From 33beaf20f3c511bf2c6b751366b38b3eb023aad7 Mon Sep 17 00:00:00 2001
From: Tillmann Karras <tilkax@gmail.com>
Date: Mon, 24 Feb 2014 16:08:43 +0100
Subject: [PATCH] PolarSSL: adapt Dolphin to new version

- strip down PolarSSL's CMakeLists.txt
- switch to the PolarSSL 1.3 API
- use entropy interface instead of havege (PolarSSL 1.3 has disabled
  havege by default because it is "considered unsafe for primary usage")
- add VS2013 .vcxproj file
---
 CMakeTests/FindPolarSSL.cmake                 |  24 ++--
 Externals/polarssl/CMakeLists.txt             |  22 ----
 Externals/polarssl/visualc/PolarSSL.vcxproj   | 117 ++++++++++++++++++
 .../IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp    |  49 ++++----
 .../Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h |  10 +-
 5 files changed, 158 insertions(+), 64 deletions(-)
 create mode 100644 Externals/polarssl/visualc/PolarSSL.vcxproj

diff --git a/CMakeTests/FindPolarSSL.cmake b/CMakeTests/FindPolarSSL.cmake
index be67c5613a..c55b2bb958 100644
--- a/CMakeTests/FindPolarSSL.cmake
+++ b/CMakeTests/FindPolarSSL.cmake
@@ -31,23 +31,23 @@ if (POLARSSL_FOUND)
 	check_cxx_source_compiles("
 	#include <polarssl/net.h>
 	#include <polarssl/ssl.h>
-	#include <polarssl/havege.h>
+	#include <polarssl/entropy.h>
 	int main()
 	{
-	ssl_context ctx;
-	ssl_session session;
-	havege_state hs;
+		ssl_context ctx;
+		ssl_session session;
+		entropy_context entropy;
 
-	ssl_init(&ctx);
-	havege_init(&hs);
-	ssl_set_rng(&ctx, havege_random, &hs);
-	ssl_set_session(&ctx, &session);
+		ssl_init(&ctx);
+		entropy_init(&entropy);
+		ssl_set_rng(&ctx, entropy_func, &entropy);
+		ssl_set_session(&ctx, &session);
 
-	ssl_close_notify(&ctx);
-	ssl_session_free(&session);
-	ssl_free(&ctx);
+		ssl_close_notify(&ctx);
+		ssl_session_free(&session);
+		ssl_free(&ctx);
 
-	return 0;
+		return 0;
 	}"
 	POLARSSL_WORKS)
 
diff --git a/Externals/polarssl/CMakeLists.txt b/Externals/polarssl/CMakeLists.txt
index 558aedf751..198db72eb0 100644
--- a/Externals/polarssl/CMakeLists.txt
+++ b/Externals/polarssl/CMakeLists.txt
@@ -1,8 +1,6 @@
 cmake_minimum_required(VERSION 2.6)
 project(POLARSSL C)
 
-enable_testing()
-
 string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}")
 
 if(CMAKE_COMPILER_IS_GNUCC)
@@ -48,23 +46,3 @@ if(ENABLE_ZLIB_SUPPORT)
 endif(ENABLE_ZLIB_SUPPORT)
 
 add_subdirectory(library)
-add_subdirectory(include)
-
-if(CMAKE_COMPILER_IS_GNUCC)
-  add_subdirectory(tests)
-endif(CMAKE_COMPILER_IS_GNUCC)
-if(CMAKE_COMPILER_IS_CLANG)
-  add_subdirectory(tests)
-endif(CMAKE_COMPILER_IS_CLANG)
-
-add_subdirectory(programs)
-
-ADD_CUSTOM_TARGET(apidoc
-                  COMMAND doxygen doxygen/polarssl.doxyfile
-                  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
-
-ADD_CUSTOM_TARGET(memcheck
-    COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
-    COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
-    COMMAND rm -f memcheck.log
-    )
diff --git a/Externals/polarssl/visualc/PolarSSL.vcxproj b/Externals/polarssl/visualc/PolarSSL.vcxproj
new file mode 100644
index 0000000000..ff32a513f7
--- /dev/null
+++ b/Externals/polarssl/visualc/PolarSSL.vcxproj
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{BDB6578B-0691-4E80-A46C-DF21639FD3B8}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)'=='Release'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="..\..\..\Source\VSProps\Base.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <ItemGroup>
+    <ClCompile Include="..\library\aes.c" />
+    <ClCompile Include="..\library\aesni.c" />
+    <ClCompile Include="..\library\arc4.c" />
+    <ClCompile Include="..\library\asn1parse.c" />
+    <ClCompile Include="..\library\asn1write.c" />
+    <ClCompile Include="..\library\base64.c" />
+    <ClCompile Include="..\library\bignum.c" />
+    <ClCompile Include="..\library\blowfish.c" />
+    <ClCompile Include="..\library\camellia.c" />
+    <ClCompile Include="..\library\certs.c" />
+    <ClCompile Include="..\library\cipher.c" />
+    <ClCompile Include="..\library\cipher_wrap.c" />
+    <ClCompile Include="..\library\ctr_drbg.c" />
+    <ClCompile Include="..\library\debug.c" />
+    <ClCompile Include="..\library\des.c" />
+    <ClCompile Include="..\library\dhm.c" />
+    <ClCompile Include="..\library\ecdh.c" />
+    <ClCompile Include="..\library\ecdsa.c" />
+    <ClCompile Include="..\library\ecp.c" />
+    <ClCompile Include="..\library\ecp_curves.c" />
+    <ClCompile Include="..\library\entropy.c" />
+    <ClCompile Include="..\library\entropy_poll.c" />
+    <ClCompile Include="..\library\error.c" />
+    <ClCompile Include="..\library\gcm.c" />
+    <ClCompile Include="..\library\havege.c" />
+    <ClCompile Include="..\library\md.c" />
+    <ClCompile Include="..\library\md2.c" />
+    <ClCompile Include="..\library\md4.c" />
+    <ClCompile Include="..\library\md5.c" />
+    <ClCompile Include="..\library\md_wrap.c" />
+    <ClCompile Include="..\library\memory.c" />
+    <ClCompile Include="..\library\memory_buffer_alloc.c" />
+    <ClCompile Include="..\library\net.c" />
+    <ClCompile Include="..\library\oid.c" />
+    <ClCompile Include="..\library\padlock.c" />
+    <ClCompile Include="..\library\pbkdf2.c" />
+    <ClCompile Include="..\library\pem.c" />
+    <ClCompile Include="..\library\pk.c" />
+    <ClCompile Include="..\library\pk_wrap.c" />
+    <ClCompile Include="..\library\pkcs11.c" />
+    <ClCompile Include="..\library\pkcs12.c" />
+    <ClCompile Include="..\library\pkcs5.c" />
+    <ClCompile Include="..\library\pkparse.c" />
+    <ClCompile Include="..\library\pkwrite.c" />
+    <ClCompile Include="..\library\ripemd160.c" />
+    <ClCompile Include="..\library\rsa.c" />
+    <ClCompile Include="..\library\sha1.c" />
+    <ClCompile Include="..\library\sha256.c" />
+    <ClCompile Include="..\library\sha512.c" />
+    <ClCompile Include="..\library\ssl_cache.c" />
+    <ClCompile Include="..\library\ssl_ciphersuites.c" />
+    <ClCompile Include="..\library\ssl_cli.c" />
+    <ClCompile Include="..\library\ssl_srv.c" />
+    <ClCompile Include="..\library\ssl_tls.c" />
+    <ClCompile Include="..\library\threading.c" />
+    <ClCompile Include="..\library\timing.c" />
+    <ClCompile Include="..\library\version.c" />
+    <ClCompile Include="..\library\x509.c" />
+    <ClCompile Include="..\library\x509_create.c" />
+    <ClCompile Include="..\library\x509_crl.c" />
+    <ClCompile Include="..\library\x509_crt.c" />
+    <ClCompile Include="..\library\x509_csr.c" />
+    <ClCompile Include="..\library\x509write_crt.c" />
+    <ClCompile Include="..\library\x509write_csr.c" />
+    <ClCompile Include="..\library\xtea.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="..\library\CMakeLists.txt" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
index ba92259cb1..f25972ba51 100644
--- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
+++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
@@ -28,12 +28,12 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
 			ssl_session_free(&_SSL[i].session);
 			ssl_free(&_SSL[i].ctx);
 
-			x509_free(&_SSL[i].cacert);
-			x509_free(&_SSL[i].clicert);
+			x509_crt_free(&_SSL[i].cacert);
+			x509_crt_free(&_SSL[i].clicert);
 
 			memset(&_SSL[i].ctx, 0, sizeof(ssl_context));
 			memset(&_SSL[i].session, 0, sizeof(ssl_session));
-			memset(&_SSL[i].hs, 0, sizeof(havege_state));
+			memset(&_SSL[i].entropy, 0, sizeof(entropy_context));
 			memset(_SSL[i].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
 
 			_SSL[i].active = false;
@@ -147,13 +147,12 @@ bool CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
 				goto _SSL_NEW_ERROR;
 			}
 
-			havege_init(&_SSL[sslID].hs);
-			ssl_set_rng(&_SSL[sslID].ctx, havege_random, &_SSL[sslID].hs);
+			entropy_init(&_SSL[sslID].entropy);
+			ssl_set_rng(&_SSL[sslID].ctx, entropy_func, &_SSL[sslID].entropy);
 
 			// For some reason we can't use TLSv1.2, v1.1 and below are fine!
 			ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2);
 
-			ssl_set_ciphersuites(&_SSL[sslID].ctx, ssl_default_ciphersuites);
 			ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session);
 
 			ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT);
@@ -192,12 +191,12 @@ _SSL_NEW_ERROR:
 			ssl_session_free(&_SSL[sslID].session);
 			ssl_free(&_SSL[sslID].ctx);
 
-			x509_free(&_SSL[sslID].cacert);
-			x509_free(&_SSL[sslID].clicert);
+			x509_crt_free(&_SSL[sslID].cacert);
+			x509_crt_free(&_SSL[sslID].clicert);
 
 			memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context));
 			memset(&_SSL[sslID].session, 0, sizeof(ssl_session));
-			memset(&_SSL[sslID].hs, 0, sizeof(havege_state));
+			memset(&_SSL[sslID].entropy, 0, sizeof(entropy_context));
 			memset(_SSL[sslID].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
 
 			_SSL[sslID].active = false;
@@ -231,7 +230,7 @@ _SSL_NEW_ERROR:
 		int sslID = Memory::Read_U32(BufferOut) - 1;
 		if (SSLID_VALID(sslID))
 		{
-			int ret = x509parse_crt_der(
+			int ret = x509_crt_parse_der(
 				&_SSL[sslID].cacert,
 				Memory::GetPointer(BufferOut2),
 				BufferOutSize2);
@@ -268,23 +267,23 @@ _SSL_NEW_ERROR:
 		if (SSLID_VALID(sslID))
 		{
 			std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
-			int ret = x509parse_crtfile(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str());
-			int rsa_ret = x509parse_keyfile(&_SSL[sslID].rsa, (cert_base_path + "clientcakey.pem").c_str(), NULL);
-			if (ret || rsa_ret)
+			int ret = x509_crt_parse_file(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str());
+			int pk_ret = pk_parse_keyfile(&_SSL[sslID].pk, (cert_base_path + "clientcakey.pem").c_str(), NULL);
+			if (ret || pk_ret)
 			{
-				x509_free(&_SSL[sslID].clicert);
-				rsa_free(&_SSL[sslID].rsa);
-				memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert));
-				memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context));
+				x509_crt_free(&_SSL[sslID].clicert);
+				pk_free(&_SSL[sslID].pk);
+				memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
+				memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
 				Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
 			}
 			else
 			{
-				ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].rsa);
+				ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].pk);
 				Memory::Write_U32(SSL_OK, _BufferIn);
 			}
 
-			INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, rsa_ret);
+			INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, pk_ret);
 		}
 		else
 		{
@@ -306,10 +305,10 @@ _SSL_NEW_ERROR:
 		int sslID = Memory::Read_U32(BufferOut) - 1;
 		if (SSLID_VALID(sslID))
 		{
-			x509_free(&_SSL[sslID].clicert);
-			rsa_free(&_SSL[sslID].rsa);
-			memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert));
-			memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context));
+			x509_crt_free(&_SSL[sslID].clicert);
+			pk_free(&_SSL[sslID].pk);
+			memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
+			memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
 
 			ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL);
 			Memory::Write_U32(SSL_OK, _BufferIn);
@@ -328,10 +327,10 @@ _SSL_NEW_ERROR:
 		{
 			std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
 
-			int ret = x509parse_crtfile(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str());
+			int ret = x509_crt_parse_file(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str());
 			if (ret)
 			{
-				x509_free(&_SSL[sslID].clicert);
+				x509_crt_free(&_SSL[sslID].clicert);
 				Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
 			}
 			else
diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h
index 80e87eafba..145a49e955 100644
--- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h
+++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h
@@ -4,7 +4,7 @@
 
 #pragma once
 
-#include <polarssl/havege.h>
+#include <polarssl/entropy.h>
 #include <polarssl/net.h>
 #include <polarssl/ssl.h>
 
@@ -57,10 +57,10 @@ typedef struct
 {
 	ssl_context ctx;
 	ssl_session session;
-	havege_state hs;
-	x509_cert cacert;
-	x509_cert clicert;
-	rsa_context rsa;
+	entropy_context entropy;
+	x509_crt cacert;
+	x509_crt clicert;
+	pk_context pk;
 	int sockfd;
 	char hostname[NET_SSL_MAX_HOSTNAME_LEN];
 	bool active;