package/openvpn/openvpn-allow-polarssl-1.2.patch - buildroot - Git at Google

 Allow OpenVPN to use newer (1.2+) PolarSSL versions.
 https://community.openvpn.net/openvpn/ticket/250

 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

 --- a/src/openvpn/crypto_polarssl.h.ori	2013-01-10 21:38:23.213885934 +0100
 +++ a/src/openvpn/crypto_polarssl.h	2013-01-10 21:40:20.597883460 +0100
 @@ -60,7 +60,11 @@
  #define OPENVPN_MODE_OFB 	POLARSSL_MODE_OFB

  /** Cipher is in CFB mode */
 +#if POLARSSL_VERSION_NUMBER < 0x01020000
  #define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB128
 +#else
 +#define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB
 +#endif

  /** Cipher should encrypt */
  #define OPENVPN_OP_ENCRYPT 	POLARSSL_ENCRYPT
 --- a/src/openvpn/ssl_polarssl.c.ori	2013-01-10 21:50:16.041870946 +0100
 +++ a/src/openvpn/ssl_polarssl.c	2013-01-10 21:54:35.261865496 +0100
 @@ -67,6 +67,20 @@

  static int default_ciphersuites[] =
  {
 +#if POLARSSL_VERSION_NUMBER >= 0x0102000
 +    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 +    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 +    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 +    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 +    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 +    TLS_RSA_WITH_AES_256_CBC_SHA,
 +    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
 +    TLS_RSA_WITH_AES_128_CBC_SHA,
 +    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
 +    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 +    TLS_RSA_WITH_RC4_128_SHA,
 +    TLS_RSA_WITH_RC4_128_MD5,
 +#else
      SSL_EDH_RSA_AES_256_SHA,
      SSL_EDH_RSA_CAMELLIA_256_SHA,
      SSL_EDH_RSA_AES_128_SHA,
 @@ -79,6 +93,7 @@
      SSL_RSA_DES_168_SHA,
      SSL_RSA_RC4_128_SHA,
      SSL_RSA_RC4_128_MD5,
 +#endif
      0
  };

 @@ -515,7 +530,9 @@
        ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());

        ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
 +#if  POLARSSL_VERSION_NUMBER < 0x01020000
        ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
 +#endif
        if (ssl_ctx->allowed_ciphers)
  	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
        else
 @@ -828,7 +845,11 @@
  		    ssl_get_version (ks_ssl->ctx),
  		    ssl_get_ciphersuite(ks_ssl->ctx));

 +#if POLARSSL_VERSION_NUMBER >= 0x01020000
 +  cert = ks_ssl->ssn->peer_cert;
 +#else
    cert = ks_ssl->ctx->peer_cert;
 +#endif
    if (cert != NULL)
      {
        openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);
	Allow OpenVPN to use newer (1.2+) PolarSSL versions.
	https://community.openvpn.net/openvpn/ticket/250

	Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

	--- a/src/openvpn/crypto_polarssl.h.ori 2013-01-10 21:38:23.213885934 +0100
	+++ a/src/openvpn/crypto_polarssl.h 2013-01-10 21:40:20.597883460 +0100
	@@ -60,7 +60,11 @@
	#define OPENVPN_MODE_OFB POLARSSL_MODE_OFB

	/** Cipher is in CFB mode */
	+#if POLARSSL_VERSION_NUMBER < 0x01020000
	#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128
	+#else
	+#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
	+#endif

	/** Cipher should encrypt */
	#define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
	--- a/src/openvpn/ssl_polarssl.c.ori 2013-01-10 21:50:16.041870946 +0100
	+++ a/src/openvpn/ssl_polarssl.c 2013-01-10 21:54:35.261865496 +0100
	@@ -67,6 +67,20 @@

	static int default_ciphersuites[] =
	{
	+#if POLARSSL_VERSION_NUMBER >= 0x0102000
	+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
	+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
	+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
	+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
	+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
	+ TLS_RSA_WITH_AES_256_CBC_SHA,
	+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
	+ TLS_RSA_WITH_AES_128_CBC_SHA,
	+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
	+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
	+ TLS_RSA_WITH_RC4_128_SHA,
	+ TLS_RSA_WITH_RC4_128_MD5,
	+#else
	SSL_EDH_RSA_AES_256_SHA,
	SSL_EDH_RSA_CAMELLIA_256_SHA,
	SSL_EDH_RSA_AES_128_SHA,
	@@ -79,6 +93,7 @@
	SSL_RSA_DES_168_SHA,
	SSL_RSA_RC4_128_SHA,
	SSL_RSA_RC4_128_MD5,
	+#endif
	0
	};

	@@ -515,7 +530,9 @@
	ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());

	ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
	+#if POLARSSL_VERSION_NUMBER < 0x01020000
	ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
	+#endif
	if (ssl_ctx->allowed_ciphers)
	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
	else
	@@ -828,7 +845,11 @@
	ssl_get_version (ks_ssl->ctx),
	ssl_get_ciphersuite(ks_ssl->ctx));

	+#if POLARSSL_VERSION_NUMBER >= 0x01020000
	+ cert = ks_ssl->ssn->peer_cert;
	+#else
	cert = ks_ssl->ctx->peer_cert;
	+#endif
	if (cert != NULL)
	{
	openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);