[OpenWrt-Devel] [PATCH] openvpn-polarssl: RNG signature change

Fri, 01 Jun 2012 10:21:30 -0700 

PolarSSL 1.1 (i.e. as of SVN revision 1132, which is getting pulled in
current OpenWRT feed) changed the argument signature of havege_rand() [and,
to avoid confusion, changed its name to havege_random()].  Since
ssl_set_rng() also changed the signature of the passed-in RNG to match, this
doesn't cause too many problems.

The master development branch of OpenVPN-PolarSSL has made appropriate
changes (in fact it does not use havege_random() any longer), but the
current OpenWRT feed is pulling 03ab4ead which predates the fix and hence
does not compile.

One option is to update the OpenVPN feed to a more recent version, but this
requires some care since OpenVPN has since revamped the build system and
directory structure; another is to downgrade PolarSSL to an older version.
Attached patch is a third option, a temporary fix to use the new
havege_random() with the older OpenVPN.  It is only lightly tested (OpenVPN
establishes connection and can send data) but is a minor change.  It
presumably should be accompanied by a minor bump of the feed package's version.

-- David



diff --git a/crypto_polarssl.c b/crypto_polarssl.c
index e7470d5..48799bb 100644
--- a/crypto_polarssl.c
+++ b/crypto_polarssl.c
@@ -167,15 +167,9 @@ rand_bytes (uint8_t *output, int len)
       hs_initialised = true;
     }
 
-  while (len > 0)
-    {
-      const int blen 	= min_int (len, int_size);
-      const int rand_int 	= havege_rand(&hs);
+  if (len > 0)
+    havege_random(&hs, output, len);
 
-      memcpy (output, &rand_int, blen);
-      output += blen;
-      len -= blen;
-    }
   return 1;
 }
 
diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index c50cf0a..ad21983 100644
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -509,7 +509,7 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl,
       /* Initialise SSL context */
       ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
       ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
-      ssl_set_rng (ks_ssl->ctx, havege_rand, ssl_ctx->hs);
+      ssl_set_rng (ks_ssl->ctx, havege_random, ssl_ctx->hs);
       ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
       ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
       if (ssl_ctx->allowed_ciphers)

_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to