Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
(cherry picked from commit 4087c47043cb7b8b51e69f1de47ab6a2bccead3d)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 81c21d9..c56ae0d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2290,11 +2290,15 @@
* SHA1( handshake + sender + master + pad1 ) )
*/
+#if !defined(POLARSSL_MD5_ALT)
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#endif
+#if !defined(POLARSSL_SHA1_ALT)
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
: "SRVR";
@@ -2361,11 +2365,15 @@
* MD5( handshake ) + SHA1( handshake ) )[0..11]
*/
+#if !defined(POLARSSL_MD5_ALT)
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#endif
+#if !defined(POLARSSL_SHA1_ALT)
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"
@@ -2409,8 +2417,10 @@
* Hash( handshake ) )[0.11]
*/
+#if !defined(POLARSSL_SHA2_ALT)
SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
sha2.state, sizeof( sha2.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"
@@ -2453,8 +2463,10 @@
* Hash( handshake ) )[0.11]
*/
+#if !defined(POLARSSL_SHA4_ALT)
SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
sha4.state, sizeof( sha4.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"