Context Navigation

Introduction

This page tracks the ACK/NACK/merge status of Adriaan's PolarSSL patches. So far, these patches have been discussed on the mailinglist, as well as a few IRC meetings:

Patches

Doxygen

Patches are viewable from here.

Patch	Acked-by	Notes
Added Doxygen doxyfile	dazo
Added data channel crypto docs	dazo
Added control channel crypto docs	jamesyonan
Added compression docs	jamesyonan
Added reliability layer documentation	jamesyonan
Added memory management documentation	jamesyonan
Added data channel fragmentation docs	jamesyonan
Added main/control docs	jamesyonan
Moved doxygen-specific files to a separate directory	dazo

In the meeting held July 7th, James Yonan gave an ACK to these patches as long as they don't change any functionality. As far as I could spot, this is true. (dazo)

OpenSSL crypto separation

Patches are viewable from here

Patch	Acked-by	Notes	Upstream commit
Changed configure to accept --with-ssl-type=openssl	dazo	0a18017472edb52c5535bc814c2aceaa2b562222
Refactored to rand_bytes for OpenSSL-independency	dazo	6825182b8137c036afcdc0e48397c0ea5ffc2404
Refactored OpenSSL-specific constants	dazo	b5738e5b858274785eff30edb4748e3f641e0b1c
Refactored maximum cipher and hmac length constants	dazo	23ee3563de28820919fe83f8f5b7289dc4ed42ae
Refactored show_available_* functions	dazo	7151f3f78ea49e3ce98619884aa4e2aa57cb90fb
Refactored SSL_clear_error()	dazo	330715f0abec92dad434f3ca38557e5cff03f2a3
Refactored crypto initialisation functions	dazo	b01cb9ef6b7ed5769f925fc96b6eb534c794203f
Refactored DES key manipulation functions	dazo,jamesyonan	183c3d190b12df6c0e9023e5a60f3aa2d3d66140
Refactored NTLM DES key generation	dazo	4a5a6033f95369a2d94e2dafff1d702f82f118ba
Refactored message digest type functions	dazo	902f674ef4170fd10cf47f216632e51214db6966
Refactored message digest functions	dazo	d5f4461779899dc13be3fc7d41e0f0ac308ffa73
Refactored HMAC functions	dazo	Additional fixes in Moved HMAC prints back to main crypto module	e8c950f12dfd6187f084fb06b6fe6e57c030bdad
Refactored cipher key types	dazo,jamesyonan	ACK when combined with Fixed an unintentional change in the options calculated key size.	670f9dd91aed7ac435b79c0e28e49fa7c256642c
Refactored cipher functions	dazo	485c5f76a15e7f9950a3ee3126dbf50f66f9ef82
Added PRNG doxygen	dazo	279a308eed40d756cf6644c5a1a82f2aecda8dd8
Refactored: Moved crypto.h inline functions to end of file	dazo	76dafacecdcdf30a8278ab3abcec64831e95054f
Removed stale OpenSSL defines from crypto.h	dazo	1b1a98069b290512f673db5630eb4134f4899f16
Whitespace fixes in ntlm.c	NACK	jamesyonan: only changes style	(skipped)
Added a check for Openssl or PolarSSL defines	dazo	253329a8588939da09867349c6a6aae62a21c667

SSL library separation

Patch	Acked-by	Notes	Upstream commit
Refactored: Added stubs for new files	cron2	9a160b796e1a40f9635231e5533ce40d46dba25f
Refactored SSL initialisation functions	cron2	95993a1df3c39fd2ea9c037b2f0bfcdf040b7d59
Refactored TLS_PRF to new hmac and md primitives	cron2,jamesyonan	Also look here	eab0cf2df1b1f1f73a657384c0fdb201508c0399
Refactored tls_show_available_ciphers	cron2,jamesyonan	397c0a35c5b36c270678c717e931476dc42bfa5c
Refactored get_highest_preference_tls_cipher	cron2	b64ffdcf09edd7110c1f851942d0e8d4e05d883c
Refactored root SSL context initialisation	cron2,jamesyonan	6245178696842fb22f2c53d87184236fd471a334
Refactored new external key code	cron2,jamesyonan	df904551cde7534e3f58809cb810164749fbbc28
Refactored DH paramater loading	cron2	ac3e8d62ba14d4ee376fd3c9f20bccc3e53e7371
Refactored root TLS option settings	cron2	b5563f1154a4a4e1d4742b7194e4974a3b53b78f
Refactored PKCS#12 key loading	cron2,jamesyonan	289a8bb806150b418abb64abea26cb4106811850
Refactored PKCS#11 loading	cron2	d1013cfe957ab3961b8b78486704ddcdecba513b
Refactored windows cert loading	cron2	d494c31501635cbd5ae0e864849901bb3a4d3565
Refactored load certificate functions	jamesyonan	dazo: check if ssl.c causes problems when merging to "master"	f4047d7420bac6bce5e8862771f0c20d42ba68ed
Refactored private key loading code	dazo	d67c3147b006aed24f0c3f6e0e288bf0d6a55973
Refactored external key loading from management	jamesyonan	5f4eb537d7a4eb28db8bd6211bc8e29ae5c4465a
Refactored CA and extra certs code	dazo: functional ACK, needs style cleanup in separate patch		244da317ee9d32a04da80e87502883453f6618cc
Refactored cipher restriction code	dazo	ACK with this patch:Removed a stray Fox-IT tag	2e74a9d02da9ac071438e24de8561ccf9192e94a
Rafactored tls_options, key_state, and key_source data structures	jamesyonan	67d8a0d4e9bcca4299158c80f184c7dea57a9eab
Refactored initalisation of key_states	jamesyonan	d7efe640112f94cb20ce52a6adf0bd1b4d5f4ec2
Refactored key_state free code	cron2	214fc873fe744ac722e9dd69917b6254e2151af2
Refactored print_details	cron2	963ad54e53c1fc1b701a9c62231b011243321cef
Refactored key_state read code (including bio_read())	jamesyonan	dd5e1102c1a2a431510be3e5a179c6e264d8f913
Refactored key_state write functions	jamesyonan	bf707bd2b1f3af28afed84738e0f6a59db59bb74
Refactored: Moved BIO debug functions to OpenSSL backend	cron2	dea110e0531c88c71f71bc91badbaa8f6fb37e72
Refactored: removed ks and ks_lame macro for clarity	jamesyonan	57513aac1aac93190d56ffb3a1a642460f318253
Refactored: minor whitespace fixes in ssl.c	cron2	(not found, NACKed?)
Refactored: moved write_empty_string function back	cron2	fef565a31640e9de2bc518ea7264a067a5efd38e
Refactored Doxygen for tls_multi functions	cron2	897f8be4efa2d4b7cae100fe89838eb62e26f3b3

Verification functions

NOTE: Some Github pages have links to "diff of diff" pages. These make it easier to visualize if / how the patch changes functionality.

Patch	Acked-by	Notes	Upstream commit
Migrated data structures needed by verification functions to ssl_common.h	jamesyonan	49620510205af8623efad434b471a4089851da19
Refactored client_config_dir_exclusive function	jamesyonan	88aaf1aefd91b3704b3b00eeddff3befdefbc2b8
Refactored certificate hash lock checks	jamesyonan	82f925b60c0f029295975e64d9acabb53c0a5e3c
Refactored common name locking functions	jamesyonan	ACK when coupled with Added back checks for ks->authenticated in verify_user_pass	530af3efa38bd4e1044e5982f1970f5d772dbb48
Refactored username and password authentication code	jamesyonan	ACK, provided it's tested properly before 2.3 release	d0811e643cddd796722fb1d0050ad57168da29d4
Add some extra comments	jamesyonan	e285cdb0a266fe43c282bc77cda4447d3043fffd
Refactored: split verify_callback into two parts	jamesyonan	0a67e4621dea40ff5aa292cebbd271633adbf157
Added function to extract and verify the subject from a certificate	jamesyonan	971790dae113e4665e1508ab17698047e7321c69
Added function to verify and extract the username	jamesyonan	dd4cdb9ee740527f32198ef27b9901e396e045be
Refactored: removed global x509_username_field	jamesyonan	19dd3ef12f45b2c70c0657ea72fbdce5241e45c2
Refactored: separated environment setup during verification	jamesyonan	fe100528c780548c21d664d1c14b37cbfd4c3e0f
Refactored: Netscape certificate type verification	jamesyonan	06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa
Refactored key usage verification code	jamesyonan	876752aed66a143295d9d0d4e61dc9a8beca2f5e
Refactored EKU verification	jamesyonan	587f419b714d283ad6d5c861d6f1ecf12345b89d
Refactored tls-remote checking	jamesyonan	a4c926bb5939d95d9e7c0dfd4b83e61a11f86c90
Refactored tls-verify-plugin code	jamesyonan	75c67073ed5d35b0efcd2a99492cf34339da08fb
Refactored tls-verify script code	jamesyonan	ACK when coupled with Moved gc_new and gc_free to begin end of function	3e44ea55339429ede83857c9e79cc218d6bc297f
Refactored CRL checks	jamesyonan	"Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly"	83c49a3ef135141101b71037f315099d32219bbf
Minor cleanup in verify_cert:	jamesyonan	3cb348e46e5e356eb7e1fe44d1e35f1152865e28
Refactored: Moved verify_cert to ssl_verify	jamesyonan	36fae2ec0d04ee078db6ab3888815ea49660104a
Cleaned up ssl.h	jamesyonan	9fb45319cba1f99ffe5538243a4e735191504cc8
Refactored: made M_SSL dependent on USE_OPENSSL	jamesyonan	71ebd84debcea72d5b86861aca33553eb435126c
Refactored: renamed X509 functions from verify_*	jamesyonan	bb53a20a9b678da3acce6b73cb3d6f73ebdbede9
Separated OpenSSL-specific parts of the PKCS#11 driver	jamesyonan	5fe5fe9e6264d45154a7ece8c85fa70173429ff8
Modified base64 code in preparation for PolarSSL merge	jamesyonan	a4da1fe776b774670948f00898d370da614960f5
Final cleanup before PolarSSL addition:	jamesyonan	fceecbab9ddd58ccec28aeafa7be39c65f313458
Refactored X509 track feature to be contained within the openssl backend	jamesyonan	725336282db0c9f160d6ef577288e5a628959776

PolarSSL addition

Patch	Acked-by	Notes	Upstream commit
Added PolarSSL support:	jamesyonan,cron2	only the modified parts, _polarssl parts will be shown at a slower pace	53f97e1e9125aa9327c7ecf4a1b0b1a0c20cf2de
Fixed a missing include in ssl_backend.h	cron2	8c96419559b5978cf6096e63caec2c197266b961
Fixed a bug in the hash generation in ssl_verify_openssl.c	jamesyonan, cron2	f25d29c9b239b757f5391f0fb1a7353ec6b8bbcf
Added SHA_DIGEST_SIZE definition	jamesyonan, cron2	7ce40d9931ab9f16c83b282eb0f2ba1ebefd7079
Changed PolarSSL crypto backend to support v0.99-pre5	cron2, jamesyonan	be0a08d452f7fafde507361c76d8724f047cfb3f
Updated ssl_polarssl.c to work with 0.99-pre5	cron2, jamesyonan	50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77
Fixed a compilation warning for size_t key sizes	NACK, %zd is not portable	ack together with Moved from %zd to a more compatible format string (counter_format)	Merged both commits into c2896b10c5f170d3821a647c1f38f542fdeba9eb, ACKed by dazo
Added a warning that the PolarSSL library does not support pkcs12 files.	cron2,jamesyonan	88133cdb961afcfb2de4576b0647f90378a67cc3
Added warning that --capath is not available with PolarSSL	cron2,jamesyonan	8d26c253e8f62d67b51d50f82c333ed4412000ac
Disable CryptoAPI when not using OpenSSL, and document that fact.	cron2,jamesyonan	93c22ecc635bc5047468629f2a5423a153910c0b
Removed support for management external keys in PolarSSL	cron2, jamesyonan	5fa82c550f8160bb8dd107bc5f3d516ba996dd6d
Removed stray X509_free from ssl.c	jamesyonan	477127061a22e6e998755c657873aa1b212ea59a
Refactored (and disabled for PolarSSL) support for writing external cert files in scripts	jamesyonan	8bb72fbcba4721a68333f06d8b38a5ad05f6638a
Added an extra define to allow building without PKCS#11	jamesyonan	a9bf901c76aca35cb40845177ef639225b6dabd5
Added SSL library to title string	jamesyonan, cron2	88203950ef5ce2f23325ceff5ad247033dfa0005
Disabled X.509 track and username selection for PolarSSL	jamesyonan	7dd8bbf574672b60d4776bee0ef9908cf1f49c2f

Misc cleanup

Patch	Acked-by	Notes	Upstream commit
Hardening: periodically reset the PRNG's nonce value	jamesyonan	557624e0a7282cf31cd3b58f8155f11f0517f254
Fixes for the plugin system:	jamesyonan	1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb
Further improvements to plugin support:	jamesyonan	bcedab1f498d480cc1d4d60789b8459c1498c330
Got rid of a few magic numbers in ntlm.c	jamesyonan	New version of same patch applied: 9788322b9566101119484d992364e8b1bb1d4dd4 (ACK by dazo)
Fixed an unintentional change in the options calculated key size.	dazo	A fix to Refactored cipher key types	1271be60c88e6d7e0208fdb893f1e553c2b5f0cf
Moved print messages back to generic crypto.c from cipher backends	dazo	dazo: "We need to fix spelling on -> one"	0d4ec3d8bbf39e4802781e1b3c881d76e068217f
Moved HMAC prints back to main crypto module	dazo	Req. by Refactored HMAC functions	62242ed28d4cb3adec4edd6c39c6ed3f1c50cb37
Added back checks for ks->authenticated in verify_user_pass	jamesyonan	Required by Refactored common name locking functions	c94eff3c2fe2f1ae85159294ce89f80d676f8c36
Moved gc_new and gc_free to begin end of function	jamesyonan	Requirement for Refactored tls-verify script code	b26341cdb7e58a00c0d2ab5e5b1e3ad59c0a60b7
Fixed a bug in the return value of ssl_verify when pre_verify failed	jamesyonan	4ce976fb280fc279fc2f9e6478ca55716cf3d081
Unified verification function return values	jamesyonan	8a840d832e9576bdcb7c6819a3a9401e0d9fd545
Removed a stray Fox-IT tag	dazo	Req.by Refactored cipher restriction code	2e791e6577db296b1b34379e3308a96c2f49afa9
Fixed a typo: print the subject instead of the serial for verification e..	jamesyonan	58ddb7b89240e4a484c5171be6df285563eda392
Made SSL_CIPHER const in print_details, to fix warning	dazo	0e282134d58b15c8fd21defb22c963e96b0d5372
Moved to PolarSSL 1.0.0:	dazo	eaacf8d8f289fefa9a64b85e72552f949d4c28c6

Last modified 13 years ago Last modified on 10/24/11 11:19:33

Download in other formats:

Plain Text