Commit db3f3c14 authored by Willem Sparreboom's avatar Willem Sparreboom Committed by Daniel Stenberg
Browse files

PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM 

Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
parent 1346cb19

lib/polarssl.c

+24 −10
Original line number Diff line number Diff line
@@ -33,7 +33,6 @@ 


#include <polarssl/net.h>

#include <polarssl/ssl.h>

#include <polarssl/havege.h>

#include <polarssl/certs.h>

#include <polarssl/x509.h>

#include <polarssl/version.h>
@@ -42,8 +41,13 @@ 
#include <polarssl/error.h>

#endif /* POLARSSL_VERSION_NUMBER >= 0x01000000 */



#if POLARSSL_VERSION_NUMBER>0x01010000

#include <polarssl/entropy.h>

#include <polarssl/ctr_drbg.h>

#else

#include <polarssl/havege.h>

#endif /* POLARSSL_VERSION_NUMBER>0x01010000 */





#if POLARSSL_VERSION_NUMBER<0x01000000

/*
@@ -69,14 +73,6 @@ 
/* The last #include file should be: */

#include "memdebug.h"



/* version dependent differences */

#if POLARSSL_VERSION_NUMBER < 0x01010000

/* the old way */

#define HAVEGE_RANDOM havege_rand

#else

/* from 1.1.0 */

#define HAVEGE_RANDOM havege_random

#endif



/* Define this to enable lots of debugging for PolarSSL */

#undef POLARSSL_DEBUG
@@ -129,7 +125,20 @@ polarssl_connect_step1(struct connectdata *conn, 
  else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)

    sni = FALSE; /* SSLv3 has no SNI */



#if POLARSSL_VERSION_NUMBER<0x01010000

  havege_init(&connssl->hs);

#else

  entropy_init(&connssl->entropy);



  if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy,

                           connssl->ssn.id, connssl->ssn.length)) != 0)

  {

#ifdef POLARSSL_ERROR_C

     error_strerror(ret, errorbuf, sizeof(errorbuf));

#endif /* POLARSSL_ERROR_C */

	 failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf);

  }

#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */



  /* Load the trusted CA */

  memset(&connssl->cacert, 0, sizeof(x509_cert));
@@ -214,8 +223,13 @@ polarssl_connect_step1(struct connectdata *conn, 
  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);

  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);



  ssl_set_rng(&connssl->ssl, HAVEGE_RANDOM,

#if POLARSSL_VERSION_NUMBER<0x01010000

  ssl_set_rng(&connssl->ssl, havege_rand,

              &connssl->hs);

#else

  ssl_set_rng(&connssl->ssl, ctr_drbg_random,

              &connssl->ctr_drbg);

#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */

  ssl_set_bio(&connssl->ssl,

              net_recv, &conn->sock[sockindex],

              net_send, &conn->sock[sockindex]);

lib/urldata.h

+14 −2
Original line number Diff line number Diff line
@@ -107,9 +107,15 @@ 
#endif



#ifdef USE_POLARSSL

#include <polarssl/havege.h>

#include <polarssl/ssl.h>

#endif

#include <polarssl/version.h>

#if POLARSSL_VERSION_NUMBER<0x01010000

#include <polarssl/havege.h>

#else

#include <polarssl/entropy.h>

#include <polarssl/ctr_drbg.h>

#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */

#endif /* USE_POLARSSL */



#ifdef USE_CYASSL

#undef OCSP_REQUEST  /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */
@@ -282,7 +288,13 @@ struct ssl_connect_data { 
  ssl_connect_state connecting_state;

#endif /* USE_GNUTLS */

#ifdef USE_POLARSSL

#if POLARSSL_VERSION_NUMBER<0x01010000

  havege_state hs;

#else

  /* from v1.1.0, use ctr_drbg and entropy */

  ctr_drbg_context ctr_drbg;

  entropy_context entropy;

#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */

  ssl_context ssl;

  ssl_session ssn;

  int server_fd;