openwrt/package/libs/polarssl/patches/200-reduce_config.patch
Hauke Mehrtens b792ea7ac0 polarssl: update to version 1.3.14
This fixes CVE-2015-5291 and some other smaller security issues.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47201
2015-10-18 21:48:32 +00:00

253 lines
5.3 KiB
Diff

--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -432,8 +432,8 @@
* Requires: POLARSSL_HMAC_DRBG_C
*
* Comment this macro to disable deterministic ECDSA.
- */
#define POLARSSL_ECDSA_DETERMINISTIC
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
@@ -454,8 +454,8 @@
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -478,8 +478,8 @@
* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_PSK_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -498,8 +498,8 @@
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -523,8 +523,8 @@
* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_PSK_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
@@ -602,8 +602,8 @@
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -626,8 +626,8 @@
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- */
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -650,8 +650,8 @@
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ */
/**
* \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -674,8 +674,8 @@
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ */
/**
* \def POLARSSL_PK_PARSE_EC_EXTENDED
@@ -835,8 +835,8 @@
* \def POLARSSL_SELF_TEST
*
* Enable the checkup functions (*_self_test).
- */
#define POLARSSL_SELF_TEST
+ */
/**
* \def POLARSSL_SSL_AEAD_RANDOM_IV
@@ -1138,8 +1138,8 @@
* Requires: POLARSSL_VERSION_C
*
* Comment this to disable run-time checking and save ROM space
- */
#define POLARSSL_VERSION_FEATURES
+ */
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1457,8 +1457,8 @@
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
#define POLARSSL_CAMELLIA_C
+ */
/**
* \def POLARSSL_CCM_C
@@ -1485,8 +1485,8 @@
* Requires: POLARSSL_PEM_PARSE_C
*
* This module is used for testing (ssl_client/server).
- */
#define POLARSSL_CERTS_C
+ */
/**
* \def POLARSSL_CIPHER_C
@@ -1525,8 +1525,8 @@
* library/ssl_tls.c
*
* This module provides debugging functions.
- */
#define POLARSSL_DEBUG_C
+ */
/**
* \def POLARSSL_DES_C
@@ -1581,8 +1581,8 @@
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
*
* Requires: POLARSSL_ECP_C
- */
#define POLARSSL_ECDH_C
+ */
/**
* \def POLARSSL_ECDSA_C
@@ -1596,8 +1596,8 @@
* ECDHE-ECDSA
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
- */
#define POLARSSL_ECDSA_C
+ */
/**
* \def POLARSSL_ECP_C
@@ -1609,8 +1609,8 @@
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
- */
#define POLARSSL_ECP_C
+ */
/**
* \def POLARSSL_ENTROPY_C
@@ -1649,8 +1649,8 @@
*
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
- */
#define POLARSSL_GCM_C
+ */
/**
* \def POLARSSL_HAVEGE_C
@@ -1686,8 +1686,8 @@
* Requires: POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
- */
#define POLARSSL_HMAC_DRBG_C
+ */
/**
* \def POLARSSL_MD_C
@@ -1813,8 +1813,8 @@
* Requires: POLARSSL_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
- */
#define POLARSSL_PADLOCK_C
+ */
/**
* \def POLARSSL_PBKDF2_C
@@ -1979,8 +1979,8 @@
* Module: library/ripemd160.c
* Caller: library/md.c
*
- */
#define POLARSSL_RIPEMD160_C
+ */
/**
* \def POLARSSL_RSA_C
@@ -2059,8 +2059,8 @@
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
- */
#define POLARSSL_SSL_CACHE_C
+ */
/**
* \def POLARSSL_SSL_CLI_C
@@ -2136,8 +2136,8 @@
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
- */
#define POLARSSL_TIMING_C
+ */
/**
* \def POLARSSL_VERSION_C
@@ -2147,8 +2147,8 @@
* Module: library/version.c
*
* This module provides run-time version information.
- */
#define POLARSSL_VERSION_C
+ */
/**
* \def POLARSSL_X509_USE_C
@@ -2257,8 +2257,8 @@
*
* Module: library/xtea.c
* Caller:
- */
#define POLARSSL_XTEA_C
+ */
/* \} name SECTION: mbed TLS modules */