Added mechanism to provide alternative cipher / hash implementations
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e0cddf8..cde6795 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2547,11 +2547,15 @@
* SHA1( handshake + sender + master + pad1 ) )
*/
+#if !defined(POLARSSL_MD5_ALT)
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#endif
+#if !defined(POLARSSL_SHA1_ALT)
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT ) ? "CLNT"
: "SRVR";
@@ -2618,11 +2622,15 @@
* MD5( handshake ) + SHA1( handshake ) )[0..11]
*/
+#if !defined(POLARSSL_MD5_ALT)
SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
md5.state, sizeof( md5.state ) );
+#endif
+#if !defined(POLARSSL_SHA1_ALT)
SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
sha1.state, sizeof( sha1.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"
@@ -2666,8 +2674,10 @@
* Hash( handshake ) )[0.11]
*/
+#if !defined(POLARSSL_SHA2_ALT)
SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
sha2.state, sizeof( sha2.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"
@@ -2710,8 +2720,10 @@
* Hash( handshake ) )[0.11]
*/
+#if !defined(POLARSSL_SHA4_ALT)
SSL_DEBUG_BUF( 4, "finished sha4 state", (unsigned char *)
sha4.state, sizeof( sha4.state ) );
+#endif
sender = ( from == SSL_IS_CLIENT )
? "client finished"