Cleanup old support for pre PolarSSL 1.0.0

[umurmur.git] / src / ssl.c

diff --git a/src/ssl.c b/src/ssl.c
index e413db6de7b0afb6906b9f5f280d3f17159ff0ff..dc7218d0f0459859409c630996459a4ceac668ab 100644 (file)
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -30,6 +30,7 @@
 */
 #include <string.h>
 #include <stdlib.h>
+#include <fcntl.h>
 
 #include "conf.h"
 #include "log.h"
@@ -67,7 +68,11 @@ static x509_cert certificate;
 static rsa_context key;
 bool_t builtInTestCertificate;
 
-havege_state hs; /* exported to crypt.c */
+#ifdef USE_POLARSSL_HAVEGE
+havege_state hs;
+#else
+int urandom_fd;
+#endif
 
 /* DH prime */
 char *my_dhm_P =
@@ -145,6 +150,20 @@ static void initKey()
                Log_fatal("Could not read RSA key file %s", keyfile);
 }
 
+#ifndef USE_POLARSSL_HAVEGE
+int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
+{
+       int cur;
+
+       while (len) {
+               cur = read(urandom_fd, dest, len);
+               if (cur < 0)
+                       continue;
+               len -= cur;
+       }
+}
+#endif
+
 #define DEBUG_LEVEL 0
 static void pssl_debug(void *ctx, int level, const char *str)
 {
@@ -168,7 +187,16 @@ void SSLi_init(void)
 #else
        initKey();
 #endif
+
+       /* Initialize random number generator */
+#ifdef USE_POLARSSL_HAVEGE
     havege_init(&hs);
+#else
+    urandom_fd = open("/dev/urandom", O_RDONLY);
+    if (urandom_fd < 0)
+           Log_fatal("Cannot open /dev/urandom");
+    Log_info("Using random number generator /dev/urandom");
+#endif
     
 #ifdef POLARSSL_VERSION_MAJOR
     version_get_string(verstring);
@@ -219,16 +247,17 @@ SSL_handle_t *SSLi_newconnection(int *fd, bool_t *SSLready)
        
        ssl_set_endpoint(ssl, SSL_IS_SERVER);   
        ssl_set_authmode(ssl, SSL_VERIFY_OPTIONAL);
-
+       
+#ifdef USE_POLARSSL_HAVEGE
        ssl_set_rng(ssl, HAVEGE_RAND, &hs);
+#else
+       ssl_set_rng(ssl, urandom_bytes, NULL);
+#endif
+       
        ssl_set_dbg(ssl, pssl_debug, NULL);
        ssl_set_bio(ssl, net_recv, fd, net_send, fd);
 
-#ifdef POLARSSL_API_V1
        ssl_set_ciphersuites(ssl, ciphers);
-#else
-       ssl_set_ciphers(ssl, ciphers);
-#endif
 
 #ifdef POLARSSL_API_V1_2
     ssl_set_session(ssl, ssn);
@@ -249,11 +278,7 @@ int SSLi_nonblockaccept(SSL_handle_t *ssl, bool_t *SSLready)
        
        rc = ssl_handshake(ssl);
        if (rc != 0) {
-#ifdef POLARSSL_API_V1         
                if (rc == POLARSSL_ERR_NET_WANT_READ || rc == POLARSSL_ERR_NET_WANT_WRITE) {
-#else
-               if (rc == POLARSSL_ERR_NET_TRY_AGAIN) {
-#endif
                        return 0;
                } else if (POLARSSL_ERR_X509_CERT_VERIFY_FAILED) { /* Allow this (selfsigned etc) */
                        return 0;                       
@@ -271,11 +296,7 @@ int SSLi_read(SSL_handle_t *ssl, uint8_t *buf, int len)
        int rc;
 
        rc = ssl_read(ssl, buf, len);
-#ifdef POLARSSL_API_V1         
        if (rc == POLARSSL_ERR_NET_WANT_READ)
-#else
-       if (rc == POLARSSL_ERR_NET_TRY_AGAIN)
-#endif
                return SSLI_ERROR_WANT_READ;
        return rc;
 }
@@ -285,11 +306,7 @@ int SSLi_write(SSL_handle_t *ssl, uint8_t *buf, int len)
        int rc;
        
        rc = ssl_write(ssl, buf, len);
-#ifdef POLARSSL_API_V1         
        if (rc == POLARSSL_ERR_NET_WANT_WRITE)
-#else
-       if (rc == POLARSSL_ERR_NET_TRY_AGAIN)
-#endif
                return SSLI_ERROR_WANT_WRITE;
        return rc;
 }