the peer's chain. */
85 bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
86 {
87 - x509_cert *cert;
88 + const x509_cert *cert;
89 #ifdef POLARSSL_API_V1_2
90 cert = ssl_get_peer_cert(ssl);
91 #else
92 @@ -206,7 +229,7 @@ SSL_handle_t *SSLi_newconnection(int *fd
93 ssl_set_endpoint(ssl, SSL_IS_SERVER);
94 ssl_set_authmode(ssl, SSL_VERIFY_OPTIONAL);
95
96 - ssl_set_rng(ssl, HAVEGE_RAND, &hs);
97 + ssl_set_rng(ssl, urandom_bytes, NULL);
98 ssl_set_dbg(ssl, pssl_debug, NULL);
99 ssl_set_bio(ssl, net_recv, fd, net_send, fd);
100
101 --- a/src/ssl.h
102 +++ b/src/ssl.h
103 @@ -45,35 +45,17 @@
104 #else
105 #if (POLARSSL_VERSION_MAJOR == 0)
106 #define POLARSSL_API_V0
107 - #define HAVEGE_RAND (havege_rand)
108 - #define RAND_bytes(_dst_, _size_) do { \
109 - int i; \
110 - for (i = 0; i < _size_; i++) { \
111 - _dst_[i] = havege_rand(&hs); \
112 - } \
113 - } while (0)
114 #else
115 #define POLARSSL_API_V1
116 - #if (POLARSSL_VERSION_MINOR >= 1)
117 - #define HAVEGE_RAND (havege_random)
118 - #define RAND_bytes(_dst_, _size_) do { \
119 - havege_random(&hs, _dst_, _size_); \
120 - } while (0)
121 - #else
122 - #define HAVEGE_RAND (havege_rand)
123 - #define RAND_bytes(_dst_, _size_) do { \
124 - int i; \
125 - for (i = 0; i < _size_; i++) { \
126 - _dst_[i] = havege_rand(&hs); \
127 - } \
128 - } while (0)
129 - #endif
130 #if (POLARSSL_VERSION_MINOR >= 2)
131 #define POLARSSL_API_V1_2
132 #endif
133 #endif
134 #endif
135
136 +#define RAND_bytes(_dst_, _size_) urandom_bytes(NULL, _dst_, _size_)
137 +int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
138 +
139 #else /* OpenSSL */
140 #include <openssl/x509v3.h>
141 #include <openssl/ssl.h>
OpenWrt SVN history