PolarSSL: adapt Dolphin to new version
- strip down PolarSSL's CMakeLists.txt - switch to the PolarSSL 1.3 API - use entropy interface instead of havege (PolarSSL 1.3 has disabled havege by default because it is "considered unsafe for primary usage") - add VS2013 .vcxproj file
This commit is contained in:
parent
d025d63fd6
commit
33beaf20f3
|
@ -31,23 +31,23 @@ if (POLARSSL_FOUND)
|
||||||
check_cxx_source_compiles("
|
check_cxx_source_compiles("
|
||||||
#include <polarssl/net.h>
|
#include <polarssl/net.h>
|
||||||
#include <polarssl/ssl.h>
|
#include <polarssl/ssl.h>
|
||||||
#include <polarssl/havege.h>
|
#include <polarssl/entropy.h>
|
||||||
int main()
|
int main()
|
||||||
{
|
{
|
||||||
ssl_context ctx;
|
ssl_context ctx;
|
||||||
ssl_session session;
|
ssl_session session;
|
||||||
havege_state hs;
|
entropy_context entropy;
|
||||||
|
|
||||||
ssl_init(&ctx);
|
ssl_init(&ctx);
|
||||||
havege_init(&hs);
|
entropy_init(&entropy);
|
||||||
ssl_set_rng(&ctx, havege_random, &hs);
|
ssl_set_rng(&ctx, entropy_func, &entropy);
|
||||||
ssl_set_session(&ctx, &session);
|
ssl_set_session(&ctx, &session);
|
||||||
|
|
||||||
ssl_close_notify(&ctx);
|
ssl_close_notify(&ctx);
|
||||||
ssl_session_free(&session);
|
ssl_session_free(&session);
|
||||||
ssl_free(&ctx);
|
ssl_free(&ctx);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}"
|
}"
|
||||||
POLARSSL_WORKS)
|
POLARSSL_WORKS)
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
cmake_minimum_required(VERSION 2.6)
|
cmake_minimum_required(VERSION 2.6)
|
||||||
project(POLARSSL C)
|
project(POLARSSL C)
|
||||||
|
|
||||||
enable_testing()
|
|
||||||
|
|
||||||
string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}")
|
string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}")
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_GNUCC)
|
if(CMAKE_COMPILER_IS_GNUCC)
|
||||||
|
@ -48,23 +46,3 @@ if(ENABLE_ZLIB_SUPPORT)
|
||||||
endif(ENABLE_ZLIB_SUPPORT)
|
endif(ENABLE_ZLIB_SUPPORT)
|
||||||
|
|
||||||
add_subdirectory(library)
|
add_subdirectory(library)
|
||||||
add_subdirectory(include)
|
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_GNUCC)
|
|
||||||
add_subdirectory(tests)
|
|
||||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
|
||||||
if(CMAKE_COMPILER_IS_CLANG)
|
|
||||||
add_subdirectory(tests)
|
|
||||||
endif(CMAKE_COMPILER_IS_CLANG)
|
|
||||||
|
|
||||||
add_subdirectory(programs)
|
|
||||||
|
|
||||||
ADD_CUSTOM_TARGET(apidoc
|
|
||||||
COMMAND doxygen doxygen/polarssl.doxyfile
|
|
||||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
|
||||||
|
|
||||||
ADD_CUSTOM_TARGET(memcheck
|
|
||||||
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
|
|
||||||
COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
|
|
||||||
COMMAND rm -f memcheck.log
|
|
||||||
)
|
|
||||||
|
|
|
@ -0,0 +1,117 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|x64">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
</ItemGroup>
|
||||||
|
<PropertyGroup Label="Globals">
|
||||||
|
<ProjectGuid>{BDB6578B-0691-4E80-A46C-DF21639FD3B8}</ProjectGuid>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
|
<PropertyGroup Label="Configuration">
|
||||||
|
<ConfigurationType>StaticLibrary</ConfigurationType>
|
||||||
|
<PlatformToolset>v120</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)'=='Release'" Label="Configuration">
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
|
<ImportGroup Label="ExtensionSettings">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
<Import Project="..\..\..\Source\VSProps\Base.props" />
|
||||||
|
</ImportGroup>
|
||||||
|
<PropertyGroup Label="UserMacros" />
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="..\library\aes.c" />
|
||||||
|
<ClCompile Include="..\library\aesni.c" />
|
||||||
|
<ClCompile Include="..\library\arc4.c" />
|
||||||
|
<ClCompile Include="..\library\asn1parse.c" />
|
||||||
|
<ClCompile Include="..\library\asn1write.c" />
|
||||||
|
<ClCompile Include="..\library\base64.c" />
|
||||||
|
<ClCompile Include="..\library\bignum.c" />
|
||||||
|
<ClCompile Include="..\library\blowfish.c" />
|
||||||
|
<ClCompile Include="..\library\camellia.c" />
|
||||||
|
<ClCompile Include="..\library\certs.c" />
|
||||||
|
<ClCompile Include="..\library\cipher.c" />
|
||||||
|
<ClCompile Include="..\library\cipher_wrap.c" />
|
||||||
|
<ClCompile Include="..\library\ctr_drbg.c" />
|
||||||
|
<ClCompile Include="..\library\debug.c" />
|
||||||
|
<ClCompile Include="..\library\des.c" />
|
||||||
|
<ClCompile Include="..\library\dhm.c" />
|
||||||
|
<ClCompile Include="..\library\ecdh.c" />
|
||||||
|
<ClCompile Include="..\library\ecdsa.c" />
|
||||||
|
<ClCompile Include="..\library\ecp.c" />
|
||||||
|
<ClCompile Include="..\library\ecp_curves.c" />
|
||||||
|
<ClCompile Include="..\library\entropy.c" />
|
||||||
|
<ClCompile Include="..\library\entropy_poll.c" />
|
||||||
|
<ClCompile Include="..\library\error.c" />
|
||||||
|
<ClCompile Include="..\library\gcm.c" />
|
||||||
|
<ClCompile Include="..\library\havege.c" />
|
||||||
|
<ClCompile Include="..\library\md.c" />
|
||||||
|
<ClCompile Include="..\library\md2.c" />
|
||||||
|
<ClCompile Include="..\library\md4.c" />
|
||||||
|
<ClCompile Include="..\library\md5.c" />
|
||||||
|
<ClCompile Include="..\library\md_wrap.c" />
|
||||||
|
<ClCompile Include="..\library\memory.c" />
|
||||||
|
<ClCompile Include="..\library\memory_buffer_alloc.c" />
|
||||||
|
<ClCompile Include="..\library\net.c" />
|
||||||
|
<ClCompile Include="..\library\oid.c" />
|
||||||
|
<ClCompile Include="..\library\padlock.c" />
|
||||||
|
<ClCompile Include="..\library\pbkdf2.c" />
|
||||||
|
<ClCompile Include="..\library\pem.c" />
|
||||||
|
<ClCompile Include="..\library\pk.c" />
|
||||||
|
<ClCompile Include="..\library\pk_wrap.c" />
|
||||||
|
<ClCompile Include="..\library\pkcs11.c" />
|
||||||
|
<ClCompile Include="..\library\pkcs12.c" />
|
||||||
|
<ClCompile Include="..\library\pkcs5.c" />
|
||||||
|
<ClCompile Include="..\library\pkparse.c" />
|
||||||
|
<ClCompile Include="..\library\pkwrite.c" />
|
||||||
|
<ClCompile Include="..\library\ripemd160.c" />
|
||||||
|
<ClCompile Include="..\library\rsa.c" />
|
||||||
|
<ClCompile Include="..\library\sha1.c" />
|
||||||
|
<ClCompile Include="..\library\sha256.c" />
|
||||||
|
<ClCompile Include="..\library\sha512.c" />
|
||||||
|
<ClCompile Include="..\library\ssl_cache.c" />
|
||||||
|
<ClCompile Include="..\library\ssl_ciphersuites.c" />
|
||||||
|
<ClCompile Include="..\library\ssl_cli.c" />
|
||||||
|
<ClCompile Include="..\library\ssl_srv.c" />
|
||||||
|
<ClCompile Include="..\library\ssl_tls.c" />
|
||||||
|
<ClCompile Include="..\library\threading.c" />
|
||||||
|
<ClCompile Include="..\library\timing.c" />
|
||||||
|
<ClCompile Include="..\library\version.c" />
|
||||||
|
<ClCompile Include="..\library\x509.c" />
|
||||||
|
<ClCompile Include="..\library\x509_create.c" />
|
||||||
|
<ClCompile Include="..\library\x509_crl.c" />
|
||||||
|
<ClCompile Include="..\library\x509_crt.c" />
|
||||||
|
<ClCompile Include="..\library\x509_csr.c" />
|
||||||
|
<ClCompile Include="..\library\x509write_crt.c" />
|
||||||
|
<ClCompile Include="..\library\x509write_csr.c" />
|
||||||
|
<ClCompile Include="..\library\xtea.c" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<Text Include="..\library\CMakeLists.txt" />
|
||||||
|
</ItemGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
</ImportGroup>
|
||||||
|
</Project>
|
|
@ -28,12 +28,12 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
|
||||||
ssl_session_free(&_SSL[i].session);
|
ssl_session_free(&_SSL[i].session);
|
||||||
ssl_free(&_SSL[i].ctx);
|
ssl_free(&_SSL[i].ctx);
|
||||||
|
|
||||||
x509_free(&_SSL[i].cacert);
|
x509_crt_free(&_SSL[i].cacert);
|
||||||
x509_free(&_SSL[i].clicert);
|
x509_crt_free(&_SSL[i].clicert);
|
||||||
|
|
||||||
memset(&_SSL[i].ctx, 0, sizeof(ssl_context));
|
memset(&_SSL[i].ctx, 0, sizeof(ssl_context));
|
||||||
memset(&_SSL[i].session, 0, sizeof(ssl_session));
|
memset(&_SSL[i].session, 0, sizeof(ssl_session));
|
||||||
memset(&_SSL[i].hs, 0, sizeof(havege_state));
|
memset(&_SSL[i].entropy, 0, sizeof(entropy_context));
|
||||||
memset(_SSL[i].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
|
memset(_SSL[i].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
|
||||||
|
|
||||||
_SSL[i].active = false;
|
_SSL[i].active = false;
|
||||||
|
@ -147,13 +147,12 @@ bool CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
|
||||||
goto _SSL_NEW_ERROR;
|
goto _SSL_NEW_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
havege_init(&_SSL[sslID].hs);
|
entropy_init(&_SSL[sslID].entropy);
|
||||||
ssl_set_rng(&_SSL[sslID].ctx, havege_random, &_SSL[sslID].hs);
|
ssl_set_rng(&_SSL[sslID].ctx, entropy_func, &_SSL[sslID].entropy);
|
||||||
|
|
||||||
// For some reason we can't use TLSv1.2, v1.1 and below are fine!
|
// For some reason we can't use TLSv1.2, v1.1 and below are fine!
|
||||||
ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2);
|
ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2);
|
||||||
|
|
||||||
ssl_set_ciphersuites(&_SSL[sslID].ctx, ssl_default_ciphersuites);
|
|
||||||
ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session);
|
ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session);
|
||||||
|
|
||||||
ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT);
|
ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT);
|
||||||
|
@ -192,12 +191,12 @@ _SSL_NEW_ERROR:
|
||||||
ssl_session_free(&_SSL[sslID].session);
|
ssl_session_free(&_SSL[sslID].session);
|
||||||
ssl_free(&_SSL[sslID].ctx);
|
ssl_free(&_SSL[sslID].ctx);
|
||||||
|
|
||||||
x509_free(&_SSL[sslID].cacert);
|
x509_crt_free(&_SSL[sslID].cacert);
|
||||||
x509_free(&_SSL[sslID].clicert);
|
x509_crt_free(&_SSL[sslID].clicert);
|
||||||
|
|
||||||
memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context));
|
memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context));
|
||||||
memset(&_SSL[sslID].session, 0, sizeof(ssl_session));
|
memset(&_SSL[sslID].session, 0, sizeof(ssl_session));
|
||||||
memset(&_SSL[sslID].hs, 0, sizeof(havege_state));
|
memset(&_SSL[sslID].entropy, 0, sizeof(entropy_context));
|
||||||
memset(_SSL[sslID].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
|
memset(_SSL[sslID].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
|
||||||
|
|
||||||
_SSL[sslID].active = false;
|
_SSL[sslID].active = false;
|
||||||
|
@ -231,7 +230,7 @@ _SSL_NEW_ERROR:
|
||||||
int sslID = Memory::Read_U32(BufferOut) - 1;
|
int sslID = Memory::Read_U32(BufferOut) - 1;
|
||||||
if (SSLID_VALID(sslID))
|
if (SSLID_VALID(sslID))
|
||||||
{
|
{
|
||||||
int ret = x509parse_crt_der(
|
int ret = x509_crt_parse_der(
|
||||||
&_SSL[sslID].cacert,
|
&_SSL[sslID].cacert,
|
||||||
Memory::GetPointer(BufferOut2),
|
Memory::GetPointer(BufferOut2),
|
||||||
BufferOutSize2);
|
BufferOutSize2);
|
||||||
|
@ -268,23 +267,23 @@ _SSL_NEW_ERROR:
|
||||||
if (SSLID_VALID(sslID))
|
if (SSLID_VALID(sslID))
|
||||||
{
|
{
|
||||||
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
|
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
|
||||||
int ret = x509parse_crtfile(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str());
|
int ret = x509_crt_parse_file(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str());
|
||||||
int rsa_ret = x509parse_keyfile(&_SSL[sslID].rsa, (cert_base_path + "clientcakey.pem").c_str(), NULL);
|
int pk_ret = pk_parse_keyfile(&_SSL[sslID].pk, (cert_base_path + "clientcakey.pem").c_str(), NULL);
|
||||||
if (ret || rsa_ret)
|
if (ret || pk_ret)
|
||||||
{
|
{
|
||||||
x509_free(&_SSL[sslID].clicert);
|
x509_crt_free(&_SSL[sslID].clicert);
|
||||||
rsa_free(&_SSL[sslID].rsa);
|
pk_free(&_SSL[sslID].pk);
|
||||||
memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert));
|
memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
|
||||||
memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context));
|
memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
|
||||||
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
|
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].rsa);
|
ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].pk);
|
||||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||||
}
|
}
|
||||||
|
|
||||||
INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, rsa_ret);
|
INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, pk_ret);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -306,10 +305,10 @@ _SSL_NEW_ERROR:
|
||||||
int sslID = Memory::Read_U32(BufferOut) - 1;
|
int sslID = Memory::Read_U32(BufferOut) - 1;
|
||||||
if (SSLID_VALID(sslID))
|
if (SSLID_VALID(sslID))
|
||||||
{
|
{
|
||||||
x509_free(&_SSL[sslID].clicert);
|
x509_crt_free(&_SSL[sslID].clicert);
|
||||||
rsa_free(&_SSL[sslID].rsa);
|
pk_free(&_SSL[sslID].pk);
|
||||||
memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert));
|
memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
|
||||||
memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context));
|
memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
|
||||||
|
|
||||||
ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL);
|
ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL);
|
||||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||||
|
@ -328,10 +327,10 @@ _SSL_NEW_ERROR:
|
||||||
{
|
{
|
||||||
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
|
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
|
||||||
|
|
||||||
int ret = x509parse_crtfile(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str());
|
int ret = x509_crt_parse_file(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str());
|
||||||
if (ret)
|
if (ret)
|
||||||
{
|
{
|
||||||
x509_free(&_SSL[sslID].clicert);
|
x509_crt_free(&_SSL[sslID].clicert);
|
||||||
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
|
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <polarssl/havege.h>
|
#include <polarssl/entropy.h>
|
||||||
#include <polarssl/net.h>
|
#include <polarssl/net.h>
|
||||||
#include <polarssl/ssl.h>
|
#include <polarssl/ssl.h>
|
||||||
|
|
||||||
|
@ -57,10 +57,10 @@ typedef struct
|
||||||
{
|
{
|
||||||
ssl_context ctx;
|
ssl_context ctx;
|
||||||
ssl_session session;
|
ssl_session session;
|
||||||
havege_state hs;
|
entropy_context entropy;
|
||||||
x509_cert cacert;
|
x509_crt cacert;
|
||||||
x509_cert clicert;
|
x509_crt clicert;
|
||||||
rsa_context rsa;
|
pk_context pk;
|
||||||
int sockfd;
|
int sockfd;
|
||||||
char hostname[NET_SSL_MAX_HOSTNAME_LEN];
|
char hostname[NET_SSL_MAX_HOSTNAME_LEN];
|
||||||
bool active;
|
bool active;
|
||||||
|
|
Loading…
Reference in New Issue