Hi, On Tue, 2015-10-27 at 22:29 +0100, Moritz Mühlenhoff wrote: > On Wed, Oct 21, 2015 at 01:43:26PM +0100, James Cowgill wrote: > > Hi, > > > > On Tue, 2015-10-20 at 19:37 +0200, Florian Weimer wrote: > > > * James Cowgill: > > [...] > > > > One thing which was suggested was to use 1.3.14 and then disable at > > > > compile time all the new features which may affect the ABI and then > > > > revert the SONAME change, but is doing that actually allowed for the > > > > security archive or will the update be too big? > > > > > > We can do that, but I don't know if it is a good idea to patch > > > cryptographic software in such extensive ways. > > > > > > We can live with the addition of new symbols, but removal of symbols, > > > changes in struct sizes or offsets, and so on, would be hugely > > > problematic. For are start, you could just build both the old and new > > > versions and run libabigail on them, to get an idea what actually did > > > change. > > > > So I checked the ABI and had to revert a few commits. I've attached the > > original libabigail diff (all against upstream versions) and the diff > > after my patches. The variables don't look to me like they were ever > > intended to be part of the public ABI so I don't think they're that > > important. > > Could you test that the reverse build deps in jessie still build? > If so, I'd be fine with that approach for jessie.
Sorry it took a little longer than I expected, but here is a patch for jessie. It can be applied on top of 1.3.14 in experimental. The patch reverts the library rename in 1.3.14-0.1, applies the compatability patch, and adds a call to dh_makeshlibs to ensure any reverse dependencies emit a (>= 1.3.14) dependency since a small number of symbols have been added in 1.3.14. All the reverse dependencies build in jessie chroots except for mongrel2 which FTBFS for unrelated reasons (see #804331 and #804385). > For wheezy we can probably only make it end-of-life? There's > only two reverse deps (pdns and gatling). Upstream have bumped the SONAME of 1.2 as well do doing the same here for wheezy could be a lot of work. For this particular bug the fix seems to be a lot simpler though: https://github.com/ARMmbed/mbedtls/commit/13ca8951f96f00750c9fda9928a9affcddcd342c I also notice the above commit has been applied to squeeze-lts already. Thanks, James
diff --git a/debian/changelog b/debian/changelog
index 4f62031..2bbcad4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-polarssl (1.3.14-0.1) experimental; urgency=high
+polarssl (1.3.14-0.1~deb8u1) jessie-security; urgency=high
* Non-maintainer upload.
* New upstream release. (Closes: #787324)
@@ -10,10 +10,12 @@ polarssl (1.3.14-0.1) experimental; urgency=high
- Fixes mips64el bignum implementation. (Closes: #773306)
- Fixes parsing of certain PCKS#3 files. (Closes: #781840)
- * Rename libpolarssl7 package to libmbedtls9 due to SONAME bump.
+ * Patch added to maintain ABI compatibility with libpolarssl7 in jessie.
* Drop CVE-2015-1182.patch - applied upstream.
+ * Ensure reverse dependencies emit a (>= 1.3.14) dependency due to new
+ symbols introduced in 1.3.14.
- -- James Cowgill <[email protected]> Fri, 23 Oct 2015 21:49:24 +0100
+ -- James Cowgill <[email protected]> Mon, 09 Nov 2015 14:14:26 +0000
polarssl (1.3.9-2.1) unstable; urgency=high
diff --git a/debian/control b/debian/control
index 4507611..b96a728 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Homepage: http://polarssl.org
Package: libpolarssl-dev
Architecture: any
Section: libdevel
-Depends: libc6-dev, ${misc:Depends}, libmbedtls9 (= ${binary:Version})
+Depends: libc6-dev, ${misc:Depends}, libpolarssl7 (= ${binary:Version})
Description: lightweight crypto and SSL/TLS library
PolarSSL is a lean open source crypto library for providing SSL and TLS
support in your programs. It offers an intuitive API and documented header
@@ -46,7 +46,7 @@ Description: lightweight crypto and SSL/TLS library
.
This package contains the runtime executables.
-Package: libmbedtls9
+Package: libpolarssl7
Architecture: any
Section: libs
Depends: ${shlibs:Depends}, ${misc:Depends}
diff --git a/debian/libmbedtls9.lintian-overrides b/debian/libmbedtls9.lintian-overrides
deleted file mode 100644
index ce2276d..0000000
--- a/debian/libmbedtls9.lintian-overrides
+++ /dev/null
@@ -1,3 +0,0 @@
-# For compatability and to avoid conflicting with the libmbedtls-dev
-# package, the shlib symlink is called 'libpolarssl.so'
-libmbedtls9 binary: dev-pkg-without-shlib-symlink usr/lib/libmbedtls.so.9 usr/lib/libmbedtls.so
diff --git a/debian/libpolarssl-dev.links b/debian/libpolarssl-dev.links
index 1aacf15..3225358 100644
--- a/debian/libpolarssl-dev.links
+++ b/debian/libpolarssl-dev.links
@@ -1 +1 @@
-usr/lib/libmbedtls.so.9 usr/lib/libpolarssl.so
+usr/lib/libpolarssl.so.7 usr/lib/libpolarssl.so
diff --git a/debian/libmbedtls9.install b/debian/libpolarssl7.install
similarity index 100%
rename from debian/libmbedtls9.install
rename to debian/libpolarssl7.install
diff --git a/debian/patches/02-makefile-destdir-fix.patch b/debian/patches/02-makefile-destdir-fix.patch
index d63e251..f552359 100644
--- a/debian/patches/02-makefile-destdir-fix.patch
+++ b/debian/patches/02-makefile-destdir-fix.patch
@@ -4,7 +4,7 @@ Author: Arnaud Cornet <[email protected]>
--- a/Makefile
+++ b/Makefile
-@@ -19,20 +19,19 @@ tests: lib
+@@ -19,20 +19,18 @@ tests: lib
$(MAKE) -C tests
install:
@@ -16,8 +16,7 @@ Author: Arnaud Cornet <[email protected]>
- mkdir -p $(DESTDIR)/lib
- cp -RP library/libpolarssl.* library/libmbedtls.* $(DESTDIR)/lib
+ mkdir -p $(DESTDIR)/usr/lib
-+ cp library/libmbedtls.so.* $(DESTDIR)/usr/lib
-+ cp library/libmbedtls.a $(DESTDIR)/usr/lib/libpolarssl.a
++ cp library/libpolarssl.* $(DESTDIR)/usr/lib
- mkdir -p $(DESTDIR)/bin
+ mkdir -p $(DESTDIR)/usr/bin
diff --git a/debian/patches/jessie-compatability.patch b/debian/patches/jessie-compatability.patch
new file mode 100644
index 0000000..dd22d54
--- /dev/null
+++ b/debian/patches/jessie-compatability.patch
@@ -0,0 +1,1302 @@
+--- a/include/polarssl/asn1.h
++++ b/include/polarssl/asn1.h
+@@ -155,7 +155,6 @@ typedef struct _asn1_named_data
+ asn1_buf oid; /**< The object identifier. */
+ asn1_buf val; /**< The named value. */
+ struct _asn1_named_data *next; /**< The next entry in the sequence. */
+- unsigned char next_merged; /**< Merge next item into the current one? */
+ }
+ asn1_named_data;
+
+--- a/include/polarssl/config.h
++++ b/include/polarssl/config.h
+@@ -896,7 +896,7 @@
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+-#define POLARSSL_SSL_ENCRYPT_THEN_MAC
++//#define POLARSSL_SSL_ENCRYPT_THEN_MAC
+
+ /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
+ *
+@@ -914,7 +914,7 @@
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+-#define POLARSSL_SSL_EXTENDED_MASTER_SECRET
++//#define POLARSSL_SSL_EXTENDED_MASTER_SECRET
+
+ /**
+ * \def POLARSSL_SSL_FALLBACK_SCSV
+@@ -931,7 +931,7 @@
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+-#define POLARSSL_SSL_FALLBACK_SCSV
++//#define POLARSSL_SSL_FALLBACK_SCSV
+
+ /**
+ * \def POLARSSL_SSL_HW_RECORD_ACCEL
+@@ -953,7 +953,7 @@
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+-#define POLARSSL_SSL_CBC_RECORD_SPLITTING
++//#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+
+ /**
+ * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
+--- a/include/polarssl/pk.h
++++ b/include/polarssl/pk.h
+@@ -174,9 +174,6 @@ typedef struct
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+- /** Check public-private key pair */
+- int (*check_pair_func)( const void *pub, const void *prv );
+-
+ /** Allocate a new context */
+ void * (*ctx_alloc_func)( void );
+
+@@ -427,16 +424,6 @@ int pk_encrypt( pk_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+ /**
+- * \brief Check if a public-private pair of keys matches.
+- *
+- * \param pub Context holding a public key.
+- * \param prv Context holding a private (and public) key.
+- *
+- * \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+- */
+-int pk_check_pair( const pk_context *pub, const pk_context *prv );
+-
+-/**
+ * \brief Export debug information
+ *
+ * \param ctx Context to use
+--- a/include/polarssl/ssl.h
++++ b/include/polarssl/ssl.h
+@@ -253,9 +253,6 @@
+ #define SSL_CBC_RECORD_SPLITTING_DISABLED -1
+ #define SSL_CBC_RECORD_SPLITTING_ENABLED 0
+
+-#define SSL_ARC4_ENABLED 0
+-#define SSL_ARC4_DISABLED 1
+-
+ /**
+ * \name SECTION: Module settings
+ *
+@@ -333,11 +330,7 @@
+ /*
+ * Length of the verify data for secure renegotiation
+ */
+-#if defined(POLARSSL_SSL_PROTO_SSL3)
+ #define SSL_VERIFY_DATA_MAX_LEN 36
+-#else
+-#define SSL_VERIFY_DATA_MAX_LEN 12
+-#endif
+
+ /*
+ * Signaling ciphersuite values (SCSV)
+@@ -755,8 +748,6 @@ struct _ssl_context
+ #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ char extended_ms; /*!< flag for extended master secret */
+ #endif
+- char arc4_disabled; /*!< flag for disabling RC4 */
+-
+ /*
+ * Callbacks (RNG, debug, I/O, verification)
+ */
+@@ -876,11 +867,11 @@ struct _ssl_context
+ int verify_result; /*!< verification result */
+ #if defined(POLARSSL_SSL_RENEGOTIATION)
+ int disable_renegotiation; /*!< enable/disable renegotiation */
+- int renego_max_records; /*!< grace period for renegotiation */
+- unsigned char renego_period[8]; /*!< value of the record counters
+- that triggers renegotiation */
+ #endif
+ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
++#if defined(POLARSSL_SSL_RENEGOTIATION)
++ int renego_max_records; /*!< grace period for renegotiation */
++#endif
+ const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
+ #if defined(POLARSSL_SSL_SET_CURVES)
+ const ecp_group_id *curve_list; /*!< allowed curves */
+@@ -1521,21 +1512,6 @@ void ssl_set_encrypt_then_mac( ssl_conte
+ void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
+ #endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
+-/**
+- * \brief Disable or enable support for RC4
+- * (Default: SSL_ARC4_ENABLED)
+- *
+- * \note Though the default is RC4 for compatibility reasons in the
+- * 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
+- *
+- * \note This function will likely be removed in future versions as
+- * RC4 will then be disabled by default at compile time.
+- *
+- * \param ssl SSL context
+- * \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED
+- */
+-void ssl_set_arc4_support( ssl_context *ssl, char arc4 );
+-
+ #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ /**
+ * \brief Set the maximum fragment length to emit and/or negotiate
+@@ -1690,26 +1666,6 @@ void ssl_legacy_renegotiation( ssl_conte
+ * it but allow for a grace period of max_records records.
+ */
+ void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
+-
+-/**
+- * \brief Set record counter threshold for periodic renegotiation.
+- * (Default: 2^64 - 256.)
+- *
+- * Renegotiation is automatically triggered when a record
+- * counter (outgoing or ingoing) crosses the defined
+- * threshold. The default value is meant to prevent the
+- * connection from being closed when the counter is about to
+- * reached its maximal value (it is not allowed to wrap).
+- *
+- * Lower values can be used to enforce policies such as "keys
+- * must be refreshed every N packets with cipher X".
+- *
+- * \param ssl SSL context
+- * \param period The threshold value: a big-endian 64-bit number.
+- * Set to 2^64 - 1 to disable periodic renegotiation
+- */
+-void ssl_set_renegotiation_period( ssl_context *ssl,
+- const unsigned char period[8] );
+ #endif /* POLARSSL_SSL_RENEGOTIATION */
+
+ /**
+@@ -1990,8 +1946,7 @@ static inline x509_crt *ssl_own_cert( ss
+ */
+ int ssl_check_cert_usage( const x509_crt *cert,
+ const ssl_ciphersuite_t *ciphersuite,
+- int cert_endpoint,
+- int *flags );
++ int cert_endpoint );
+ #endif /* POLARSSL_X509_CRT_PARSE_C */
+
+ /* constant-time buffer comparison */
+--- a/include/polarssl/x509.h
++++ b/include/polarssl/x509.h
+@@ -319,6 +319,7 @@ int x509_get_serial( unsigned char **p,
+ x509_buf *serial );
+ int x509_get_ext( unsigned char **p, const unsigned char *end,
+ x509_buf *ext, int tag );
++int x509_load_file( const char *path, unsigned char **buf, size_t *n );
+ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
+ pk_type_t pk_alg, md_type_t md_alg,
+ const void *sig_opts );
+--- a/library/Makefile
++++ b/library/Makefile
+@@ -31,7 +31,7 @@ LOCAL_CFLAGS += -fPIC -fpic
+ endif
+ endif
+
+-SOEXT=so.9
++SOEXT=so.7
+
+ DLEXT=so
+ # OSX shared library extension:
+@@ -83,7 +83,7 @@ static: libpolarssl.a
+
+ shared: libpolarssl.$(DLEXT)
+
+-libpolarssl.a: libmbedtls.a
++libmbedtls.a: libpolarssl.a
+ echo " LN $@ -> $?"
+ ifndef WINDOWS
+ ln -sf $? $@
+@@ -91,13 +91,14 @@ else
+ copy /y /b $? $@
+ endif
+
+-libmbedtls.a: $(OBJS)
++libpolarssl.a: $(OBJS)
+ echo " AR $@"
+ $(AR) rc $@ $(OBJS)
+ echo " RL $@"
+ $(AR) s $@
++ ln -sf $@ libmbedtls.a
+
+-libpolarssl.$(DLEXT): libmbedtls.$(DLEXT)
++libmbedtls.$(DLEXT): libpolarssl.$(DLEXT)
+ echo " LN $@ -> $?"
+ ifndef WINDOWS
+ ln -sf $? $@
+@@ -112,19 +113,19 @@ else
+ endif
+ endif
+
+-libmbedtls.$(SOEXT): $(OBJS)
++libpolarssl.$(SOEXT): $(OBJS)
+ echo " LD $@"
+ $(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS)
+
+-libmbedtls.so: libmbedtls.$(SOEXT)
+- echo " LN $@ -> libmbedtls.$(SOEXT)"
+- ln -sf libmbedtls.$(SOEXT) $@
++libpolarssl.so: libpolarssl.$(SOEXT)
++ echo " LN $@ -> libpolarssl.$(SOEXT)"
++ ln -sf $< $@
+
+-libmbedtls.dylib: $(OBJS)
++libpolarssl.dylib: $(OBJS)
+ echo " LD $@"
+ $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS)
+
+-libmbedtls.dll: $(OBJS)
++libpolarssl.dll: $(OBJS)
+ echo " LD $@"
+ $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,[email protected] -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
+
+--- a/library/pk.c
++++ b/library/pk.c
+@@ -297,32 +297,6 @@ int pk_encrypt( pk_context *ctx,
+ }
+
+ /*
+- * Check public-private key pair
+- */
+-int pk_check_pair( const pk_context *pub, const pk_context *prv )
+-{
+- if( pub == NULL || pub->pk_info == NULL ||
+- prv == NULL || prv->pk_info == NULL ||
+- prv->pk_info->check_pair_func == NULL )
+- {
+- return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+- }
+-
+- if( prv->pk_info->type == POLARSSL_PK_RSA_ALT )
+- {
+- if( pub->pk_info->type != POLARSSL_PK_RSA )
+- return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+- }
+- else
+- {
+- if( pub->pk_info != prv->pk_info )
+- return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+- }
+-
+- return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+-}
+-
+-/*
+ * Get key size in bits
+ */
+ size_t pk_get_size( const pk_context *ctx )
+--- a/library/pk_wrap.c
++++ b/library/pk_wrap.c
+@@ -115,21 +115,14 @@ static int rsa_encrypt_wrap( void *ctx,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+ {
+- *olen = ((rsa_context *) ctx)->len;
++ ((void) osize);
+
+- if( *olen > osize )
+- return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
++ *olen = ((rsa_context *) ctx)->len;
+
+ return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
+ f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
+ }
+
+-static int rsa_check_pair_wrap( const void *pub, const void *prv )
+-{
+- return( rsa_check_pub_priv( (const rsa_context *) pub,
+- (const rsa_context *) prv ) );
+-}
+-
+ static void *rsa_alloc_wrap( void )
+ {
+ void *ctx = polarssl_malloc( sizeof( rsa_context ) );
+@@ -168,7 +161,6 @@ const pk_info_t rsa_info = {
+ rsa_sign_wrap,
+ rsa_decrypt_wrap,
+ rsa_encrypt_wrap,
+- rsa_check_pair_wrap,
+ rsa_alloc_wrap,
+ rsa_free_wrap,
+ rsa_debug,
+@@ -240,12 +232,6 @@ static int eckey_sign_wrap( void *ctx, m
+
+ #endif /* POLARSSL_ECDSA_C */
+
+-static int eckey_check_pair( const void *pub, const void *prv )
+-{
+- return( ecp_check_pub_priv( (const ecp_keypair *) pub,
+- (const ecp_keypair *) prv ) );
+-}
+-
+ static void *eckey_alloc_wrap( void )
+ {
+ void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
+@@ -283,7 +269,6 @@ const pk_info_t eckey_info = {
+ #endif
+ NULL,
+ NULL,
+- eckey_check_pair,
+ eckey_alloc_wrap,
+ eckey_free_wrap,
+ eckey_debug,
+@@ -307,7 +292,6 @@ const pk_info_t eckeydh_info = {
+ NULL,
+ NULL,
+ NULL,
+- eckey_check_pair,
+ eckey_alloc_wrap, /* Same underlying key structure */
+ eckey_free_wrap, /* Same underlying key structure */
+ eckey_debug, /* Same underlying key structure */
+@@ -381,7 +365,6 @@ const pk_info_t ecdsa_info = {
+ ecdsa_sign_wrap,
+ NULL,
+ NULL,
+- eckey_check_pair, /* Compatible key structures */
+ ecdsa_alloc_wrap,
+ ecdsa_free_wrap,
+ eckey_debug, /* Compatible key structures */
+@@ -434,36 +417,6 @@ static int rsa_alt_decrypt_wrap( void *c
+ RSA_PRIVATE, olen, input, output, osize ) );
+ }
+
+-#if defined(POLARSSL_RSA_C)
+-static int rsa_alt_check_pair( const void *pub, const void *prv )
+-{
+- unsigned char sig[POLARSSL_MPI_MAX_SIZE];
+- unsigned char hash[32];
+- size_t sig_len = 0;
+- int ret;
+-
+- if( rsa_alt_get_size( prv ) != rsa_get_size( pub ) )
+- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+-
+- memset( hash, 0x2a, sizeof( hash ) );
+-
+- if( ( ret = rsa_alt_sign_wrap( (void *) prv, POLARSSL_MD_NONE,
+- hash, sizeof( hash ),
+- sig, &sig_len, NULL, NULL ) ) != 0 )
+- {
+- return( ret );
+- }
+-
+- if( rsa_verify_wrap( (void *) pub, POLARSSL_MD_NONE,
+- hash, sizeof( hash ), sig, sig_len ) != 0 )
+- {
+- return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+- }
+-
+- return( 0 );
+-}
+-#endif /* POLARSSL_RSA_C */
+-
+ static void *rsa_alt_alloc_wrap( void )
+ {
+ void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
+@@ -489,11 +442,6 @@ const pk_info_t rsa_alt_info = {
+ rsa_alt_sign_wrap,
+ rsa_alt_decrypt_wrap,
+ NULL,
+-#if defined(POLARSSL_RSA_C)
+- rsa_alt_check_pair,
+-#else
+- NULL,
+-#endif
+ rsa_alt_alloc_wrap,
+ rsa_alt_free_wrap,
+ NULL,
+--- a/library/ssl_cli.c
++++ b/library/ssl_cli.c
+@@ -774,10 +774,6 @@ static int ssl_write_client_hello( ssl_c
+ ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
+ continue;
+
+- if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
+- ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+- continue;
+-
+ SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
+ ciphersuites[i] ) );
+
+@@ -1152,7 +1148,6 @@ static int ssl_parse_server_hello( ssl_c
+ int renegotiation_info_seen = 0;
+ #endif
+ int handshake_failure = 0;
+- const ssl_ciphersuite_t *suite_info;
+ #if defined(POLARSSL_DEBUG_C)
+ uint32_t t;
+ #endif
+@@ -1337,16 +1332,6 @@ static int ssl_parse_server_hello( ssl_c
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
+ SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) );
+
+- suite_info = ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
+- if( suite_info == NULL ||
+- ( ssl->arc4_disabled &&
+- suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) )
+- {
+- SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+- }
+-
+-
+ i = 0;
+ while( 1 )
+ {
+--- a/library/ssl_srv.c
++++ b/library/ssl_srv.c
+@@ -829,7 +829,6 @@ static int ssl_pick_cert( ssl_context *s
+ {
+ ssl_key_cert *cur, *list, *fallback = NULL;
+ pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+- int flags;
+
+ #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ if( ssl->handshake->sni_key_cert != NULL )
+@@ -863,7 +862,7 @@ static int ssl_pick_cert( ssl_context *s
+ * and decrypting with the same RSA key.
+ */
+ if( ssl_check_cert_usage( cur->cert, ciphersuite_info,
+- SSL_IS_SERVER, &flags ) != 0 )
++ SSL_IS_SERVER ) != 0 )
+ {
+ SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
+ "(extended) key usage extension" ) );
+@@ -942,13 +941,6 @@ static int ssl_ciphersuite_match( ssl_co
+ return( 0 );
+ }
+
+- if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
+- suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+- {
+- SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
+- return( 0 );
+- }
+-
+ #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
+ if( ssl_ciphersuite_uses_ec( suite_info ) &&
+ ( ssl->handshake->curves == NULL ||
+--- a/library/ssl_tls.c
++++ b/library/ssl_tls.c
+@@ -2858,8 +2858,7 @@ int ssl_parse_certificate( ssl_context *
+
+ if( ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
+ ciphersuite_info,
+- ! ssl->endpoint,
+- &ssl->session_negotiate->verify_result ) != 0 )
++ ! ssl->endpoint ) != 0 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+ if( ret == 0 )
+@@ -3610,8 +3609,6 @@ int ssl_init( ssl_context *ssl )
+
+ #if defined(POLARSSL_SSL_RENEGOTIATION)
+ ssl->renego_max_records = SSL_RENEGO_MAX_RECORDS_DEFAULT;
+- memset( ssl->renego_period, 0xFF, 7 );
+- ssl->renego_period[7] = 0x00;
+ #endif
+
+ #if defined(POLARSSL_DHM_C)
+@@ -4248,11 +4245,6 @@ void ssl_set_extended_master_secret( ssl
+ }
+ #endif
+
+-void ssl_set_arc4_support( ssl_context *ssl, char arc4 )
+-{
+- ssl->arc4_disabled = arc4;
+-}
+-
+ #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
+ {
+@@ -4299,12 +4291,6 @@ void ssl_set_renegotiation_enforced( ssl
+ {
+ ssl->renego_max_records = max_records;
+ }
+-
+-void ssl_set_renegotiation_period( ssl_context *ssl,
+- const unsigned char period[8] )
+-{
+- memcpy( ssl->renego_period, period, 8 );
+-}
+ #endif /* POLARSSL_SSL_RENEGOTIATION */
+
+ #if defined(POLARSSL_SSL_SESSION_TICKETS)
+@@ -4565,6 +4551,10 @@ int ssl_renegotiate( ssl_context *ssl )
+ */
+ static int ssl_check_ctr_renegotiate( ssl_context *ssl )
+ {
++ static const unsigned char ctr_limit[8] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00
++ };
++
+ if( ssl->state != SSL_HANDSHAKE_OVER ||
+ ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
+ ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
+@@ -4573,13 +4563,13 @@ static int ssl_check_ctr_renegotiate( ss
+ }
+
+ // TODO: adapt for DTLS
+- if( memcmp( ssl->in_ctr, ssl->renego_period, 8 ) <= 0 &&
+- memcmp( ssl->out_ctr, ssl->renego_period, 8 ) <= 0 )
++ if( memcmp( ssl->in_ctr, ctr_limit, 8 ) <= 0 &&
++ memcmp( ssl->out_ctr, ctr_limit, 8 ) <= 0 )
+ {
+ return( 0 );
+ }
+
+- SSL_DEBUG_MSG( 0, ( "record counter limit reached: renegotiate" ) );
++ SSL_DEBUG_MSG( 2, ( "record counter about to wrap: renegotiate" ) );
+ return( ssl_renegotiate( ssl ) );
+ }
+ #endif /* POLARSSL_SSL_RENEGOTIATION */
+@@ -5211,10 +5201,8 @@ int ssl_curve_is_acceptable( const ssl_c
+ #if defined(POLARSSL_X509_CRT_PARSE_C)
+ int ssl_check_cert_usage( const x509_crt *cert,
+ const ssl_ciphersuite_t *ciphersuite,
+- int cert_endpoint,
+- int *flags )
++ int cert_endpoint )
+ {
+- int ret = 0;
+ #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
+ int usage = 0;
+ #endif
+@@ -5227,7 +5215,6 @@ int ssl_check_cert_usage( const x509_crt
+ !defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
+ ((void) cert);
+ ((void) cert_endpoint);
+- ((void) flags);
+ #endif
+
+ #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
+@@ -5267,10 +5254,7 @@ int ssl_check_cert_usage( const x509_crt
+ }
+
+ if( x509_crt_check_key_usage( cert, usage ) != 0 )
+- {
+- *flags |= BADCERT_KEY_USAGE;
+- ret = -1;
+- }
++ return( -1 );
+ #else
+ ((void) ciphersuite);
+ #endif /* POLARSSL_X509_CHECK_KEY_USAGE */
+@@ -5288,13 +5272,10 @@ int ssl_check_cert_usage( const x509_crt
+ }
+
+ if( x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
+- {
+- *flags |= BADCERT_EXT_KEY_USAGE;
+- ret = -1;
+- }
++ return( -1 );
+ #endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE */
+
+- return( ret );
++ return( 0 );
+ }
+ #endif /* POLARSSL_X509_CRT_PARSE_C */
+
+--- a/library/x509.c
++++ b/library/x509.c
+@@ -400,11 +400,6 @@ static int x509_get_attr_type_value( uns
+ }
+
+ /*
+- * Name ::= CHOICE { -- only one possibility for now --
+- * rdnSequence RDNSequence }
+- *
+- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+- *
+ * RelativeDistinguishedName ::=
+ * SET OF AttributeTypeAndValue
+ *
+@@ -416,11 +411,9 @@ static int x509_get_attr_type_value( uns
+ *
+ * AttributeValue ::= ANY DEFINED BY AttributeType
+ *
+- * The data structure is optimized for the common case where each RDN has only
+- * one element, which is represented as a list of AttributeTypeAndValue.
+- * For the general case we still use a flat list, but we mark elements of the
+- * same set so that they are "merged" together in the functions that consume
+- * this list, eg x509_dn_gets().
++ * We restrict RelativeDistinguishedName to be a set of 1 element. This is
++ * the most common case, and our x509_name structure currently can't handle
++ * more than that.
+ */
+ int x509_get_name( unsigned char **p, const unsigned char *end,
+ x509_name *cur )
+@@ -433,7 +426,7 @@ int x509_get_name( unsigned char **p, co
+ while( 1 )
+ {
+ /*
+- * parse SET
++ * parse first SET, restricted to 1 element
+ */
+ if( ( ret = asn1_get_tag( p, end, &set_len,
+ ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
+@@ -441,26 +434,11 @@ int x509_get_name( unsigned char **p, co
+
+ end_set = *p + set_len;
+
+- while( 1 )
+- {
+- if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
+- return( ret );
+-
+- if( *p == end_set )
+- break;
+-
+- /* Mark this item as being not the only one in a set */
+- cur->next_merged = 1;
+-
+- cur->next = polarssl_malloc( sizeof( x509_name ) );
+-
+- if( cur->next == NULL )
+- return( POLARSSL_ERR_X509_MALLOC_FAILED );
+-
+- memset( cur->next, 0, sizeof( x509_name ) );
++ if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
++ return( ret );
+
+- cur = cur->next;
+- }
++ if( *p != end_set )
++ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+
+ /*
+ * continue until end of SEQUENCE is reached
+@@ -666,6 +644,18 @@ int x509_get_ext( unsigned char **p, con
+ return( 0 );
+ }
+
++int x509_load_file( const char *path, unsigned char **buf, size_t *n )
++{
++ int ret = pk_load_file(path, buf, n);
++
++ if ( ret == POLARSSL_ERR_PK_FILE_IO_ERROR )
++ ret = POLARSSL_ERR_X509_FILE_IO_ERROR;
++ else if ( ret == POLARSSL_ERR_PK_MALLOC_FAILED )
++ ret = POLARSSL_ERR_X509_MALLOC_FAILED;
++
++ return( ret );
++}
++
+ #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+ #include <stdarg.h>
+@@ -726,7 +716,7 @@ int x509_dn_gets( char *buf, size_t size
+ {
+ int ret;
+ size_t i, n;
+- unsigned char c, merge = 0;
++ unsigned char c;
+ const x509_name *name;
+ const char *short_name = NULL;
+ char s[X509_MAX_DN_NAME_SIZE], *p;
+@@ -747,7 +737,7 @@ int x509_dn_gets( char *buf, size_t size
+
+ if( name != dn )
+ {
+- ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
++ ret = polarssl_snprintf( p, n, ", " );
+ SAFE_SNPRINTF();
+ }
+
+@@ -772,8 +762,6 @@ int x509_dn_gets( char *buf, size_t size
+ s[i] = '\0';
+ ret = polarssl_snprintf( p, n, "%s", s );
+ SAFE_SNPRINTF();
+-
+- merge = name->next_merged;
+ name = name->next;
+ }
+
+--- a/library/x509_crt.c
++++ b/library/x509_crt.c
+@@ -1706,10 +1706,6 @@ static int x509_name_cmp( const x509_nam
+ if( x509_string_cmp( &a->val, &b->val ) != 0 )
+ return( -1 );
+
+- /* structure of the list of sets */
+- if( a->next_merged != b->next_merged )
+- return( -1 );
+-
+ a = a->next;
+ b = b->next;
+ }
+--- a/programs/ssl/ssl_client1.c
++++ b/programs/ssl/ssl_client1.c
+@@ -173,8 +173,6 @@ int main( void )
+
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+- /* RC4 is deprecated, disable it */
+- ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+ ssl_set_dbg( &ssl, my_debug, stdout );
+--- a/programs/ssl/ssl_client2.c
++++ b/programs/ssl/ssl_client2.c
+@@ -83,7 +83,6 @@
+ #define DFL_EXCHANGES 1
+ #define DFL_MIN_VERSION SSL_MINOR_VERSION_1
+ #define DFL_MAX_VERSION -1
+-#define DFL_ARC4 SSL_ARC4_DISABLED
+ #define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
+ #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
+ #define DFL_TRUNC_HMAC -1
+@@ -277,7 +276,6 @@ struct options
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+- int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* negotiate truncated hmac or not */
+@@ -444,7 +442,6 @@ int main( int argc, char *argv[] )
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+- opt.arc4 = DFL_ARC4;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+@@ -619,15 +616,6 @@ int main( int argc, char *argv[] )
+ else
+ goto usage;
+ }
+- else if( strcmp( p, "arc4" ) == 0 )
+- {
+- switch( atoi( q ) )
+- {
+- case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
+- case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
+- default: goto usage;
+- }
+- }
+ else if( strcmp( p, "force_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+@@ -1012,11 +1000,8 @@ int main( int argc, char *argv[] )
+ }
+ #endif
+
+- /* RC4 setting is redundant if we use only one ciphersuite */
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
+ ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+- else
+- ssl_set_arc4_support( &ssl, opt.arc4 );
+
+ if( opt.allow_legacy != DFL_ALLOW_LEGACY )
+ ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+--- a/programs/ssl/ssl_fork_server.c
++++ b/programs/ssl/ssl_fork_server.c
+@@ -273,8 +273,6 @@ int main( void )
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_1 );
+- /* RC4 is deprecated, disable it */
+- ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+ ssl_set_dbg( &ssl, my_debug, stdout );
+--- a/programs/ssl/ssl_mail_client.c
++++ b/programs/ssl/ssl_mail_client.c
+@@ -602,8 +602,6 @@ int main( int argc, char *argv[] )
+
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+- /* RC4 is deprecated, disable it */
+- ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+ ssl_set_dbg( &ssl, my_debug, stdout );
+--- a/programs/ssl/ssl_pthread_server.c
++++ b/programs/ssl/ssl_pthread_server.c
+@@ -176,8 +176,6 @@ static void *handle_ssl_connection( void
+
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+- /* RC4 is deprecated, disable it */
+- ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+ ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
+--- a/programs/ssl/ssl_server.c
++++ b/programs/ssl/ssl_server.c
+@@ -204,8 +204,6 @@ int main( void )
+
+ /* SSLv3 is deprecated, set minimum to TLS 1.0 */
+ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );
+- /* RC4 is deprecated, disable it */
+- ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+ ssl_set_dbg( &ssl, my_debug, stdout );
+--- a/programs/ssl/ssl_server2.c
++++ b/programs/ssl/ssl_server2.c
+@@ -92,11 +92,9 @@
+ #define DFL_ALLOW_LEGACY -2
+ #define DFL_RENEGOTIATE 0
+ #define DFL_RENEGO_DELAY -2
+-#define DFL_RENEGO_PERIOD -1
+ #define DFL_EXCHANGES 1
+ #define DFL_MIN_VERSION SSL_MINOR_VERSION_1
+ #define DFL_MAX_VERSION -1
+-#define DFL_ARC4 SSL_ARC4_DISABLED
+ #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
+ #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
+ #define DFL_TRUNC_HMAC -1
+@@ -233,8 +231,7 @@
+ #define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n" \
+- " renego_delay=%%d default: -2 (library default)\n" \
+- " renego_period=%%d default: (library default)\n"
++ " renego_delay=%%d default: -2 (library default)\n"
+ #else
+ #define USAGE_RENEGO ""
+ #endif
+@@ -268,7 +265,6 @@
+ "\n" \
+ " min_version=%%s default: \"ssl3\"\n" \
+ " max_version=%%s default: \"tls1_2\"\n" \
+- " arc4=%%d default: 0 (disabled)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: ssl3, tls1, tls1_1, tls1_2\n" \
+ "\n" \
+@@ -662,9 +658,6 @@ int main( int argc, char *argv[] )
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
+ ssl_context ssl;
+-#if defined(POLARSSL_SSL_RENEGOTIATION)
+- unsigned char renego_period[8] = { 0 };
+-#endif
+ #if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt cacert;
+ x509_crt srvcert;
+@@ -766,11 +759,9 @@ int main( int argc, char *argv[] )
+ opt.allow_legacy = DFL_ALLOW_LEGACY;
+ opt.renegotiate = DFL_RENEGOTIATE;
+ opt.renego_delay = DFL_RENEGO_DELAY;
+- opt.renego_period = DFL_RENEGO_PERIOD;
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+- opt.arc4 = DFL_ARC4;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+@@ -869,12 +860,6 @@ int main( int argc, char *argv[] )
+ {
+ opt.renego_delay = atoi( q );
+ }
+- else if( strcmp( p, "renego_period" ) == 0 )
+- {
+- opt.renego_period = atoi( q );
+- if( opt.renego_period < 2 || opt.renego_period > 255 )
+- goto usage;
+- }
+ else if( strcmp( p, "exchanges" ) == 0 )
+ {
+ opt.exchanges = atoi( q );
+@@ -907,15 +892,6 @@ int main( int argc, char *argv[] )
+ else
+ goto usage;
+ }
+- else if( strcmp( p, "arc4" ) == 0 )
+- {
+- switch( atoi( q ) )
+- {
+- case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
+- case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
+- default: goto usage;
+- }
+- }
+ else if( strcmp( p, "force_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+@@ -1424,8 +1400,6 @@ int main( int argc, char *argv[] )
+
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
+ ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+- else
+- ssl_set_arc4_support( &ssl, opt.arc4 );
+
+ if( opt.version_suites != NULL )
+ {
+@@ -1447,15 +1421,8 @@ int main( int argc, char *argv[] )
+ ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+ #if defined(POLARSSL_SSL_RENEGOTIATION)
+ ssl_set_renegotiation( &ssl, opt.renegotiation );
+-
+ if( opt.renego_delay != DFL_RENEGO_DELAY )
+ ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+-
+- if( opt.renego_period != DFL_RENEGO_PERIOD )
+- {
+- renego_period[7] = opt.renego_period;
+- ssl_set_renegotiation_period( &ssl, renego_period );
+- }
+ #endif
+
+ #if defined(POLARSSL_X509_CRT_PARSE_C)
+--- a/tests/compat.sh
++++ b/tests/compat.sh
+@@ -676,7 +676,7 @@ setup_arguments()
+ exit 1;
+ esac
+
+- P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
++ P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
+ O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
+ G_SERVER_ARGS="-p $PORT --http"
+ G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+--- a/tests/ssl-opt.sh
++++ b/tests/ssl-opt.sh
+@@ -417,27 +417,6 @@ run_test "Default" \
+ -S "error" \
+ -C "error"
+
+-# Tests for rc4 option
+-
+-run_test "RC4: server disabled, client enabled" \
+- "$P_SRV" \
+- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+- 1 \
+- -s "SSL - None of the common ciphersuites is usable"
+-
+-run_test "RC4: server enabled, client disabled" \
+- "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+- "$P_CLI" \
+- 1 \
+- -s "SSL - The server has no ciphersuites in common"
+-
+-run_test "RC4: both enabled" \
+- "$P_SRV arc4=1" \
+- "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+- 0 \
+- -S "SSL - None of the common ciphersuites is usable" \
+- -S "SSL - The server has no ciphersuites in common"
+-
+ # Test for SSLv2 ClientHello
+
+ requires_openssl_with_sslv2
+@@ -1129,71 +1108,6 @@ run_test "Renegotiation: server-initi
+ -S "SSL - An unexpected message was received from our peer" \
+ -S "failed"
+
+-run_test "Renegotiation: periodic, just below period" \
+- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+- "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
+- 0 \
+- -C "client hello, adding renegotiation extension" \
+- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+- -S "found renegotiation extension" \
+- -s "server hello, secure renegotiation extension" \
+- -c "found renegotiation extension" \
+- -S "record counter limit reached: renegotiate" \
+- -C "=> renegotiate" \
+- -S "=> renegotiate" \
+- -S "write hello request" \
+- -S "SSL - An unexpected message was received from our peer" \
+- -S "failed"
+-
+-# one extra exchange to be able to complete renego
+-run_test "Renegotiation: periodic, just above period" \
+- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+- "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
+- 0 \
+- -c "client hello, adding renegotiation extension" \
+- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+- -s "found renegotiation extension" \
+- -s "server hello, secure renegotiation extension" \
+- -c "found renegotiation extension" \
+- -s "record counter limit reached: renegotiate" \
+- -c "=> renegotiate" \
+- -s "=> renegotiate" \
+- -s "write hello request" \
+- -S "SSL - An unexpected message was received from our peer" \
+- -S "failed"
+-
+-run_test "Renegotiation: periodic, two times period" \
+- "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3" \
+- "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
+- 0 \
+- -c "client hello, adding renegotiation extension" \
+- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+- -s "found renegotiation extension" \
+- -s "server hello, secure renegotiation extension" \
+- -c "found renegotiation extension" \
+- -s "record counter limit reached: renegotiate" \
+- -c "=> renegotiate" \
+- -s "=> renegotiate" \
+- -s "write hello request" \
+- -S "SSL - An unexpected message was received from our peer" \
+- -S "failed"
+-
+-run_test "Renegotiation: periodic, above period, disabled" \
+- "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3" \
+- "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
+- 0 \
+- -C "client hello, adding renegotiation extension" \
+- -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+- -S "found renegotiation extension" \
+- -s "server hello, secure renegotiation extension" \
+- -c "found renegotiation extension" \
+- -S "record counter limit reached: renegotiate" \
+- -C "=> renegotiate" \
+- -S "=> renegotiate" \
+- -S "write hello request" \
+- -S "SSL - An unexpected message was received from our peer" \
+- -S "failed"
+-
+ run_test "Renegotiation: nbio, client-initiated" \
+ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
+ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
+@@ -1882,17 +1796,6 @@ run_test "keyUsage cli: KeyEncipherme
+ -c "Processing of the Certificate handshake message failed" \
+ -C "Ciphersuite is TLS-"
+
+-run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
+- "$O_SRV -key data_files/server2.key \
+- -cert data_files/server2.ku-ke.crt" \
+- "$P_CLI debug_level=1 auth_mode=optional \
+- force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+- 0 \
+- -c "bad certificate (usage extensions)" \
+- -C "Processing of the Certificate handshake message failed" \
+- -c "Ciphersuite is TLS-" \
+- -c "! Usage does not match the keyUsage extension"
+-
+ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
+ "$O_SRV -key data_files/server2.key \
+ -cert data_files/server2.ku-ds.crt" \
+@@ -1913,17 +1816,6 @@ run_test "keyUsage cli: DigitalSignat
+ -c "Processing of the Certificate handshake message failed" \
+ -C "Ciphersuite is TLS-"
+
+-run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
+- "$O_SRV -key data_files/server2.key \
+- -cert data_files/server2.ku-ds.crt" \
+- "$P_CLI debug_level=1 auth_mode=optional \
+- force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+- 0 \
+- -c "bad certificate (usage extensions)" \
+- -C "Processing of the Certificate handshake message failed" \
+- -c "Ciphersuite is TLS-" \
+- -c "! Usage does not match the keyUsage extension"
+-
+ # Tests for keyUsage in leaf certificates, part 3:
+ # server-side checking of client cert
+
+@@ -2166,8 +2058,8 @@ run_test "Per-version suites: SSL3" \
+ -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
+
+ run_test "Per-version suites: TLS 1.0" \
+- "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+- "$P_CLI force_version=tls1 arc4=1" \
++ "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
++ "$P_CLI force_version=tls1" \
+ 0 \
+ -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
+
+@@ -2207,7 +2099,7 @@ run_test "Small packet SSLv3 BlockCip
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet SSLv3 StreamCipher" \
+- "$P_SRV min_version=ssl3 arc4=1" \
++ "$P_SRV min_version=ssl3" \
+ "$P_CLI request_size=1 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+@@ -2236,7 +2128,7 @@ run_test "Small packet TLS 1.0 BlockC
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+@@ -2258,7 +2150,7 @@ run_test "Small packet TLS 1.1 BlockC
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet TLS 1.1 StreamCipher" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+@@ -2273,7 +2165,7 @@ run_test "Small packet TLS 1.1 BlockC
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+@@ -2310,14 +2202,14 @@ run_test "Small packet TLS 1.2 BlockC
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet TLS 1.2 StreamCipher" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+ run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+@@ -2348,7 +2240,7 @@ run_test "Large packet SSLv3 BlockCip
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet SSLv3 StreamCipher" \
+- "$P_SRV min_version=ssl3 arc4=1" \
++ "$P_SRV min_version=ssl3" \
+ "$P_CLI request_size=16384 force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+@@ -2370,7 +2262,7 @@ run_test "Large packet TLS 1.0 BlockC
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+@@ -2385,7 +2277,7 @@ run_test "Large packet TLS 1.1 BlockC
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet TLS 1.1 StreamCipher" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+@@ -2400,7 +2292,7 @@ run_test "Large packet TLS 1.1 BlockC
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+@@ -2430,14 +2322,14 @@ run_test "Large packet TLS 1.2 BlockC
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet TLS 1.2 StreamCipher" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 16384 bytes read"
+
+ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
+- "$P_SRV arc4=1" \
++ "$P_SRV" \
+ "$P_CLI request_size=16384 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+--- a/tests/suites/test_suite_pk.data
++++ b/tests/suites/test_suite_pk.data
+@@ -130,23 +130,3 @@ Verify ext RSA #12 (PKCS1 v1.5, good)
+ depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15
+ pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0
+
+-Check pair #1 (EC, OK)
+-depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+-pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
+-
+-Check pair #2 (EC, bad)
+-depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+-pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+-
+-Check pair #3 (RSA, OK)
+-depends_on:POLARSSL_RSA_C
+-pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
+-
+-Check pair #4 (RSA, bad)
+-depends_on:POLARSSL_RSA_C
+-pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+-
+-Check pair #5 (RSA vs EC)
+-depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
+-pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
+-
+--- a/tests/suites/test_suite_pk.function
++++ b/tests/suites/test_suite_pk.function
+@@ -84,35 +84,6 @@ exit:
+ }
+ /* END_CASE */
+
+-/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C:POLARSSL_FS_IO */
+-void pk_check_pair( char *pub_file, char *prv_file, int ret )
+-{
+- pk_context pub, prv, alt;
+-
+- pk_init( &pub );
+- pk_init( &prv );
+- pk_init( &alt );
+-
+- TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
+- TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+-
+- TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
+-
+-#if defined(POLARSSL_RSA_C)
+- if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
+- {
+- TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
+- rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 );
+- TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret );
+- }
+-#endif
+-
+- pk_free( &pub );
+- pk_free( &prv );
+- pk_free( &alt );
+-}
+-/* END_CASE */
+-
+ /* BEGIN_CASE depends_on:POLARSSL_RSA_C */
+ void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
+ int mod, int radix_N, char *input_N, int radix_E,
+--- a/tests/suites/test_suite_x509parse.data
++++ b/tests/suites/test_suite_x509parse.data
+@@ -851,7 +851,7 @@ X509 Certificate ASN1 (TBSCertificate, i
+ x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+ X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
+-x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_INVALID_NAME+POLARSSL_ERR_ASN1_UNEXPECTED_TAG
++x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
+
+ X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
+ x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
+@@ -1034,10 +1034,6 @@ X509 Certificate ASN1 (Name with unknown
+ depends_on:POLARSSL_RSA_C
+ x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+
+-X509 Certificate ASN1 (Name with composite RDN)
+-depends_on:POLARSSL_RSA_C
+-x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
+-
+ X509 Certificate ASN1 (Name with PKCS9 email)
+ depends_on:POLARSSL_RSA_C
+ x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
diff --git a/debian/patches/series b/debian/patches/series
index b91886e..c55260f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
01-config.patch
02-makefile-destdir-fix.patch
+jessie-compatability.patch
diff --git a/debian/rules b/debian/rules
index 0c213a9..f6d9fe9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,12 +10,15 @@ LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
override_dh_auto_build:
$(MAKE) -C library SHARED=1 shared
- mv library/libmbedtls.so.9 library/SOBACKUP
+ mv library/libpolarssl.so.7 library/SOBACKUP
$(MAKE) clean
- mv library/SOBACKUP library/libmbedtls.so.9
+ mv library/SOBACKUP library/libpolarssl.so.7
$(MAKE) all
$(MAKE) check
override_dh_auto_clean:
dh_auto_clean
rm -f tests/data_files/mpi_write tests/data_files/ctr_drbg_seed tests/data_files/hmac_drbg_seed
+
+override_dh_makeshlibs:
+ dh_makeshlibs -V 'libpolarssl7 (>= 1.3.14)'
signature.asc
Description: This is a digitally signed message part
