From c8457cf43a0e80d0e7d3af633418da5cce1444d5 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 14 Mar 2014 15:05:46 +0000 Subject: polarssl: update to version 1.3.4 and add openssl compat patch Signed-off-by: Felix Fietkau git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39930 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/libs/polarssl/Makefile | 5 +- .../libs/polarssl/patches/200-reduce_config.patch | 164 ++++++++++++++++++--- .../polarssl/patches/210-gen_key_config_fix.patch | 38 +++++ .../patches/300-openssl_cipher_name_compat.patch | 53 ------- 4 files changed, 183 insertions(+), 77 deletions(-) create mode 100644 package/libs/polarssl/patches/210-gen_key_config_fix.patch delete mode 100644 package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch (limited to 'package/libs/polarssl') diff --git a/package/libs/polarssl/Makefile b/package/libs/polarssl/Makefile index 209281e406..b59605d793 100644 --- a/package/libs/polarssl/Makefile +++ b/package/libs/polarssl/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=polarssl -PKG_VERSION:=1.2.9 +PKG_VERSION:=1.3.4 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE_URL:=https://polarssl.org/code/releases -PKG_MD5SUM:=3d8e01537e747d7997993c70f2e108db +PKG_MD5SUM:=30a75c5f171be49f805f3bf64a0af054 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -35,6 +35,7 @@ $(call Package/polarssl/Default) SECTION:=libs CATEGORY:=Libraries TITLE+= (library) + ABI_VERSION:=$(PKG_VERSION) endef define Package/libpolarssl/description diff --git a/package/libs/polarssl/patches/200-reduce_config.patch b/package/libs/polarssl/patches/200-reduce_config.patch index 40bdedc5a7..a7e06f5833 100644 --- a/package/libs/polarssl/patches/200-reduce_config.patch +++ b/package/libs/polarssl/patches/200-reduce_config.patch @@ -1,16 +1,96 @@ --- a/include/polarssl/config.h +++ b/include/polarssl/config.h -@@ -206,8 +206,8 @@ - * Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C +@@ -315,8 +315,8 @@ + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED +@@ -339,8 +339,8 @@ + * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED +@@ -359,8 +359,8 @@ + * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED +@@ -384,8 +384,8 @@ + * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED +@@ -463,8 +463,8 @@ + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_RSA_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +@@ -487,8 +487,8 @@ + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +@@ -511,8 +511,8 @@ + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ + #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED +@@ -535,8 +535,8 @@ + * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ + #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ++ */ + + /** + * \def POLARSSL_ERROR_STRERROR_BC +@@ -566,8 +566,8 @@ + * Enable the prime-number generation code. * - * Enable the RSA prime-number generation code. + * Requires: POLARSSL_BIGNUM_C - */ #define POLARSSL_GENPRIME + */ /** * \def POLARSSL_FS_IO -@@ -264,8 +264,8 @@ +@@ -662,8 +662,8 @@ * \def POLARSSL_SELF_TEST * * Enable the checkup functions (*_self_test). @@ -20,18 +100,18 @@ /** * \def POLARSSL_SSL_ALL_ALERT_MESSAGES -@@ -466,8 +466,8 @@ - * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 +@@ -1107,8 +1107,8 @@ + * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ #define POLARSSL_CAMELLIA_C + */ /** * \def POLARSSL_CERTS_C -@@ -478,8 +478,8 @@ - * Caller: +@@ -1121,8 +1121,8 @@ + * Requires: POLARSSL_PEM_PARSE_C * * This module is used for testing (ssl_client/server). - */ @@ -40,7 +120,7 @@ /** * \def POLARSSL_CIPHER_C -@@ -518,8 +518,8 @@ +@@ -1161,8 +1161,8 @@ * library/ssl_tls.c * * This module provides debugging functions. @@ -50,18 +130,48 @@ /** * \def POLARSSL_DES_C -@@ -604,8 +604,8 @@ - * enabled as well): - * TLS_RSA_WITH_AES_128_GCM_SHA256 - * TLS_RSA_WITH_AES_256_GCM_SHA384 +@@ -1217,8 +1217,8 @@ + * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK + * + * Requires: POLARSSL_ECP_C +- */ + #define POLARSSL_ECDH_C ++ */ + + /** + * \def POLARSSL_ECDSA_C +@@ -1232,8 +1232,8 @@ + * ECDHE-ECDSA + * + * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C +- */ + #define POLARSSL_ECDSA_C ++ */ + + /** + * \def POLARSSL_ECP_C +@@ -1245,8 +1245,8 @@ + * library/ecdsa.c + * + * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED +- */ + #define POLARSSL_ECP_C ++ */ + + /** + * \def POLARSSL_ENTROPY_C +@@ -1285,8 +1285,8 @@ + * + * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other + * requisites are enabled as well. - */ #define POLARSSL_GCM_C + */ /** * \def POLARSSL_HAVEGE_C -@@ -704,8 +704,8 @@ - * Caller: library/aes.c +@@ -1436,8 +1436,8 @@ + * Requires: POLARSSL_HAVE_ASM * * This modules adds support for the VIA PadLock on x86. - */ @@ -70,7 +180,17 @@ /** * \def POLARSSL_PBKDF2_C -@@ -848,8 +848,8 @@ +@@ -1584,8 +1584,8 @@ + * Module: library/ripemd160.c + * Caller: library/md.c + * +- */ + #define POLARSSL_RIPEMD160_C ++ */ + + /** + * \def POLARSSL_RSA_C +@@ -1664,8 +1664,8 @@ * Caller: * * Requires: POLARSSL_SSL_CACHE_C @@ -80,7 +200,7 @@ /** * \def POLARSSL_SSL_CLI_C -@@ -903,8 +903,8 @@ +@@ -1741,8 +1741,8 @@ * Caller: library/havege.c * * This module is used by the HAVEGE random number generator. @@ -90,13 +210,13 @@ /** * \def POLARSSL_VERSION_C -@@ -953,8 +953,8 @@ +@@ -1862,8 +1862,8 @@ * * Module: library/xtea.c * Caller: - */ #define POLARSSL_XTEA_C + */ - /* \} name */ - /** + /* \} name SECTION: PolarSSL modules */ + diff --git a/package/libs/polarssl/patches/210-gen_key_config_fix.patch b/package/libs/polarssl/patches/210-gen_key_config_fix.patch new file mode 100644 index 0000000000..d682e28d83 --- /dev/null +++ b/package/libs/polarssl/patches/210-gen_key_config_fix.patch @@ -0,0 +1,38 @@ +--- a/programs/pkey/gen_key.c ++++ b/programs/pkey/gen_key.c +@@ -155,7 +155,9 @@ int main( int argc, char *argv[] ) + + opt.type = DFL_TYPE; + opt.rsa_keysize = DFL_RSA_KEYSIZE; ++#if defined(POLARSSL_ECP_C) + opt.ec_curve = DFL_EC_CURVE; ++#endif + opt.filename = DFL_FILENAME; + opt.format = DFL_FORMAT; + +@@ -170,8 +172,10 @@ int main( int argc, char *argv[] ) + { + if( strcmp( q, "rsa" ) == 0 ) + opt.type = POLARSSL_PK_RSA; ++#if defined(POLARSSL_ECP_C) + if( strcmp( q, "ec" ) == 0 ) + opt.type = POLARSSL_PK_ECKEY; ++#endif + else + goto usage; + } +@@ -190,12 +194,14 @@ int main( int argc, char *argv[] ) + if( opt.rsa_keysize < 1024 || opt.rsa_keysize > 8192 ) + goto usage; + } ++#if defined(POLARSSL_ECP_C) + else if( strcmp( p, "ec_curve" ) == 0 ) + { + if( ( curve_info = ecp_curve_info_from_name( q ) ) == NULL ) + goto usage; + opt.ec_curve = curve_info->grp_id; + } ++#endif + else if( strcmp( p, "filename" ) == 0 ) + opt.filename = q; + else diff --git a/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch b/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch deleted file mode 100644 index 474a859cbd..0000000000 --- a/package/libs/polarssl/patches/300-openssl_cipher_name_compat.patch +++ /dev/null @@ -1,53 +0,0 @@ ---- a/library/cipher.c -+++ b/library/cipher.c -@@ -279,15 +279,21 @@ const cipher_info_t *cipher_info_from_st - #if defined(POLARSSL_BLOWFISH_C) - if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) ) - return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC ); -+ if( !strcasecmp( "BF-CBC", cipher_name ) ) -+ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC ); - - #if defined(POLARSSL_CIPHER_MODE_CFB) - if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) ) - return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 ); -+ if( !strcasecmp( "BF-CFB64", cipher_name ) ) -+ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 ); - #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ - - #if defined(POLARSSL_CIPHER_MODE_CTR) - if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) ) - return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR ); -+ if( !strcasecmp( "BF-CTR", cipher_name ) ) -+ return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR ); - #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ - #endif - ---- a/library/cipher_wrap.c -+++ b/library/cipher_wrap.c -@@ -643,7 +643,7 @@ const cipher_info_t blowfish_cbc_info = - POLARSSL_CIPHER_BLOWFISH_CBC, - POLARSSL_MODE_CBC, - 128, -- "BLOWFISH-CBC", -+ "BF-CBC", - 8, - 8, - &blowfish_info -@@ -654,7 +654,7 @@ const cipher_info_t blowfish_cfb64_info - POLARSSL_CIPHER_BLOWFISH_CFB64, - POLARSSL_MODE_CFB, - 128, -- "BLOWFISH-CFB64", -+ "BF-CFB64", - 8, - 8, - &blowfish_info -@@ -666,7 +666,7 @@ const cipher_info_t blowfish_ctr_info = - POLARSSL_CIPHER_BLOWFISH_CTR, - POLARSSL_MODE_CTR, - 128, -- "BLOWFISH-CTR", -+ "BF-CTR", - 8, - 8, - &blowfish_info -- cgit v1.2.3