From db3f3c14f234e48127347cd06456f4419ed9a8e4 Mon Sep 17 00:00:00 2001 From: Willem Sparreboom Date: Mon, 28 Jan 2013 16:03:40 +0100 Subject: PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define --- lib/polarssl.c | 34 ++++++++++++++++++++++++---------- lib/urldata.h | 16 ++++++++++++++-- 2 files changed, 38 insertions(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/polarssl.c b/lib/polarssl.c index 40b6078a2..09bd95ac0 100644 --- a/lib/polarssl.c +++ b/lib/polarssl.c @@ -33,7 +33,6 @@ #include #include -#include #include #include #include @@ -42,8 +41,13 @@ #include #endif /* POLARSSL_VERSION_NUMBER >= 0x01000000 */ +#if POLARSSL_VERSION_NUMBER>0x01010000 #include #include +#else +#include +#endif /* POLARSSL_VERSION_NUMBER>0x01010000 */ + #if POLARSSL_VERSION_NUMBER<0x01000000 /* @@ -69,14 +73,6 @@ /* The last #include file should be: */ #include "memdebug.h" -/* version dependent differences */ -#if POLARSSL_VERSION_NUMBER < 0x01010000 -/* the old way */ -#define HAVEGE_RANDOM havege_rand -#else -/* from 1.1.0 */ -#define HAVEGE_RANDOM havege_random -#endif /* Define this to enable lots of debugging for PolarSSL */ #undef POLARSSL_DEBUG @@ -129,7 +125,20 @@ polarssl_connect_step1(struct connectdata *conn, else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) sni = FALSE; /* SSLv3 has no SNI */ +#if POLARSSL_VERSION_NUMBER<0x01010000 havege_init(&connssl->hs); +#else + entropy_init(&connssl->entropy); + + if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy, + connssl->ssn.id, connssl->ssn.length)) != 0) + { +#ifdef POLARSSL_ERROR_C + error_strerror(ret, errorbuf, sizeof(errorbuf)); +#endif /* POLARSSL_ERROR_C */ + failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf); + } +#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ /* Load the trusted CA */ memset(&connssl->cacert, 0, sizeof(x509_cert)); @@ -214,8 +223,13 @@ polarssl_connect_step1(struct connectdata *conn, ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT); ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL); - ssl_set_rng(&connssl->ssl, HAVEGE_RANDOM, +#if POLARSSL_VERSION_NUMBER<0x01010000 + ssl_set_rng(&connssl->ssl, havege_rand, &connssl->hs); +#else + ssl_set_rng(&connssl->ssl, ctr_drbg_random, + &connssl->ctr_drbg); +#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ ssl_set_bio(&connssl->ssl, net_recv, &conn->sock[sockindex], net_send, &conn->sock[sockindex]); diff --git a/lib/urldata.h b/lib/urldata.h index 4849dae16..d564ae1da 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -107,9 +107,15 @@ #endif #ifdef USE_POLARSSL -#include #include -#endif +#include +#if POLARSSL_VERSION_NUMBER<0x01010000 +#include +#else +#include +#include +#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ +#endif /* USE_POLARSSL */ #ifdef USE_CYASSL #undef OCSP_REQUEST /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */ @@ -282,7 +288,13 @@ struct ssl_connect_data { ssl_connect_state connecting_state; #endif /* USE_GNUTLS */ #ifdef USE_POLARSSL +#if POLARSSL_VERSION_NUMBER<0x01010000 havege_state hs; +#else + /* from v1.1.0, use ctr_drbg and entropy */ + ctr_drbg_context ctr_drbg; + entropy_context entropy; +#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ ssl_context ssl; ssl_session ssn; int server_fd; -- cgit v1.2.3