This is an automated email from the git hooks/post-receive script. jcowgill-guest pushed a commit to branch mbedtls2 in repository dolphin-emu.
commit b353298fe41eaf4e5d0c0fc88ddbac4c59b10025 Author: James Cowgill <[email protected]> Date: Sat Nov 14 15:32:41 2015 +0000 Port to mbed TLS 2.0 --- debian/patches/12_mbedtls_2.0.patch | 447 ++++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 448 insertions(+) diff --git a/debian/patches/12_mbedtls_2.0.patch b/debian/patches/12_mbedtls_2.0.patch new file mode 100644 index 0000000..2579b63 --- /dev/null +++ b/debian/patches/12_mbedtls_2.0.patch @@ -0,0 +1,447 @@ +Description: Port Dolphin 4.0.2 to mbed TLS 2.0 + Based on upstream PRs: + https://github.com/dolphin-emu/dolphin/pull/3091 + https://github.com/dolphin-emu/dolphin/pull/3132 +Author: James Cowgill <[email protected]> +Forwarded: not-needed +Applied-Upstream: https://github.com/dolphin-emu/dolphin/pull/3091 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index ec05013..8b96332 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -600,16 +600,16 @@ if(USE_UPNP) + endif() + + if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin" AND NOT ANDROID) +- include(FindPolarSSL) ++ include(FindMbedTLS) + endif() +-if(POLARSSL_FOUND AND POLARSSL_WORKS) +- message("Using shared PolarSSL") +- include_directories(${POLARSSL_INCLUDE_DIR}) ++if(MBEDTLS_FOUND) ++ message("Using shared mbed TLS") ++ include_directories(${MBEDTLS_INCLUDE_DIRS}) + else() +- message("Using PolarSSL from Externals") +- set(POLARSSL_LIBRARY polarssl) +- add_subdirectory(Externals/polarssl/) +- include_directories(Externals/polarssl/include) ++ message("Using static mbed TLS from Externals") ++ set(MBEDTLS_LIBRARIES mbedtls mbedcrypto mbedx509) ++ add_subdirectory(Externals/mbedtls/) ++ include_directories(Externals/mbedtls/include) + endif() + + if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin" AND NOT ANDROID) +diff --git a/CMakeTests/FindMbedTLS.cmake b/CMakeTests/FindMbedTLS.cmake +new file mode 100644 +index 0000000..6ccde4a +--- /dev/null ++++ b/CMakeTests/FindMbedTLS.cmake +@@ -0,0 +1,23 @@ ++find_path(MBEDTLS_INCLUDE_DIR mbedtls/ssl.h) ++ ++find_library(MBEDTLS_LIBRARY mbedtls) ++find_library(MBEDX509_LIBRARY mbedx509) ++find_library(MBEDCRYPTO_LIBRARY mbedcrypto) ++ ++set(MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR}) ++set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY}) ++ ++set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS}) ++check_cxx_source_compiles(" ++ #include <mbedtls/version.h> ++ #if MBEDTLS_VERSION_NUMBER < 0x02010100 ++ #error \"Your mbed TLS version is too old.\" ++ #endif ++ int main() {}" ++ MBEDTLS_VERSION_OK) ++ ++include(FindPackageHandleStandardArgs) ++find_package_handle_standard_args(MBEDTLS DEFAULT_MSG ++ MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY MBEDTLS_VERSION_OK) ++ ++mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) +\ No newline at end of file +diff --git a/CMakeTests/FindPolarSSL.cmake b/CMakeTests/FindPolarSSL.cmake +deleted file mode 100644 +index c55b2bb..0000000 +--- a/CMakeTests/FindPolarSSL.cmake ++++ /dev/null +@@ -1,59 +0,0 @@ +-# Locate polarssl library +-# This module defines +-# POLARSSL_FOUND +-# POLARSSL_LIBRARY +-# POLARSSL_INCLUDE_DIR +-# POLARSSL_WORKS, this is true if polarssl is found and contains the methods +-# needed by dolphin-emu +- +-if(POLARSSL_INCLUDE_DIR AND POLARSSL_LIBRARY) +- # Already in cache, be silent +- set(POLARSSL_FIND_QUIETLY TRUE) +-endif() +- +-find_path(POLARSSL_INCLUDE_DIR polarssl/ssl.h) +-find_library(POLARSSL_LIBRARY polarssl) +- +-if (POLARSSL_INCLUDE_DIR AND POLARSSL_LIBRARY) +- set (POLARSSL_FOUND TRUE) +-endif () +- +-if (POLARSSL_FOUND) +- if (NOT POLARSSL_FIND_QUIETLY) +- message (STATUS "Found the polarssl libraries at ${POLARSSL_LIBRARY}") +- message (STATUS "Found the polarssl headers at ${POLARSSL_INCLUDE_DIR}") +- endif (NOT POLARSSL_FIND_QUIETLY) +- +- message(STATUS "Checking to see if system version contains necessary methods") +- +- set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIR}) +- set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARY}) +- check_cxx_source_compiles(" +- #include <polarssl/net.h> +- #include <polarssl/ssl.h> +- #include <polarssl/entropy.h> +- int main() +- { +- ssl_context ctx; +- ssl_session session; +- entropy_context entropy; +- +- ssl_init(&ctx); +- entropy_init(&entropy); +- ssl_set_rng(&ctx, entropy_func, &entropy); +- ssl_set_session(&ctx, &session); +- +- ssl_close_notify(&ctx); +- ssl_session_free(&session); +- ssl_free(&ctx); +- +- return 0; +- }" +- POLARSSL_WORKS) +- +-else () +- message (STATUS "Could not find polarssl") +-endif () +- +-MARK_AS_ADVANCED(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) +- +diff --git a/Source/Core/Common/Src/Crypto/tools.h b/Source/Core/Common/Src/Crypto/tools.h +index d97995c..3ef2eb7 100644 +--- a/Source/Core/Common/Src/Crypto/tools.h ++++ b/Source/Core/Common/Src/Crypto/tools.h +@@ -4,7 +4,8 @@ + + #ifndef _TOOLS_H + #define _TOOLS_H +-#include <polarssl/sha1.h> ++#include <mbedtls/sha1.h> ++#include <mbedtls/compat-1.3.h> + + // bignum + int bn_compare(u8 *a, u8 *b, u32 n); +diff --git a/Source/Core/Core/CMakeLists.txt b/Source/Core/Core/CMakeLists.txt +index 184fc7b..8c795a1 100644 +--- a/Source/Core/Core/CMakeLists.txt ++++ b/Source/Core/Core/CMakeLists.txt +@@ -232,7 +232,7 @@ if(LIBUSB_FOUND) + set(SRCS ${SRCS} Src/IPC_HLE/WII_IPC_HLE_Device_hid.cpp) + endif(LIBUSB_FOUND) + +-set(LIBS ${LIBS} ${POLARSSL_LIBRARY}) ++set(LIBS ${LIBS} ${MBEDTLS_LIBRARIES}) + + if(WIN32) + set(SRCS ${SRCS} Src/HW/BBA-TAP/TAP_Win32.cpp Src/stdafx.cpp +diff --git a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_es.cpp b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_es.cpp +index a2b7b71..458d0c5 100644 +--- a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_es.cpp ++++ b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_es.cpp +@@ -38,7 +38,8 @@ + #include "../PowerPC/PowerPC.h" + #include "../VolumeHandler.h" + #include "FileUtil.h" +-#include <polarssl/aes.h> ++#include <mbedtls/aes.h> ++#include <mbedtls/compat-1.3.h> + #include "ConfigManager.h" + + #include "../Boot/Boot_DOL.h" +diff --git a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp +index f0144e8..10243c4 100644 +--- a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp ++++ b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp +@@ -27,6 +27,7 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl() + ssl_close_notify(&_SSL[i].ctx); + ssl_session_free(&_SSL[i].session); + ssl_free(&_SSL[i].ctx); ++ mbedtls_ssl_config_free(&_SSL[i].config); + + x509_crt_free(&_SSL[i].cacert); + x509_crt_free(&_SSL[i].clicert); +@@ -139,36 +140,32 @@ bool CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress) + if (freeSSL) + { + int sslID = freeSSL - 1; +- int ret = ssl_init(&_SSL[sslID].ctx); +- if (ret) +- { +- // Cleanup possibly dirty ctx +- memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context)); +- goto _SSL_NEW_ERROR; +- } + +- entropy_init(&_SSL[sslID].entropy); +- ssl_set_rng(&_SSL[sslID].ctx, entropy_func, &_SSL[sslID].entropy); ++ mbedtls_ssl_init(&_SSL[sslID].ctx); ++ mbedtls_entropy_init(&_SSL[sslID].entropy); ++ mbedtls_ssl_config_init(&_SSL[sslID].config); ++ ++ mbedtls_ssl_config_defaults(&_SSL[sslID].config, MBEDTLS_SSL_IS_CLIENT, ++ MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); ++ mbedtls_ssl_conf_rng(&_SSL[sslID].config, entropy_func, &_SSL[sslID].entropy); + + // For some reason we can't use TLSv1.2, v1.1 and below are fine! +- ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2); ++ mbedtls_ssl_conf_max_version(&_SSL[sslID].config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2); + +- ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session); ++ mbedtls_ssl_set_session(&_SSL[sslID].ctx, &_SSL[sslID].session); + +- ssl_set_endpoint(&_SSL[sslID].ctx, SSL_IS_CLIENT); +- ssl_set_authmode(&_SSL[sslID].ctx, SSL_VERIFY_NONE); +- ssl_set_renegotiation(&_SSL[sslID].ctx, SSL_RENEGOTIATION_ENABLED); ++ mbedtls_ssl_conf_authmode(&_SSL[sslID].config, SSL_VERIFY_NONE); ++ mbedtls_ssl_conf_renegotiation(&_SSL[sslID].config, SSL_RENEGOTIATION_ENABLED); + + memcpy(_SSL[sslID].hostname, hostname, min((int)BufferOutSize2, NET_SSL_MAX_HOSTNAME_LEN)); + _SSL[sslID].hostname[NET_SSL_MAX_HOSTNAME_LEN-1] = '\0'; +- ssl_set_hostname(&_SSL[sslID].ctx, _SSL[sslID].hostname); ++ mbedtls_ssl_set_hostname(&_SSL[sslID].ctx, _SSL[sslID].hostname); + + _SSL[sslID].active = true; + Memory::Write_U32(freeSSL, _BufferIn); + } + else + { +-_SSL_NEW_ERROR: + Memory::Write_U32(SSL_ERR_FAILED, _BufferIn); + } + +@@ -190,6 +187,7 @@ _SSL_NEW_ERROR: + ssl_close_notify(&_SSL[sslID].ctx); + ssl_session_free(&_SSL[sslID].session); + ssl_free(&_SSL[sslID].ctx); ++ mbedtls_ssl_config_free(&_SSL[sslID].config); + + x509_crt_free(&_SSL[sslID].cacert); + x509_crt_free(&_SSL[sslID].clicert); +@@ -241,7 +239,7 @@ _SSL_NEW_ERROR: + } + else + { +- ssl_set_ca_chain(&_SSL[sslID].ctx, &_SSL[sslID].cacert, NULL, _SSL[sslID].hostname); ++ mbedtls_ssl_conf_ca_chain(&_SSL[sslID].config, &_SSL[sslID].cacert, NULL); + Memory::Write_U32(SSL_OK, _BufferIn); + } + +@@ -279,7 +277,7 @@ _SSL_NEW_ERROR: + } + else + { +- ssl_set_own_cert(&_SSL[sslID].ctx, &_SSL[sslID].clicert, &_SSL[sslID].pk); ++ mbedtls_ssl_conf_own_cert(&_SSL[sslID].config, &_SSL[sslID].clicert, &_SSL[sslID].pk); + Memory::Write_U32(SSL_OK, _BufferIn); + } + +@@ -310,7 +308,7 @@ _SSL_NEW_ERROR: + memset(&_SSL[sslID].clicert, 0, sizeof(x509_crt)); + memset(&_SSL[sslID].pk, 0, sizeof(pk_context)); + +- ssl_set_own_cert(&_SSL[sslID].ctx, NULL, NULL); ++ mbedtls_ssl_conf_own_cert(&_SSL[sslID].config, NULL, NULL); + Memory::Write_U32(SSL_OK, _BufferIn); + } + else +@@ -335,7 +333,7 @@ _SSL_NEW_ERROR: + } + else + { +- ssl_set_ca_chain(&_SSL[sslID].ctx, &_SSL[sslID].cacert, NULL, _SSL[sslID].hostname); ++ mbedtls_ssl_conf_ca_chain(&_SSL[sslID].config, &_SSL[sslID].cacert, NULL); + Memory::Write_U32(SSL_OK, _BufferIn); + } + INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINROOTCA = %d", ret); +@@ -358,9 +356,11 @@ _SSL_NEW_ERROR: + int sslID = Memory::Read_U32(BufferOut) - 1; + if (SSLID_VALID(sslID)) + { ++ mbedtls_ssl_setup(&_SSL[sslID].ctx, &_SSL[sslID].config); + _SSL[sslID].sockfd = Memory::Read_U32(BufferOut2); + INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_CONNECT socket = %d", _SSL[sslID].sockfd); +- ssl_set_bio(&_SSL[sslID].ctx, net_recv, &_SSL[sslID].sockfd, net_send, &_SSL[sslID].sockfd); ++ mbedtls_ssl_set_bio(&_SSL[sslID].ctx, &_SSL[sslID].sockfd, mbedtls_net_send, ++ mbedtls_net_recv, NULL); + Memory::Write_U32(SSL_OK, _BufferIn); + } + else +diff --git a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h +index ccd6263..3517160 100644 +--- a/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h ++++ b/Source/Core/Core/Src/IPC_HLE/WII_IPC_HLE_Device_net_ssl.h +@@ -7,9 +7,10 @@ + + #include "WII_IPC_HLE_Device.h" + +-#include <polarssl/entropy.h> +-#include <polarssl/net.h> +-#include <polarssl/ssl.h> ++#include <mbedtls/entropy.h> ++#include <mbedtls/net.h> ++#include <mbedtls/ssl.h> ++#include <mbedtls/compat-1.3.h> + + #define NET_SSL_MAX_HOSTNAME_LEN 256 + #define NET_SSL_MAXINSTANCES 4 +@@ -56,6 +57,7 @@ enum SSL_IOCTL + + typedef struct { + ssl_context ctx; ++ mbedtls_ssl_config config; + ssl_session session; + entropy_context entropy; + x509_crt cacert; +diff --git a/Source/Core/Core/Src/Movie.cpp b/Source/Core/Core/Src/Movie.cpp +index 9f3ca7e..7030a72 100644 +--- a/Source/Core/Core/Src/Movie.cpp ++++ b/Source/Core/Core/Src/Movie.cpp +@@ -22,10 +22,14 @@ + #include "HW/EXI_Channel.h" + #include "HW/DVDInterface.h" + #include "../../Common/Src/NandPaths.h" +-#include "polarssl/md5.h" + #include "scmrev.h" + #include "NetPlayProto.h" + ++#include <mbedtls/config.h> ++#include <mbedtls/md.h> ++ ++static const mbedtls_md_info_t* s_md5_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5); ++ + // The chunk to allocate movie data in multiples of. + #define DTM_BASE_LENGTH (1024) + +@@ -1211,7 +1215,7 @@ void CheckMD5() + unsigned char gameMD5[16]; + char game[255]; + memcpy(game, SConfig::GetInstance().m_LocalCoreStartupParameter.m_strFilename.c_str(), SConfig::GetInstance().m_LocalCoreStartupParameter.m_strFilename.size()); +- md5_file(game, gameMD5); ++ mbedtls_md_file(s_md5_info, game, gameMD5); + + if (memcmp(gameMD5,MD5,16) == 0) + Core::DisplayMessage("Checksum of current game matches the recorded game.", 2000); +@@ -1225,7 +1229,7 @@ void GetMD5() + memset(MD5, 0, sizeof(MD5)); + char game[255]; + memcpy(game, SConfig::GetInstance().m_LocalCoreStartupParameter.m_strFilename.c_str(),SConfig::GetInstance().m_LocalCoreStartupParameter.m_strFilename.size()); +- md5_file(game, MD5); ++ mbedtls_md_file(s_md5_info, game, MD5); + Core::DisplayMessage("Finished calculating checksum.", 2000); + } + +diff --git a/Source/Core/Core/Src/ec_wii.cpp b/Source/Core/Core/Src/ec_wii.cpp +index 60c1afc..1431bd9 100644 +--- a/Source/Core/Core/Src/ec_wii.cpp ++++ b/Source/Core/Core/Src/ec_wii.cpp +@@ -10,8 +10,9 @@ + #include <stdio.h> + #include <string.h> + #include "Common.h" +-#include <polarssl/aes.h> +-#include "polarssl/sha1.h" ++#include <mbedtls/aes.h> ++#include <mbedtls/sha1.h> ++#include <mbedtls/compat-1.3.h> + #include "Crypto/tools.h" + #include "FileUtil.h" + #include "ec_wii.h" +diff --git a/Source/Core/DiscIO/Src/NANDContentLoader.cpp b/Source/Core/DiscIO/Src/NANDContentLoader.cpp +index 4e722d1..7601cd4 100644 +--- a/Source/Core/DiscIO/Src/NANDContentLoader.cpp ++++ b/Source/Core/DiscIO/Src/NANDContentLoader.cpp +@@ -6,7 +6,8 @@ + + #include <algorithm> + #include <cctype> +-#include <polarssl/aes.h> ++#include <mbedtls/aes.h> ++#include <mbedtls/compat-1.3.h> + #include "MathUtil.h" + #include "FileUtil.h" + #include "Log.h" +diff --git a/Source/Core/DiscIO/Src/VolumeCreator.cpp b/Source/Core/DiscIO/Src/VolumeCreator.cpp +index 3f20c4c..4568101 100644 +--- a/Source/Core/DiscIO/Src/VolumeCreator.cpp ++++ b/Source/Core/DiscIO/Src/VolumeCreator.cpp +@@ -4,7 +4,8 @@ + + #include <vector> + +-#include <polarssl/aes.h> ++#include <mbedtls/aes.h> ++#include <mbedtls/compat-1.3.h> + + #include "VolumeCreator.h" + +diff --git a/Source/Core/DiscIO/Src/VolumeWiiCrypted.cpp b/Source/Core/DiscIO/Src/VolumeWiiCrypted.cpp +index ef463f8..bdc178a 100644 +--- a/Source/Core/DiscIO/Src/VolumeWiiCrypted.cpp ++++ b/Source/Core/DiscIO/Src/VolumeWiiCrypted.cpp +@@ -5,7 +5,8 @@ + #include "VolumeWiiCrypted.h" + #include "VolumeGC.h" + #include "StringUtil.h" +-#include <polarssl/sha1.h> ++#include <mbedtls/sha1.h> ++#include <mbedtls/compat-1.3.h> + + namespace DiscIO + { +diff --git a/Source/Core/DiscIO/Src/VolumeWiiCrypted.h b/Source/Core/DiscIO/Src/VolumeWiiCrypted.h +index 4756a88..e9547c0 100644 +--- a/Source/Core/DiscIO/Src/VolumeWiiCrypted.h ++++ b/Source/Core/DiscIO/Src/VolumeWiiCrypted.h +@@ -7,7 +7,8 @@ + + #include "Volume.h" + #include "Blob.h" +-#include <polarssl/aes.h> ++#include <mbedtls/aes.h> ++#include <mbedtls/compat-1.3.h> + + // --- this volume type is used for encrypted Wii images --- + +diff --git a/Source/Core/DolphinWX/Src/MemoryCards/WiiSaveCrypted.h b/Source/Core/DolphinWX/Src/MemoryCards/WiiSaveCrypted.h +index 6ec4194..930bf07 100644 +--- a/Source/Core/DolphinWX/Src/MemoryCards/WiiSaveCrypted.h ++++ b/Source/Core/DolphinWX/Src/MemoryCards/WiiSaveCrypted.h +@@ -7,8 +7,9 @@ + + #include "StringUtil.h" + #include "Crypto/tools.h" +-#include <polarssl/aes.h> +-#include "polarssl/md5.h" ++#include <mbedtls/aes.h> ++#include <mbedtls/md5.h> ++#include <mbedtls/compat-1.3.h> + + // --- this is used for encrypted Wii save files + +-- +2.6.2 + diff --git a/debian/patches/series b/debian/patches/series index 8c8db18..93267f4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,3 +9,4 @@ 09_arm-use-gl.patch 10_include_findx11.patch 11_ffmpeg_2.9.patch +12_mbedtls_2.0.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/dolphin-emu.git _______________________________________________ Pkg-games-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits
