Added mechanism to provide alternative cipher / hash implementations

All symmetric cipher algorithms and hash algorithms now include support for a POLARSSL_XXX_ALT flag that prevents the definition of the algorithm context structure and all 'core' functions.
2013-06-12 16:49:10 +02:00 · 2013-06-12 16:49:10 +02:00 · 4087c47043
commit 4087c47043
parent 9691bbe9b3
27 changed files with 331 additions and 34 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2547,11 +2547,15 @@ static void ssl_calc_finished_ssl(
     *         SHA1( handshake + sender + master + pad1 ) )
     */

+#if !defined(POLARSSL_MD5_ALT)
    SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
                    md5.state, sizeof(  md5.state ) );
+#endif

+#if !defined(POLARSSL_SHA1_ALT)
    SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
                   sha1.state, sizeof( sha1.state ) );
+#endif

    sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
                                       : "SRVR";
@ -2618,11 +2622,15 @@ static void ssl_calc_finished_tls(
     *               MD5( handshake ) + SHA1( handshake ) )[0..11]
     */

+#if !defined(POLARSSL_MD5_ALT)
    SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
                    md5.state, sizeof(  md5.state ) );
+#endif

+#if !defined(POLARSSL_SHA1_ALT)
    SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
                   sha1.state, sizeof( sha1.state ) );
+#endif

    sender = ( from == SSL_IS_CLIENT )
             ? "client finished"
@ -2666,8 +2674,10 @@ static void ssl_calc_finished_tls_sha256(
     *               Hash( handshake ) )[0.11]
     */

+#if !defined(POLARSSL_SHA2_ALT)
    SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
                   sha2.state, sizeof( sha2.state ) );
+#endif

    sender = ( from == SSL_IS_CLIENT )
             ? "client finished"
@ -2710,8 +2720,10 @@ static void ssl_calc_finished_tls_sha384(
     *               Hash( handshake ) )[0.11]
     */

+#if !defined(POLARSSL_SHA4_ALT)
    SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
                   sha4.state, sizeof( sha4.state ) );
+#endif

    sender = ( from == SSL_IS_CLIENT )
             ? "client finished"