Moved to PolarSSL 1.0.0:

 - Reversed des_key_check_weak output check, as the library changed this
 - Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
 - Changed the bio write function to accept const input

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

3 files changed, 3 insertions, 3 deletions

diff --git a/crypto_polarssl.c b/crypto_polarssl.c
index e4b9099..7ae8973 100644
--- a/crypto_polarssl.c
+++ b/crypto_polarssl.c
@@ -216,7 +216,7 @@ key_des_check (uint8_t *key, int key_len, int ndc)
 	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");
 	  goto err;
 	}
-      if (0 == des_key_check_weak(key))
+      if (0 != des_key_check_weak(key))
 	{
 	  msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
 	  goto err;
diff --git a/crypto_polarssl.h b/crypto_polarssl.h
index 0224917..3ac2c96 100644
--- a/crypto_polarssl.h
+++ b/crypto_polarssl.h
@@ -58,7 +58,7 @@ typedef md_context_t hmac_ctx_t;
 #define OPENVPN_MODE_OFB 	POLARSSL_MODE_OFB
 
 /** Cipher is in CFB mode */
-#define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB
+#define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB128
 
 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT 	POLARSSL_ENCRYPT
diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index e6a966a..c95c0c0 100644
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -453,7 +453,7 @@ static int endless_buf_read( void * ctx, unsigned char * out, size_t out_len )
   return read_len;
 }
 
-static int endless_buf_write( void *ctx, unsigned char *in, size_t len )
+static int endless_buf_write( void *ctx, const unsigned char *in, size_t len )
 {
   endless_buffer *out = (endless_buffer *) ctx;
   buffer_entry *new_block = malloc(sizeof(buffer_entry));