Moved to PolarSSL 1.0.0:

 - Reversed des_key_check_weak output check, as the library changed this
 - Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
 - Changed the bio write function to accept const input

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/crypto_polarssl.c b/crypto_polarssl.c
index e4b9099908a0ac669618fd62cb64fb233c8a3e6d..7ae8973045d328eae98f25244dd8aa425525b457 100644 (file)
--- a/crypto_polarssl.c
+++ b/crypto_polarssl.c
@@ -216,7 +216,7 @@ key_des_check (uint8_t *key, int key_len, int ndc)
          msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");
          goto err;
        }
-      if (0 == des_key_check_weak(key))
+      if (0 != des_key_check_weak(key))
        {
          msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
          goto err;

diff --git a/crypto_polarssl.h b/crypto_polarssl.h
index 0224917168d147f5e812713cf5f21fb47d6c19aa..3ac2c96e86d3c05fcc021dd7eff190429fd26f92 100644 (file)
--- a/crypto_polarssl.h
+++ b/crypto_polarssl.h
@@ -58,7 +58,7 @@ typedef md_context_t hmac_ctx_t;
 #define OPENVPN_MODE_OFB       POLARSSL_MODE_OFB
 
 /** Cipher is in CFB mode */
-#define OPENVPN_MODE_CFB       POLARSSL_MODE_CFB
+#define OPENVPN_MODE_CFB       POLARSSL_MODE_CFB128
 
 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT     POLARSSL_ENCRYPT

diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index e6a966aa45dd4bc550784719df2640c80813a6d4..c95c0c022cce12b6be5d725be6eef404da054234 100644 (file)
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -453,7 +453,7 @@ static int endless_buf_read( void * ctx, unsigned char * out, size_t out_len )
   return read_len;
 }
 
-static int endless_buf_write( void *ctx, unsigned char *in, size_t len )
+static int endless_buf_write( void *ctx, const unsigned char *in, size_t len )
 {
   endless_buffer *out = (endless_buffer *) ctx;
   buffer_entry *new_block = malloc(sizeof(buffer_entry));