From 36183f83dc4dd26ddb8c060e2f2c5bef13039632 Mon Sep 17 00:00:00 2001 From: nbd Date: Wed, 30 Jan 2013 20:07:04 +0000 Subject: polarssl: add from /packages, update to 1.2.4, fix openssl compatibility git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35411 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../polarssl/patches/100-disable-testsuites.patch | 21 ++++ .../libs/polarssl/patches/200-reduce_config.patch | 112 +++++++++++++++++++++ .../patches/300-openssl_cipher_name_compat.patch | 53 ++++++++++ .../patches/310-fix_blowfish_key_len.patch | 29 ++++++ 4 files changed, 215 insertions(+) create mode 100644 package/libs/polarssl/patches/100-disable-testsuites.patch create mode 100644 package/libs/polarssl/patches/200-reduce_config.patch create mode 100644 package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch create mode 100644 package/libs/polarssl/patches/310-fix_blowfish_key_len.patch (limited to 'package/libs/polarssl/patches') diff --git a/package/libs/polarssl/patches/100-disable-testsuites.patch b/package/libs/polarssl/patches/100-disable-testsuites.patch new file mode 100644 index 000000000..cf9485e6c --- /dev/null +++ b/package/libs/polarssl/patches/100-disable-testsuites.patch @@ -0,0 +1,21 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -38,7 +38,7 @@ add_subdirectory(library) + add_subdirectory(include) + + if(CMAKE_COMPILER_IS_GNUCC) +- add_subdirectory(tests) ++# add_subdirectory(tests) + endif(CMAKE_COMPILER_IS_GNUCC) + + add_subdirectory(programs) +--- a/programs/CMakeLists.txt ++++ b/programs/CMakeLists.txt +@@ -3,6 +3,6 @@ add_subdirectory(hash) + add_subdirectory(pkey) + add_subdirectory(random) + add_subdirectory(ssl) +-add_subdirectory(test) ++#add_subdirectory(test) + add_subdirectory(x509) + add_subdirectory(util) diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch new file mode 100644 index 000000000..080fa944f --- /dev/null +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -0,0 +1,112 @@ +--- a/include/polarssl/config.h ++++ b/include/polarssl/config.h +@@ -166,8 +166,8 @@ + * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C + * + * Enable the RSA prime-number generation code. +- */ + #define POLARSSL_GENPRIME ++ */ + + /** + * \def POLARSSL_FS_IO +@@ -224,8 +224,8 @@ + * \def POLARSSL_SELF_TEST + * + * Enable the checkup functions (*_self_test). +- */ + #define POLARSSL_SELF_TEST ++ */ + + /** + * \def POLARSSL_SSL_HW_RECORD_ACCEL +@@ -384,8 +384,8 @@ + * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 +- */ + #define POLARSSL_CAMELLIA_C ++ */ + + /** + * \def POLARSSL_CERTS_C +@@ -396,8 +396,8 @@ + * Caller: + * + * This module is used for testing (ssl_client/server). +- */ + #define POLARSSL_CERTS_C ++ */ + + /** + * \def POLARSSL_CIPHER_C +@@ -436,8 +436,8 @@ + * library/ssl_tls.c + * + * This module provides debugging functions. +- */ + #define POLARSSL_DEBUG_C ++ */ + + /** + * \def POLARSSL_DES_C +@@ -519,8 +519,8 @@ + * enabled as well): + * TLS_RSA_WITH_AES_128_GCM_SHA256 + * TLS_RSA_WITH_AES_256_GCM_SHA384 +- */ + #define POLARSSL_GCM_C ++ */ + + /** + * \def POLARSSL_HAVEGE_C +@@ -533,8 +533,8 @@ + * Requires: POLARSSL_TIMING_C + * + * This module enables the HAVEGE random number generator. +- */ + #define POLARSSL_HAVEGE_C ++ */ + + /** + * \def POLARSSL_MD_C +@@ -608,8 +608,8 @@ + * Caller: library/aes.c + * + * This modules adds support for the VIA PadLock on x86. +- */ + #define POLARSSL_PADLOCK_C ++ */ + + /** + * \def POLARSSL_PBKDF2_C +@@ -722,8 +722,8 @@ + * Caller: + * + * Requires: POLARSSL_SSL_CACHE_C +- */ + #define POLARSSL_SSL_CACHE_C ++ */ + + /** + * \def POLARSSL_SSL_CLI_C +@@ -777,8 +777,8 @@ + * Caller: library/havege.c + * + * This module is used by the HAVEGE random number generator. +- */ + #define POLARSSL_TIMING_C ++ */ + + /** + * \def POLARSSL_VERSION_C +@@ -827,8 +827,8 @@ + * + * Module: library/xtea.c + * Caller: +- */ + #define POLARSSL_XTEA_C ++ */ + /* \} name */ + + #endif /* config.h */ diff --git a/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch b/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch new file mode 100644 index 000000000..6ca43c312 --- /dev/null +++ b/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch @@ -0,0 +1,53 @@ +--- a/library/cipher.c ++++ b/library/cipher.c +@@ -279,15 +279,21 @@ const cipher_info_t *cipher_info_from_st + #if defined(POLARSSL_BLOWFISH_C) + if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) ) + return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC ); ++ if( !strcasecmp( "BF-CBC", cipher_name ) ) ++ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC ); + + #if defined(POLARSSL_CIPHER_MODE_CFB) + if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) ) + return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 ); ++ if( !strcasecmp( "BF-CFB64", cipher_name ) ) ++ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 ); + #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ + + #if defined(POLARSSL_CIPHER_MODE_CTR) + if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) ) + return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR ); ++ if( !strcasecmp( "BF-CTR", cipher_name ) ) ++ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR ); + #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ + #endif + +--- a/library/cipher_wrap.c ++++ b/library/cipher_wrap.c +@@ -643,7 +643,7 @@ const cipher_info_t blowfish_cbc_info = + POLARSSL_CIPHER_BLOWFISH_CBC, + POLARSSL_MODE_CBC, + 32, +- "BLOWFISH-CBC", ++ "BF-CBC", + 8, + 8, + &blowfish_info +@@ -654,7 +654,7 @@ const cipher_info_t blowfish_cfb64_info + POLARSSL_CIPHER_BLOWFISH_CFB64, + POLARSSL_MODE_CFB, + 32, +- "BLOWFISH-CFB64", ++ "BF-CFB64", + 8, + 8, + &blowfish_info +@@ -666,7 +666,7 @@ const cipher_info_t blowfish_ctr_info = + POLARSSL_CIPHER_BLOWFISH_CTR, + POLARSSL_MODE_CTR, + 32, +- "BLOWFISH-CTR", ++ "BF-CTR", + 8, + 8, + &blowfish_info diff --git a/package/libs/polarssl/patches/310-fix_blowfish_key_len.patch b/package/libs/polarssl/patches/310-fix_blowfish_key_len.patch new file mode 100644 index 000000000..0b4878e19 --- /dev/null +++ b/package/libs/polarssl/patches/310-fix_blowfish_key_len.patch @@ -0,0 +1,29 @@ +--- a/library/cipher_wrap.c ++++ b/library/cipher_wrap.c +@@ -642,7 +642,7 @@ const cipher_base_t blowfish_info = { + const cipher_info_t blowfish_cbc_info = { + POLARSSL_CIPHER_BLOWFISH_CBC, + POLARSSL_MODE_CBC, +- 32, ++ 128, + "BF-CBC", + 8, + 8, +@@ -653,7 +653,7 @@ const cipher_info_t blowfish_cbc_info = + const cipher_info_t blowfish_cfb64_info = { + POLARSSL_CIPHER_BLOWFISH_CFB64, + POLARSSL_MODE_CFB, +- 32, ++ 128, + "BF-CFB64", + 8, + 8, +@@ -665,7 +665,7 @@ const cipher_info_t blowfish_cfb64_info + const cipher_info_t blowfish_ctr_info = { + POLARSSL_CIPHER_BLOWFISH_CTR, + POLARSSL_MODE_CTR, +- 32, ++ 128, + "BF-CTR", + 8, + 8, -- cgit v1.2.3 From 56ec2cc7e249bc3bb9b80d78e3068ac5f35d7e3b Mon Sep 17 00:00:00 2001 From: yardley Date: Fri, 8 Feb 2013 19:47:48 +0000 Subject: polarssl: security update (1.2.5) addressing CBC TLS issue Signed-off-by: Tim Yardley git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35525 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../libs/polarssl/patches/200-reduce_config.patch | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'package/libs/polarssl/patches') diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch index 080fa944f..c66bb3fb8 100644 --- a/package/libs/polarssl/patches/200-reduce_config.patch +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -1,6 +1,6 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -166,8 +166,8 @@ +@@ -177,8 +177,8 @@ * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C * * Enable the RSA prime-number generation code. @@ -10,7 +10,7 @@ /** * \def POLARSSL_FS_IO -@@ -224,8 +224,8 @@ +@@ -235,8 +235,8 @@ * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). @@ -19,8 +19,8 @@ + */ /** - * \def POLARSSL_SSL_HW_RECORD_ACCEL -@@ -384,8 +384,8 @@ + * \def POLARSSL_SSL_ALL_ALERT_MESSAGES +@@ -425,8 +425,8 @@ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 @@ -30,7 +30,7 @@ /** * \def POLARSSL_CERTS_C -@@ -396,8 +396,8 @@ +@@ -437,8 +437,8 @@ * Caller: * * This module is used for testing (ssl_client/server). @@ -40,7 +40,7 @@ /** * \def POLARSSL_CIPHER_C -@@ -436,8 +436,8 @@ +@@ -477,8 +477,8 @@ * library/ssl_tls.c * * This module provides debugging functions. @@ -50,7 +50,7 @@ /** * \def POLARSSL_DES_C -@@ -519,8 +519,8 @@ +@@ -560,8 +560,8 @@ * enabled as well): * TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_256_GCM_SHA384 @@ -60,7 +60,7 @@ /** * \def POLARSSL_HAVEGE_C -@@ -533,8 +533,8 @@ +@@ -574,8 +574,8 @@ * Requires: POLARSSL_TIMING_C * * This module enables the HAVEGE random number generator. @@ -70,7 +70,7 @@ /** * \def POLARSSL_MD_C -@@ -608,8 +608,8 @@ +@@ -649,8 +649,8 @@ * Caller: library/aes.c * * This modules adds support for the VIA PadLock on x86. @@ -80,7 +80,7 @@ /** * \def POLARSSL_PBKDF2_C -@@ -722,8 +722,8 @@ +@@ -763,8 +763,8 @@ * Caller: * * Requires: POLARSSL_SSL_CACHE_C @@ -90,7 +90,7 @@ /** * \def POLARSSL_SSL_CLI_C -@@ -777,8 +777,8 @@ +@@ -818,8 +818,8 @@ * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. @@ -100,7 +100,7 @@ /** * \def POLARSSL_VERSION_C -@@ -827,8 +827,8 @@ +@@ -868,8 +868,8 @@ * * Module: library/xtea.c * Caller: -- cgit v1.2.3