summaryrefslogtreecommitdiff
path: root/plugins/FTPFileYM/curl/lib/polarssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/FTPFileYM/curl/lib/polarssl.c')
-rw-r--r--plugins/FTPFileYM/curl/lib/polarssl.c154
1 files changed, 132 insertions, 22 deletions
diff --git a/plugins/FTPFileYM/curl/lib/polarssl.c b/plugins/FTPFileYM/curl/lib/polarssl.c
index f4ca63e116..808f54c243 100644
--- a/plugins/FTPFileYM/curl/lib/polarssl.c
+++ b/plugins/FTPFileYM/curl/lib/polarssl.c
@@ -5,8 +5,8 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -33,13 +33,21 @@
#include <polarssl/net.h>
#include <polarssl/ssl.h>
-#include <polarssl/havege.h>
#include <polarssl/certs.h>
#include <polarssl/x509.h>
#include <polarssl/version.h>
+#if POLARSSL_VERSION_NUMBER >= 0x01000000
+#include <polarssl/error.h>
+#endif /* POLARSSL_VERSION_NUMBER >= 0x01000000 */
+
+#if POLARSSL_VERSION_NUMBER>0x01010000
#include <polarssl/entropy.h>
#include <polarssl/ctr_drbg.h>
+#else
+#include <polarssl/havege.h>
+#endif /* POLARSSL_VERSION_NUMBER>0x01010000 */
+
#if POLARSSL_VERSION_NUMBER<0x01000000
/*
@@ -58,6 +66,7 @@
#include "connect.h" /* for the connect timeout */
#include "select.h"
#include "rawstr.h"
+#include "polarssl_threadlock.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
@@ -65,15 +74,44 @@
/* The last #include file should be: */
#include "memdebug.h"
-/* version dependent differences */
-#if POLARSSL_VERSION_NUMBER < 0x01010000
-/* the old way */
-#define HAVEGE_RANDOM havege_rand
-#else
-/* from 1.1.0 */
-#define HAVEGE_RANDOM havege_random
+/* apply threading? */
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#define THREADING_SUPPORT
#endif
+#if defined(THREADING_SUPPORT) && POLARSSL_VERSION_NUMBER>0x01010000
+static entropy_context entropy;
+
+static int entropy_init_initialized = 0;
+
+/* start of entropy_init_mutex() */
+static void entropy_init_mutex(entropy_context *ctx)
+{
+ /* lock 0 = entropy_init_mutex() */
+ polarsslthreadlock_lock_function(0);
+ if(entropy_init_initialized == 0) {
+ entropy_init(ctx);
+ entropy_init_initialized = 1;
+ }
+ polarsslthreadlock_unlock_function(0);
+}
+/* end of entropy_init_mutex() */
+
+/* start of entropy_func_mutex() */
+static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
+{
+ int ret;
+ /* lock 1 = entropy_func_mutex() */
+ polarsslthreadlock_lock_function(1);
+ ret = entropy_func(data, output, len);
+ polarsslthreadlock_unlock_function(1);
+
+ return ret;
+}
+/* end of entropy_func_mutex() */
+
+#endif /* THREADING_SUPPORT && POLARSSL_VERSION_NUMBER>0x01010000 */
+
/* Define this to enable lots of debugging for PolarSSL */
#undef POLARSSL_DEBUG
@@ -113,6 +151,10 @@ polarssl_connect_step1(struct connectdata *conn,
void *old_session = NULL;
size_t old_session_size = 0;
+ char errorbuf[128];
+ memset(errorbuf, 0, sizeof(errorbuf));
+
+
/* PolarSSL only supports SSLv3 and TLSv1 */
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
failf(data, "PolarSSL does not support SSLv2");
@@ -121,7 +163,33 @@ polarssl_connect_step1(struct connectdata *conn,
else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
sni = FALSE; /* SSLv3 has no SNI */
+#if POLARSSL_VERSION_NUMBER<0x01010000
havege_init(&connssl->hs);
+#else
+#ifdef THREADING_SUPPORT
+ entropy_init_mutex(&entropy);
+
+ if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy,
+ connssl->ssn.id, connssl->ssn.length)) != 0) {
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#else
+ entropy_init(&connssl->entropy);
+
+ if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy,
+ connssl->ssn.id, connssl->ssn.length)) != 0) {
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#endif /* THREADING_SUPPORT */
+#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
/* Load the trusted CA */
memset(&connssl->cacert, 0, sizeof(x509_cert));
@@ -131,8 +199,11 @@ polarssl_connect_step1(struct connectdata *conn,
data->set.str[STRING_SSL_CAFILE]);
if(ret<0) {
- failf(data, "Error reading ca cert file %s: -0x%04X",
- data->set.str[STRING_SSL_CAFILE], ret);
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s",
+ data->set.str[STRING_SSL_CAFILE], -ret, errorbuf);
if(data->set.ssl.verifypeer)
return CURLE_SSL_CACERT_BADFILE;
@@ -147,8 +218,12 @@ polarssl_connect_step1(struct connectdata *conn,
data->set.str[STRING_CERT]);
if(ret) {
- failf(data, "Error reading client cert file %s: -0x%04X",
- data->set.str[STRING_CERT], -ret);
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s",
+ data->set.str[STRING_CERT], -ret, errorbuf);
+
return CURLE_SSL_CERTPROBLEM;
}
}
@@ -160,8 +235,12 @@ polarssl_connect_step1(struct connectdata *conn,
data->set.str[STRING_KEY_PASSWD]);
if(ret) {
- failf(data, "Error reading private key %s: -0x%04X",
- data->set.str[STRING_KEY], -ret);
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",
+ data->set.str[STRING_KEY], -ret, errorbuf);
+
return CURLE_SSL_CERTPROBLEM;
}
}
@@ -174,8 +253,12 @@ polarssl_connect_step1(struct connectdata *conn,
data->set.str[STRING_SSL_CRLFILE]);
if(ret) {
- failf(data, "Error reading CRL file %s: -0x%04X",
- data->set.str[STRING_SSL_CRLFILE], -ret);
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",
+ data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);
+
return CURLE_SSL_CRL_BADFILE;
}
}
@@ -191,8 +274,13 @@ polarssl_connect_step1(struct connectdata *conn,
ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
- ssl_set_rng(&connssl->ssl, HAVEGE_RANDOM,
+#if POLARSSL_VERSION_NUMBER<0x01010000
+ ssl_set_rng(&connssl->ssl, havege_rand,
&connssl->hs);
+#else
+ ssl_set_rng(&connssl->ssl, ctr_drbg_random,
+ &connssl->ctr_drbg);
+#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
ssl_set_bio(&connssl->ssl,
net_recv, &conn->sock[sockindex],
net_send, &conn->sock[sockindex]);
@@ -253,6 +341,9 @@ polarssl_connect_step2(struct connectdata *conn,
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
char buffer[1024];
+ char errorbuf[128];
+ memset(errorbuf, 0, sizeof(errorbuf));
+
conn->recv[sockindex] = polarssl_recv;
conn->send[sockindex] = polarssl_send;
@@ -261,8 +352,13 @@ polarssl_connect_step2(struct connectdata *conn,
break;
else if(ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE) {
- failf(data, "ssl_handshake returned -0x%04X", -ret);
- return CURLE_SSL_CONNECT_ERROR;
+#ifdef POLARSSL_ERROR_C
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* POLARSSL_ERROR_C */
+ failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s",
+ -ret, errorbuf);
+
+ return CURLE_SSL_CONNECT_ERROR;
}
else {
if(ret == POLARSSL_ERR_NET_WANT_READ) {
@@ -593,4 +689,18 @@ Curl_polarssl_connect(struct connectdata *conn,
return CURLE_OK;
}
-#endif
+/*
+ * return 0 error initializing SSL
+ * return 1 SSL initialized successfully
+ */
+int polarssl_init(void)
+{
+ return polarsslthreadlock_thread_setup();
+}
+
+void polarssl_cleanup(void)
+{
+ (void)polarsslthreadlock_thread_cleanup();
+}
+
+#endif /* USE_POLARSSL */