github/OpenVPNAdapter
3
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-05-13 00:04:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' content from commit 554d8b888

Browse Source 
git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn
git-subtree-split: 554d8b88817d3a7b836e78940ed61bb11ed2bd9b
This commit is contained in:
Sergey Abramchuk
2018-07-27 18:08:58 +03:00
commit e2ad2ab5d5
585 changed files with 101725 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deps/asio/build-asio
Vendored Executable
+44
View File
@@ -0,0 +1,44 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to dependency build folder
exit 1
fi
if [ -z "$DL" ]; then
echo DL var must point to the download folder
exit 1
fi
. $O3/core/deps/lib-versions
# source helper functions
. $O3/core/deps/functions.sh
PACKAGE=${ASIO_VERSION}
FNAME=${ASIO_VERSION}.tar.gz
URL=https://github.com/chriskohlhoff/asio/archive/${ASIO_VERSION}.tar.gz
CSUM=${ASIO_CSUM}
DIST=asio
download
if [ "$NO_WIPE" = "1" ]; then
echo RETAIN existing source
else
echo WIPE and reunzip source
cd $DEP_DIR
rm -rf $DIST asio-$ASIO_VERSION
tar xfz $DL/$FNAME
cd asio-$ASIO_VERSION
apply_patches "asio"
cd ..
cp -a asio-$ASIO_VERSION $DIST
fi
deps/asio/patches/0001-Added-Apple-NAT64-support-when-both-ASIO_HAS_GETADDR.patch
Vendored
+48
View File
@@ -0,0 +1,48 @@
From 28cdfe3f923affa87420a47f8ac71e791c77bcde Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Mon, 19 Mar 2018 11:24:10 +0800
Subject: [PATCH] Added Apple NAT64 support when both ASIO_HAS_GETADDRINFO and
ASIO_APPLE_NAT64 ar defined
* When calling getaddrinfo(), Apple recommends to set
AI_DEFAULT flags in hint.
* iOS bug workaround: sometimes iOS getaddrinfo() returns a
non-zero scope ID for non-link-local addresses.
Workaround by forcing scope ID to 0 for non-link-local
addresses.
---
asio/include/asio/detail/impl/socket_ops.ipp | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/asio/include/asio/detail/impl/socket_ops.ipp b/asio/include/asio/detail/impl/socket_ops.ipp
index b3b1a0cf..e1a07e06 100644
--- a/asio/include/asio/detail/impl/socket_ops.ipp
+++ b/asio/include/asio/detail/impl/socket_ops.ipp
@@ -3338,6 +3338,23 @@ asio::error_code getaddrinfo(const char* host,
# endif
#elif !defined(ASIO_HAS_GETADDRINFO)
int error = getaddrinfo_emulation(host, service, &hints, result);
+ return ec = translate_addrinfo_error(error);
+#elif defined(ASIO_HAS_GETADDRINFO) && defined(ASIO_APPLE_NAT64)
+ // For NAT64 compatibility, Apple recommends to set AI_DEFAULT flags
+ addrinfo_type new_hints = hints;
+ new_hints.ai_flags |= AI_DEFAULT;
+ int error = ::getaddrinfo(host, service, &new_hints, result);
+
+ // iOS bug workaround: sometimes iOS getaddrinfo() returns a non-zero scope ID
+ // for non-link-local addresses. Workaround by forcing scope ID to 0 for
+ // non-link-local addresses.
+ if (!error && (*result)->ai_family == AF_INET6)
+ {
+ sockaddr_in6* a6 = (sockaddr_in6*)(*result)->ai_addr;
+ if (a6->sin6_scope_id && !(IN6_IS_ADDR_LINKLOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_NODELOCAL(&a6->sin6_addr) || IN6_IS_ADDR_MC_LINKLOCAL(&a6->sin6_addr)))
+ a6->sin6_scope_id = 0;
+ }
+
return ec = translate_addrinfo_error(error);
#else
int error = ::getaddrinfo(host, service, &hints, result);
--
2.16.2
deps/asio/patches/0002-Added-randomize-method-to-asio-ip-tcp-resolver-resul.patch
Vendored
+38
View File
@@ -0,0 +1,38 @@
From c6cb856ac923472e56d8dd631585b4ca58e71c31 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Wed, 2 Sep 2015 12:18:48 -0700
Subject: [PATCH] Added randomize() method to
asio::ip::tcp::resolver::results_type.
---
asio/include/asio/ip/basic_resolver_results.hpp | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/asio/include/asio/ip/basic_resolver_results.hpp b/asio/include/asio/ip/basic_resolver_results.hpp
index 4146a46b..f0ae258c 100644
--- a/asio/include/asio/ip/basic_resolver_results.hpp
+++ b/asio/include/asio/ip/basic_resolver_results.hpp
@@ -18,6 +18,7 @@
#include "asio/detail/config.hpp"
#include <cstddef>
#include <cstring>
+#include <algorithm>
#include "asio/detail/socket_ops.hpp"
#include "asio/detail/socket_types.hpp"
#include "asio/ip/basic_resolver_iterator.hpp"
@@ -299,6 +300,12 @@ public:
return !a.equal(b);
}
+ template <typename Random>
+ void randomize(Random& r)
+ {
+ std::shuffle(this->values_->begin(), this->values_->end(), r);
+ }
+
private:
typedef std::vector<basic_resolver_entry<InternetProtocol> > values_type;
};
--
2.16.2
deps/asio/patches/0003-Added-user-code-hook-async_connect_post_open-to-be-c.patch
Vendored
+38
View File
@@ -0,0 +1,38 @@
From 69a6d6aec54b41f4ceac3ac2ba14465a36bf1984 Mon Sep 17 00:00:00 2001
From: James Yonan <james@openvpn.net>
Date: Mon, 27 Feb 2017 13:01:26 -0700
Subject: [PATCH] Added user code hook async_connect_post_open() to be called
immediately after socket open in async_connect.
---
asio/include/asio/basic_socket.hpp | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/asio/include/asio/basic_socket.hpp b/asio/include/asio/basic_socket.hpp
index 43430161..0d1b0d28 100644
--- a/asio/include/asio/basic_socket.hpp
+++ b/asio/include/asio/basic_socket.hpp
@@ -865,6 +865,8 @@ public:
asio::error_code ec;
const protocol_type protocol = peer_endpoint.protocol();
this->get_service().open(this->get_implementation(), protocol, ec);
+ if (!ec)
+ async_connect_post_open(protocol, ec);
if (ec)
{
async_completion<ConnectHandler,
@@ -1741,6 +1743,11 @@ protected:
}
private:
+ // optional user code hook immediately after socket open in async_connect
+ virtual void async_connect_post_open(const protocol_type& protocol, asio::error_code& ec)
+ {
+ }
+
// Disallow copying and assignment.
basic_socket(const basic_socket&) ASIO_DELETED;
basic_socket& operator=(const basic_socket&) ASIO_DELETED;
--
2.16.2
deps/asio/snapshot-asio
Vendored Executable
+4
View File
@@ -0,0 +1,4 @@
#!/usr/bin/env bash
export NAME=asio
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$DIR/../../scripts/snapshot
deps/boost/atomic-1.55.0.patch
Vendored
+87
View File
@@ -0,0 +1,87 @@
--- boost/atomic/detail/cas128strong.hpp
+++ boost/atomic/detail/cas128strong.hpp
@@ -196,15 +196,17 @@ class base_atomic<T, void, 16, Sign>
public:
BOOST_DEFAULTED_FUNCTION(base_atomic(void), {})
- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0)
+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT
{
+ memset(&v_, 0, sizeof(v_));
memcpy(&v_, &v, sizeof(value_type));
}
void
store(value_type const& value, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type value_s = 0;
+ storage_type value_s;
+ memset(&value_s, 0, sizeof(value_s));
memcpy(&value_s, &value, sizeof(value_type));
platform_fence_before_store(order);
platform_store128(value_s, &v_);
@@ -247,7 +249,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
--- boost/atomic/detail/gcc-atomic.hpp
+++ boost/atomic/detail/gcc-atomic.hpp
@@ -958,14 +958,16 @@ class base_atomic<T, void, 16, Sign>
public:
BOOST_DEFAULTED_FUNCTION(base_atomic(void), {})
- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0)
+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT
{
+ memset(&v_, 0, sizeof(v_));
memcpy(&v_, &v, sizeof(value_type));
}
void store(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type tmp = 0;
+ storage_type tmp;
+ memset(&tmp, 0, sizeof(tmp));
memcpy(&tmp, &v, sizeof(value_type));
__atomic_store_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order));
}
@@ -980,7 +982,8 @@ class base_atomic<T, void, 16, Sign>
value_type exchange(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type tmp = 0;
+ storage_type tmp;
+ memset(&tmp, 0, sizeof(tmp));
memcpy(&tmp, &v, sizeof(value_type));
tmp = __atomic_exchange_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order));
value_type res;
@@ -994,7 +997,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, false,
@@ -1010,7 +1015,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, true,
--
deps/boost/build-boost
Vendored Executable
+75
View File
@@ -0,0 +1,75 @@
#!/usr/bin/env bash
#
# Parameters:
# SDK_PATH_SCRIPT -- optional script to set SDK path
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGETS" ]; then
echo TARGETS var must be defined
exit 1
fi
# NOTE: in Boost 1.55 and earlier, set BCONF=tools/build/v2
BCONF=tools/build/src
. $O3/core/deps/lib-versions
[ -z "$DL" ] && DL=~/Downloads
[ -z "$GPP_CMD" ] && export GPP_CMD=g++
[ -z "$GCC_CMD" ] && export GCC_CMD=gcc
if [ "$NO_WIPE" != "1" ]; then
echo WIPE and reunzip source
rm -rf boost $BOOST_VERSION
mkdir boost
tar xfz $DL/$BOOST_VERSION.tar.gz
cd $BOOST_VERSION
#patch -p1 <$DL/asio-engine.patch
#patch -p0 <$O3/core/deps/boost/atomic-1.55.0.patch
patch -p1 <$O3/core/deps/boost/intrusive_ptr.patch
patch -p1 <$O3/core/deps/boost/page_size.patch
./bootstrap.sh
for T in $TARGETS ; do
TS="${T//-/}"
. $O3/core/vars/vars-$T
cat >>$BCONF/user-config.jam <<EOF
using $GCC_CMD : $TS : $GPP_CMD
:
<compileflags>"-Wno-unused-function $PLATFORM_FLAGS $CXX_COMPILER_FLAGS $OTHER_COMPILER_FLAGS $LIB_FPIC $LIB_OPT_LEVEL"
;
EOF
done
echo '********** BOOST CONFIG'
tail -30 $BCONF/user-config.jam
echo '********** END BOOST CONFIG'
else
echo RETAIN existing source
cd $BOOST_VERSION
for T in $TARGETS ; do
TS="${T//-/}"
. $O3/core/vars/vars-$T
done
fi
[ "$SDK_PATH_SCRIPT" ] && . $SDK_PATH_SCRIPT
for T in $TARGETS ; do
. $O3/core/vars/vars-$T
target="${T//-/}"
stage=stage-$T
if [ "${target:(-3)}" == "dbg" ]; then
variant=debug
else
variant=release
fi
[ -z "$LINK_MODE" ] && LINK_MODE=static
echo "************************ $target $variant $stage"
cmd="./bjam -d2 toolset=${GCC_CMD}-${target} --stagedir=$stage --with-system --with-thread --with-atomic variant=$variant link=$LINK_MODE threading=multi runtime-link=$LINK_MODE"
echo $cmd
$cmd
done
mv stage-* ../boost/
cp -a boost ../boost/
exit 0
deps/boost/intrusive_ptr.patch
Vendored
+29
View File
@@ -0,0 +1,29 @@
diff -ur boost_1_56_0.orig/boost/smart_ptr/intrusive_ptr.hpp boost_1_56_0/boost/smart_ptr/intrusive_ptr.hpp
--- boost_1_56_0.orig/boost/smart_ptr/intrusive_ptr.hpp 2014-07-26 00:44:34.000000000 -0600
+++ boost_1_56_0/boost/smart_ptr/intrusive_ptr.hpp 2014-08-15 19:51:11.000000000 -0600
@@ -63,7 +63,7 @@
{
}
- intrusive_ptr( T * p, bool add_ref = true ): px( p )
+ intrusive_ptr( T * p, bool add_ref = true ) BOOST_NOEXCEPT_IF(BOOST_NOEXCEPT_EXPR(intrusive_ptr_add_ref(static_cast<T*>(nullptr)))) : px( p )
{
if( px != 0 && add_ref ) intrusive_ptr_add_ref( px );
}
@@ -80,14 +80,14 @@
intrusive_ptr( intrusive_ptr<U> const & rhs )
#endif
- : px( rhs.get() )
+ BOOST_NOEXCEPT_IF(BOOST_NOEXCEPT_EXPR(intrusive_ptr_add_ref(static_cast<T*>(nullptr)))) : px( rhs.get() )
{
if( px != 0 ) intrusive_ptr_add_ref( px );
}
#endif
- intrusive_ptr(intrusive_ptr const & rhs): px( rhs.px )
+ intrusive_ptr(intrusive_ptr const & rhs) BOOST_NOEXCEPT_IF(BOOST_NOEXCEPT_EXPR(intrusive_ptr_add_ref(static_cast<T*>(nullptr)))) : px( rhs.px )
{
if( px != 0 ) intrusive_ptr_add_ref( px );
}
deps/boost/page_size.patch
Vendored
+16
View File
@@ -0,0 +1,16 @@
diff -ur boost_1_57_0/boost/thread/pthread/thread_data.hpp boost_1_57_0.new/boost/thread/pthread/thread_data.hpp
--- boost_1_57_0/boost/thread/pthread/thread_data.hpp 2014-10-24 10:43:26.000000000 -0600
+++ boost_1_57_0.new/boost/thread/pthread/thread_data.hpp 2015-02-26 00:43:26.000000000 -0700
@@ -24,8 +24,10 @@
#include <vector>
#include <utility>
-#if defined(__ANDROID__)
-#include <asm/page.h> // http://code.google.com/p/android/issues/detail?id=39983
+// JY modified
+#if defined(__ANDROID__) && !defined(PAGE_SIZE)
+#define PAGE_SIZE 4096
+//#include <asm/page.h> // http://code.google.com/p/android/issues/detail?id=39983
#endif
#include <pthread.h>
deps/cityhash/build-cityhash
Vendored Executable
+64
View File
@@ -0,0 +1,64 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to dependency build folder
exit 1
fi
if [ -z "$DL" ]; then
echo DL var must point to the download folder
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
# source helper functions
. $O3/core/deps/functions.sh
FNAME=cityhash-${CITYHASH_VERSION}.tar.gz
PN=${CITYHASH_VERSION#*-}
URL=https://codeload.github.com/google/cityhash/tar.gz/${CITYHASH_VERSION}
CSUM=${CITYHASH_CSUM}
download
CC=cc
LD=ld
AR=ar
RANLIB=ranlib
[ "$GCC_CMD" ] && CC=$GCC_CMD
[ "$LD_CMD" ] && LD=$LD_CMD
[ "$AR_CMD" ] && AR=$AR_CMD
[ "$RANLIB_CMD" ] && RANLIB=$RANLIB_CMD
if [ "$NO_WIPE" != "1" ]; then
rm -rf $CITYHASH_VERSION
tar xfz $DL/cityhash-$CITYHASH_VERSION.tar.gz
fi
DIST=$(pwd)/cityhash/cityhash-$PLATFORM
rm -rf $DIST
mkdir -p $DIST/include
mkdir $DIST/lib
cd cityhash-$CITYHASH_VERSION
CMD=./configure
echo $CMD
$CMD
CMD="$CC $PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -I. -Isrc -c src/city.cc"
echo $CMD
$CMD
$AR rc $DIST/lib/libcityhash.a city.o
$RANLIB $DIST/lib/libcityhash.a
cp src/city.h $DIST/include/
exit 0
deps/functions.sh
Vendored
+47
View File
@@ -0,0 +1,47 @@
function check_download()
{
if [ -f $DL/$FNAME ]; then
CHECK=$(shasum -a 256 $DL/$FNAME |awk '{printf $1};')
if [ "$CHECK" == "$CSUM" ]; then
return 0
else
echo "Checksum mismatch for $FNAME. Was $CHECK, expected $CSUM"
fi
else
echo "$FNAME not found."
fi
return -1
}
function download()
{
check_download && return 0
rm -f $DL/$FNAME
if [ -n "$URL" ]; then
wget $URL -O $DL/$FNAME
else
echo URL must be specified
exit 1
fi
check_download || return -1
}
function apply_patches()
{
DEP_NAME=$1
# change directory since git apply got confused when
# applying patches to files which are not found in index
DIR=$(pwd)
pushd ${DIR}
cd /tmp
# apply pre-generated patches
for file in $O3/core/deps/${DEP_NAME}/patches/*.patch; do
echo Applying patch: $file
git apply --directory ${DIR} --unsafe-path $file
done
popd
}
deps/lib-versions
Vendored
+19
View File
@@ -0,0 +1,19 @@
export ASIO_VERSION=asio-1-12-0
export ASIO_CSUM=fa8c3a16dc2163f5b3451f2a14ce95277c971f46700497d4e94af6059c00dc06
export LZ4_VERSION=lz4-1.8.0
export LZ4_CSUM=2ca482ea7a9bb103603108b5a7510b7592b90158c151ff50a28f1ca8389fccf6
export MBEDTLS_VERSION=mbedtls-2.7.0
export MBEDTLS_CSUM=aeb66d6cd43aa1c79c145d15845c655627a7fc30d624148aaafbb6c36d7f55ef
export OPENSSL_VERSION=openssl-1.0.2h
export JSONCPP_VERSION=1.8.4
export JSONCPP_CSUM=c49deac9e0933bcb7044f08516861a2d560988540b23de2ac1ad443b219afdb6
export TAP_VERSION=0e30f5c13b3c7b0bdd60da915350f653e4c14d92
export TAP_CSUM=8ff65f9e741c5ecfe1af904eaa38713f05639ce9457ef92041fd8e6b2a170315
export CITYHASH_VERSION=8af9b8c2b889d80c22d6bc26ba0df1afb79a30db
export CITYHASH_CSUM=f70368facd15735dffc77fe2b27ab505bfdd05be5e9166d94149a8744c212f49
deps/lz4/build-lz4
Vendored Executable
+66
View File
@@ -0,0 +1,66 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to dependency build folder
exit 1
fi
if [ -z "$DL" ]; then
echo DL var must point to the download folder
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
# source helper functions
. $O3/core/deps/functions.sh
FNAME=${LZ4_VERSION}.tar.gz
PN=${LZ4_VERSION#*-}
URL=https://github.com/lz4/lz4/archive/v${PN}.tar.gz
CSUM=${LZ4_CSUM}
download
CC=cc
LD=ld
AR=ar
RANLIB=ranlib
[ "$GCC_CMD" ] && CC=$GCC_CMD
[ "$LD_CMD" ] && LD=$LD_CMD
[ "$AR_CMD" ] && AR=$AR_CMD
[ "$RANLIB_CMD" ] && RANLIB=$RANLIB_CMD
if [ "$NO_WIPE" != "1" ]; then
rm -rf $LZ4_VERSION
tar xfz $DL/$LZ4_VERSION.tar.gz
fi
if [ "x$NO_BUILD" == x1 ]; then
echo "Not building"
exit
fi
DIST=$(pwd)/lz4/lz4-$PLATFORM
rm -rf $DIST
mkdir -p $DIST/include
mkdir $DIST/lib
cd $LZ4_VERSION/lib
CMD="$CC $PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c lz4.c"
echo $CMD
$CMD
$AR rc $DIST/lib/liblz4.a lz4.o
$RANLIB $DIST/lib/liblz4.a
cp lz4.h $DIST/include/
exit 0
deps/lz4/snapshot-lz4
Vendored Executable
+4
View File
@@ -0,0 +1,4 @@
#!/usr/bin/env bash
export NAME=lz4
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$DIR/../../scripts/snapshot
deps/lzo/build-lzo
Vendored Executable
+62
View File
@@ -0,0 +1,62 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
[ -z "$DL" ] && DL=~/Downloads
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
[ "$GCC_CMD" ] && export CC=$GCC_CMD
[ "$LD_CMD" ] && export LD=$LD_CMD
[ "$AR_CMD" ] && export AR=$AR_CMD
[ "$RANLIB_CMD" ] && export RANLIB=$RANLIB_CMD
case $PLATFORM in
android*)
echo PLATFORM android
host=arm
target=arm
;;
ios*)
echo PLATFORM ios
host="x86_64-apple-darwin"
target=arm
;;
*)
host=""
target=""
;;
esac
if [ "$target" ]; then
targ_opt="--target=$target"
fi
if [ "$host" ]; then
host_opt="--host=$host"
fi
if [ "$NO_WIPE" != "1" ]; then
rm -rf $LZO_VERSION
tar xfz $DL/$LZO_VERSION.tar.gz
fi
DIST=$(pwd)/lzo/lzo-$PLATFORM
rm -rf $DIST
mkdir -p $DIST
cd $LZO_VERSION
echo 'OPTIONS' $CC $LD $AR $RANLIB $host_opt $targ_opt
CFLAGS="$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC" ./configure --prefix=$DIST $host_opt $targ_opt
make
make install
exit 0
deps/mbedtls/build-mbedtls
Vendored Executable
+102
View File
@@ -0,0 +1,102 @@
#!/bin/bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to dependency build folder
exit 1
fi
if [ -z "$DL" ]; then
echo DL var must point to the download folder
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
# source helper functions
. $O3/core/deps/functions.sh
FNAME=${MBEDTLS_VERSION}-apache.tgz
PN=${MBEDTLS_VERSION#*-}
URL=https://tls.mbed.org/download/$MBEDTLS_VERSION-apache.tgz
CSUM=${MBEDTLS_CSUM}
download
# put build targets here
DIST=$(pwd)/mbedtls/mbedtls-$PLATFORM
rm -rf $DIST
mkdir -p $DIST
if [ "$NO_WIPE" = "1" ]; then
echo RETAIN existing source
cd $MBEDTLS_VERSION
else
echo WIPE and reunzip source
rm -rf $MBEDTLS_VERSION
[ -z "$DL" ] && DL=~/Downloads
tar xfz $DL/$MBEDTLS_VERSION-apache.tgz
cd $MBEDTLS_VERSION
# enable MD4 (needed for NTLM auth)
perl -pi -e 's/^\/\/// if /#define MBEDTLS_MD4_C/' include/mbedtls/config.h
apply_patches "mbedtls"
fi
if [ "x$NO_BUILD" == x1 ]; then
echo "Not building"
exit 0
fi
if [[ "x$TARGET" == xlinux* || "x$TARGET" == xosx* ]]; then
# run unit tests and then clean
echo RUNNING CHECK
make check
echo CLEANING
make clean
fi
echo BUILDING
# compiler vars
CC=cc
LD=ld
AR=ar
RANLIB=ranlib
[ "$GCC_CMD" ] && CC=$GCC_CMD
[ "$LD_CMD" ] && LD=$LD_CMD
[ "$AR_CMD" ] && AR=$AR_CMD
[ "$RANLIB_CMD" ] && RANLIB=$RANLIB_CMD
# build it
SRC=$(pwd)
cd library
rm -f *.o
for c in *.c ; do
CMD="$CC -I../include -DMBEDTLS_RELAXED_X509_DATE \
$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c $c"
echo $CMD
$CMD
done
# create archive
cd $DIST
mkdir library
$AR rc library/libmbedtls.a $SRC/library/*.o
$RANLIB library/libmbedtls.a 2>&1 | grep -v "has no symbols" || true
# copy headers
mkdir -p include/mbedtls
cp $SRC/include/mbedtls/*.h include/mbedtls/
exit 0
deps/mbedtls/patches/0001-relax-x509-date-format-check.patch
Vendored
+55
View File
@@ -0,0 +1,55 @@
From 62dd1588a7ec3501edfaf9470cf7a1ca15cb4ba1 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Tue, 20 Mar 2018 09:35:47 +0800
Subject: [PATCH] relax x509 date format check
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
library/x509.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/library/x509.c b/library/x509.c
index 371d6da1..df2cea81 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -565,13 +565,20 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
/*
* Parse seconds if present
*/
- if ( len >= 2 )
+ if ( len >= 2 && **p >= '0' && **p <= '9' )
{
CHECK( x509_parse_int( p, 2, &tm->sec ) );
len -= 2;
}
else
+ {
+#if defined(MBEDTLS_RELAXED_X509_DATE)
+ /* if relaxed mode, allow seconds to be absent */
+ tm->sec = 0;
+#else
return ( MBEDTLS_ERR_X509_INVALID_DATE );
+#endif
+ }
/*
* Parse trailing 'Z' if present
@@ -581,6 +588,15 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
(*p)++;
len--;
}
+#if defined(MBEDTLS_RELAXED_X509_DATE)
+ else if ( len == 5 && **p == '+' )
+ {
+ int tz; /* throwaway timezone */
+ (*p)++;
+ CHECK( x509_parse_int( p, 4, &tz ) );
+ return 0;
+ }
+#endif
/*
* We should have parsed all characters at this point
--
2.16.2
deps/mbedtls/patches/0002-pkcs5v2-add-support-for-additional-hmacSHA-algorithm.patch
Vendored
+154
View File
@@ -0,0 +1,154 @@
From 56df6d5003b20fa673b67fb06c2ec03a8197c4c2 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 20 Dec 2017 07:03:55 +0800
Subject: [PATCH] pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.
This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).
Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
include/mbedtls/oid.h | 18 +++++++++++++++
library/oid.c | 45 ++++++++++++++++++++++++++++++++++++++
library/pkcs5.c | 4 +---
tests/suites/test_suite_pkcs5.data | 4 ++--
4 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index bf2ef5ec..408645ec 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -228,6 +228,14 @@
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
+
+#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
+
+#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
+
+#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+
/*
* Encryption algorithms
*/
@@ -514,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+
+/**
+ * \brief Translate hmac algorithm OID into md_type
+ *
+ * \param oid OID to use
+ * \param md_hmac place to store message hmac algorithm
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
#endif /* MBEDTLS_MD_C */
/**
diff --git a/library/oid.c b/library/oid.c
index f13826ed..edea950f 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -625,6 +625,51 @@ static const oid_md_alg_t oid_md_alg[] =
FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+
+/*
+ * For HMAC digestAlgorithm
+ */
+typedef struct {
+ mbedtls_oid_descriptor_t descriptor;
+ mbedtls_md_type_t md_hmac;
+} oid_md_hmac_t;
+
+static const oid_md_hmac_t oid_md_hmac[] =
+{
+#if defined(MBEDTLS_SHA1_C)
+ {
+ { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" },
+ MBEDTLS_MD_SHA1,
+ },
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+ {
+ { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },
+ MBEDTLS_MD_SHA224,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },
+ MBEDTLS_MD_SHA256,
+ },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+ {
+ { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" },
+ MBEDTLS_MD_SHA384,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" },
+ MBEDTLS_MD_SHA512,
+ },
+#endif /* MBEDTLS_SHA512_C */
+ {
+ { NULL, 0, NULL, NULL },
+ MBEDTLS_MD_NONE,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
+FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_PKCS12_C)
diff --git a/library/pkcs5.c b/library/pkcs5.c
index e28d5a84..95f44fa9 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -96,11 +96,9 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 )
+ if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
- *md_type = MBEDTLS_MD_SHA1;
-
if( p != end )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index e609d62b..4c2c0bb6 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -82,9 +82,9 @@ PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
-PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA1)
+PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0208":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad, PBKDF2 params extra data)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
--
2.16.2
deps/mbedtls/patches/0003-tests-pkcs5-pbkdf2_hmac-add-unit-tests-for-additiona.patch
Vendored
+128
View File
@@ -0,0 +1,128 @@
From bb029567d8a2b55e500a85c916a8d22ae9434ab3 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 31 Jan 2018 23:23:02 +0800
Subject: [PATCH] tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA
algorithms
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:
import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))
where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.
Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.
For SHA256 we also have two test vectors coming from RFC7914 Sec 11.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
tests/suites/test_suite_pkcs5.data | 88 ++++++++++++++++++++++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index 4c2c0bb6..f3c421d0 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -18,6 +18,94 @@ PBKDF2 RFC 6070 Test Vector #6 (SHA1)
depends_on:MBEDTLS_SHA1_C
pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
+PBKDF2 Python hashlib Test Vector #1 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c"
+
+PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"706173737764":"73616c74":1:64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783"
+
+PBKDF2 RFC 7914 Sec 11 Test Vector #2 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"50617373776f7264":"4e61436c":80000:64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":1:20:"120fb6cffcf8b32c43e7225256c4f837a86548c9"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":2:20:"ae4d0c95af6b46d32d0adff928f06dd02a303f8e"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":4096:20:"c5e478d59288c841aa530db6845c4c8d962893a0"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":1:20:"867f70cf1ade02cff3752599a3a53dc4af34c7a6"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":2:20:"e1d9c16aa681708a45f5c7c4e215ceb66e011a2e"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":4096:20:"d197b1b33db0143e018b12f3d1d1479e6cdebdcc"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665"
+
PBES2 Decrypt (OK)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
--
2.16.2
deps/mbedtls/patches/0004-tests-pkcs5-pbkdf2_hmac-extend-array-to-accommodate-.patch
Vendored
+49
View File
@@ -0,0 +1,49 @@
From d09cecb5f7d1e66476c97a35caee7248930ef425 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <a@unstable.cc>
Date: Wed, 31 Jan 2018 23:45:09 +0800
Subject: [PATCH] tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer
results
Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.
For this reason extend the result array to accommodate
longer strings.
At the same time make memset() parametric to avoid
bugs in the future.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
tests/suites/test_suite_pkcs5.function | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 8fabec08..3ad64805 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -14,7 +14,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
{
unsigned char pw_str[100];
unsigned char salt_str[100];
- unsigned char dst_str[100];
+ unsigned char dst_str[200];
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *info;
@@ -24,9 +24,9 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
mbedtls_md_init( &ctx );
- memset(pw_str, 0x00, 100);
- memset(salt_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
+ memset(pw_str, 0x00, sizeof(pw_str));
+ memset(salt_str, 0x00, sizeof(salt_str));
+ memset(dst_str, 0x00, sizeof(dst_str));
pw_len = unhexify( pw_str, hex_password_string );
salt_len = unhexify( salt_str, hex_salt_string );
--
2.16.2
deps/mbedtls/patches/0005-data_files-pkcs8-v2-add-keys-generated-with-PRF-SHA1.patch
Vendored
+2593
View File
File diff suppressed because it is too large Load Diff
deps/mbedtls/patches/0006-tests_suite_pkparse-new-PKCS8-v2-keys-with-PRF-SHA1.patch
Vendored
+604
View File
@@ -0,0 +1,604 @@
From 7ed2575f310fd889fba025aa760f74ec1b41924b Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Thu, 1 Feb 2018 14:03:36 +0800
Subject: [PATCH] tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
tests/suites/test_suite_pkparse.data | 576 +++++++++++++++++++++++++++++++++++
1 file changed, 576 insertions(+)
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 416f9dfe..1bf06270 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -362,6 +362,582 @@ Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
Parse Public RSA Key #1 (PKCS#8 wrapped)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0
--
2.16.2
deps/mbedtls/patches/0007-cmake-build.patch
Vendored
+28
View File
@@ -0,0 +1,28 @@
From 5d31999442a41c154f6c56e91c8fe7705c74e2be Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 28 Dec 2017 00:19:10 +0100
Subject: [PATCH] Use current cmake directory instead of source root directory
when exuting config.pl
When mdbedtls is added as a subdirectory to another project this will
call config.pl with the right path If mbedtls is build standalone
current and root source directory are identical.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3e47224ea1..2883eff270 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -31,7 +31,7 @@ find_package(Perl)
if(PERL_FOUND)
# If NULL Entropy is configured, display an appropriate warning
- execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
+ execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${NULL_ENTROPY_WARNING})
deps/mbedtls/patches/0008-Enable-allowing-unsupported-critical-extensions-in-r.patch
Vendored
+361
View File
@@ -0,0 +1,361 @@
From 13dd5f71dfe345787c3c44ef177009530983bf20 Mon Sep 17 00:00:00 2001
From: Lev Stipakov <lev@openvpn.net>
Date: Fri, 23 Feb 2018 17:12:49 +0200
Subject: [PATCH] Enable allowing unsupported critical extensions in runtime
When compile time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
is not set, certificate parsing fails if certificate contains unsupported critical extension.
This patch allows to modify this behavior in runtime.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
include/mbedtls/oid.h | 13 ++++-
include/mbedtls/ssl.h | 22 ++++++++
include/mbedtls/x509_crt.h | 2 +
library/oid.c | 81 +++++++++++++++++++++++++-----
library/ssl_tls.c | 8 +++
library/x509_crt.c | 10 +++-
tests/data_files/test-ca-nc.crt | 20 ++++++++
tests/suites/test_suite_x509parse.data | 6 +++
tests/suites/test_suite_x509parse.function | 15 ++++++
9 files changed, 162 insertions(+), 15 deletions(-)
create mode 100644 tests/data_files/test-ca-nc.crt
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index fcecdafd..096b1b10 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -401,7 +401,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
- * \brief Translate an X.509 extension OID into local values
+ * \brief Translate supported X.509 extension OID into local values
*
* \param oid OID to use
* \param ext_type place to store the extension type
@@ -409,6 +409,17 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+
+/**
+ * \brief Translate supported and unsupported X.509 extension OID into local values
+ *
+ * \param oid OID to use
+ * \param ext_type place to store the extension type
+ * \param is_supported place to store flag if extension is supported (1 - supported, 0 otherwise)
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_x509_ext_type_supported( const mbedtls_asn1_buf *oid, int *ext_type, int *is_supported );
#endif
/**
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index cc000700..cb779f86 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -695,6 +695,10 @@ struct mbedtls_ssl_config
retransmission timeout (ms) */
#endif
+ uint32_t allowed_unsupported_critical_exts; /*!< Bit flags which represent runtime-enabled
+ unsupported critical extensions, e.g.
+ MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
@@ -2234,6 +2238,24 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+/**
+ * \brief Allows unsupported critical extensions
+ *
+ * Without compile-time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ * mbedTLS fails certificate verification if certificate contains
+ * unsupported critical extensions.
+ *
+ * This method allows to modify behavior in runtime by providing
+ * bit flags which represent unsupported extensions (for example MBEDTLS_X509_EXT_NAME_CONSTRAINTS)
+ * which should be allowed despite missing above mentioned compile-time flag.
+ *
+ * \param conf SSL configuration
+ * \param exts Bit flags which represent runtime-enabled unsupported critical extensions,
+ * e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS
+ *
+ */
+void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts );
+
/**
* \brief Return the number of data bytes available to read
*
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 06166d8b..adc6474f 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -89,6 +89,8 @@ typedef struct mbedtls_x509_crt
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ uint32_t allowed_unsupported_critical_exts; /**< Optional Bit flags which represent runtime-enabled unsupported critical extensions, e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
+
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
diff --git a/library/oid.c b/library/oid.c
index f13826ed..7c50f24f 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -254,38 +254,95 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, co
typedef struct {
mbedtls_oid_descriptor_t descriptor;
int ext_type;
+ int is_supported;
} oid_x509_ext_t;
static const oid_x509_ext_t oid_x509_ext[] =
{
{
- { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
- MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
+ { ADD_LEN( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), "id-ce-authorityKeyIdentifier", "Authority Key Identifier" },
+ MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, 0,
},
{
- { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
- MBEDTLS_X509_EXT_KEY_USAGE,
+ { ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier", "Subject Key Identifier" },
+ MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, 0,
},
{
- { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
- MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
+ { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
+ MBEDTLS_X509_EXT_KEY_USAGE, 1,
},
{
- { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
- MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
+ { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
+ MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, 0,
},
{
- { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
- MBEDTLS_X509_EXT_NS_CERT_TYPE,
+ { ADD_LEN( MBEDTLS_OID_POLICY_MAPPINGS ), "id-ce-policyMappings", "Policy Mapping" },
+ MBEDTLS_X509_EXT_POLICY_MAPPINGS, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_ISSUER_ALT_NAME ), "id-ce-issuerAltName", "Issuer Alt Name" },
+ MBEDTLS_X509_EXT_ISSUER_ALT_NAME, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS ), "id-ce-subjectDirectoryAttributes", "Subject Directory Attributes" },
+ MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
+ MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, 1,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_NAME_CONSTRAINTS ), "id-ce-nameConstraints", "Name Constraints" },
+ MBEDTLS_X509_EXT_NAME_CONSTRAINTS, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_POLICY_CONSTRAINTS ), "id-ce-policyConstraints", "Policy Constraints" },
+ MBEDTLS_X509_EXT_POLICY_CONSTRAINTS, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
+ MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, 1
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_CRL_DISTRIBUTION_POINTS ), "id-ce-cRLDistributionPoints", "CRL Distribution Points" },
+ MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_INIHIBIT_ANYPOLICY ), "id-ce-inhibitAnyPolicy", "Inhibit Any Policy" },
+ MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_FRESHEST_CRL ), "id-ce-freshestCRL", "Freshest CRL" },
+ MBEDTLS_X509_EXT_FRESHEST_CRL, 0,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
+ MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, 1
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
+ MBEDTLS_X509_EXT_NS_CERT_TYPE, 1
},
{
{ NULL, 0, NULL, NULL },
- 0,
+ 0, 0
},
};
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
-FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
+FN_OID_GET_ATTR2(mbedtls_oid_get_x509_ext_type_supported, oid_x509_ext_t, x509_ext, int, ext_type, int, is_supported)
+
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type )
+{
+ int ret = 0;
+ int is_supported = 0;
+
+ ret = mbedtls_oid_get_x509_ext_type_supported(oid, ext_type, &is_supported);
+ if( is_supported == 0 )
+ ret = MBEDTLS_ERR_OID_NOT_FOUND;
+
+ return( ret );
+}
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 661ae706..ed1f7b67 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4468,6 +4468,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
+ ssl->session_negotiate->peer_cert->allowed_unsupported_critical_exts =
+ ssl->conf->allowed_unsupported_critical_exts;
+
i += 3;
while( i < ssl->in_hslen )
@@ -6344,6 +6347,11 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts )
+{
+ conf->allowed_unsupported_critical_exts = exts;
+}
+
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_SSL_CLI_C)
void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c6209fb4..1a61e5e9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -526,6 +526,7 @@ static int x509_get_crt_ext( unsigned char **p,
int ret;
size_t len;
unsigned char *end_ext_data, *end_ext_octet;
+ int is_supported;
if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
{
@@ -585,9 +586,9 @@ static int x509_get_crt_ext( unsigned char **p,
/*
* Detect supported extensions
*/
- ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
+ ret = mbedtls_oid_get_x509_ext_type_supported( &extn_oid, &ext_type, &is_supported );
- if( ret != 0 )
+ if( ( ret != 0 ) || ( is_supported == 0 ) )
{
/* No parser found, skip extension */
*p = end_ext_octet;
@@ -595,6 +596,10 @@ static int x509_get_crt_ext( unsigned char **p,
#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
+ /* Do not fail if extension is found, but unsupported and allowed in runtime */
+ if( ( ret == 0 ) && ( ext_type & crt->allowed_unsupported_critical_exts ) )
+ continue;
+
/* Data is marked as critical: fail */
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
@@ -948,6 +953,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
prev = crt;
mbedtls_x509_crt_init( crt->next );
+ crt->next->allowed_unsupported_critical_exts = crt->allowed_unsupported_critical_exts;
crt = crt->next;
}
diff --git a/tests/data_files/test-ca-nc.crt b/tests/data_files/test-ca-nc.crt
new file mode 100644
index 00000000..7e0c5613
--- /dev/null
+++ b/tests/data_files/test-ca-nc.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIJAJx/NjT4C4viMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
+BAMMCExlZXZpQ0E0MB4XDTE4MDEyNzE1MDczMloXDTI4MDEyNTE1MDczMlowEzER
+MA8GA1UEAwwITGVldmlDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDWN79RTlyFm5o0LVMSVjc68W0+gtl95xpaaD7IS6gDYjcbGnCwSefiq7y9rtck
+OM1A5Bzhj5+iWbmZStUmeJUhSGgxP/FxuUaAV0fsBGJ5jDrzmbhzDkHsNxDMB2ks
+XFyy4LfODcBs9TXxY43KUKuq/0meiT3WAaZWHMYle9vkQJM2l0RyH4IXHCHiIRwd
+2wntin6T9QOFJOc2ietNb7KsXVne81wb7h9BVMsjCIAsbPpHa+PZQs1xFuxmRxCs
+kpavnMy+SqevHhvqtvbHppcXYtZspTnkVoXWUdx3HHXgZMQKlAWlwyx57xpZBU2g
+qksO+KCLVYOQMN9usmuMOpHHAgMBAAGjgaEwgZ4wHQYDVR0eAQH/BBMwEaAPMA2C
+C2V4YW1wbGUuY29tMB0GA1UdDgQWBBR3T9IilPeRAFfLO8ocg216OBo+6DBDBgNV
+HSMEPDA6gBR3T9IilPeRAFfLO8ocg216OBo+6KEXpBUwEzERMA8GA1UEAwwITGVl
+dmlDQTSCCQCcfzY0+AuL4jAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAR086ciNM3ujSQNhhguqFHYGfDRRuAgOk4l7GXIfFa9te
+B2KMLSwP367QaMwFxRrOoDvixIjzbpiiKB3cv+IXqGyfsRJw47XLwGK4FtSsXjst
+m2M8W5iXBQ94XoLj9OKb4ZJWKI930S/PF7uuxICtWttYSoylfyMkiR45+1SLj2eF
+X4EnXK3Q0H42v8LCDFqj9iNQ2WMLwA7kFPB+oOZxkFi2G0F3VuW+JZeBPQCpYdRO
+0kQQ/gIZE6KEdscKHi9y6OfGSeRlDBMADky9NiZy7I3AcspLcmMQh/191/DnooNe
+OwQ6w1HweApjB46bGyILpGUi9MZhvCnoLWg+cN3/wQ==
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index b8c902e2..e7dcb61f 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1574,6 +1574,12 @@ X509 File parse (trailing spaces, OK)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
+X509 File parse (unsupported critical ext Name Constraints, fail)
+x509parse_crt_file:"data_files/test-ca-nc.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 File parse (allowed unsupported critical ext Name Constraints, ok)
+x509parse_crt_file_allow_exts:"data_files/test-ca-nc.crt":MBEDTLS_X509_EXT_NAME_CONSTRAINTS:0
+
X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 0dfdd61c..2be1defd 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -395,6 +395,21 @@ exit:
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
+void x509parse_crt_file_allow_exts( char *crt_file, int exts, int result )
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init( &crt );
+ crt.allowed_unsupported_critical_exts = exts;
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
+
+exit:
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result )
{
--
2.14.3 (Apple Git-98)
deps/minicrypto/aes-armv4.pl.patch
Vendored
+32
View File
@@ -0,0 +1,32 @@
--- aes-armv4.pl.orig 2012-09-03 00:16:20.000000000 -0600
+++ aes-armv4.pl 2012-09-03 00:17:22.000000000 -0600
@@ -171,7 +170,8 @@
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
- sub $tbl,r3,#AES_encrypt-AES_Te @ Te
+ad1=AES_encrypt-AES_Te
+ sub $tbl,r3,#ad1 @ Te
#if __ARM_ARCH__<7
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
ldrb $t1,[$rounds,#2] @ manner...
@@ -426,7 +426,8 @@
bne .Labrt
.Lok: stmdb sp!,{r4-r12,lr}
- sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
+ad2=_armv4_AES_set_encrypt_key-AES_Te-1024
+ sub $tbl,r3,#ad2 @ Te4
mov $rounds,r0 @ inp
mov lr,r1 @ bits
@@ -887,7 +888,8 @@
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
mov $key,r2
- sub $tbl,r3,#AES_decrypt-AES_Td @ Td
+ad3=AES_decrypt-AES_Td
+ sub $tbl,r3,#ad3 @ Td
#if __ARM_ARCH__<7
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
ldrb $t1,[$rounds,#2] @ manner...
deps/minicrypto/arm-as-to-ios
Vendored Executable
+759
View File
@@ -0,0 +1,759 @@
#!/usr/bin/env python
#
# arm-as-to-ios Modify ARM assembly code for the iOS assembler
#
# Copyright (c) 2012 Psellos http://psellos.com/
# Licensed under the MIT License:
# http://www.opensource.org/licenses/mit-license.php
#
# Resources for running OCaml on iOS: http://psellos.com/ocaml/
#
import sys
import re
VERSION = '1.4.0'
initial_glosyms = []
initial_defsyms = []
# Character classes for expression lexing.
#
g_ccid0 = '[$.A-Z_a-z\x80-\xff]' # Beginning of id
g_ccid = '[$.0-9A-Z_a-z\x80-\xff]' # Later in id
def ccc(cc): # Complement the class
if cc[1] == '^':
return cc[0] + cc[2:]
return cc[0] + '^' + cc[1:]
def ccce(cc): # Complement the class, include EOL
return '(?:' + ccc(cc) + '|$)'
# Prefixes for pooled symbol labels and jump table base labels. They're
# in the space of Linux assembler local symbols. Later rules will
# modify them to the Loc() form.
#
g_poolpfx = '.LP'
g_basepfx = '.LB'
def exists(p, l):
for l1 in l:
if p(l1):
return True
return False
def forall(p, l):
for l1 in l:
if not p(l1):
return False
return True
def add_prefix(instrs):
# Add compatibility macros for all systems, plus hardware
# definitions and compatibility macros for iOS.
#
# All systems:
#
# Glo() cpp macro for making global symbols (xxx vs _xxx)
# Loc() cpp macro for making local symbols (.Lxxx vs Lxxx)
# .funtype Expands to .thumb_func for iOS armv7 (null for armv6)
# Expands to .type %function for others
#
# iOS:
#
# .machine armv6/armv7
# .thumb (for armv7)
# cbz Expands to cmp/beq for armv6 (Thumb-only instr)
# .type Not supported by Apple assembler
# .size Not supported by Apple assembler
#
defre = '#[ \t]*if.*def.*SYS' # Add new defs near first existing ones
skipre = '$|\.syntax[ \t]' # Skip comment lines (and .syntax)
for i in range(len(instrs)):
if re.match(defre, instrs[i][1]):
break
else:
i = 0
for i in range(i, len(instrs)):
if not re.match(skipre, instrs[i][1]):
break
instrs[i:0] = [
('', '', '\n'),
('/* Apple compatibility macros */', '', '\n'),
('', '#if defined(SYS_macosx)', '\n'),
('', '#define Glo(s) _##s', '\n'),
('', '#define Loc(s) L##s', '\n'),
('', '#if defined(MODEL_armv6)', '\n'),
(' ', '.machine armv6', '\n'),
(' ', '.macro .funtype', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro cbz', '\n'),
(' ', 'cmp $0, #0', '\n'),
(' ', 'beq $1', '\n'),
(' ', '.endm', '\n'),
('', '#else', '\n'),
(' ', '.machine armv7', '\n'),
('', '#if !defined(NO_THUMB)', '\n'),
(' ', '.thumb', '\n'),
('', '#endif', '\n'),
(' ', '.macro .funtype', '\n'),
('', '#if !defined(NO_THUMB)', '\n'),
(' ', '.thumb_func $0', '\n'),
('', '#endif', '\n'),
(' ', '.endm', '\n'),
('', '#endif', '\n'),
(' ', '.macro .type', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro .size', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro .skip', '\n'),
(' ', '.space $0', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro .fpu', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro .global', '\n'),
(' ', '.globl $0', '\n'),
(' ', '.endm', '\n'),
('', '#else', '\n'),
('', '#define Glo(s) s', '\n'),
('', '#define Loc(s) .L##s', '\n'),
(' ', '.macro .funtype symbol', '\n'),
(' ', '.type \\symbol, %function', '\n'),
(' ', '.endm', '\n'),
('', '#endif', '\n'),
('/* End Apple compatibility macros */', '', '\n'),
('', '', '\n')
]
return instrs
# Regular expression for modified ldr lines
#
g_ldre = '(ldr[ \t][^,]*,[ \t]*)=(([^ \t\n@,/]|/(?!\*))*)(.*)'
def explicit_address_loads(instrs):
# Linux assemblers allow the following:
#
# ldr rM, =symbol
#
# which loads rM with [mov] (immediately) if possible, or creates an
# entry in memory for the symbol value and loads it PC-relatively
# with [ldr].
#
# The Apple assembler doesn't seem to support this notation. If the
# value is a suitable constant, it emits a valid [mov]. Otherwise
# it seems to emit an invalid [ldr] that always generates an error.
# (At least I have not been able to make it work). So, change uses
# of =symbol to explicit PC-relative loads.
#
# This requires a pool containing the addresses to be loaded. For
# now, we just keep track of it ourselves and emit it into the text
# segment at the end of the file.
#
syms = {}
result = []
def repl1((syms, result), (a, b, c)):
global g_poolpfx
global g_ldre
(b1, b2, b3) = parse_iparts(b)
mo = re.match(g_ldre, b3, re.DOTALL)
if mo:
if mo.group(2) not in syms:
syms[mo.group(2)] = len(syms)
psym = mo.group(2)
if psym[0:2] == '.L':
psym = psym[2:]
newb3 = mo.group(1) + g_poolpfx + psym + mo.group(4)
result.append((a, b1 + b2 + newb3, c))
else:
result.append((a, b, c))
return (syms, result)
def pool1(result, s):
global g_poolpfx
psym = s
if psym[0:2] == '.L':
psym = psym[2:]
result.append(('', g_poolpfx + psym + ':', '\n'))
result.append((' ', '.long ' + s, '\n'))
return result
reduce(repl1, instrs, (syms, result))
if len(syms) > 0:
result.append(('', '', '\n'))
result.append(('/* Pool of addresses loaded into registers */',
'', '\n'))
result.append(('', '', '\n'))
result.append((' ', '.text', '\n'))
result.append((' ', '.align 2', '\n'))
reduce(pool1, sorted(syms, key=syms.get), result)
return result
def global_symbols(instrs):
# The form of a global symbol differs between Linux assemblers and
# the Apple assember:
#
# Linux: xxx
# Apple: _xxx
#
# Change occurrences of global symbols to use the Glo() cpp macro
# defined in our prefix.
#
# We consider a symbol to be global if:
#
# a. It appears in a .globl declaration; or
# b. It is referenced, has global form, and is not defined
#
glosyms = set(initial_glosyms)
refsyms = set()
defsyms = set(initial_defsyms)
result = []
def findglo1 (glosyms, (a, b, c)):
if re.match('#', b):
# Preprocessor line; nothing to do
return glosyms
(b1, b2, b3) = parse_iparts(b)
mo = re.match('(\.globa?l)' + ccce(g_ccid), b3)
if mo:
tokens = parse_expr(b3[len(mo.group(1)):])
if forall(lambda t: token_type(t) in ['space', 'id', ','], tokens):
for t in tokens:
if token_type(t) == 'id':
glosyms.add(t)
return glosyms
def findref1 ((refsyms, skipct), (a, b, c)):
def looksglobal(s):
if re.match('(r|a|v|p|c|cr|f|s|d|q|mvax|wcgr)[0-9]+$', s, re.I):
return False # numbered registers
if re.match('(wr|sb|sl|fp|ip|sp|lr|pc)$', s, re.I):
return False # named registers
if re.match('(fpsid|fpscr|fpexc|mvfr1|mvfr0)$', s, re.I):
return False # more named registers
if re.match('(mvf|mvd|mvfx|mvdx|dspsc)$', s, re.I):
return False # even more named registers
if re.match('(wcid|wcon|wcssf|wcasf|acc)$', s, re.I):
return False # even more named registers
if re.match('\.$|\.L|[0-9]|#', s):
return False # dot, local symbol, or number
if re.match('(asl|lsl|lsr|asr|ror|rrx)$', s, re.I):
return False # shift names
return True
if re.match('#', b):
# Preprocessor line; nothing to do
return (refsyms, skipct)
# Track nesting of .macro/.endm. For now, we don't look for
# global syms in macro defs. (Avoiding scoping probs etc.)
#
if skipct > 0 and re.match('\.(endm|endmacro)' + ccce(g_ccid), b):
return (refsyms, skipct - 1)
if re.match('\.macro' + ccce(g_ccid), b):
return (refsyms, skipct + 1)
if skipct > 0:
return (refsyms, skipct)
if re.match('\.(type|size|syntax|arch|fpu)' + ccce(g_ccid), b):
return (refsyms, skipct)
(b1, b2, b3) = parse_iparts(b)
rtokens = parse_rexpr(b3)
if len(rtokens) > 1 and rtokens[1] == '.req':
# .req has atypical syntax; no symbol refs there anyway
return (refsyms, skipct)
for t in rtokens[1:]:
if token_type(t) == 'id' and looksglobal(t):
refsyms.add(t)
return (refsyms, skipct)
def finddef1(defsyms, (a, b, c)):
if re.match('#', b):
# Preprocessor line
return defsyms
(b1, b2, b3) = parse_iparts(b)
rtokens = parse_rexpr(b3)
if b1 != '':
defsyms.add(b1)
if len(rtokens) > 1 and rtokens[1] == '.req':
defsyms.add(rtokens[0])
return defsyms
def repl1((glosyms, result), (a, b, c)):
if re.match('#', b):
# Preprocessor line
result.append((a, b, c))
return (glosyms, result)
toglo = lambda s: 'Glo(' + s + ')'
(b1, b2, b3) = parse_iparts(b)
tokens = parse_expr(b3)
if b1 in glosyms:
b1 = toglo(b1)
for i in range(len(tokens)):
if token_type(tokens[i]) == 'id' and tokens[i] in glosyms:
tokens[i] = toglo(tokens[i])
result.append((a, b1 + b2 + ''.join(tokens), c))
return (glosyms, result)
reduce(findglo1, instrs, glosyms)
reduce(findref1, instrs, (refsyms, 0))
reduce(finddef1, instrs, defsyms)
glosyms |= (refsyms - defsyms)
reduce(repl1, instrs, (glosyms, result))
return result
def local_symbols(instrs):
# The form of a local symbol differs between Linux assemblers and
# the Apple assember:
#
# Linux: .Lxxx
# Apple: Lxxx
#
# Change occurrences of local symbols to use the Loc() cpp macro
# defined in our prefix.
#
lsyms = set()
result = []
def find1 (lsyms, (a, b, c)):
mo = re.match('(\.L[^ \t:]*)[ \t]*:', b)
if mo:
lsyms.add(mo.group(1))
return lsyms
def repl1((lsyms, result), (a, b, c)):
matches = list(re.finditer('\.L[^ \t@:,+*/\-()]+', b))
if matches != []:
matches.reverse()
newb = b
for mo in matches:
if mo.group() in lsyms:
newb = newb[0:mo.start()] + \
'Loc(' + mo.group()[2:] + ')' + \
newb[mo.end():]
result.append((a, newb, c))
else:
result.append((a, b, c))
return (lsyms, result)
reduce(find1, instrs, lsyms)
reduce(repl1, instrs, (lsyms, result))
return result
def funtypes(instrs):
# Linux assemblers accept declarations like this:
#
# .type symbol, %function
#
# For Thumb functions, the Apple assembler wants to see:
#
# .thumb_func symbol
#
# Handle this by converting declarations to this:
#
# .funtype symbol
#
# Our prefix defines an appropriate .funtype macro for each
# environment.
#
result = []
def repl1(result, (a, b, c)):
mo = re.match('.type[ \t]+([^ \t,]*),[ \t]*%function', b)
if mo:
result.append((a, '.funtype ' + mo.group(1), c))
else:
result.append((a, b, c))
return result
reduce(repl1, instrs, result)
return result
def jump_tables(instrs):
# Jump tables for Linux assemblers often look like this:
#
# tbh [pc, rM, lsl #1]
# .short (.Labc-.)/2+0
# .short (.Ldef-.)/2+1
# .short (.Lghi-.)/2+2
#
# The Apple assembler disagrees about the meaning of this code,
# producing jump tables that don't work. Convert to the following:
#
# tbh [pc, rM, lsl #1]
# .LBxxx:
# .short (.Labc-.LBxxx)/2
# .short (.Ldef-.LBxxx)/2
# .short (.Lghi-.LBxxx)/2
#
# In fact we just convert sequences of .short pseudo-ops of the
# right form. There's no requirement that they follow a tbh
# instruction.
#
baselabs = []
result = []
def short_match(seq, op):
# Determine whether the op is a .short of the form that needs to
# be converted: .short (symbol-.)/2+k. If so, return a pair
# containing the symbol and the value of k. If not, return
# None. The short can only be converted if there were at least
# k other .shorts in sequence before the current one. A summary
# of the previous .shorts is in seq.
#
# (A real parser would do a better job, but this was quick to
# get working.)
#
sp = '([ \t]|/\*.*?\*/)*' # space
sp1 = '([ \t]|/\*.*?\*/)+' # at least 1 space
spe = '([ \t]|/\*.*?\*/|@[^\n]*)*$' # end-of-instr space
expr_re0 = (
'\.short' + sp + '\(' + sp + # .short (
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + spe # /2 END
)
expr_re1 = (
'\.short' + sp + '\(' + sp + # .short (
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + sp + # /2
'\+' + sp + # +
'((0[xX])?[0-9]+)' + spe # k END
)
expr_re2 = (
'\.short' + sp1 + # .short
'((0[xX])?[0-9]+)' + sp + # k
'\+' + sp + '\(' + sp + # +(
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + spe # /2 END
)
mo = re.match(expr_re0, op)
if mo:
return(mo.group(3), 0)
mo = re.match(expr_re1, op)
if mo:
k = int(mo.group(11), 0)
if k > len(seq):
return None
return (mo.group(3), k)
mo = re.match(expr_re2, op)
if mo:
k = int(mo.group(2), 0)
if k > len(seq):
return None
return (mo.group(7), k)
return None
def conv1 ((baselabs, shortseq, label, result), (a, b, c)):
# Convert current instr (a,b,c) if it's a .short of the right
# form that spans a previous sequence of .shorts.
#
(b1, b2, b3) = parse_iparts(b)
if b3 == '':
# No operation: just note label if present.
result.append((a, b, c))
if re.match('\.L.', b1):
return (baselabs, shortseq, b1, result)
return (baselabs, shortseq, label, result)
if not re.match('.short[ \t]+[^ \t@]', b3):
# Not a .short: clear shortseq and label
result.append((a, b, c))
return (baselabs, [], '', result)
# We have a .short: figure out the label if any
if re.match('\.L', b1):
sl = b1
else:
sl = label
mpair = short_match(shortseq, b3)
if not mpair:
# A .short, but not of right form
shortseq.append((len(result), sl))
result.append((a, b, c))
return (baselabs, shortseq, '', result)
# OK, we have a .short to convert!
(sym, k) = mpair
shortseq.append((len(result), sl))
# Figure out base label (create one if necessary).
bx = len(shortseq) - 1 - k
bl = shortseq[bx][1]
if bl == '':
bl = g_basepfx + str(shortseq[bx][0])
shortseq[bx] = (shortseq[bx][0], bl)
baselabs.append(shortseq[bx])
op = '.short\t(' + sym + '-' + bl + ')/2'
result.append ((a, b1 + b2 + op, c))
return (baselabs, shortseq, '', result)
# Convert, accumulate result and new labels.
reduce(conv1, instrs, (baselabs, [], '', result))
# Add labels created here to the instruction stream.
baselabs.reverse()
for (ix, lab) in baselabs:
result[ix:0] = [('', lab + ':', '\n')]
# That does it
return result
def dot_relative(instrs):
# The Apple assembler (or possibly the linker) has trouble with code
# that looks like this:
#
# .word .Label - . + 0x80000000
# .word 0x1966
# .Label:
# .word 0x1967
#
# One way to describe the problem is that the assembler marks the
# first .word for relocation when in fact it's an assembly-time
# constant. Translate to the following form, which doesn't generate
# a relocation marking:
#
# DR0 = .Label - . + 0x80000000
# .word DR0
# .word 0x1966
# .Label:
# .word 0x1967
#
prefix = 'DR'
pseudos = '(\.byte|\.short|\.word|\.long|\.quad)'
result = []
def tok_ok(t):
return t in ['.', '+', '-', '(', ')'] or \
token_type(t) in ['space', 'locid', 'number']
def dotrel_match(expr):
# Determine whether the expression is one that needs to be
# translated.
tokens = parse_expr(expr)
return forall(tok_ok, tokens) and \
exists(lambda t: token_type(t) == 'locid', tokens) and \
exists(lambda t: token_type(t) == 'number', tokens) and \
exists(lambda t: t == '-', tokens) and \
exists(lambda t: t == '.', tokens)
def conv1(result, (a, b, c)):
if re.match('#', b):
# Preprocessor line
result.append((a, b, c))
else:
(b1, b2, b3) = parse_iparts(b)
mo = re.match(pseudos + ccce(g_ccid), b3)
if mo:
p = mo.group(1)
expr = b3[len(p):]
if dotrel_match(expr):
sym = prefix + str(len(result))
instr = sym + ' =' + expr
result.append(('', instr, '\n'))
result.append((a, b1 + b2 + p + ' ' + sym, c))
else:
result.append((a, b, c))
else:
result.append((a, b, c))
return result
reduce(conv1, instrs, result)
return result
def read_input():
# Concatenate all the input files into a string.
#
def fnl(s):
if s == '' or s[-1] == '\n':
return s
else:
return s + '\n'
if len(sys.argv) < 2:
return fnl(sys.stdin.read())
else:
input = ""
for f in sys.argv[1:]:
# allow global symbols to be enabled or disabled, eg:
# --global=foo,!bar
# foo is forced to be global
# bar is forced to be non-global
if f.startswith('--global='):
glist = f[9:].split(',')
for g in glist:
if g.startswith('!'):
initial_defsyms.append(g[1:])
else:
initial_glosyms.append(g)
elif f.startswith('--stdin'):
input = input + fnl(sys.stdin.read())
else:
try:
fd = open(f)
input = input + fnl(fd.read())
fd.close()
except:
sys.stderr.write('arm-as-to-ios: cannot open ' + f + '\n')
return input
def parse_instrs(s):
# Parse the string into assembly instructions, also noting C
# preprocessor lines. Each instruction is represented as a triple:
# (space/comments, instruction, end). The end is either ';' or
# '\n'.
#
def goodmo(mo):
if mo == None:
# Should never happen
sys.stderr.write('arm-as-to-ios: internal parsing error\n')
sys.exit(1)
cpp_re = '([ \t]*)(#([^\n]*\\\\\n)*[^\n]*[^\\\\\n])\n'
comment_re = '[ \t]*#[^\n]*'
instr_re = (
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
'(([ \t]|/\*.*?\*/|[^;\n])*)' # "Instruction"
'([;\n])' # End
)
instrs = []
while s != '':
if re.match('[ \t]*#[ \t]*(if|ifdef|elif|else|endif|define)', s):
mo = re.match(cpp_re, s)
goodmo(mo)
instrs.append((mo.group(1), mo.group(2), '\n'))
elif re.match('[ \t]*#', s):
mo = re.match(comment_re, s)
goodmo(mo)
instrs.append((mo.group(0), '', '\n'))
else:
mo = re.match(instr_re, s, re.DOTALL)
goodmo(mo)
instrs.append((mo.group(1), mo.group(3), mo.group(5)))
s = s[len(mo.group(0)):]
return instrs
def parse_iparts(i):
# Parse an instruction into smaller parts, returning a triple of
# strings (label, colon, operation). The colon part also contains
# any surrounding spaces and comments (making the label and the
# operation cleaner to process).
#
# (Caller warrants that the given string doesn't start with space or
# a comment. This is true for strings returned by the instruction
# parser.)
#
lab_re = (
'([^ \t:/@]+)' # Label
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
':' # Colon
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
'([^\n]*)' # Operation
)
if len(i) > 0 and i[0] == '#':
# C preprocessor line; treat as operation.
return ('', '', i)
mo = re.match(lab_re, i)
if mo:
return (mo.group(1), mo.group(2) + ':' + mo.group(4), mo.group(6))
# No label, just an operation
return ('', '', i)
def parse_expr(s):
# Parse a string into a sequence of tokens. A segment of white
# space (including comments) is treated as a token, so that the
# tokens can be reassembled into the string again.
#
result = []
while s != '':
mo = re.match('([ \t]|/\*.*?\*/|@.*)+', s)
if not mo:
# Glo(...) and Loc(...) are single tokens
mo = re.match('(Glo|Loc)\([^()]*\)', s)
if not mo:
mo = re.match('"([^\\\\"]|\\\\.)*"', s)
if not mo:
mo = re.match(g_ccid0 + g_ccid + '*', s)
if not mo:
mo = re.match('[0-9]+[bf]', s)
if not mo:
mo = re.match('0[Xx][0-9a-fA-F]+|[0-9]+', s)
if not mo:
mo = re.match('.', s)
result.append(mo.group(0))
s = s[len(mo.group(0)):]
return result
def parse_rexpr(s):
# Like parse_expr(), but return only "real" tokens, not the
# intervening space.
#
return filter(lambda t: token_type(t) != 'space', parse_expr(s))
def token_type(t):
# Determine the type of a token. Caller warrants that it was
# returned by parse_expr() or parse_rexpr().
#
if re.match('[ \t]|/\*|@', t):
return 'space'
if re.match('Glo\(', t):
return 'gloid'
if re.match('Loc\(', t):
return 'locid'
if re.match('"', t):
return 'string'
if re.match(g_ccid0, t):
return 'id'
if re.match('[0-9]+[bf]', t):
return 'label'
if re.match('[0-9]', t):
return 'number'
return t # Sui generis
def debug_parse(a, b, c):
# Show results of instuction stream parse.
#
(b1, b2, b3) = parse_iparts(b)
newb = '{' + b1 + '}' + '{' + b2 + '}' + '{' + b3 + '}'
sys.stdout.write('{' + a + '}' + newb + c)
def main():
instrs = parse_instrs(read_input())
instrs = explicit_address_loads(instrs)
instrs = funtypes(instrs)
instrs = jump_tables(instrs)
instrs = global_symbols(instrs)
instrs = local_symbols(instrs)
instrs = dot_relative(instrs)
instrs = add_prefix(instrs)
for (a, b, c) in instrs:
sys.stdout.write(a + b + c)
main()
deps/minicrypto/arm-as-to-ios.orig
Vendored Executable
+730
View File
@@ -0,0 +1,730 @@
#!/usr/bin/env python
#
# arm-as-to-ios Modify ARM assembly code for the iOS assembler
#
# Copyright (c) 2012 Psellos http://psellos.com/
# Licensed under the MIT License:
# http://www.opensource.org/licenses/mit-license.php
#
# Resources for running OCaml on iOS: http://psellos.com/ocaml/
#
import sys
import re
VERSION = '1.4.0'
# Character classes for expression lexing.
#
g_ccid0 = '[$.A-Z_a-z\x80-\xff]' # Beginning of id
g_ccid = '[$.0-9A-Z_a-z\x80-\xff]' # Later in id
def ccc(cc): # Complement the class
if cc[1] == '^':
return cc[0] + cc[2:]
return cc[0] + '^' + cc[1:]
def ccce(cc): # Complement the class, include EOL
return '(?:' + ccc(cc) + '|$)'
# Prefixes for pooled symbol labels and jump table base labels. They're
# in the space of Linux assembler local symbols. Later rules will
# modify them to the Loc() form.
#
g_poolpfx = '.LP'
g_basepfx = '.LB'
def exists(p, l):
for l1 in l:
if p(l1):
return True
return False
def forall(p, l):
for l1 in l:
if not p(l1):
return False
return True
def add_prefix(instrs):
# Add compatibility macros for all systems, plus hardware
# definitions and compatibility macros for iOS.
#
# All systems:
#
# Glo() cpp macro for making global symbols (xxx vs _xxx)
# Loc() cpp macro for making local symbols (.Lxxx vs Lxxx)
# .funtype Expands to .thumb_func for iOS armv7 (null for armv6)
# Expands to .type %function for others
#
# iOS:
#
# .machine armv6/armv7
# .thumb (for armv7)
# cbz Expands to cmp/beq for armv6 (Thumb-only instr)
# .type Not supported by Apple assembler
# .size Not supported by Apple assembler
#
defre = '#[ \t]*if.*def.*SYS' # Add new defs near first existing ones
skipre = '$|\.syntax[ \t]' # Skip comment lines (and .syntax)
for i in range(len(instrs)):
if re.match(defre, instrs[i][1]):
break
else:
i = 0
for i in range(i, len(instrs)):
if not re.match(skipre, instrs[i][1]):
break
instrs[i:0] = [
('', '', '\n'),
('/* Apple compatibility macros */', '', '\n'),
('', '#if defined(SYS_macosx)', '\n'),
('', '#define Glo(s) _##s', '\n'),
('', '#define Loc(s) L##s', '\n'),
('', '#if defined(MODEL_armv6)', '\n'),
(' ', '.machine armv6', '\n'),
(' ', '.macro .funtype', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro cbz', '\n'),
(' ', 'cmp $0, #0', '\n'),
(' ', 'beq $1', '\n'),
(' ', '.endm', '\n'),
('', '#else', '\n'),
(' ', '.machine armv7', '\n'),
(' ', '.thumb', '\n'),
(' ', '.macro .funtype', '\n'),
(' ', '.thumb_func $0', '\n'),
(' ', '.endm', '\n'),
('', '#endif', '\n'),
(' ', '.macro .type', '\n'),
(' ', '.endm', '\n'),
(' ', '.macro .size', '\n'),
(' ', '.endm', '\n'),
('', '#else', '\n'),
('', '#define Glo(s) s', '\n'),
('', '#define Loc(s) .L##s', '\n'),
(' ', '.macro .funtype symbol', '\n'),
(' ', '.type \\symbol, %function', '\n'),
(' ', '.endm', '\n'),
('', '#endif', '\n'),
('/* End Apple compatibility macros */', '', '\n'),
('', '', '\n')
]
return instrs
# Regular expression for modified ldr lines
#
g_ldre = '(ldr[ \t][^,]*,[ \t]*)=(([^ \t\n@,/]|/(?!\*))*)(.*)'
def explicit_address_loads(instrs):
# Linux assemblers allow the following:
#
# ldr rM, =symbol
#
# which loads rM with [mov] (immediately) if possible, or creates an
# entry in memory for the symbol value and loads it PC-relatively
# with [ldr].
#
# The Apple assembler doesn't seem to support this notation. If the
# value is a suitable constant, it emits a valid [mov]. Otherwise
# it seems to emit an invalid [ldr] that always generates an error.
# (At least I have not been able to make it work). So, change uses
# of =symbol to explicit PC-relative loads.
#
# This requires a pool containing the addresses to be loaded. For
# now, we just keep track of it ourselves and emit it into the text
# segment at the end of the file.
#
syms = {}
result = []
def repl1((syms, result), (a, b, c)):
global g_poolpfx
global g_ldre
(b1, b2, b3) = parse_iparts(b)
mo = re.match(g_ldre, b3, re.DOTALL)
if mo:
if mo.group(2) not in syms:
syms[mo.group(2)] = len(syms)
psym = mo.group(2)
if psym[0:2] == '.L':
psym = psym[2:]
newb3 = mo.group(1) + g_poolpfx + psym + mo.group(4)
result.append((a, b1 + b2 + newb3, c))
else:
result.append((a, b, c))
return (syms, result)
def pool1(result, s):
global g_poolpfx
psym = s
if psym[0:2] == '.L':
psym = psym[2:]
result.append(('', g_poolpfx + psym + ':', '\n'))
result.append((' ', '.long ' + s, '\n'))
return result
reduce(repl1, instrs, (syms, result))
if len(syms) > 0:
result.append(('', '', '\n'))
result.append(('/* Pool of addresses loaded into registers */',
'', '\n'))
result.append(('', '', '\n'))
result.append((' ', '.text', '\n'))
result.append((' ', '.align 2', '\n'))
reduce(pool1, sorted(syms, key=syms.get), result)
return result
def global_symbols(instrs):
# The form of a global symbol differs between Linux assemblers and
# the Apple assember:
#
# Linux: xxx
# Apple: _xxx
#
# Change occurrences of global symbols to use the Glo() cpp macro
# defined in our prefix.
#
# We consider a symbol to be global if:
#
# a. It appears in a .globl declaration; or
# b. It is referenced, has global form, and is not defined
#
glosyms = set()
refsyms = set()
defsyms = set()
result = []
def findglo1 (glosyms, (a, b, c)):
if re.match('#', b):
# Preprocessor line; nothing to do
return glosyms
(b1, b2, b3) = parse_iparts(b)
mo = re.match('(\.globl)' + ccce(g_ccid), b3)
if mo:
tokens = parse_expr(b3[len(mo.group(1)):])
if forall(lambda t: token_type(t) in ['space', 'id', ','], tokens):
for t in tokens:
if token_type(t) == 'id':
glosyms.add(t)
return glosyms
def findref1 ((refsyms, skipct), (a, b, c)):
def looksglobal(s):
if re.match('(r|a|v|p|c|cr|f|s|d|q|mvax|wcgr)[0-9]+$', s, re.I):
return False # numbered registers
if re.match('(wr|sb|sl|fp|ip|sp|lr|pc)$', s, re.I):
return False # named registers
if re.match('(fpsid|fpscr|fpexc|mvfr1|mvfr0)$', s, re.I):
return False # more named registers
if re.match('(mvf|mvd|mvfx|mvdx|dspsc)$', s, re.I):
return False # even more named registers
if re.match('(wcid|wcon|wcssf|wcasf|acc)$', s, re.I):
return False # even more named registers
if re.match('\.$|\.L|[0-9]|#', s):
return False # dot, local symbol, or number
if re.match('(asl|lsl|lsr|asr|ror|rrx)$', s, re.I):
return False # shift names
return True
if re.match('#', b):
# Preprocessor line; nothing to do
return (refsyms, skipct)
# Track nesting of .macro/.endm. For now, we don't look for
# global syms in macro defs. (Avoiding scoping probs etc.)
#
if skipct > 0 and re.match('\.(endm|endmacro)' + ccce(g_ccid), b):
return (refsyms, skipct - 1)
if re.match('\.macro' + ccce(g_ccid), b):
return (refsyms, skipct + 1)
if skipct > 0:
return (refsyms, skipct)
if re.match('\.(type|size|syntax|arch|fpu)' + ccce(g_ccid), b):
return (refsyms, skipct)
(b1, b2, b3) = parse_iparts(b)
rtokens = parse_rexpr(b3)
if len(rtokens) > 1 and rtokens[1] == '.req':
# .req has atypical syntax; no symbol refs there anyway
return (refsyms, skipct)
for t in rtokens[1:]:
if token_type(t) == 'id' and looksglobal(t):
refsyms.add(t)
return (refsyms, skipct)
def finddef1(defsyms, (a, b, c)):
if re.match('#', b):
# Preprocessor line
return defsyms
(b1, b2, b3) = parse_iparts(b)
rtokens = parse_rexpr(b3)
if b1 != '':
defsyms.add(b1)
if len(rtokens) > 1 and rtokens[1] == '.req':
defsyms.add(rtokens[0])
return defsyms
def repl1((glosyms, result), (a, b, c)):
if re.match('#', b):
# Preprocessor line
result.append((a, b, c))
return (glosyms, result)
toglo = lambda s: 'Glo(' + s + ')'
(b1, b2, b3) = parse_iparts(b)
tokens = parse_expr(b3)
if b1 in glosyms:
b1 = toglo(b1)
for i in range(len(tokens)):
if token_type(tokens[i]) == 'id' and tokens[i] in glosyms:
tokens[i] = toglo(tokens[i])
result.append((a, b1 + b2 + ''.join(tokens), c))
return (glosyms, result)
reduce(findglo1, instrs, glosyms)
reduce(findref1, instrs, (refsyms, 0))
reduce(finddef1, instrs, defsyms)
glosyms |= (refsyms - defsyms)
reduce(repl1, instrs, (glosyms, result))
return result
def local_symbols(instrs):
# The form of a local symbol differs between Linux assemblers and
# the Apple assember:
#
# Linux: .Lxxx
# Apple: Lxxx
#
# Change occurrences of local symbols to use the Loc() cpp macro
# defined in our prefix.
#
lsyms = set()
result = []
def find1 (lsyms, (a, b, c)):
mo = re.match('(\.L[^ \t:]*)[ \t]*:', b)
if mo:
lsyms.add(mo.group(1))
return lsyms
def repl1((lsyms, result), (a, b, c)):
matches = list(re.finditer('\.L[^ \t@:,+*/\-()]+', b))
if matches != []:
matches.reverse()
newb = b
for mo in matches:
if mo.group() in lsyms:
newb = newb[0:mo.start()] + \
'Loc(' + mo.group()[2:] + ')' + \
newb[mo.end():]
result.append((a, newb, c))
else:
result.append((a, b, c))
return (lsyms, result)
reduce(find1, instrs, lsyms)
reduce(repl1, instrs, (lsyms, result))
return result
def funtypes(instrs):
# Linux assemblers accept declarations like this:
#
# .type symbol, %function
#
# For Thumb functions, the Apple assembler wants to see:
#
# .thumb_func symbol
#
# Handle this by converting declarations to this:
#
# .funtype symbol
#
# Our prefix defines an appropriate .funtype macro for each
# environment.
#
result = []
def repl1(result, (a, b, c)):
mo = re.match('.type[ \t]+([^ \t,]*),[ \t]*%function', b)
if mo:
result.append((a, '.funtype ' + mo.group(1), c))
else:
result.append((a, b, c))
return result
reduce(repl1, instrs, result)
return result
def jump_tables(instrs):
# Jump tables for Linux assemblers often look like this:
#
# tbh [pc, rM, lsl #1]
# .short (.Labc-.)/2+0
# .short (.Ldef-.)/2+1
# .short (.Lghi-.)/2+2
#
# The Apple assembler disagrees about the meaning of this code,
# producing jump tables that don't work. Convert to the following:
#
# tbh [pc, rM, lsl #1]
# .LBxxx:
# .short (.Labc-.LBxxx)/2
# .short (.Ldef-.LBxxx)/2
# .short (.Lghi-.LBxxx)/2
#
# In fact we just convert sequences of .short pseudo-ops of the
# right form. There's no requirement that they follow a tbh
# instruction.
#
baselabs = []
result = []
def short_match(seq, op):
# Determine whether the op is a .short of the form that needs to
# be converted: .short (symbol-.)/2+k. If so, return a pair
# containing the symbol and the value of k. If not, return
# None. The short can only be converted if there were at least
# k other .shorts in sequence before the current one. A summary
# of the previous .shorts is in seq.
#
# (A real parser would do a better job, but this was quick to
# get working.)
#
sp = '([ \t]|/\*.*?\*/)*' # space
sp1 = '([ \t]|/\*.*?\*/)+' # at least 1 space
spe = '([ \t]|/\*.*?\*/|@[^\n]*)*$' # end-of-instr space
expr_re0 = (
'\.short' + sp + '\(' + sp + # .short (
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + spe # /2 END
)
expr_re1 = (
'\.short' + sp + '\(' + sp + # .short (
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + sp + # /2
'\+' + sp + # +
'((0[xX])?[0-9]+)' + spe # k END
)
expr_re2 = (
'\.short' + sp1 + # .short
'((0[xX])?[0-9]+)' + sp + # k
'\+' + sp + '\(' + sp + # +(
'([^ \t+\-*/@()]+)' + sp + # symbol
'-' + sp + '\.' + sp + '\)' + sp + # -.)
'/' + sp + '2' + spe # /2 END
)
mo = re.match(expr_re0, op)
if mo:
return(mo.group(3), 0)
mo = re.match(expr_re1, op)
if mo:
k = int(mo.group(11), 0)
if k > len(seq):
return None
return (mo.group(3), k)
mo = re.match(expr_re2, op)
if mo:
k = int(mo.group(2), 0)
if k > len(seq):
return None
return (mo.group(7), k)
return None
def conv1 ((baselabs, shortseq, label, result), (a, b, c)):
# Convert current instr (a,b,c) if it's a .short of the right
# form that spans a previous sequence of .shorts.
#
(b1, b2, b3) = parse_iparts(b)
if b3 == '':
# No operation: just note label if present.
result.append((a, b, c))
if re.match('\.L.', b1):
return (baselabs, shortseq, b1, result)
return (baselabs, shortseq, label, result)
if not re.match('.short[ \t]+[^ \t@]', b3):
# Not a .short: clear shortseq and label
result.append((a, b, c))
return (baselabs, [], '', result)
# We have a .short: figure out the label if any
if re.match('\.L', b1):
sl = b1
else:
sl = label
mpair = short_match(shortseq, b3)
if not mpair:
# A .short, but not of right form
shortseq.append((len(result), sl))
result.append((a, b, c))
return (baselabs, shortseq, '', result)
# OK, we have a .short to convert!
(sym, k) = mpair
shortseq.append((len(result), sl))
# Figure out base label (create one if necessary).
bx = len(shortseq) - 1 - k
bl = shortseq[bx][1]
if bl == '':
bl = g_basepfx + str(shortseq[bx][0])
shortseq[bx] = (shortseq[bx][0], bl)
baselabs.append(shortseq[bx])
op = '.short\t(' + sym + '-' + bl + ')/2'
result.append ((a, b1 + b2 + op, c))
return (baselabs, shortseq, '', result)
# Convert, accumulate result and new labels.
reduce(conv1, instrs, (baselabs, [], '', result))
# Add labels created here to the instruction stream.
baselabs.reverse()
for (ix, lab) in baselabs:
result[ix:0] = [('', lab + ':', '\n')]
# That does it
return result
def dot_relative(instrs):
# The Apple assembler (or possibly the linker) has trouble with code
# that looks like this:
#
# .word .Label - . + 0x80000000
# .word 0x1966
# .Label:
# .word 0x1967
#
# One way to describe the problem is that the assembler marks the
# first .word for relocation when in fact it's an assembly-time
# constant. Translate to the following form, which doesn't generate
# a relocation marking:
#
# DR0 = .Label - . + 0x80000000
# .word DR0
# .word 0x1966
# .Label:
# .word 0x1967
#
prefix = 'DR'
pseudos = '(\.byte|\.short|\.word|\.long|\.quad)'
result = []
def tok_ok(t):
return t in ['.', '+', '-', '(', ')'] or \
token_type(t) in ['space', 'locid', 'number']
def dotrel_match(expr):
# Determine whether the expression is one that needs to be
# translated.
tokens = parse_expr(expr)
return forall(tok_ok, tokens) and \
exists(lambda t: token_type(t) == 'locid', tokens) and \
exists(lambda t: token_type(t) == 'number', tokens) and \
exists(lambda t: t == '-', tokens) and \
exists(lambda t: t == '.', tokens)
def conv1(result, (a, b, c)):
if re.match('#', b):
# Preprocessor line
result.append((a, b, c))
else:
(b1, b2, b3) = parse_iparts(b)
mo = re.match(pseudos + ccce(g_ccid), b3)
if mo:
p = mo.group(1)
expr = b3[len(p):]
if dotrel_match(expr):
sym = prefix + str(len(result))
instr = sym + ' =' + expr
result.append(('', instr, '\n'))
result.append((a, b1 + b2 + p + ' ' + sym, c))
else:
result.append((a, b, c))
else:
result.append((a, b, c))
return result
reduce(conv1, instrs, result)
return result
def read_input():
# Concatenate all the input files into a string.
#
def fnl(s):
if s == '' or s[-1] == '\n':
return s
else:
return s + '\n'
if len(sys.argv) < 2:
return fnl(sys.stdin.read())
else:
input = ""
for f in sys.argv[1:]:
try:
fd = open(f)
input = input + fnl(fd.read())
fd.close()
except:
sys.stderr.write('arm-as-to-ios: cannot open ' + f + '\n')
return input
def parse_instrs(s):
# Parse the string into assembly instructions, also noting C
# preprocessor lines. Each instruction is represented as a triple:
# (space/comments, instruction, end). The end is either ';' or
# '\n'.
#
def goodmo(mo):
if mo == None:
# Should never happen
sys.stderr.write('arm-as-to-ios: internal parsing error\n')
sys.exit(1)
cpp_re = '([ \t]*)(#([^\n]*\\\\\n)*[^\n]*[^\\\\\n])\n'
comment_re = '[ \t]*#[^\n]*'
instr_re = (
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
'(([ \t]|/\*.*?\*/|[^;\n])*)' # "Instruction"
'([;\n])' # End
)
instrs = []
while s != '':
if re.match('[ \t]*#[ \t]*(if|ifdef|elif|else|endif|define)', s):
mo = re.match(cpp_re, s)
goodmo(mo)
instrs.append((mo.group(1), mo.group(2), '\n'))
elif re.match('[ \t]*#', s):
mo = re.match(comment_re, s)
goodmo(mo)
instrs.append((mo.group(0), '', '\n'))
else:
mo = re.match(instr_re, s, re.DOTALL)
goodmo(mo)
instrs.append((mo.group(1), mo.group(3), mo.group(5)))
s = s[len(mo.group(0)):]
return instrs
def parse_iparts(i):
# Parse an instruction into smaller parts, returning a triple of
# strings (label, colon, operation). The colon part also contains
# any surrounding spaces and comments (making the label and the
# operation cleaner to process).
#
# (Caller warrants that the given string doesn't start with space or
# a comment. This is true for strings returned by the instruction
# parser.)
#
lab_re = (
'([^ \t:/@]+)' # Label
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
':' # Colon
'(([ \t]|/\*.*?\*/|@[^\n]*)*)' # Spaces & comments
'([^\n]*)' # Operation
)
if len(i) > 0 and i[0] == '#':
# C preprocessor line; treat as operation.
return ('', '', i)
mo = re.match(lab_re, i)
if mo:
return (mo.group(1), mo.group(2) + ':' + mo.group(4), mo.group(6))
# No label, just an operation
return ('', '', i)
def parse_expr(s):
# Parse a string into a sequence of tokens. A segment of white
# space (including comments) is treated as a token, so that the
# tokens can be reassembled into the string again.
#
result = []
while s != '':
mo = re.match('([ \t]|/\*.*?\*/|@.*)+', s)
if not mo:
# Glo(...) and Loc(...) are single tokens
mo = re.match('(Glo|Loc)\([^()]*\)', s)
if not mo:
mo = re.match('"([^\\\\"]|\\\\.)*"', s)
if not mo:
mo = re.match(g_ccid0 + g_ccid + '*', s)
if not mo:
mo = re.match('[0-9]+[bf]', s)
if not mo:
mo = re.match('0[Xx][0-9a-fA-F]+|[0-9]+', s)
if not mo:
mo = re.match('.', s)
result.append(mo.group(0))
s = s[len(mo.group(0)):]
return result
def parse_rexpr(s):
# Like parse_expr(), but return only "real" tokens, not the
# intervening space.
#
return filter(lambda t: token_type(t) != 'space', parse_expr(s))
def token_type(t):
# Determine the type of a token. Caller warrants that it was
# returned by parse_expr() or parse_rexpr().
#
if re.match('[ \t]|/\*|@', t):
return 'space'
if re.match('Glo\(', t):
return 'gloid'
if re.match('Loc\(', t):
return 'locid'
if re.match('"', t):
return 'string'
if re.match(g_ccid0, t):
return 'id'
if re.match('[0-9]+[bf]', t):
return 'label'
if re.match('[0-9]', t):
return 'number'
return t # Sui generis
def debug_parse(a, b, c):
# Show results of instuction stream parse.
#
(b1, b2, b3) = parse_iparts(b)
newb = '{' + b1 + '}' + '{' + b2 + '}' + '{' + b3 + '}'
sys.stdout.write('{' + a + '}' + newb + c)
def main():
instrs = parse_instrs(read_input())
instrs = explicit_address_loads(instrs)
instrs = funtypes(instrs)
instrs = jump_tables(instrs)
instrs = global_symbols(instrs)
instrs = local_symbols(instrs)
instrs = dot_relative(instrs)
instrs = add_prefix(instrs)
for (a, b, c) in instrs:
sys.stdout.write(a + b + c)
main()
deps/minicrypto/build-minicrypto
Vendored Executable
+137
View File
@@ -0,0 +1,137 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
[ -z "$DL" ] && DL=~/Downloads
. $O3/core/vars/vars-$TARGET
. $O3/core/deps/lib-versions
# Build ASM files with clang 3.0
if [ "$APPLE_FAMILY" = "1" ]; then
GCC_AS_CMD=$HOME/clang3/clang
if ! [ -f "$GCC_AS_CMD" ]; then
echo "clang 3.0 binary must be present in $GCC_AS_CMD to assemble ARM crypto algorithms"
exit 1
fi
fi
DEST=minicrypto/minicrypto-$PLATFORM
GLOBAL_COMPILE_FLAGS="$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -DSHA1_ASM -DBF_PTR -DOPENSSL_VERSION_PTEXT= -D__LP32__"
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
[ -z "$GCC_AS_CMD" ] && GCC_AS_CMD="$GCC_CMD"
[ -z "$AR_CMD" ] && AR_CMD=ar
# the directory where this script lives
H=$O3/core/deps/minicrypto
if [ "$NO_WIPE" != "1" ]; then
# unzip OpenSSL
rm -rf $OPENSSL_VERSION
tar xfz $DL/$OPENSSL_VERSION.tar.gz
fi
OPENSSL_DIR=$(pwd)/$OPENSSL_VERSION
# make build directory
mkdir -p minicrypto
rm -rf minicrypto/minicrypto-$PLATFORM
mkdir -p minicrypto/minicrypto-$PLATFORM/build.tmp
cd minicrypto/minicrypto-$PLATFORM/build.tmp
mkdir openssl
# copy files from OpenSSL tree
# ARM
cp $OPENSSL_DIR/crypto/arm_arch.h .
# SHA general
cp $OPENSSL_DIR/crypto/md32_common.h .
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
# AES
cp $OPENSSL_DIR/crypto/aes/asm/aes-armv4.pl .
# SHA1
cp $OPENSSL_DIR/crypto/sha/asm/sha1-armv4-large.pl .
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
# SHA2
cp $OPENSSL_DIR/crypto/sha/sha256.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha256-armv4.pl .
# SHA4
cp $OPENSSL_DIR/crypto/sha/sha512.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha512-armv4.pl .
# note that OPENSSL_cleanse is not used by any
# of the functions we are interested in
cat >openssl/crypto.h <<EOF
#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
#define fips_md_init_ctx(alg, cx) int alg##_Init(cx##_CTX *c)
#define OPENSSL_cleanse(ptr, len) memset((ptr), 0, (len))
EOF
# irrelevant headers
touch openssl/e_os2.h
touch openssl/opensslconf.h
touch openssl/opensslv.h
touch aes_locl.h
touch cryptlib.h
touch crypto.h
# patches
patch <$H/aes-armv4.pl.patch
patch <$H/sha512-armv4.pl.patch
perl -pi -e 's/private_//g' aes-armv4.pl
for f in aes-armv4.pl sha256-armv4.pl sha512-armv4.pl ; do # armv4cpuid.pre
perl -pi -e 's/^(\.code.*)$/\/* \1 *\//' $f
done
# build C files
for f in *.c ; do
COMPILE_FLAGS="-Wno-unused-value"
CMD="$GCC_CMD $GLOBAL_COMPILE_FLAGS $COMPILE_FLAGS -I. -c $f"
echo $CMD
$CMD
done
# build armv4cpuid.S
#$O3/core/deps/minicrypto/arm-as-to-ios <armv4cpuid.pre >armv4cpuid.S
#CMD="$GCC_AS_CMD $GLOBAL_COMPILE_FLAGS -DSYS_macosx -DNO_THUMB -c armv4cpuid.S"
#echo $CMD
#$CMD
# build the ASM files given as perl source
for f in *.pl ; do
bn=${f%%.pl}
S=$bn.S
COMPILE_FLAGS=""
CVT_FLAGS=""
if [ "$APPLE_FAMILY" = "1" ]; then
COMPILE_FLAGS="$COMPILE_FLAGS -DNO_THUMB"
[ "$bn" = "aes-armv4" ] && CVT_FLAGS="$CVT_FLAGS --global=!ad1,!ad2,!ad3"
[ "$bn" = "sha512-armv4" ] && CVT_FLAGS="$CVT_FLAGS --global=!HI,!LO"
perl $f | $O3/core/deps/minicrypto/arm-as-to-ios --stdin $CVT_FLAGS >$S
else
perl $f >$S
fi
CMD="$GCC_AS_CMD $GLOBAL_COMPILE_FLAGS $COMPILE_FLAGS -DSYS_macosx -c $S"
echo $CMD
$CMD
done
CMD="$AR_CMD crs ../libminicrypto.a *.o"
echo $CMD
$CMD
exit 0
deps/minicrypto/build-minicrypto-osx
Vendored Executable
+139
View File
@@ -0,0 +1,139 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
if [ -z "$ARCH" ]; then
echo "ARCH var must be defined (x86_64|i386)"
exit 1
fi
[ -z "$DL" ] && DL=~/Downloads
. $O3/core/vars-$TARGET
. $O3/core/deps/lib-versions
DEST=minicrypto/minicrypto-$PLATFORM
GLOBAL_COMPILE_FLAGS="$MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC"
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
[ -z "$GCC_AS_CMD" ] && GCC_AS_CMD="$GCC_CMD"
[ -z "$AR_CMD" ] && AR_CMD=ar
# the directory where this script lives
H=$O3/core/deps/minicrypto
if [ "$NO_WIPE" != "1" ]; then
# unzip OpenSSL
rm -rf $OPENSSL_VERSION
tar xfz $DL/$OPENSSL_VERSION.tar.gz
fi
OPENSSL_DIR=$(pwd)/$OPENSSL_VERSION
# make build directory
mkdir -p minicrypto
rm -rf minicrypto/minicrypto-$PLATFORM/$ARCH
mkdir -p minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
cd minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
mkdir openssl
# copy files from OpenSSL tree
# AES (not necessary now that PolarSSL has AES optimizations)
#cp $OPENSSL_DIR/crypto/aes/asm/aesni-x86_64.pl .
if [ "$ARCH" = "x86_64" ]; then
# General
cp $O3/core/deps/polarssl/intel_cpu.c .
cp $OPENSSL_DIR/crypto/perlasm/x86_64-xlate.pl .
cp $OPENSSL_DIR/crypto/x86_64cpuid.pl .
# SHA general
cp $OPENSSL_DIR/crypto/md32_common.h .
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
# SHA1
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha1-x86_64.pl .
# SHA256
cp $OPENSSL_DIR/crypto/sha/sha256.c .
# SHA512
cp $OPENSSL_DIR/crypto/sha/sha512.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha512-x86_64.pl .
# convert perl ASM to .s
for f in x86_64cpuid sha1-x86_64 ; do
perl $f.pl macosx >$f.s
done
perl sha512-x86_64.pl macosx sha512-x86_64.s
perl sha512-x86_64.pl macosx sha256-x86_64.s
elif [ "$ARCH" = "i386" ]; then
# General
cp $O3/core/deps/polarssl/intel_cpu.c .
cp $OPENSSL_DIR/crypto/perlasm/x86asm.pl .
cp $OPENSSL_DIR/crypto/perlasm/x86gas.pl .
cp $OPENSSL_DIR/crypto/x86cpuid.pl .
# SHA general
cp $OPENSSL_DIR/crypto/md32_common.h .
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
# SHA1
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha1-586.pl .
# SHA256
cp $OPENSSL_DIR/crypto/sha/sha256.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha256-586.pl .
# SHA512
cp $OPENSSL_DIR/crypto/sha/sha512.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha512-586.pl .
# convert perl ASM to .s
for f in x86cpuid sha1-586 sha256-586 sha512-586 ; do
perl $f.pl macosx >$f.s
done
fi
cat >openssl/crypto.h <<EOF
#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
#define fips_md_init_ctx(alg, cx) int alg##_Init(cx##_CTX *c)
void OPENSSL_cleanse(void *ptr, unsigned long len);
#define OPENSSL_VERSION_PTEXT " minicrypto"
EOF
# irrelevant headers
touch openssl/e_os2.h
touch openssl/opensslconf.h
touch openssl/opensslv.h
touch aes_locl.h
touch cryptlib.h
touch crypto.h
# build C/ASM files
for f in *.c *.s ; do
COMPILE_FLAGS="-arch $ARCH -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"
CMD="$GCC_CMD $GLOBAL_COMPILE_FLAGS $COMPILE_FLAGS -I. -c $f"
echo $CMD
$CMD
done
CMD="$AR_CMD crs ../libminicrypto.a *.o"
echo $CMD
$CMD
echo SYMBOLS
nm ../libminicrypto.a
exit 0
deps/minicrypto/sha512-armv4.pl.patch
Vendored
+32
View File
@@ -0,0 +1,32 @@
--- sha512-armv4.pl.orig 2012-09-03 13:21:35.000000000 -0600
+++ sha512-armv4.pl 2012-09-03 13:50:08.000000000 -0600
@@ -220,9 +220,6 @@
WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
.size K512,.-K512
-.LOPENSSL_armcap:
-.word OPENSSL_armcap_P-sha512_block_data_order
-.skip 32-4
.global sha512_block_data_order
.type sha512_block_data_order,%function
@@ -230,10 +227,7 @@
sub r3,pc,#8 @ sha512_block_data_order
add $len,$inp,$len,lsl#7 @ len to point at the end of inp
#if __ARM_ARCH__>=7
- ldr r12,.LOPENSSL_armcap
- ldr r12,[r3,r12] @ OPENSSL_armcap_P
- tst r12,#1
- bne .LNEON
+ b .LNEON @ JY -- assume ARM v7 always supports NEON
#endif
stmdb sp!,{r4-r12,lr}
sub $Ktbl,r3,#672 @ K512
@@ -573,7 +567,6 @@
.size sha512_block_data_order,.-sha512_block_data_order
.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
-.comm OPENSSL_armcap_P,4,4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
deps/openssl/build-openssl
Vendored Executable
+63
View File
@@ -0,0 +1,63 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
if [ -z "$OPENSSL_TARGET" ]; then
echo "OPENSSL_TARGET var must be defined"
exit 1
fi
# GNU sed differs from BSD sed
if sed --version 2>&1 | grep -q GNU ; then
mysed='sed -i'
else
mysed='sed -i ""'
fi
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
[ -z "$LINK_MODE" ] && LINK_MODE=static
[ "$LINK_MODE" = "static" ] && LINK_MODE=no-shared
[ -z "$DL" ] && DL=~/Downloads
. $O3/core/vars/vars-$TARGET
. $O3/core/deps/lib-versions
AR=ar
RANLIB=ranlib
[ "$AR_CMD" ] && AR=$AR_CMD
[ "$RANLIB_CMD" ] && RANLIB=$RANLIB_CMD
# special hack because OpenSSL build system doesn't use rc options for ar
[ "$AR" = "gcc-ar" ] && AR="gcc-ar rc"
[ "$AR" = "gcc-ar-5" ] && AR="gcc-ar-5 rc"
OPENSSL=$OPENSSL_VERSION
DIST=$(pwd)/openssl/openssl-$PLATFORM
[ "$ARCH" ] && DIST=$DIST/$ARCH
rm -rf $OPENSSL $DIST
mkdir -p $DIST
tar xfz $DL/$OPENSSL.tar.gz
pushd $OPENSSL
CMD="./Configure $OPENSSL_TARGET $LINK_MODE threads no-idea no-mdc2 no-rc5 --prefix=$DIST"
echo $CMD
$CMD
$mysed -e "s|-O3|$LIB_OPT_LEVEL $MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_FPIC|" Makefile
#$mysed -e "s|ERR_load_COMP_strings()|//ERR_load_COMP_strings()|" crypto/err/err_all.c
make depend
make CC="$GCC_CMD" AR="$AR" RANLIB="$RANLIB" -j ${MAKE_JOBS:-1} build_libs
touch apps/openssl
touch openssl.pc
touch libcrypto.pc
touch libssl.pc
make install_sw
popd
exit 0
deps/polarssl/.gitignore
+1
View File
@@ -0,0 +1 @@
polartmp
deps/polarssl/CMakeLists.txt
Vendored
+86
View File
@@ -0,0 +1,86 @@
cmake_minimum_required(VERSION 2.6)
project(POLARSSL C)
enable_testing()
if(CMAKE_COMPILER_IS_GNUCC)
# JY Added
set(CMAKE_OSX_ARCHITECTURES "")
set(CMAKE_OSX_DEPLOYMENT_TARGET "")
set(CMAKE_OSX_SYSROOT "")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{LIB_FPIC} $ENV{LIB_OPT_LEVEL} $ENV{PLATFORM_FLAGS} $ENV{OTHER_COMPILER_FLAGS} -Wall -W -Wdeclaration-after-statement")
if (NOT "$ENV{GCC_CMD}" STREQUAL "")
set(CMAKE_C_COMPILER "$ENV{GCC_CMD}")
endif()
if (NOT "$ENV{GPP_CMD}" STREQUAL "")
set(CMAKE_CXX_COMPILER "$ENV{GPP_CMD}")
endif()
if (NOT "$ENV{AR_CMD}" STREQUAL "")
set(CMAKE_AR "$ENV{AR_CMD}")
endif()
if (NOT "$ENV{RANLIB_CMD}" STREQUAL "")
set(CMAKE_RANLIB "$ENV{RANLIB_CMD}")
endif()
# JY Commented out
#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
#set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
#set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_SHARED_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")
endif(CMAKE_COMPILER_IS_GNUCC)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
# JY added
if(MINICRYPTO)
if(MINICRYPTO_DIR)
add_library(minicrypto STATIC IMPORTED)
set_property(TARGET minicrypto PROPERTY IMPORTED_LOCATION "${MINICRYPTO_DIR}/libminicrypto.a")
endif()
if(OSSLCRYPTO_DIR)
add_library(crypto STATIC IMPORTED)
set_property(TARGET crypto PROPERTY IMPORTED_LOCATION "${OSSLCRYPTO_DIR}/libcrypto.a")
endif()
endif()
# include full testing infrastructure (JY added)
if(ENABLE_TESTING)
enable_testing()
endif()
if(LIB_INSTALL_DIR)
else()
set(LIB_INSTALL_DIR lib)
endif()
include_directories(include/)
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
if(ZLIB_FOUND)
include_directories(ZLIB_INCLUDE_DIR)
endif(ZLIB_FOUND)
endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library)
add_subdirectory(include)
# include full testing infrastructure (JY modified)
if(ENABLE_TESTING)
if(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(programs)
endif()
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen doxygen/polarssl.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
deps/polarssl/README.txt
Vendored
+12
View File
@@ -0,0 +1,12 @@
Building PolarSSL for android.
First, build static OpenSSL for PolarSSL/OpenSSL bridge
(the build-openssl-small script may be used).
Next build libminicrypto.a from libcrypto.a :
$O3/polarssl/build-mini-openssl ref
Finally, build PolarSSL:
TARGET=android $O3/polarssl/build-polarssl
deps/polarssl/android.cmake
Vendored
+17
View File
@@ -0,0 +1,17 @@
# this one is important
SET(CMAKE_SYSTEM_NAME Linux)
#this one not so much
SET(CMAKE_SYSTEM_VERSION 1)
# specify the cross compiler (assumes that PATH already points to android toolchain)
SET(CMAKE_C_COMPILER gcc)
SET(CMAKE_CXX_COMPILER g++)
# where is the target environment
#SET(CMAKE_FIND_ROOT_PATH /opt/eldk-2007-01-19/ppc_74xx /home/alex/eldk-ppc74xx-inst)
# search for programs in the build host directories
SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
# for libraries and headers in the target directories
SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
deps/polarssl/apple.cmake
Vendored
+4
View File
@@ -0,0 +1,4 @@
# specify the cross compiler
SET(CMAKE_C_COMPILER clang)
SET(CMAKE_CXX_COMPILER clang++)
SET(CMAKE_COMPILER_IS_GNUCC 1)
deps/polarssl/bignum-arm.patch
Vendored
+32
View File
@@ -0,0 +1,32 @@
diff -uNr polarssl-1.2.7/include/polarssl/bn_mul.h polarssl-1.2.7.new/include/polarssl/bn_mul.h
--- polarssl-1.2.7/include/polarssl/bn_mul.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl-1.2.7.new/include/polarssl/bn_mul.h 2013-06-13 16:30:35.000000000 -0600
@@ -548,7 +548,7 @@
#if defined(__arm__)
-#if defined(__thumb__)
+#if defined(__thumb__) && !defined(__thumb2__)
#define MULADDC_INIT \
asm( \
diff -uNr polarssl-1.2.7/library/bignum.c polarssl-1.2.7.new/library/bignum.c
--- polarssl-1.2.7/library/bignum.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl-1.2.7.new/library/bignum.c 2013-06-13 16:30:35.000000000 -0600
@@ -935,7 +935,15 @@
/*
* Helper for mpi multiplication
*/
-static void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
+static
+#if defined(__APPLE__) && defined(__arm__)
+/*
+ * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
+ * appears to need this to prevent bad ARM code generation at -O3.
+ */
+__attribute__ ((noinline))
+#endif
+void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
{
t_uint c = 0, t = 0;
deps/polarssl/build-detail-patch
Vendored Executable
+24
View File
@@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -e
. $O3/core/deps/lib-versions
POLARSSL_SRC=$HOME/src/mac/$POLARSSL_VERSION
PD=$O3/core/deps/polarssl
PB=$(basename $POLARSSL_SRC)
rm -rf polartmp
mkdir polartmp
cd polartmp
cp -a $POLARSSL_SRC polarssl.new
# extract the PolarSSL source
tar xfz $DL/$PB-gpl.tgz
cd $PB
rm $(find . -type f | grep -E 'Makefile|\.orig$|\.rej$')
rm -f CMakeLists.txt include/polarssl/config.h include/polarssl/openvpn-polarssl.h
cd ../polarssl.new
rm -f CMakeLists.txt include/polarssl/config.h include/polarssl/openvpn-polarssl.h
cd ..
diff -ur $PB polarssl.new | grep -v '^Only in'
deps/polarssl/build-mini-openssl
Vendored Executable
+52
View File
@@ -0,0 +1,52 @@
#!/usr/bin/env bash
# Examples:
# $O3/core/deps/polarssl/build-mini-openssl ref
# $O3/core/deps/polarssl/build-mini-openssl ref-aesni
set -e
if [ -z "$1" ]; then
echo "usage: build-mini-openssl <ref|ref-aesni>"
exit 1
fi
if [ -z "$OPENSSL_DIR" ]; then
echo OPENSSL_DIR must be defined
exit 1
fi
if [ "$APPLE_FAMILY" = "1" ] && [ -z "$GCC_CMD" ]; then
GCC_CMD=clang
fi
if [ "$APPLE_FAMILY" = "1" ]; then
NM_FLAGS=-P
BSD_SYMBOLS="1"
VISIBILITY="-fvisibility=hidden"
else
NM_FLAGS="-f posix"
BSD_SYMBOLS="0"
VISIBILITY=""
fi
[ -z "$NM_CMD" ] && NM_CMD=nm
[ -z "$AR_CMD" ] && AR_CMD=ar
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
PD=$O3/core/deps/polarssl
cd $OPENSSL_DIR
cd lib
rm -rf tmp
mkdir tmp
$NM_CMD $NM_FLAGS libcrypto.a >tmp/nm-file
echo "NOTE: on BSD systems, don't worry about any 'no name list' errors above"
cd tmp
python $O3/common/scripts/sym.py $PD/$1 nm-file $AR_CMD ../libcrypto.a libminicrypto.a buildmini ../mini-undef.sh $BSD_SYMBOLS
. buildmini
# need any special initialization?
. ../mini-undef.sh
if [ "$SYM_UNDEF_OPENSSL_ia32cap_P" ] && [ "$SYM_UNDEF_OPENSSL_cpuid_setup" ]; then
echo BUILDING STUB intel_cpu.c
$GCC_CMD $VISIBILITY $LIB_OPT_LEVEL $LIB_FPIC -c $PD/intel_cpu.c
$AR_CMD rs libminicrypto.a intel_cpu.o
fi
mv libminicrypto.a ..
deps/polarssl/build-polarssl
Vendored Executable
+167
View File
@@ -0,0 +1,167 @@
#!/usr/bin/env bash
#
# Parameters:
# CMAKE_TARGET -- use $CMAKE_TARGET.cmake as toolchain file
# AES_NI=1 -- enable AES_NI processor optimization
# EXTERNAL_RNG=1 -- disable all internal RNG implementations (caller must provide)
# ENABLE_TESTING=1 -- run PolarSSL test scripts after build
# DEBUG_BUILD=1 or SELF_TEST=1 -- enable minimal testing on target
# ENABLE_SERVER=1 -- enable SSL/TLS server code
# ENABLE_FS_IO=1 -- enable PolarSSL file I/O
# VERBOSE=1 -- see build commands
# USE_MINICRYPTO=1 -- use minicrypto library
# NO_WIPE=1 -- don't wipe source tree and reunzip tarball
# STOCK_CONFIG=1 -- use stock PolarSSL config.h
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
# extract the PolarSSL source
PD=$O3/core/deps/polarssl
DIST=polarssl-$PLATFORM
rm -rf $DIST
mkdir $DIST
if [ "$NO_WIPE" = "1" ]; then
echo RETAIN existing source
cd $POLARSSL_VERSION
elif [ "$NO_WIPE" = "partial" ]; then
echo RETAIN existing source but copy config.h and CMakeLists.txt
cd $POLARSSL_VERSION
# define configs
if [ "$STOCK_CONFIG" != "1" ]; then
cp $PD/config.h include/polarssl/
fi
cp $PD/CMakeLists.txt .
else
echo WIPE and reunzip source
rm -rf $POLARSSL_VERSION $POLARSSL_VERSION-prerelease
[ -z "$DL" ] && DL=~/Downloads
tar xfz $DL/$POLARSSL_VERSION-gpl.tgz
[ -d $POLARSSL_VERSION-prerelease ] && mv $POLARSSL_VERSION-prerelease $POLARSSL_VERSION
cd $POLARSSL_VERSION
# delete makefiles (apparently not needed)
rm $(find . -type f | grep Makefile)
patch -p1 <$PD/relaxed-x509-date.patch
#patch -p1 <$PD/dhm.patch
#patch -p1 <$PD/entropy-printf.patch
if [ "$USE_MINICRYPTO" = "1" ]; then
# do the big polar-openssl patch
echo MERGING polarssl-minicrypto.patch
patch -p1 <$PD/polarssl-minicrypto.patch
fi
# define configs
cp include/polarssl/config.h include/polarssl/config.h.orig
cp CMakeLists.txt CMakeLists.txt.orig
cp $PD/config.h include/polarssl/
cp $PD/CMakeLists.txt .
fi
# dynamically generated header file with options,
# included by config.h
OPC=include/polarssl/openvpn-polarssl.h
echo '/* Automatically generated by ovpn3/core/deps/polarssl/build-polarssl, do not edit */' >$OPC
# set options
OPT=""
# relaxed cert checking
echo "#define POLARSSL_RELAXED_X509_DATE" >>$OPC
# RNG
if [ "$EXTERNAL_RNG" = "1" ]; then
echo "#define EXTERNAL_RNG" >>$OPC
fi
# enable full testing infrastructure
if [ "$ENABLE_TESTING" = "1" ]; then
OPT="$OPT -DENABLE_TESTING=1"
echo "#define ENABLE_TESTING" >>$OPC
fi
# enable minimal testing on target
if [ "$DEBUG_BUILD" = "1" ] || [ "$SELF_TEST" = "1" ]; then
echo "#define POLARSSL_SELF_TEST" >>$OPC
fi
# configure target
if [ "$CMAKE_TARGET" ]; then
OPT="$OPT -DCMAKE_TOOLCHAIN_FILE=$PD/$CMAKE_TARGET.cmake"
elif [ "$APPLE_FAMILY" = "1" ]; then
OPT="$OPT -DCMAKE_TOOLCHAIN_FILE=$PD/apple.cmake"
fi
# Minicrypto
if [ "$USE_MINICRYPTO" = "1" ]; then
OPT="$OPT -DMINICRYPTO=1"
if [ "$MINICRYPTO_DIR" ]; then
OPT="$OPT -DMINICRYPTO_DIR=$MINICRYPTO_DIR"
fi
if [ "$OSSLCRYPTO_DIR" ]; then
OPT="$OPT -DOSSLCRYPTO_DIR=$OSSLCRYPTO_DIR"
fi
if [ "$MINICRYPTO_NO_AES" != "1" ]; then
echo "#define POLARSSL_AES_ALT" >>$OPC
fi
echo "#define POLARSSL_SHA1_ALT" >>$OPC
echo "#define POLARSSL_SHA256_ALT" >>$OPC
echo "#define POLARSSL_SHA512_ALT" >>$OPC
if [ "$AES_NI" = "1" ] && [ "$MINICRYPTO_NO_AES" != "1" ]; then
echo "#define POLARSSL_USE_OPENSSL_AES_NI" >>$OPC
fi
fi
# Enable SSL/TLS server
if [ "$ENABLE_SERVER" = "1" ]; then
echo "#define POLARSSL_SSL_SRV_C" >>$OPC
fi
# enable PolarSSL file I/O
if [ "$ENABLE_FS_IO" = "1" ]; then
echo "#define POLARSSL_FS_IO" >>$OPC
fi
# Build shared library
if [ "$SHARED" = "1" ]; then
OPT="$OPT -DUSE_SHARED_POLARSSL_LIBRARY=1"
fi
# echo options
echo OPTIONS $OPT
# build it
pwd
cd ../$DIST
cmake $OPT ../$POLARSSL_VERSION
if [ "$VERBOSE" = "1" ]; then
make VERBOSE=1
else
make
fi
# test it
if [ "$ENABLE_TESTING" = "1" ]; then
make test
fi
# copy headers
cp -a ../$POLARSSL_VERSION/include/polarssl include/
exit 0
deps/polarssl/build-polarssl-patch
Vendored Executable
+30
View File
@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e
. $O3/core/deps/lib-versions
POLARSSL_SRC=$HOME/src/mac/$POLARSSL_VERSION
PD=$O3/core/deps/polarssl
PB=$(basename $POLARSSL_SRC)
rm -rf polartmp
mkdir polartmp
cd polartmp
cp -a $POLARSSL_SRC polarssl.new
# extract the PolarSSL source
tar xfz $DL/$PB-gpl.tgz
cd $PB
rm $(find . -type f | grep -E 'Makefile|\.orig$|\.rej$')
rm -f CMakeLists.txt include/polarssl/config.h include/polarssl/openvpn-polarssl.h
cd ../polarssl.new
rm -f CMakeLists.txt include/polarssl/config.h include/polarssl/openvpn-polarssl.h
cd ..
if [ "$CRYPTO_ALT_PATCH" = "1" ]; then
diff -uNr $PB polarssl.new >$PD/polar-openssl.patch
cp $PD/crypto-alt.txt $PD/polarssl-crypto-alt.patch
diff -ur $PB polarssl.new | grep -v '^Only in' >>$PD/polarssl-crypto-alt.patch
else
diff -ur $PB polarssl.new | grep -v '^Only in'
fi
deps/polarssl/config.h
Vendored
+2227
View File
File diff suppressed because it is too large Load Diff
deps/polarssl/config.h.orig
Vendored
+2180
View File
File diff suppressed because it is too large Load Diff
deps/polarssl/config12.h
Vendored
+959
View File
@@ -0,0 +1,959 @@
/**
* \file config.h
*
* \brief Configuration options (set of defines)
*
* Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* This set of compile-time options may be used to enable
* or disable features selectively, and reduce the global
* memory footprint.
*/
#ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H
#include <polarssl/openvpn-polarssl.h>
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
/**
* \name SECTION: System support
*
* This section sets system specific settings.
* \{
*/
/**
* \def POLARSSL_HAVE_INT8
*
* The system uses 8-bit wide native integers.
*
* Uncomment if native integers are 8-bit wide.
#define POLARSSL_HAVE_INT8
*/
/**
* \def POLARSSL_HAVE_INT16
*
* The system uses 16-bit wide native integers.
*
* Uncomment if native integers are 16-bit wide.
#define POLARSSL_HAVE_INT16
*/
/**
* \def POLARSSL_HAVE_LONGLONG
*
* The compiler supports the 'long long' type.
* (Only used on 32-bit platforms)
*/
#define POLARSSL_HAVE_LONGLONG
/**
* \def POLARSSL_HAVE_ASM
*
* The compiler has support for asm()
*
* Uncomment to enable the use of assembly code.
*
* Requires support for asm() in compiler.
*
* Used in:
* library/timing.c
* library/padlock.c
* include/polarssl/bn_mul.h
*
*/
#define POLARSSL_HAVE_ASM
/**
* \def POLARSSL_HAVE_SSE2
*
* CPU supports SSE2 instruction set.
*
* Uncomment if the CPU supports SSE2 (IA-32 specific).
*
#define POLARSSL_HAVE_SSE2
*/
/* \} name */
/**
* \name SECTION: PolarSSL feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
* \{
*/
/**
* \def POLARSSL_AES_ROM_TABLES
*
* Store the AES tables in ROM.
*
* Uncomment this macro to store the AES tables in ROM.
*
#define POLARSSL_AES_ROM_TABLES
*/
/**
* \def POLARSSL_CIPHER_MODE_CFB
*
* Enable Cipher Feedback mode (CFB) for symmetric ciphers.
*/
// JY removed
//#define POLARSSL_CIPHER_MODE_CFB
/**
* \def POLARSSL_CIPHER_MODE_CTR
*
* Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
*/
// JY removed
//#define POLARSSL_CIPHER_MODE_CTR
/**
* \def POLARSSL_CIPHER_NULL_CIPHER
*
* Enable NULL cipher.
* Warning: Only do so when you know what you are doing. This allows for
* encryption or channels without any security!
*
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
* the following ciphersuites:
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/
/**
* \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
*
* Enable weak ciphersuites in SSL / TLS
* Warning: Only do so when you know what you are doing. This allows for
* channels with virtually no security at all!
*
* This enables the following ciphersuites:
* TLS_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_DES_CBC_SHA
*
* Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/
/**
* \def POLARSSL_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of error_strerror() in
* third party libraries easier.
*
* Disable if you run into name conflicts and want to really remove the
* error_strerror()
*/
#define POLARSSL_ERROR_STRERROR_DUMMY
/**
* \def POLARSSL_GENPRIME
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* Enable the RSA prime-number generation code.
*/
#define POLARSSL_GENPRIME
/**
* \def POLARSSL_FS_IO
*
* Enable functions that use the filesystem.
*/
// JY removed
//#define POLARSSL_FS_IO
/**
* \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
*
* Do not add default entropy sources. These are the platform specific,
* hardclock and HAVEGE based poll functions.
*
* This is useful to have more control over the added entropy sources in an
* application.
*
* Uncomment this macro to prevent loading of default entropy functions.
#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
*/
/**
* \def POLARSSL_NO_PLATFORM_ENTROPY
*
* Do not use built-in platform entropy functions.
* This is useful if your platform does not support
* standards like the /dev/urandom or Windows CryptoAPI.
*
* Uncomment this macro to disable the built-in platform entropy functions.
#define POLARSSL_NO_PLATFORM_ENTROPY
*/
// JY added
#ifdef EXTERNAL_RNG
#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
#define POLARSSL_NO_PLATFORM_ENTROPY
#endif
/**
* \def POLARSSL_PKCS1_V21
*
* Requires: POLARSSL_MD_C, POLARSSL_RSA_C
*
* Enable support for PKCS#1 v2.1 encoding.
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/
#define POLARSSL_PKCS1_V21
/**
* \def POLARSSL_RSA_NO_CRT
*
* Do not use the Chinese Remainder Theorem for the RSA private operation.
*
* Uncomment this macro to disable the use of CRT in RSA.
*
#define POLARSSL_RSA_NO_CRT
*/
/**
* \def POLARSSL_SELF_TEST
*
* Enable the checkup functions (*_self_test).
*/
// JY changed
#if defined(ENABLE_TESTING) && !defined(POLARSSL_SELF_TEST)
#define POLARSSL_SELF_TEST
#endif
/**
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
* If you choose not to send the alert messages, PolarSSL can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
* about reasons for failures thus preventing adversaries of gaining intel.
*
* Enable sending of all alert messages
*/
#define POLARSSL_SSL_ALERT_MESSAGES
/**
* \def POLARSSL_SSL_DEBUG_ALL
*
* Enable the debug messages in SSL module for all issues.
* Debug messages have been disabled in some places to prevent timing
* attacks due to (unbalanced) debugging function calls.
*
* If you need all error reporting you should enable this during debugging,
* but remove this for production servers that should log as well.
*
* Uncomment this macro to report all debug messages on errors introducing
* a timing side-channel.
*
#define POLARSSL_SSL_DEBUG_ALL
*/
/**
* \def POLARSSL_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
* individual records.
*
* Uncomment this macro to enable hooking functions.
#define POLARSSL_SSL_HW_RECORD_ACCEL
*/
/**
* \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
*
* Enable support for receiving and parsing SSLv2 Client Hello messages for the
* SSL Server module (POLARSSL_SSL_SRV_C)
*
* Comment this macro to disable support for SSLv2 Client Hello messages.
*/
// JY removed
//#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
* and encountering an unknown critical extension.
*
* Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
/**
* \def POLARSSL_ZLIB_SUPPORT
*
* If set, the SSL/TLS module uses ZLIB to support compression and
* decompression of packet data.
*
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
* This feature requires zlib library and headers to be present.
*
* Uncomment to enable use of ZLIB
#define POLARSSL_ZLIB_SUPPORT
*/
/* \} name */
/**
* \name SECTION: PolarSSL modules
*
* This section enables or disables entire modules in PolarSSL
* \{
*/
/**
* \def POLARSSL_AES_C
*
* Enable the AES block cipher.
*
* Module: library/aes.c
* Caller: library/ssl_tls.c
* library/pem.c
* library/ctr_drbg.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*
* PEM uses AES for decrypting encrypted keys.
*/
#define POLARSSL_AES_C
/**
* \def POLARSSL_ARC4_C
*
* Enable the ARCFOUR stream cipher.
*
* Module: library/arc4.c
* Caller: library/ssl_tls.c
*
* This module enables the following ciphersuites:
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA
*/
// JY removed
//#define POLARSSL_ARC4_C
/**
* \def POLARSSL_ASN1_PARSE_C
*
* Enable the generic ASN1 parser.
*
* Module: library/asn1.c
* Caller: library/x509parse.c
*/
#define POLARSSL_ASN1_PARSE_C
/**
* \def POLARSSL_ASN1_WRITE_C
*
* Enable the generic ASN1 writer.
*
* Module: library/asn1write.c
*/
// JY removed
//#define POLARSSL_ASN1_WRITE_C
/**
* \def POLARSSL_BASE64_C
*
* Enable the Base64 module.
*
* Module: library/base64.c
* Caller: library/pem.c
*
* This module is required for PEM support (required by X.509).
*/
#define POLARSSL_BASE64_C
/**
* \def POLARSSL_BIGNUM_C
*
* Enable the multi-precision integer library.
*
* Module: library/bignum.c
* Caller: library/dhm.c
* library/rsa.c
* library/ssl_tls.c
* library/x509parse.c
*
* This module is required for RSA and DHM support.
*/
#define POLARSSL_BIGNUM_C
/**
* \def POLARSSL_BLOWFISH_C
*
* Enable the Blowfish block cipher.
*
* Module: library/blowfish.c
*/
#define POLARSSL_BLOWFISH_C
/**
* \def POLARSSL_CAMELLIA_C
*
* Enable the Camellia block cipher.
*
* Module: library/camellia.c
* Caller: library/ssl_tls.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
*/
// JY removed
//#define POLARSSL_CAMELLIA_C
/**
* \def POLARSSL_CERTS_C
*
* Enable the test certificates.
*
* Module: library/certs.c
* Caller:
*
* This module is used for testing (ssl_client/server).
*/
// JY changed
#ifdef ENABLE_TESTING
#define POLARSSL_CERTS_C
#endif
/**
* \def POLARSSL_CIPHER_C
*
* Enable the generic cipher layer.
*
* Module: library/cipher.c
* Caller:
*
* Uncomment to enable generic cipher wrappers.
*/
#define POLARSSL_CIPHER_C
/**
* \def POLARSSL_CTR_DRBG_C
*
* Enable the CTR_DRBG AES-256-based random generator
*
* Module: library/ctr_drbg.c
* Caller:
*
* Requires: POLARSSL_AES_C
*
* This module provides the CTR_DRBG AES-256 random number generator.
*/
// JY added
#ifndef EXTERNAL_RNG
#define POLARSSL_CTR_DRBG_C
#endif
/**
* \def POLARSSL_DEBUG_C
*
* Enable the debug functions.
*
* Module: library/debug.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
*
* This module provides debugging functions.
*/
#define POLARSSL_DEBUG_C
/**
* \def POLARSSL_DES_C
*
* Enable the DES block cipher.
*
* Module: library/des.c
* Caller: library/pem.c
* library/ssl_tls.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* PEM uses DES/3DES for decrypting encrypted keys.
*/
#define POLARSSL_DES_C
/**
* \def POLARSSL_DHM_C
*
* Enable the Diffie-Hellman-Merkle key exchange.
*
* Module: library/dhm.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_DHE_RSA_WITH_DES_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_DHM_C
/**
* \def POLARSSL_ENTROPY_C
*
* Enable the platform-specific entropy code.
*
* Module: library/entropy.c
* Caller:
*
* Requires: POLARSSL_SHA4_C
*
* This module provides a generic entropy pool
*/
#define POLARSSL_ENTROPY_C
/**
* \def POLARSSL_ERROR_C
*
* Enable error code to error string conversion.
*
* Module: library/error.c
* Caller:
*
* This module enables err_strerror().
*/
#define POLARSSL_ERROR_C
/**
* \def POLARSSL_GCM_C
*
* Enable the Galois/Counter Mode (GCM) for AES
*
* Module: library/gcm.c
*
* Requires: POLARSSL_AES_C
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_GCM_C
/**
* \def POLARSSL_HAVEGE_C
*
* Enable the HAVEGE random generator.
*
* Module: library/havege.c
* Caller:
*
* Requires: POLARSSL_TIMING_C
*
* This module enables the HAVEGE random number generator.
*/
// JY removed
//#define POLARSSL_HAVEGE_C
/**
* \def POLARSSL_MD_C
*
* Enable the generic message digest layer.
*
* Module: library/md.c
* Caller:
*
* Uncomment to enable generic message digest wrappers.
*/
#define POLARSSL_MD_C
/**
* \def POLARSSL_MD2_C
*
* Enable the MD2 hash algorithm
*
* Module: library/md2.c
* Caller: library/x509parse.c
*
* Uncomment to enable support for (rare) MD2-signed X.509 certs.
*
#define POLARSSL_MD2_C
*/
/**
* \def POLARSSL_MD4_C
*
* Enable the MD4 hash algorithm
*
* Module: library/md4.c
* Caller: library/x509parse.c
*
* Uncomment to enable support for (rare) MD4-signed X.509 certs.
*
*/
// JY Added for NTLM proxy auth
#define POLARSSL_MD4_C
/**
* \def POLARSSL_MD5_C
*
* Enable the MD5 hash algorithm
*
* Module: library/md5.c
* Caller: library/pem.c
* library/ssl_tls.c
* library/x509parse.c
*
* This module is required for SSL/TLS and X.509.
* PEM uses MD5 for decrypting encrypted keys.
*/
#define POLARSSL_MD5_C
/**
* \def POLARSSL_NET_C
*
* Enable the TCP/IP networking routines.
*
* Module: library/net.c
* Caller:
*
* This module provides TCP/IP networking routines.
*/
// JY removed
//#define POLARSSL_NET_C
/**
* \def POLARSSL_PADLOCK_C
*
* Enable VIA Padlock support on x86.
*
* Module: library/padlock.c
* Caller: library/aes.c
*
* This modules adds support for the VIA PadLock on x86.
*/
// JY removed
//#define POLARSSL_PADLOCK_C
/**
* \def POLARSSL_PBKDF2_C
*
* Enable PKCS#5 PBKDF2 key derivation function
* DEPRECATED: Use POLARSSL_PKCS5_C instead
*
* Module: library/pbkdf2.c
*
* Requires: POLARSSL_PKCS5_C
*
* This module adds support for the PKCS#5 PBKDF2 key derivation function.
#define POLARSSL_PBKDF2_C
*/
/**
* \def POLARSSL_PEM_C
*
* Enable PEM decoding
*
* Module: library/pem.c
* Caller: library/x509parse.c
*
* Requires: POLARSSL_BASE64_C
*
* This modules adds support for decoding PEM files.
*/
#define POLARSSL_PEM_C
/**
* \def POLARSSL_PKCS5_C
*
* Enable PKCS#5 functions
*
* Module: library/pkcs5.c
*
* Requires: POLARSSL_MD_C
*
* This module adds support for the PKCS#5 functions.
*/
#define POLARSSL_PKCS5_C
/**
* \def POLARSSL_PKCS11_C
*
* Enable wrapper for PKCS#11 smartcard support.
*
* Module: library/ssl_srv.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_SSL_TLS_C
*
* This module enables SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C
*/
/**
* \def POLARSSL_PKCS12_C
*
* Enable PKCS#12 PBE functions
* Adds algorithms for parsing PKCS#8 encrypted private keys
*
* Module: library/pkcs12.c
* Caller: library/x509parse.c
*
* Requires: POLARSSL_ASN1_PARSE_C
* Can use: POLARSSL_SHA1_C, POLARSSL_DES_C, POLARSSL_ARC4_C
*
* This module enables PKCS#12 functions.
*/
#define POLARSSL_PKCS12_C
/**
* \def POLARSSL_RSA_C
*
* Enable the RSA public-key cryptosystem.
*
* Module: library/rsa.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
* library/x509.c
*
* Requires: POLARSSL_BIGNUM_C
*
* This module is required for SSL/TLS and MD5-signed certificates.
*/
#define POLARSSL_RSA_C
/**
* \def POLARSSL_SHA1_C
*
* Enable the SHA1 cryptographic hash algorithm.
*
* Module: library/sha1.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
* library/x509parse.c
*
* This module is required for SSL/TLS and SHA1-signed certificates.
*/
#define POLARSSL_SHA1_C
/**
* \def POLARSSL_SHA2_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
*
* Module: library/sha2.c
* Caller: library/md_wrap.c
* library/x509parse.c
*
* This module adds support for SHA-224 and SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function.
*/
#define POLARSSL_SHA2_C
/**
* \def POLARSSL_SHA4_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
*
* Module: library/sha4.c
* Caller: library/md_wrap.c
* library/x509parse.c
*
* This module adds support for SHA-384 and SHA-512.
*/
#define POLARSSL_SHA4_C
/**
* \def POLARSSL_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
*
* Module: library/ssl_cache.c
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
*/
// JY removed
//#define POLARSSL_SSL_CACHE_C
/**
* \def POLARSSL_SSL_CLI_C
*
* Enable the SSL/TLS client code.
*
* Module: library/ssl_cli.c
* Caller:
*
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS client support.
*/
#define POLARSSL_SSL_CLI_C
/**
* \def POLARSSL_SSL_SRV_C
*
* Enable the SSL/TLS server code.
*
* Module: library/ssl_srv.c
* Caller:
*
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS server support.
*/
// JY removed
//#define POLARSSL_SSL_SRV_C
/**
* \def POLARSSL_SSL_TLS_C
*
* Enable the generic SSL/TLS code.
*
* Module: library/ssl_tls.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C
*
* This module is required for SSL/TLS.
*/
#define POLARSSL_SSL_TLS_C
/**
* \def POLARSSL_TIMING_C
*
* Enable the portable timing interface.
*
* Module: library/timing.c
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
*/
// JY removed
//#define POLARSSL_TIMING_C
/**
* \def POLARSSL_VERSION_C
*
* Enable run-time version information.
*
* Module: library/version.c
*
* This module provides run-time version information.
*/
#define POLARSSL_VERSION_C
/**
* \def POLARSSL_X509_PARSE_C
*
* Enable X.509 certificate parsing.
*
* Module: library/x509parse.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* This module is required for X.509 certificate parsing.
*/
#define POLARSSL_X509_PARSE_C
/**
* \def POLARSSL_X509_WRITE_C
*
* Enable X.509 buffer writing.
*
* Module: library/x509write.c
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* This module is required for X.509 certificate request writing.
*/
// JY removed
//#define POLARSSL_X509_WRITE_C
/**
* \def POLARSSL_XTEA_C
*
* Enable the XTEA block cipher.
*
* Module: library/xtea.c
* Caller:
*/
// JY removed
//#define POLARSSL_XTEA_C
/* \} name */
// JY added
#define POLARSSL_BLOWFISH_NAME "BF"
#define POLARSSL_BLOWFISH_DEFAULT_KEY_LEN 128
#endif /* config.h */
deps/polarssl/crypto-alt.txt
Vendored
+16
View File
@@ -0,0 +1,16 @@
This patch (against PolarSSL 1.2.7) allows alternative crypto
implementations to be compiled, without actually defining
such implementations.
* define POLARSSL_AES_ALT to include alternative AES implementation
from polarssl/aes_alt.h
* define POLARSSL_SHA1_ALT to include alternative SHA1 implementation
from polarssl/sha1_alt.h
* define POLARSSL_SHA2_ALT to include alternative SHA2 implementation
from polarssl/sha2_alt.h
* define POLARSSL_SHA4_ALT to include alternative SHA4 implementation
from polarssl/sha4_alt.h
deps/polarssl/dhm.patch
Vendored
+12
View File
@@ -0,0 +1,12 @@
diff -ur polarssl-1.3.4/library/dhm.c polarssl.new/library/dhm.c
--- polarssl-1.3.4/library/dhm.c 2014-01-27 05:36:23.000000000 -0700
+++ polarssl.new/library/dhm.c 2014-03-02 14:47:02.000000000 -0700
@@ -32,6 +32,8 @@
#if defined(POLARSSL_DHM_C)
+#include "polarssl/x509.h" // for POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
+
#include "polarssl/dhm.h"
#if defined(POLARSSL_PEM_PARSE_C)
deps/polarssl/entropy-printf.patch
Vendored
+12
View File
@@ -0,0 +1,12 @@
diff -ur polarssl-1.3.8.orig/library/entropy.c polarssl-1.3.8/library/entropy.c
--- polarssl-1.3.8.orig/library/entropy.c 2014-07-09 03:34:48.000000000 -0600
+++ polarssl-1.3.8/library/entropy.c 2014-07-09 16:27:06.000000000 -0600
@@ -34,7 +34,7 @@
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
-#if defined(POLARSSL_FS_IO)
+#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
#include <stdio.h>
#endif
deps/polarssl/gitar
Vendored Executable
+9
View File
@@ -0,0 +1,9 @@
#!/usr/bin/env bash
. $O3/core/deps/lib-versions
rm -rf gitar.tmp
mkdir gitar.tmp
cd gitar.tmp
git clone https://github.com/polarssl/polarssl.git -b $POLARSSL_VERSION $POLARSSL_VERSION
tar cfz $DL/$POLARSSL_VERSION-gpl.tgz $POLARSSL_VERSION
cd ..
rm -rf gitar.tmp
deps/polarssl/intel_cpu.c
Vendored
+22
View File
@@ -0,0 +1,22 @@
#if defined(_WIN32)
typedef unsigned __int64 IA32CAP;
#else
typedef unsigned long long IA32CAP;
#endif
IA32CAP OPENSSL_ia32_cpuid(void);
unsigned int OPENSSL_ia32cap_P[2]; // GLOBAL
void OPENSSL_cpuid_setup(void)
{
const IA32CAP vec = OPENSSL_ia32_cpuid();
/*
* |(1<<10) sets a reserved bit to signal that variable
* was initialized already... This is to avoid interference
* with cpuid snippets in ELF .init segment.
*/
OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10);
OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32);
}
deps/polarssl/linux-arm.cmake
Vendored
+17
View File
@@ -0,0 +1,17 @@
# this one is important
SET(CMAKE_SYSTEM_NAME Linux)
#this one not so much
SET(CMAKE_SYSTEM_VERSION 1)
# specify the cross compiler
SET(CMAKE_C_COMPILER arm-linux-gnueabi-gcc-4.6)
SET(CMAKE_CXX_COMPILER arm-linux-gnueabi-g++-4.6)
# where is the target environment
#SET(CMAKE_FIND_ROOT_PATH /opt/eldk-2007-01-19/ppc_74xx /home/alex/eldk-ppc74xx-inst)
# search for programs in the build host directories
SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
# for libraries and headers in the target directories
SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
deps/polarssl/polar-openssl.patch
Vendored
+782
View File
@@ -0,0 +1,782 @@
diff -uNr polarssl-1.2.7/include/polarssl/aes.h polarssl.new/include/polarssl/aes.h
--- polarssl-1.2.7/include/polarssl/aes.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/aes.h 2013-06-07 17:43:56.000000000 -0600
@@ -29,6 +29,8 @@
#include <string.h>
+#include "config.h"
+
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -42,6 +44,12 @@
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+#ifdef POLARSSL_AES_ALT
+
+#include "polarssl/aes_alt.h"
+
+#else
+
/**
* \brief AES context structure
*/
@@ -169,6 +177,17 @@
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Checkup routine
*
diff -uNr polarssl-1.2.7/include/polarssl/aes_alt.h polarssl.new/include/polarssl/aes_alt.h
--- polarssl-1.2.7/include/polarssl/aes_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/aes_alt.h 2013-06-07 18:18:37.000000000 -0600
@@ -0,0 +1,183 @@
+/*
+ * Use OpenSSL implementation of AES methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by aes.h when
+ * POLARSSL_AES_ALT is defined.
+ */
+
+#ifdef _MSC_VER
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define OPENSSL_AES_BLOCK_SIZE 16
+#define OPENSSL_AES_MAXNR 14
+
+/**
+ * \brief AES context structure
+ */
+typedef struct
+{
+ uint32_t rd_key[4 * (OPENSSL_AES_MAXNR + 1)];
+ int rounds;
+}
+aes_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(POLARSSL_USE_OPENSSL_AES_NI)
+
+int aesni_set_encrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const aes_context *key, const int enc);
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const aes_context *key,
+ unsigned char *ivec, const int enc);
+
+#define OPENSSL_AES_SET_ENCRYPT_KEY(k,b,c) aesni_set_encrypt_key(k,b,c)
+#define OPENSSL_AES_SET_DECRYPT_KEY(k,b,c) aesni_set_decrypt_key(k,b,c)
+#define OPENSSL_AES_ECB_ENCRYPT(i,o,k) aesni_ecb_encrypt(i,o,16,k,AES_ENCRYPT)
+#define OPENSSL_AES_ECB_DECRYPT(i,o,k) aesni_ecb_encrypt(i,o,16,k,AES_DECRYPT)
+#define OPENSSL_AES_CBC_ENCRYPT(i,o,l,k,iv,e) aesni_cbc_encrypt(i,o,l,k,iv,e)
+
+#else
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out, const aes_context *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out, const aes_context *key);
+
+
+#define OPENSSL_AES_SET_ENCRYPT_KEY(k,b,c) AES_set_encrypt_key(k,b,c)
+#define OPENSSL_AES_SET_DECRYPT_KEY(k,b,c) AES_set_decrypt_key(k,b,c)
+#define OPENSSL_AES_ECB_ENCRYPT(i,o,k) AES_encrypt(i,o,k)
+#define OPENSSL_AES_ECB_DECRYPT(i,o,k) AES_decrypt(i,o,k)
+
+#endif
+
+/**
+ * \brief AES key schedule (encryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key encryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+static inline int aes_setkey_enc( aes_context *ctx, const unsigned char *key, const unsigned int keysize )
+{
+ const int status = OPENSSL_AES_SET_ENCRYPT_KEY(key, keysize, ctx);
+ return status ? POLARSSL_ERR_AES_INVALID_KEY_LENGTH : 0;
+}
+
+/**
+ * \brief AES key schedule (decryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key decryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+static inline int aes_setkey_dec( aes_context *ctx, const unsigned char *key, const unsigned int keysize )
+{
+ const int status = OPENSSL_AES_SET_DECRYPT_KEY(key, keysize, ctx);
+ return status ? POLARSSL_ERR_AES_INVALID_KEY_LENGTH : 0;
+}
+
+/**
+ * \brief AES-ECB block encryption/decryption
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param input 16-byte input block
+ * \param output 16-byte output block
+ *
+ * \return 0 if successful
+ */
+static inline int aes_crypt_ecb( aes_context *ctx,
+ const int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ if (mode == AES_DECRYPT)
+ OPENSSL_AES_ECB_DECRYPT(input, output, ctx);
+ else
+ OPENSSL_AES_ECB_ENCRYPT(input, output, ctx);
+ return 0;
+}
+
+/**
+ * \brief AES-CBC buffer encryption/decryption
+ * Length should be a multiple of the block
+ * size (16 bytes)
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
+ */
+static inline int aes_crypt_cbc( aes_context *ctx,
+ const int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+#ifdef OPENSSL_AES_CBC_ENCRYPT
+ if (length & (OPENSSL_AES_BLOCK_SIZE-1))
+ return POLARSSL_ERR_AES_INVALID_INPUT_LENGTH;
+ OPENSSL_AES_CBC_ENCRYPT(input, output, length, ctx, iv, mode);
+ return 0;
+#else
+ int i;
+ unsigned char temp[16];
+ if (length & (OPENSSL_AES_BLOCK_SIZE-1))
+ return POLARSSL_ERR_AES_INVALID_INPUT_LENGTH;
+ if( mode == AES_DECRYPT )
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, 16 );
+ OPENSSL_AES_ECB_DECRYPT(input, output, ctx);
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+ memcpy( iv, temp, 16 );
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+ else
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+ OPENSSL_AES_ECB_ENCRYPT(output, output, ctx);
+ memcpy( iv, output, 16 );
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+ return( 0 );
+#endif
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha1.h polarssl.new/include/polarssl/sha1.h
--- polarssl-1.2.7/include/polarssl/sha1.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha1.h 2013-06-07 17:43:56.000000000 -0600
@@ -29,6 +29,8 @@
#include <string.h>
+#include "config.h"
+
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -38,6 +40,12 @@
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
+#ifdef POLARSSL_SHA1_ALT
+
+#include "polarssl/sha1_alt.h"
+
+#else
+
/**
* \brief SHA-1 context structure
*/
@@ -80,6 +88,19 @@
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
+/* Internal use */
+void sha1_process( sha1_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_SHA1_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = SHA-1( input buffer )
*
@@ -152,9 +173,6 @@
*/
int sha1_self_test( int verbose );
-/* Internal use */
-void sha1_process( sha1_context *ctx, const unsigned char data[64] );
-
#ifdef __cplusplus
}
#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha1_alt.h polarssl.new/include/polarssl/sha1_alt.h
--- polarssl-1.2.7/include/polarssl/sha1_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha1_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,56 @@
+/*
+ * Use OpenSSL implementation of SHA1 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha1.h when
+ * POLARSSL_SHA1_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha_context {
+ SHA_LONG h0,h1,h2,h3,h4;
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num;
+};
+
+typedef struct
+{
+ struct openssl_sha_context octx;
+
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+}
+sha1_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA1_Init(struct openssl_sha_context *c);
+int SHA1_Update(struct openssl_sha_context *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, struct openssl_sha_context *c);
+void sha1_block_data_order(struct openssl_sha_context *c, const void *p, size_t num);
+
+static inline void sha1_starts( sha1_context *ctx )
+{
+ SHA1_Init(&ctx->octx);
+}
+
+static inline void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
+{
+ SHA1_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha1_finish( sha1_context *ctx, unsigned char output[20] )
+{
+ SHA1_Final(output, &ctx->octx);
+}
+
+static inline void sha1_process( sha1_context *ctx, const unsigned char data[64] )
+{
+ sha1_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha2.h polarssl.new/include/polarssl/sha2.h
--- polarssl-1.2.7/include/polarssl/sha2.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha2.h 2013-06-07 17:43:56.000000000 -0600
@@ -29,6 +29,8 @@
#include <string.h>
+#include "config.h"
+
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -38,6 +40,12 @@
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
+#ifdef POLARSSL_SHA2_ALT
+
+#include "polarssl/sha2_alt.h"
+
+#else
+
/**
* \brief SHA-256 context structure
*/
@@ -82,6 +90,19 @@
*/
void sha2_finish( sha2_context *ctx, unsigned char output[32] );
+/* Internal use */
+void sha2_process( sha2_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_SHA2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = SHA-256( input buffer )
*
@@ -160,9 +181,6 @@
*/
int sha2_self_test( int verbose );
-/* Internal use */
-void sha2_process( sha2_context *ctx, const unsigned char data[64] );
-
#ifdef __cplusplus
}
#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polarssl/sha2_alt.h
--- polarssl-1.2.7/include/polarssl/sha2_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha2_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,71 @@
+/*
+ * Use OpenSSL implementation of SHA2 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha2.h when
+ * POLARSSL_SHA2_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha2_context {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num,md_len;
+};
+
+typedef struct
+{
+ struct openssl_sha2_context octx;
+
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+ int is224; /*!< 0 => SHA-256, else SHA-224 */
+}
+sha2_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA224_Init(struct openssl_sha2_context *c);
+int SHA224_Update(struct openssl_sha2_context *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, struct openssl_sha2_context *c);
+
+int SHA256_Init(struct openssl_sha2_context *c);
+int SHA256_Update(struct openssl_sha2_context *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, struct openssl_sha2_context *c);
+
+void sha256_block_data_order(struct openssl_sha2_context *c, const void *p, size_t num);
+
+static inline void sha2_starts( sha2_context *ctx, int is224 )
+{
+ if ((ctx->is224 = is224))
+ SHA224_Init(&ctx->octx);
+ else
+ SHA256_Init(&ctx->octx);
+}
+
+static inline void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is224)
+ SHA224_Update(&ctx->octx, input, ilen);
+ else
+ SHA256_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha2_finish( sha2_context *ctx, unsigned char output[32] )
+{
+ if (ctx->is224)
+ SHA224_Final(output, &ctx->octx);
+ else
+ SHA256_Final(output, &ctx->octx);
+}
+
+static inline void sha2_process( sha2_context *ctx, const unsigned char data[64] )
+{
+ sha256_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha4.h polarssl.new/include/polarssl/sha4.h
--- polarssl-1.2.7/include/polarssl/sha4.h 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/include/polarssl/sha4.h 2013-06-07 17:43:56.000000000 -0600
@@ -29,6 +29,8 @@
#include <string.h>
+#include "config.h"
+
#if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64
typedef unsigned __int64 uint64_t;
@@ -39,6 +41,12 @@
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
+#ifdef POLARSSL_SHA4_ALT
+
+#include "polarssl/sha4_alt.h"
+
+#else
+
/**
* \brief SHA-512 context structure
*/
@@ -83,6 +91,16 @@
*/
void sha4_finish( sha4_context *ctx, unsigned char output[64] );
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* POLARSSL_SHA4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Output = SHA-512( input buffer )
*
diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polarssl/sha4_alt.h
--- polarssl-1.2.7/include/polarssl/sha4_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha4_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,67 @@
+/*
+ * Use OpenSSL implementation of SHA4 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha4.h when
+ * POLARSSL_SHA4_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha4_context {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ unsigned int num,md_len;
+};
+
+typedef struct
+{
+ struct openssl_sha4_context octx;
+
+ unsigned char ipad[128]; /*!< HMAC: inner padding */
+ unsigned char opad[128]; /*!< HMAC: outer padding */
+ int is384; /*!< 0 => SHA-512, else SHA-384 */
+}
+sha4_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA384_Init(struct openssl_sha4_context *c);
+int SHA384_Update(struct openssl_sha4_context *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, struct openssl_sha4_context *c);
+
+int SHA512_Init(struct openssl_sha4_context *c);
+int SHA512_Update(struct openssl_sha4_context *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, struct openssl_sha4_context *c);
+
+static inline void sha4_starts( sha4_context *ctx, int is384 )
+{
+ if ((ctx->is384 = is384))
+ SHA384_Init(&ctx->octx);
+ else
+ SHA512_Init(&ctx->octx);
+}
+
+static inline void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is384)
+ SHA384_Update(&ctx->octx, input, ilen);
+ else
+ SHA512_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha4_finish( sha4_context *ctx, unsigned char output[64] )
+{
+ if (ctx->is384)
+ SHA384_Final(output, &ctx->octx);
+ else
+ SHA512_Final(output, &ctx->octx);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
--- polarssl-1.2.7/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,42 @@
+/*
+ * Common header file for all OpenSSL-imported SHA methods
+ */
+
+#ifndef POLARSSL_SHA_OPENSSL_H
+#define POLARSSL_SHA_OPENSSL_H
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK 16
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#elif defined(__arch64__)
+#define SHA_LONG64 unsigned long
+#else
+#define SHA_LONG64 unsigned long long
+#endif
+
+#endif
diff -uNr polarssl-1.2.7/library/aes.c polarssl.new/library/aes.c
--- polarssl-1.2.7/library/aes.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/aes.c 2013-06-07 17:43:56.000000000 -0600
@@ -38,6 +38,8 @@
#include "polarssl/padlock.h"
#endif
+#ifndef POLARSSL_AES_ALT
+
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -914,6 +916,7 @@
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* !POLARSSL_AES_ALT */
#if defined(POLARSSL_SELF_TEST)
diff -uNr polarssl-1.2.7/library/sha1.c polarssl.new/library/sha1.c
--- polarssl-1.2.7/library/sha1.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha1.c 2013-06-07 17:43:56.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
+#ifndef POLARSSL_SHA1_ALT
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -313,6 +315,8 @@
PUT_UINT32_BE( ctx->state[4], output, 16 );
}
+#endif /* !POLARSSL_SHA1_ALT */
+
/*
* output = SHA-1( input buffer )
*/
diff -uNr polarssl-1.2.7/library/sha2.c polarssl.new/library/sha2.c
--- polarssl-1.2.7/library/sha2.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha2.c 2013-06-07 17:43:56.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
+#ifndef POLARSSL_SHA2_ALT
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -314,6 +316,8 @@
PUT_UINT32_BE( ctx->state[7], output, 28 );
}
+#endif /* !POLARSSL_SHA2_ALT */
+
/*
* output = SHA-256( input buffer )
*/
diff -uNr polarssl-1.2.7/library/sha4.c polarssl.new/library/sha4.c
--- polarssl-1.2.7/library/sha4.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/sha4.c 2013-06-07 17:43:56.000000000 -0600
@@ -38,6 +38,8 @@
#include <stdio.h>
#endif
+#ifndef POLARSSL_SHA4_ALT
+
/*
* 64-bit integer manipulation macros (big endian)
*/
@@ -312,6 +314,8 @@
}
}
+#endif /* !POLARSSL_SHA4_ALT */
+
/*
* output = SHA-512( input buffer )
*/
diff -uNr polarssl-1.2.7/library/ssl_tls.c polarssl.new/library/ssl_tls.c
--- polarssl-1.2.7/library/ssl_tls.c 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/library/ssl_tls.c 2013-06-07 17:43:56.000000000 -0600
@@ -2550,8 +2550,10 @@
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#ifndef POLARSSL_SHA1_ALT
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT"
: (char *) "SRVR";
@@ -2621,8 +2623,10 @@
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#ifndef POLARSSL_SHA1_ALT
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
@@ -2666,8 +2670,10 @@
* Hash( handshake ) )[0.11]
*/
+#ifndef POLARSSL_SHA2_ALT
SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
sha2.state, sizeof( sha2.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
@@ -2710,8 +2716,10 @@
* Hash( handshake ) )[0.11]
*/
+#ifndef POLARSSL_SHA4_ALT
SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
sha4.state, sizeof( sha4.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? (char *) "client finished"
diff -uNr polarssl-1.2.7/tests/suites/test_suite_aes.function polarssl.new/tests/suites/test_suite_aes.function
--- polarssl-1.2.7/tests/suites/test_suite_aes.function 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_aes.function 2013-06-07 17:43:56.000000000 -0600
@@ -1,4 +1,5 @@
BEGIN_HEADER
+#include <polarssl/config.h>
#include <polarssl/aes.h>
END_HEADER
diff -uNr polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function polarssl.new/tests/suites/test_suite_ctr_drbg.function
--- polarssl-1.2.7/tests/suites/test_suite_ctr_drbg.function 2013-04-13 03:56:17.000000000 -0600
+++ polarssl.new/tests/suites/test_suite_ctr_drbg.function 2013-06-07 17:43:56.000000000 -0600
@@ -1,4 +1,5 @@
BEGIN_HEADER
+#include <polarssl/config.h>
#include <polarssl/ctr_drbg.h>
int test_offset;
deps/polarssl/polarssl-minicrypto.patch
Vendored
+446
View File
@@ -0,0 +1,446 @@
diff -uNr polarssl-1.2.7/include/polarssl/aes_alt.h polarssl.new/include/polarssl/aes_alt.h
--- polarssl-1.2.7/include/polarssl/aes_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/aes_alt.h 2013-06-07 18:18:37.000000000 -0600
@@ -0,0 +1,183 @@
+/*
+ * Use OpenSSL implementation of AES methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by aes.h when
+ * POLARSSL_AES_ALT is defined.
+ */
+
+#ifdef _MSC_VER
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define OPENSSL_AES_BLOCK_SIZE 16
+#define OPENSSL_AES_MAXNR 14
+
+/**
+ * \brief AES context structure
+ */
+typedef struct
+{
+ uint32_t rd_key[4 * (OPENSSL_AES_MAXNR + 1)];
+ int rounds;
+}
+aes_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(POLARSSL_USE_OPENSSL_AES_NI)
+
+int aesni_set_encrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const aes_context *key, const int enc);
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t length, const aes_context *key,
+ unsigned char *ivec, const int enc);
+
+#define OPENSSL_AES_SET_ENCRYPT_KEY(k,b,c) aesni_set_encrypt_key(k,b,c)
+#define OPENSSL_AES_SET_DECRYPT_KEY(k,b,c) aesni_set_decrypt_key(k,b,c)
+#define OPENSSL_AES_ECB_ENCRYPT(i,o,k) aesni_ecb_encrypt(i,o,16,k,AES_ENCRYPT)
+#define OPENSSL_AES_ECB_DECRYPT(i,o,k) aesni_ecb_encrypt(i,o,16,k,AES_DECRYPT)
+#define OPENSSL_AES_CBC_ENCRYPT(i,o,l,k,iv,e) aesni_cbc_encrypt(i,o,l,k,iv,e)
+
+#else
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ aes_context *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out, const aes_context *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out, const aes_context *key);
+
+
+#define OPENSSL_AES_SET_ENCRYPT_KEY(k,b,c) AES_set_encrypt_key(k,b,c)
+#define OPENSSL_AES_SET_DECRYPT_KEY(k,b,c) AES_set_decrypt_key(k,b,c)
+#define OPENSSL_AES_ECB_ENCRYPT(i,o,k) AES_encrypt(i,o,k)
+#define OPENSSL_AES_ECB_DECRYPT(i,o,k) AES_decrypt(i,o,k)
+
+#endif
+
+/**
+ * \brief AES key schedule (encryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key encryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+static inline int aes_setkey_enc( aes_context *ctx, const unsigned char *key, const unsigned int keysize )
+{
+ const int status = OPENSSL_AES_SET_ENCRYPT_KEY(key, keysize, ctx);
+ return status ? POLARSSL_ERR_AES_INVALID_KEY_LENGTH : 0;
+}
+
+/**
+ * \brief AES key schedule (decryption)
+ *
+ * \param ctx AES context to be initialized
+ * \param key decryption key
+ * \param keysize must be 128, 192 or 256
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ */
+static inline int aes_setkey_dec( aes_context *ctx, const unsigned char *key, const unsigned int keysize )
+{
+ const int status = OPENSSL_AES_SET_DECRYPT_KEY(key, keysize, ctx);
+ return status ? POLARSSL_ERR_AES_INVALID_KEY_LENGTH : 0;
+}
+
+/**
+ * \brief AES-ECB block encryption/decryption
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param input 16-byte input block
+ * \param output 16-byte output block
+ *
+ * \return 0 if successful
+ */
+static inline int aes_crypt_ecb( aes_context *ctx,
+ const int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ if (mode == AES_DECRYPT)
+ OPENSSL_AES_ECB_DECRYPT(input, output, ctx);
+ else
+ OPENSSL_AES_ECB_ENCRYPT(input, output, ctx);
+ return 0;
+}
+
+/**
+ * \brief AES-CBC buffer encryption/decryption
+ * Length should be a multiple of the block
+ * size (16 bytes)
+ *
+ * \param ctx AES context
+ * \param mode AES_ENCRYPT or AES_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
+ */
+static inline int aes_crypt_cbc( aes_context *ctx,
+ const int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
+{
+#ifdef OPENSSL_AES_CBC_ENCRYPT
+ if (length & (OPENSSL_AES_BLOCK_SIZE-1))
+ return POLARSSL_ERR_AES_INVALID_INPUT_LENGTH;
+ OPENSSL_AES_CBC_ENCRYPT(input, output, length, ctx, iv, mode);
+ return 0;
+#else
+ int i;
+ unsigned char temp[16];
+ if (length & (OPENSSL_AES_BLOCK_SIZE-1))
+ return POLARSSL_ERR_AES_INVALID_INPUT_LENGTH;
+ if( mode == AES_DECRYPT )
+ {
+ while( length > 0 )
+ {
+ memcpy( temp, input, 16 );
+ OPENSSL_AES_ECB_DECRYPT(input, output, ctx);
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( output[i] ^ iv[i] );
+ memcpy( iv, temp, 16 );
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+ else
+ {
+ while( length > 0 )
+ {
+ for( i = 0; i < 16; i++ )
+ output[i] = (unsigned char)( input[i] ^ iv[i] );
+ OPENSSL_AES_ECB_ENCRYPT(output, output, ctx);
+ memcpy( iv, output, 16 );
+ input += 16;
+ output += 16;
+ length -= 16;
+ }
+ }
+ return( 0 );
+#endif
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha1_alt.h polarssl.new/include/polarssl/sha1_alt.h
--- polarssl-1.2.7/include/polarssl/sha1_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha1_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,56 @@
+/*
+ * Use OpenSSL implementation of SHA1 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha1.h when
+ * POLARSSL_SHA1_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha_context {
+ SHA_LONG h0,h1,h2,h3,h4;
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num;
+};
+
+typedef struct
+{
+ struct openssl_sha_context octx;
+
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+}
+sha1_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA1_Init(struct openssl_sha_context *c);
+int SHA1_Update(struct openssl_sha_context *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, struct openssl_sha_context *c);
+void sha1_block_data_order(struct openssl_sha_context *c, const void *p, size_t num);
+
+static inline void sha1_starts( sha1_context *ctx )
+{
+ SHA1_Init(&ctx->octx);
+}
+
+static inline void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
+{
+ SHA1_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha1_finish( sha1_context *ctx, unsigned char output[20] )
+{
+ SHA1_Final(output, &ctx->octx);
+}
+
+static inline void sha1_process( sha1_context *ctx, const unsigned char data[64] )
+{
+ sha1_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha256_alt.h polarssl.new/include/polarssl/sha256_alt.h
--- polarssl-1.2.7/include/polarssl/sha256_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha256_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,71 @@
+/*
+ * Use OpenSSL implementation of SHA256 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha256.h when
+ * POLARSSL_SHA256_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha256_context {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num,md_len;
+};
+
+typedef struct
+{
+ struct openssl_sha256_context octx;
+
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+ int is224; /*!< 0 => SHA-256, else SHA-224 */
+}
+sha256_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA224_Init(struct openssl_sha256_context *c);
+int SHA224_Update(struct openssl_sha256_context *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, struct openssl_sha256_context *c);
+
+int SHA256_Init(struct openssl_sha256_context *c);
+int SHA256_Update(struct openssl_sha256_context *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, struct openssl_sha256_context *c);
+
+void sha256_block_data_order(struct openssl_sha256_context *c, const void *p, size_t num);
+
+static inline void sha256_starts( sha256_context *ctx, int is224 )
+{
+ if ((ctx->is224 = is224))
+ SHA224_Init(&ctx->octx);
+ else
+ SHA256_Init(&ctx->octx);
+}
+
+static inline void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is224)
+ SHA224_Update(&ctx->octx, input, ilen);
+ else
+ SHA256_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha256_finish( sha256_context *ctx, unsigned char output[32] )
+{
+ if (ctx->is224)
+ SHA224_Final(output, &ctx->octx);
+ else
+ SHA256_Final(output, &ctx->octx);
+}
+
+static inline void sha256_process( sha256_context *ctx, const unsigned char data[64] )
+{
+ sha256_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha512_alt.h polarssl.new/include/polarssl/sha512_alt.h
--- polarssl-1.2.7/include/polarssl/sha512_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha512_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,74 @@
+/*
+ * Use OpenSSL implementation of SHA512 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha512.h when
+ * POLARSSL_SHA512_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha512_context {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ unsigned int num,md_len;
+};
+
+typedef struct
+{
+ struct openssl_sha512_context octx;
+
+ unsigned char ipad[128]; /*!< HMAC: inner padding */
+ unsigned char opad[128]; /*!< HMAC: outer padding */
+ int is384; /*!< 0 => SHA-512, else SHA-384 */
+}
+sha512_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA384_Init(struct openssl_sha512_context *c);
+int SHA384_Update(struct openssl_sha512_context *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, struct openssl_sha512_context *c);
+
+int SHA512_Init(struct openssl_sha512_context *c);
+int SHA512_Update(struct openssl_sha512_context *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, struct openssl_sha512_context *c);
+
+void sha512_block_data_order(struct openssl_sha512_context *c, const void *p, size_t num);
+
+static inline void sha512_starts( sha512_context *ctx, int is384 )
+{
+ if ((ctx->is384 = is384))
+ SHA384_Init(&ctx->octx);
+ else
+ SHA512_Init(&ctx->octx);
+}
+
+static inline void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is384)
+ SHA384_Update(&ctx->octx, input, ilen);
+ else
+ SHA512_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha512_finish( sha512_context *ctx, unsigned char output[64] )
+{
+ if (ctx->is384)
+ SHA384_Final(output, &ctx->octx);
+ else
+ SHA512_Final(output, &ctx->octx);
+}
+
+static inline void sha512_process( sha512_context *ctx, const unsigned char data[128] )
+{
+ sha512_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha_openssl.h polarssl.new/include/polarssl/sha_openssl.h
--- polarssl-1.2.7/include/polarssl/sha_openssl.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha_openssl.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,42 @@
+/*
+ * Common header file for all OpenSSL-imported SHA methods
+ */
+
+#ifndef POLARSSL_SHA_OPENSSL_H
+#define POLARSSL_SHA_OPENSSL_H
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK 16
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#elif defined(__arch64__)
+#define SHA_LONG64 unsigned long
+#else
+#define SHA_LONG64 unsigned long long
+#endif
+
+#endif
deps/polarssl/ref
Vendored
+24
View File
@@ -0,0 +1,24 @@
AES_set_encrypt_key
AES_set_decrypt_key
AES_ecb_encrypt
AES_cbc_encrypt
BF_set_key
BF_ecb_encrypt
BF_cbc_encrypt
SHA1_Init
SHA1_Update
SHA1_Final
SHA224_Init
SHA224_Update
SHA224_Final
SHA256_Init
SHA256_Update
SHA256_Final
SHA384_Init
SHA384_Update
SHA384_Final
SHA512_Init
SHA512_Update
SHA512_Final
OPENSSL_ia32_cpuid
-OPENSSL_cpuid_setup
deps/polarssl/ref-aesni
Vendored
+24
View File
@@ -0,0 +1,24 @@
aesni_set_encrypt_key
aesni_set_decrypt_key
aesni_ecb_encrypt
aesni_cbc_encrypt
BF_set_key
BF_ecb_encrypt
BF_cbc_encrypt
SHA1_Init
SHA1_Update
SHA1_Final
SHA224_Init
SHA224_Update
SHA224_Final
SHA256_Init
SHA256_Update
SHA256_Final
SHA384_Init
SHA384_Update
SHA384_Final
SHA512_Init
SHA512_Update
SHA512_Final
OPENSSL_ia32_cpuid
-OPENSSL_cpuid_setup
deps/polarssl/relaxed-x509-date.patch
Vendored
+118
View File
@@ -0,0 +1,118 @@
diff -ur mbedtls-1.3.17/library/x509.c polarssl.new/library/x509.c
--- mbedtls-1.3.17/library/x509.c 2016-06-27 13:00:26.000000000 -0600
+++ polarssl.new/library/x509.c 2016-08-04 17:21:52.000000000 -0600
@@ -490,6 +490,73 @@
}
/*
+ * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) field.
+ */
+static int x509_parse_time(unsigned char **p, size_t len, unsigned int yearlen, x509_time *time)
+{
+ int ret;
+
+ /* minimum length is 10 or 12 depending on yearlen */
+ if (len < yearlen + 8)
+ return POLARSSL_ERR_X509_INVALID_DATE;
+ len -= yearlen + 8;
+
+ /* parse year, month, day, hour, minute */
+ CHECK( x509_parse_int( p, yearlen, &time->year ) );
+ if (yearlen == 2)
+ {
+ if (time->year < 50)
+ time->year += 100;
+ time->year += 1900;
+ }
+ CHECK( x509_parse_int( p, 2, &time->mon ) );
+ CHECK( x509_parse_int( p, 2, &time->day ) );
+ CHECK( x509_parse_int( p, 2, &time->hour ) );
+ CHECK( x509_parse_int( p, 2, &time->min ) );
+
+ /* parse seconds if present */
+ if (len >= 2 && **p >= '0' && **p <= '9')
+ {
+ CHECK( x509_parse_int( p, 2, &time->sec ) );
+ len -= 2;
+ }
+ else
+ {
+#if defined(POLARSSL_RELAXED_X509_DATE)
+ /* if relaxed mode, allow seconds to be absent */
+ time->sec = 0;
+#else
+ return POLARSSL_ERR_X509_INVALID_DATE;
+#endif
+ }
+
+ /* parse trailing 'Z' if present */
+ if (len == 1 && **p == 'Z')
+ {
+ (*p)++;
+ return 0;
+ }
+
+#if defined(POLARSSL_RELAXED_X509_DATE)
+ /* if relaxed mode, allow timezone to be present */
+ else if (len == 5 && **p == '+')
+ {
+ int tz; /* throwaway timezone */
+ (*p)++;
+ CHECK( x509_parse_int( p, 4, &tz ) );
+ return 0;
+ }
+#endif
+
+ /* okay if no trailing 'Z' or timezone specified */
+ else if (len == 0)
+ return 0;
+
+ else
+ return POLARSSL_ERR_X509_INVALID_DATE;
+}
+
+/*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
@@ -515,20 +582,7 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- CHECK( x509_parse_int( p, 2, &time->year ) );
- CHECK( x509_parse_int( p, 2, &time->mon ) );
- CHECK( x509_parse_int( p, 2, &time->day ) );
- CHECK( x509_parse_int( p, 2, &time->hour ) );
- CHECK( x509_parse_int( p, 2, &time->min ) );
- if( len > 10 )
- CHECK( x509_parse_int( p, 2, &time->sec ) );
- if( len > 12 && *(*p)++ != 'Z' )
- return( POLARSSL_ERR_X509_INVALID_DATE );
-
- time->year += 100 * ( time->year < 50 );
- time->year += 1900;
-
- return( 0 );
+ return x509_parse_time(p, len, 2, time);
}
else if( tag == ASN1_GENERALIZED_TIME )
{
@@ -538,17 +592,7 @@
if( ret != 0 )
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
- CHECK( x509_parse_int( p, 4, &time->year ) );
- CHECK( x509_parse_int( p, 2, &time->mon ) );
- CHECK( x509_parse_int( p, 2, &time->day ) );
- CHECK( x509_parse_int( p, 2, &time->hour ) );
- CHECK( x509_parse_int( p, 2, &time->min ) );
- if( len > 12 )
- CHECK( x509_parse_int( p, 2, &time->sec ) );
- if( len > 14 && *(*p)++ != 'Z' )
- return( POLARSSL_ERR_X509_INVALID_DATE );
-
- return( 0 );
+ return x509_parse_time(p, len, 4, time);
}
else
return( POLARSSL_ERR_X509_INVALID_DATE +
deps/polarssl/testpatch
Vendored Executable
+13
View File
@@ -0,0 +1,13 @@
#!/usr/bin/env bash
ver=1.2.7
src=~/src/mac/polarssl-$ver
rm -rf polarssl-$ver polarssl-$ver.new
tar xfz $DL/polarssl-$ver-gpl.tgz
cp -a polarssl-$ver polarssl-$ver.new
cd polarssl-$ver.new
cp $src/include/polarssl/bn_mul.h include/polarssl/
cp $src/library/bignum.c library/
#cp $src/library/mpi_mul_hlp.c library/
#cp $src/library/CMakeLists.txt library/
cd ..
diff -uNr polarssl-$ver polarssl-$ver.new
deps/polarssl/unused/polarssl-const-ciphersuite.patch
Vendored
+37
View File
@@ -0,0 +1,37 @@
Make the ciphersuites array argument to ssl_set_ciphersuites const.
This should be done to assure callers that PolarSSL doesn't intend
to modify this array (which it apparently doesn't).
diff -ur polarssl-1.1.1/include/polarssl/ssl.h polarssl-1.1.1.new/include/polarssl/ssl.h
--- polarssl-1.1.1/include/polarssl/ssl.h 2012-01-23 02:57:38.000000000 -0700
+++ polarssl-1.1.1.new/include/polarssl/ssl.h 2012-03-14 02:46:30.315215130 -0600
@@ -306,7 +306,7 @@
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
int do_crypt; /*!< en(de)cryption flag */
- int *ciphersuites; /*!< allowed ciphersuites */
+ const int *ciphersuites; /*!< allowed ciphersuites */
size_t pmslen; /*!< premaster length */
unsigned int keylen; /*!< symmetric key length */
size_t minlen; /*!< min. ciphertext length */
@@ -495,7 +495,7 @@
* \param ssl SSL context
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites );
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
/**
* \brief Set the data required to verify peer certificate
diff -ur polarssl-1.1.1/library/ssl_tls.c polarssl-1.1.1.new/library/ssl_tls.c
--- polarssl-1.1.1/library/ssl_tls.c 2012-01-23 02:57:38.000000000 -0700
+++ polarssl-1.1.1.new/library/ssl_tls.c 2012-03-14 02:47:10.830001668 -0600
@@ -1838,7 +1838,7 @@
ssl->session = session;
}
-void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites )
+void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
{
ssl->ciphersuites = ciphersuites;
}
deps/polarssl/unused/polarssl-enum.patch
Vendored
+15
View File
@@ -0,0 +1,15 @@
This fixes an issue where the cipher.h header doesn't compile when included
by C++ code, as C++ is more strict than C about implicit enum casts.
diff -ur polarssl-1.1.1/include/polarssl/cipher.h /home/james/polarssl-1.1.1/include/polarssl/cipher.h
--- polarssl-1.1.1/include/polarssl/cipher.h 2011-11-15 08:38:45.000000000 -0700
+++ /home/james/polarssl-1.1.1/include/polarssl/cipher.h 2012-03-12 17:31:12.279631469 -0600
@@ -313,7 +313,7 @@
static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
- return 0;
+ return POLARSSL_CIPHER_NONE;
return ctx->cipher_info->type;
}
deps/polarssl/unused/polarssl-epki.patch
Vendored
+181
View File
@@ -0,0 +1,181 @@
This patch allows the caller to create a proxy object that can be used
in place of a private key. The proxy object must define sign and
decrypt methods. This functionality is similar to that provided by
POLARSSL_PKCS11_C except that it can accomodate any arbitrary
implementation of external private keys, not only that provided by
the PKCS#11 helper library.
This is necessary to allow PolarSSL to interact with certificate/key
stores on many different platforms that don't natively support
PKCS#11 such as Mac (uses Keychain API), Windows (uses CryptoAPI),
and Android (android.security.KeyChain).
In the basic usage model, the library is built with POLARSSL_PKCS11_C
and POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY. Doing this causes the
pkcs11_context object to become an interface to any arbitrary
external private key implementation that defines sign and decrypt
methods. Note that in this configuration, the PKCS#11 helper library
(libpkcs11-helper) is not used.
When POLARSSL_PKCS11_C is defined in the absence of
POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY, the pkcs11_context object
reverts to its previous implementation, where it becomes a
connector to a certificate/private-key context in the PKCS#11 helper
library.
diff -ur polarssl-1.1.1.orig/include/polarssl/config.h polarssl-1.1.1/include/polarssl/config.h
--- polarssl-1.1.1.orig/include/polarssl/config.h 2011-12-22 03:06:27.000000000 -0700
+++ polarssl-1.1.1/include/polarssl/config.h 2012-03-14 02:31:04.000000000 -0600
@@ -531,10 +531,26 @@
*
* This module is required for SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ * unless POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY is also defined.
+ *
#define POLARSSL_PKCS11_C
*/
/**
+ * \def POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
+ *
+ * Enable support for generic external private key implementations.
+ *
+ * Module: library/ssl_srv.c
+ * Caller: library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Requires: POLARSSL_PKCS11_C
+ *
+#define POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY
+ */
+
+/**
* \def POLARSSL_RSA_C
*
* Enable the RSA public-key cryptosystem.
diff -ur polarssl-1.1.1.orig/include/polarssl/pkcs11.h polarssl-1.1.1/include/polarssl/pkcs11.h
--- polarssl-1.1.1.orig/include/polarssl/pkcs11.h 2011-11-18 07:26:47.000000000 -0700
+++ polarssl-1.1.1/include/polarssl/pkcs11.h 2012-03-14 02:28:34.000000000 -0600
@@ -35,6 +35,95 @@
#include "x509.h"
+#if defined(POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY)
+
+/* inline preamble */
+#if defined(_MSC_VER) && !defined(inline)
+#define inline _inline
+#else
+#if defined(__ARMCC_VERSION) && !defined(inline)
+#define inline __inline
+#endif /* __ARMCC_VERSION */
+#endif /*_MSC_VER */
+
+/**
+ * This object is a reference to an external private key,
+ * and can be used in place of a concrete private key.
+ */
+typedef struct _pkcs11_context {
+ void *parameter; /** user-defined parameter */
+ int len; /** private key length in bytes */
+
+ /** user-defined decrypt method, see pkcs11_decrypt doc below */
+ int (*f_decrypt)( struct _pkcs11_context *ctx,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned int output_max_len );
+
+ /** user-defined sign method, see pkcs11_sign doc below */
+ int (*f_sign)( struct _pkcs11_context *ctx,
+ int mode,
+ int hash_id,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig );
+
+} pkcs11_context;
+
+/**
+ * \brief Do an RSA private key decrypt, then remove the message padding
+ *
+ * \param ctx PKCS #11 context
+ * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param input buffer holding the encrypted data
+ * \param output buffer that will hold the plaintext
+ * \param olen will contain the plaintext length
+ * \param output_max_len maximum length of the output buffer
+ *
+ * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The output buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ * an error is thrown.
+ */
+static inline int pkcs11_decrypt( pkcs11_context *ctx,
+ int mode, size_t *olen,
+ const unsigned char *input,
+ unsigned char *output,
+ unsigned int output_max_len )
+{
+ return (*ctx->f_decrypt)(ctx, mode, olen, input, output, output_max_len);
+}
+
+/**
+ * \brief Do a private RSA to sign a message digest
+ *
+ * \param ctx PKCS #11 context
+ * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
+ * \param hashlen message digest length (for SIG_RSA_RAW only)
+ * \param hash buffer holding the message digest
+ * \param sig buffer that will hold the ciphertext
+ *
+ * \return 0 if the signing operation was successful,
+ * or an POLARSSL_ERR_RSA_XXX error code
+ *
+ * \note The "sig" buffer must be as large as the size
+ * of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+static inline int pkcs11_sign( pkcs11_context *ctx,
+ int mode,
+ int hash_id,
+ unsigned int hashlen,
+ const unsigned char *hash,
+ unsigned char *sig )
+{
+ return (*ctx->f_sign)(ctx, mode, hash_id, hashlen, hash, sig);
+}
+
+#else
+
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
/**
@@ -121,6 +210,8 @@
const unsigned char *hash,
unsigned char *sig );
+#endif /* POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY */
+
#endif /* POLARSSL_PKCS11_C */
#endif /* POLARSSL_PKCS11_H */
diff -ur polarssl-1.1.1.orig/library/pkcs11.c polarssl-1.1.1/library/pkcs11.c
--- polarssl-1.1.1.orig/library/pkcs11.c 2011-04-24 02:57:21.000000000 -0600
+++ polarssl-1.1.1/library/pkcs11.c 2012-03-14 02:28:22.000000000 -0600
@@ -29,7 +29,7 @@
#include "polarssl/pkcs11.h"
-#if defined(POLARSSL_PKCS11_C)
+#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY)
#include <stdlib.h>
@@ -235,4 +235,4 @@
return( 0 );
}
-#endif /* defined(POLARSSL_PKCS11_C) */
+#endif /* defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_GENERIC_EXTERNAL_PRIVATE_KEY) */
deps/polarssl/unused/polarssl-invalid-mac.patch
Vendored
+12
View File
@@ -0,0 +1,12 @@
diff -ur polarssl-1.1.3/library/ssl_tls.c polarssl-1.1.3.jy/library/ssl_tls.c
--- polarssl-1.1.3/library/ssl_tls.c 2012-04-20 07:33:14.000000000 -0600
+++ polarssl-1.1.3.jy/library/ssl_tls.c 2012-05-29 09:12:11.687371794 -0600
@@ -785,7 +785,7 @@
/*
* Always compute the MAC (RFC4346, CBCTIME).
*/
- if( ssl->in_msglen <= ssl->maclen + padlen )
+ if( ssl->in_msglen < ssl->maclen + padlen )
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
ssl->in_msglen, ssl->maclen, padlen ) );
deps/polarssl/unused/trustex.patch
Vendored
+44
View File
@@ -0,0 +1,44 @@
Patch to 1.1.4 to allow X509 v3 trust extensions.
--------------------------------------------------
Index: x509parse.c
===================================================================
--- x509parse.c (revision 1322)
+++ x509parse.c (working copy)
@@ -1134,7 +1134,7 @@
{
int ret;
size_t len;
- unsigned char *p, *end;
+ unsigned char *p, *end, *crt_end;
/*
* Check for valid input
@@ -1168,13 +1168,14 @@
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
}
- if( len != (size_t) ( end - p ) )
+ if( len > (size_t) ( end - p ) )
{
x509_free( crt );
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
-
+ crt_end = p + len;
+
/*
* TBSCertificate ::= SEQUENCE {
*/
@@ -1344,7 +1345,7 @@
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
- end = crt->raw.p + crt->raw.len;
+ end = crt_end;
/*
* signatureAlgorithm AlgorithmIdentifier,
----------------------------------------------------
End of patch file
deps/snappy/build-snappy
Vendored Executable
+66
View File
@@ -0,0 +1,66 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
[ -z "$DL" ] && DL=~/Downloads
# source vars
. $O3/core/vars/vars-${TARGET}
. $O3/core/deps/lib-versions
[ "$GCC_CMD" ] && export CC=$GCC_CMD
[ "$GPP_CMD" ] && export CXX=$GPP_CMD
[ "$LD_CMD" ] && export LD=$LD_CMD
[ "$AR_CMD" ] && export AR=$AR_CMD
[ "$RANLIB_CMD" ] && export RANLIB=$RANLIB_CMD
case $PLATFORM in
android*)
echo PLATFORM android
host=arm
target=arm
;;
ios*)
echo PLATFORM ios
host="x86_64-apple-darwin"
target=arm
;;
*)
host=""
target=""
;;
esac
if [ "$target" ]; then
targ_opt="--target=$target"
fi
if [ "$host" ]; then
host_opt="--host=$host"
fi
if [ "$NO_WIPE" != "1" ]; then
rm -rf $SNAPPY_VERSION
tar xfz $DL/$SNAPPY_VERSION.tar.gz
fi
DIST=$(pwd)/snappy/snappy-$PLATFORM
rm -rf $DIST
mkdir -p $DIST
cd $SNAPPY_VERSION
echo 'OPTIONS' CC=$CC LD=$LD AR=$AR RANLIB=$RANLIB host_opt=$host_opt targ_opt=$targ_opt
export CFLAGS="$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC"
echo 'CFLAGS' $CFLAGS
export CXXFLAGS="$CFLAGS $CXX_COMPILER_FLAGS"
./configure --prefix=$DIST $host_opt $targ_opt --enable-static --disable-shared
make
make install
exit 0