PolarSSL: adapt Dolphin to new version

- strip down PolarSSL's CMakeLists.txt
- switch to the PolarSSL 1.3 API
- use entropy interface instead of havege (PolarSSL 1.3 has disabled
  havege by default because it is "considered unsafe for primary usage")
- add VS2013 .vcxproj file
This commit is contained in:
Tillmann Karras 2014-02-24 16:08:43 +01:00
parent d025d63fd6
commit 33beaf20f3
5 changed files with 158 additions and 64 deletions

View File

@ -31,16 +31,16 @@ if (POLARSSL_FOUND)
check_cxx_source_compiles(" check_cxx_source_compiles("
#include <polarssl/net.h> #include <polarssl/net.h>
#include <polarssl/ssl.h> #include <polarssl/ssl.h>
#include <polarssl/havege.h> #include <polarssl/entropy.h>
int main() int main()
{ {
ssl_context ctx; ssl_context ctx;
ssl_session session; ssl_session session;
havege_state hs; entropy_context entropy;
ssl_init(&ctx); ssl_init(&ctx);
havege_init(&hs); entropy_init(&entropy);
ssl_set_rng(&ctx, havege_random, &hs); ssl_set_rng(&ctx, entropy_func, &entropy);
ssl_set_session(&ctx, &session); ssl_set_session(&ctx, &session);
ssl_close_notify(&ctx); ssl_close_notify(&ctx);

View File

@ -1,8 +1,6 @@
cmake_minimum_required(VERSION 2.6) cmake_minimum_required(VERSION 2.6)
project(POLARSSL C) project(POLARSSL C)
enable_testing()
string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}") string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}")
if(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_GNUCC)
@ -48,23 +46,3 @@ if(ENABLE_ZLIB_SUPPORT)
endif(ENABLE_ZLIB_SUPPORT) endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library) add_subdirectory(library)
add_subdirectory(include)
if(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_CLANG)
add_subdirectory(programs)
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen doxygen/polarssl.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
ADD_CUSTOM_TARGET(memcheck
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
COMMAND rm -f memcheck.log
)

View File

@ -0,0 +1,117 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{BDB6578B-0691-4E80-A46C-DF21639FD3B8}</ProjectGuid>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<PlatformToolset>v120</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
<UseDebugLibraries>true</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'" Label="Configuration">
<UseDebugLibraries>false</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\..\..\Source\VSProps\Base.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<ItemGroup>
<ClCompile Include="..\library\aes.c" />
<ClCompile Include="..\library\aesni.c" />
<ClCompile Include="..\library\arc4.c" />
<ClCompile Include="..\library\asn1parse.c" />
<ClCompile Include="..\library\asn1write.c" />
<ClCompile Include="..\library\base64.c" />
<ClCompile Include="..\library\bignum.c" />
<ClCompile Include="..\library\blowfish.c" />
<ClCompile Include="..\library\camellia.c" />
<ClCompile Include="..\library\certs.c" />
<ClCompile Include="..\library\cipher.c" />
<ClCompile Include="..\library\cipher_wrap.c" />
<ClCompile Include="..\library\ctr_drbg.c" />
<ClCompile Include="..\library\debug.c" />
<ClCompile Include="..\library\des.c" />
<ClCompile Include="..\library\dhm.c" />
<ClCompile Include="..\library\ecdh.c" />
<ClCompile Include="..\library\ecdsa.c" />
<ClCompile Include="..\library\ecp.c" />
<ClCompile Include="..\library\ecp_curves.c" />
<ClCompile Include="..\library\entropy.c" />
<ClCompile Include="..\library\entropy_poll.c" />
<ClCompile Include="..\library\error.c" />
<ClCompile Include="..\library\gcm.c" />
<ClCompile Include="..\library\havege.c" />
<ClCompile Include="..\library\md.c" />
<ClCompile Include="..\library\md2.c" />
<ClCompile Include="..\library\md4.c" />
<ClCompile Include="..\library\md5.c" />
<ClCompile Include="..\library\md_wrap.c" />
<ClCompile Include="..\library\memory.c" />
<ClCompile Include="..\library\memory_buffer_alloc.c" />
<ClCompile Include="..\library\net.c" />
<ClCompile Include="..\library\oid.c" />
<ClCompile Include="..\library\padlock.c" />
<ClCompile Include="..\library\pbkdf2.c" />
<ClCompile Include="..\library\pem.c" />
<ClCompile Include="..\library\pk.c" />
<ClCompile Include="..\library\pk_wrap.c" />
<ClCompile Include="..\library\pkcs11.c" />
<ClCompile Include="..\library\pkcs12.c" />
<ClCompile Include="..\library\pkcs5.c" />
<ClCompile Include="..\library\pkparse.c" />
<ClCompile Include="..\library\pkwrite.c" />
<ClCompile Include="..\library\ripemd160.c" />
<ClCompile Include="..\library\rsa.c" />
<ClCompile Include="..\library\sha1.c" />
<ClCompile Include="..\library\sha256.c" />
<ClCompile Include="..\library\sha512.c" />
<ClCompile Include="..\library\ssl_cache.c" />
<ClCompile Include="..\library\ssl_ciphersuites.c" />
<ClCompile Include="..\library\ssl_cli.c" />
<ClCompile Include="..\library\ssl_srv.c" />
<ClCompile Include="..\library\ssl_tls.c" />
<ClCompile Include="..\library\threading.c" />
<ClCompile Include="..\library\timing.c" />
<ClCompile Include="..\library\version.c" />
<ClCompile Include="..\library\x509.c" />
<ClCompile Include="..\library\x509_create.c" />
<ClCompile Include="..\library\x509_crl.c" />
<ClCompile Include="..\library\x509_crt.c" />
<ClCompile Include="..\library\x509_csr.c" />
<ClCompile Include="..\library\x509write_crt.c" />
<ClCompile Include="..\library\x509write_csr.c" />
<ClCompile Include="..\library\xtea.c" />
</ItemGroup>
<ItemGroup>
<Text Include="..\library\CMakeLists.txt" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

View File

@ -28,12 +28,12 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
ssl_session_free(&_SSL[i].session); ssl_session_free(&_SSL[i].session);
ssl_free(&_SSL[i].ctx); ssl_free(&_SSL[i].ctx);
x509_free(&_SSL[i].cacert); x509_crt_free(&_SSL[i].cacert);
x509_free(&_SSL[i].clicert); x509_crt_free(&_SSL[i].clicert);
memset(&_SSL[i].ctx, 0, sizeof(ssl_context)); memset(&_SSL[i].ctx, 0, sizeof(ssl_context));
memset(&_SSL[i].session, 0, sizeof(ssl_session)); memset(&_SSL[i].session, 0, sizeof(ssl_session));
memset(&_SSL[i].hs, 0, sizeof(havege_state)); memset(&_SSL[i].entropy, 0, sizeof(entropy_context));
memset(_SSL[i].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN); memset(_SSL[i].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
_SSL[i].active = false; _SSL[i].active = false;
@ -147,13 +147,12 @@ bool CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
goto _SSL_NEW_ERROR; goto _SSL_NEW_ERROR;
} }
havege_init(&_SSL[sslID].hs); entropy_init(&_SSL[sslID].entropy);
ssl_set_rng(&_SSL[sslID].ctx, havege_random, &_SSL[sslID].hs); ssl_set_rng(&_SSL[sslID].ctx, entropy_func, &_SSL[sslID].entropy);
// For some reason we can't use TLSv1.2, v1.1 and below are fine! // For some reason we can't use TLSv1.2, v1.1 and below are fine!
ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2); ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2);
ssl_set_ciphersuites(&_SSL[sslID].ctx, ssl_default_ciphersuites);
ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session); ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session);
ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT); ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT);
@ -192,12 +191,12 @@ _SSL_NEW_ERROR:
ssl_session_free(&_SSL[sslID].session); ssl_session_free(&_SSL[sslID].session);
ssl_free(&_SSL[sslID].ctx); ssl_free(&_SSL[sslID].ctx);
x509_free(&_SSL[sslID].cacert); x509_crt_free(&_SSL[sslID].cacert);
x509_free(&_SSL[sslID].clicert); x509_crt_free(&_SSL[sslID].clicert);
memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context)); memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context));
memset(&_SSL[sslID].session, 0, sizeof(ssl_session)); memset(&_SSL[sslID].session, 0, sizeof(ssl_session));
memset(&_SSL[sslID].hs, 0, sizeof(havege_state)); memset(&_SSL[sslID].entropy, 0, sizeof(entropy_context));
memset(_SSL[sslID].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN); memset(_SSL[sslID].hostname, 0, NET_SSL_MAX_HOSTNAME_LEN);
_SSL[sslID].active = false; _SSL[sslID].active = false;
@ -231,7 +230,7 @@ _SSL_NEW_ERROR:
int sslID = Memory::Read_U32(BufferOut) - 1; int sslID = Memory::Read_U32(BufferOut) - 1;
if (SSLID_VALID(sslID)) if (SSLID_VALID(sslID))
{ {
int ret = x509parse_crt_der( int ret = x509_crt_parse_der(
&_SSL[sslID].cacert, &_SSL[sslID].cacert,
Memory::GetPointer(BufferOut2), Memory::GetPointer(BufferOut2),
BufferOutSize2); BufferOutSize2);
@ -268,23 +267,23 @@ _SSL_NEW_ERROR:
if (SSLID_VALID(sslID)) if (SSLID_VALID(sslID))
{ {
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX)); std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
int ret = x509parse_crtfile(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str()); int ret = x509_crt_parse_file(&_SSL[sslID].clicert, (cert_base_path + "clientca.pem").c_str());
int rsa_ret = x509parse_keyfile(&_SSL[sslID].rsa, (cert_base_path + "clientcakey.pem").c_str(), NULL); int pk_ret = pk_parse_keyfile(&_SSL[sslID].pk, (cert_base_path + "clientcakey.pem").c_str(), NULL);
if (ret || rsa_ret) if (ret || pk_ret)
{ {
x509_free(&_SSL[sslID].clicert); x509_crt_free(&_SSL[sslID].clicert);
rsa_free(&_SSL[sslID].rsa); pk_free(&_SSL[sslID].pk);
memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert)); memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context)); memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn); Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
} }
else else
{ {
ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].rsa); ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].pk);
Memory::Write_U32(SSL_OK, _BufferIn); Memory::Write_U32(SSL_OK, _BufferIn);
} }
INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, rsa_ret); INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINCLIENTCERT = (%d, %d)", ret, pk_ret);
} }
else else
{ {
@ -306,10 +305,10 @@ _SSL_NEW_ERROR:
int sslID = Memory::Read_U32(BufferOut) - 1; int sslID = Memory::Read_U32(BufferOut) - 1;
if (SSLID_VALID(sslID)) if (SSLID_VALID(sslID))
{ {
x509_free(&_SSL[sslID].clicert); x509_crt_free(&_SSL[sslID].clicert);
rsa_free(&_SSL[sslID].rsa); pk_free(&_SSL[sslID].pk);
memset(&_SSL[sslID].clicert, 0, sizeof(x509_cert)); memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt));
memset(&_SSL[sslID].rsa, 0, sizeof(rsa_context)); memset(&_SSL[sslID].pk, 0, sizeof(pk_context));
ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL); ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL);
Memory::Write_U32(SSL_OK, _BufferIn); Memory::Write_U32(SSL_OK, _BufferIn);
@ -328,10 +327,10 @@ _SSL_NEW_ERROR:
{ {
std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX)); std::string cert_base_path(File::GetUserPath(D_WIIUSER_IDX));
int ret = x509parse_crtfile(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str()); int ret = x509_crt_parse_file(&_SSL[sslID].cacert, (cert_base_path + "rootca.pem").c_str());
if (ret) if (ret)
{ {
x509_free(&_SSL[sslID].clicert); x509_crt_free(&_SSL[sslID].clicert);
Memory::Write_U32(SSL_ERR_FAILED, _BufferIn); Memory::Write_U32(SSL_ERR_FAILED, _BufferIn);
} }
else else

View File

@ -4,7 +4,7 @@
#pragma once #pragma once
#include <polarssl/havege.h> #include <polarssl/entropy.h>
#include <polarssl/net.h> #include <polarssl/net.h>
#include <polarssl/ssl.h> #include <polarssl/ssl.h>
@ -57,10 +57,10 @@ typedef struct
{ {
ssl_context ctx; ssl_context ctx;
ssl_session session; ssl_session session;
havege_state hs; entropy_context entropy;
x509_cert cacert; x509_crt cacert;
x509_cert clicert; x509_crt clicert;
rsa_context rsa; pk_context pk;
int sockfd; int sockfd;
char hostname[NET_SSL_MAX_HOSTNAME_LEN]; char hostname[NET_SSL_MAX_HOSTNAME_LEN];
bool active; bool active;