diff options
| author | Adriaan de Jong <adriaan@adriaan-VirtualBox.(none)> | 2011-07-02 14:28:56 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-10-22 14:35:16 +0200 |
| commit | 50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77 (patch) | |
| tree | d8a838bdbd50a3f8009786ee457d939169b2886b | |
| parent | be0a08d452f7fafde507361c76d8724f047cfb3f (diff) | |
| download | openvpn-50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77.tar.gz openvpn-50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77.tar.xz openvpn-50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77.zip | |
Updated ssl_polarssl.c to work with 0.99-pre5
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
| -rw-r--r-- | ssl_polarssl.c | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/ssl_polarssl.c b/ssl_polarssl.c index 6ed8735..e9b4bff 100644 --- a/ssl_polarssl.c +++ b/ssl_polarssl.c @@ -36,6 +36,7 @@ #include "ssl_common.h" #include "ssl_verify_polarssl.h" +#include <polarssl/pem.h> void tls_init_lib() @@ -52,7 +53,7 @@ tls_clear_error() { } -static int default_ciphers[] = +static int default_ciphersuites[] = { SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA, @@ -179,7 +180,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) i = 0; tmp_ciphers_orig = tmp_ciphers = strdup(ciphers); while(tmp_ciphers) { - ctx->allowed_ciphers[i] = ssl_get_cipher_id (strsep (&tmp_ciphers, ":")); + ctx->allowed_ciphers[i] = ssl_get_ciphersuite_id (strsep (&tmp_ciphers, ":")); if (ctx->allowed_ciphers[i] != 0) i++; } @@ -276,7 +277,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file status = x509parse_key(ctx->priv_key, priv_key_file_inline, strlen(priv_key_file_inline), NULL, 0); - if (POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -289,7 +290,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file #endif /* ENABLE_INLINE_FILES */ { status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL); - if (POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -299,7 +300,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file if (0 != status) { #ifdef ENABLE_MANAGEMENT - if (management && (POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH == status)) + if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status)) management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN, "Cannot load private key file %s", priv_key_file); @@ -406,13 +407,13 @@ static void buf_free_entries(endless_buffer *buf) buf->last_block = NULL; } -static int endless_buf_read( void * ctx, unsigned char * out, int out_len ) +static int endless_buf_read( void * ctx, unsigned char * out, size_t out_len ) { endless_buffer *in = (endless_buffer *) ctx; - int read_len = 0; + size_t read_len = 0; if (in->first_block == NULL) - return POLARSSL_ERR_NET_TRY_AGAIN; + return POLARSSL_ERR_NET_WANT_READ; while (in->first_block != NULL && read_len < out_len) { @@ -445,7 +446,7 @@ static int endless_buf_read( void * ctx, unsigned char * out, int out_len ) return read_len; } -static int endless_buf_write( void *ctx, unsigned char *in, int len ) +static int endless_buf_write( void *ctx, unsigned char *in, size_t len ) { endless_buffer *out = (endless_buffer *) ctx; buffer_entry *new_block = malloc(sizeof(buffer_entry)); @@ -500,12 +501,13 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl, ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session); ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn ); if (ssl_ctx->allowed_ciphers) - ssl_set_ciphers (ks_ssl->ctx, ssl_ctx->allowed_ciphers); + ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); else - ssl_set_ciphers (ks_ssl->ctx, default_ciphers); + ssl_set_ciphersuites (ks_ssl->ctx, default_ciphersuites); /* Initialise authentication information */ - ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx ); + if (is_server) + ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx ); if (ssl_ctx->priv_key_pkcs11 != NULL) ssl_set_own_cert_pkcs11( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key_pkcs11 ); @@ -571,7 +573,7 @@ key_state_write_plaintext (struct key_state_ssl *ks, struct buffer *buf) if (retval < 0) { perf_pop (); - if (POLARSSL_ERR_NET_TRY_AGAIN == retval ) + if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval) return 0; msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_plaintext error"); return -1; @@ -618,7 +620,7 @@ key_state_write_plaintext_const (struct key_state_ssl *ks, const uint8_t *data, if (retval < 0) { perf_pop (); - if (POLARSSL_ERR_NET_TRY_AGAIN == retval ) + if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval) return 0; msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_plaintext_const error"); return -1; @@ -669,7 +671,7 @@ key_state_read_ciphertext (struct key_state_ssl *ks, struct buffer *buf, if (retval < 0) { perf_pop (); - if (POLARSSL_ERR_NET_TRY_AGAIN == retval ) + if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval) return 0; msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error"); buf->len = 0; @@ -712,7 +714,7 @@ key_state_write_ciphertext (struct key_state_ssl *ks, struct buffer *buf) { perf_pop (); - if (POLARSSL_ERR_NET_TRY_AGAIN == retval ) + if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval) return 0; msg (D_TLS_ERRORS, "TLS ERROR: write tls_write_ciphertext error"); return -1; @@ -765,7 +767,7 @@ key_state_read_plaintext (struct key_state_ssl *ks, struct buffer *buf, /* Error during read, check for retry error */ if (retval < 0) { - if (POLARSSL_ERR_NET_TRY_AGAIN == retval ) + if (POLARSSL_ERR_NET_WANT_WRITE == retval || POLARSSL_ERR_NET_WANT_READ == retval) return 0; msg (D_TLS_ERRORS, "TLS_ERROR: read tls_read_plaintext error"); buf->len = 0; @@ -806,7 +808,7 @@ print_details (struct key_state_ssl * ks_ssl, const char *prefix) openvpn_snprintf (s1, sizeof (s1), "%s %s, cipher %s", prefix, ssl_get_version (ks_ssl->ctx), - ssl_get_cipher(ks_ssl->ctx)); + ssl_get_ciphersuite(ks_ssl->ctx)); cert = ks_ssl->ctx->peer_cert; if (cert != NULL) @@ -820,7 +822,7 @@ print_details (struct key_state_ssl * ks_ssl, const char *prefix) void show_available_tls_ciphers () { - const int *ciphers = ssl_list_ciphers(); + const int *ciphers = ssl_list_ciphersuites(); #ifndef ENABLE_SMALL printf ("Available TLS Ciphers,\n"); @@ -829,7 +831,7 @@ show_available_tls_ciphers () while (*ciphers != 0) { - printf ("%s\n", ssl_get_cipher_name(*ciphers)); + printf ("%s\n", ssl_get_ciphersuite_name(*ciphers)); ciphers++; } printf ("\n"); @@ -839,10 +841,10 @@ void get_highest_preference_tls_cipher (char *buf, int size) { const char *cipher_name; - const int *ciphers = ssl_list_ciphers(); + const int *ciphers = ssl_list_ciphersuites(); if (*ciphers == 0) msg (M_FATAL, "Cannot retrieve list of supported SSL ciphers."); - cipher_name = ssl_get_cipher_name(*ciphers); + cipher_name = ssl_get_ciphersuite_name(*ciphers); strncpynt (buf, cipher_name, size); } |