From 9e60d8fd9e9308cd2c79a13710f30a8481f5f1e6 Mon Sep 17 00:00:00 2001
From: Todd A Ouska <todd@yassl.com>
Date: Tue, 8 Mar 2011 13:54:58 +0100
Subject: [PATCH] SSL: (part 2) Added CyaSSL to SSL abstraction layer

This is the modified existing files commit.
---
 configure.ac     | 95 ++++++++++++++++++++++++++++++++++++++++++++++--
 lib/Makefile.inc |  4 +-
 lib/http.c       |  2 +-
 lib/setup.h      |  2 +-
 lib/sslgen.c     |  2 +
 lib/urldata.h    |  9 +++++
 6 files changed, 107 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 55f4ea7fe..ba9d55912 100644
--- a/configure.ac
+++ b/configure.ac
@@ -140,7 +140,7 @@ AC_SUBST(PKGADD_VENDOR)
 
 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,axtls} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls} )"
     curl_ssh_msg="no      (--with-libssh2)"
    curl_zlib_msg="no      (--with-zlib)"
    curl_krb4_msg="no      (--with-krb4*)"
@@ -1850,6 +1850,95 @@ if test "$OPENSSL_ENABLED" != "1"; then
 
 fi dnl OPENSSL != 1
 
+dnl ----------------------------------------------------
+dnl check for CyaSSL
+dnl ----------------------------------------------------
+
+dnl Default to compiler & linker defaults for CyaSSL files & libraries.
+OPT_CYASSL=no
+
+_cppflags=$CPPFLAGS
+_ldflags=$LDFLAGS
+AC_ARG_WITH(cyassl,dnl
+AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: /usr/local/cyassl)])
+AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
+  OPT_CYASSL=$withval)
+
+if test "$OPENSSL_ENABLED" != "1"; then
+
+  if test X"$OPT_CYASSL" != Xno; then
+
+    if test "$OPT_CYASSL" = "yes"; then
+      OPT_CYASSL=""
+    fi
+
+    if test -z "$OPT_CYASSL" ; then
+      dnl check for lib in default first
+
+      trycyassldir="/usr/local/cyassl"
+
+      LDFLAGS="$LDFLAGS -L$trycyassldir/lib"
+      CPPFLAGS="$CPPFLAGS -I$trycyassldir/include"
+
+      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      dnl libcyassl found, set the variable
+       [
+         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+         AC_SUBST(USE_CYASSL, [1])
+         CYASSL_ENABLED=1
+         USE_CYASSL="yes"
+         curl_ssl_msg="enabled (CyaSSL)"
+        ])
+    fi
+
+    if test "x$USE_CYASSL" != "xyes"; then
+      dnl add the path and test again
+      addld=-L$OPT_CYASSL/lib$libsuff
+      addcflags=-I$OPT_CYASSL/include
+      cyassllib=$OPT_CYASSL/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      AC_CHECK_LIB(cyassl, InitCyaSSL,
+       [
+       AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+       AC_SUBST(USE_CYASSL, [1])
+       CYASSL_ENABLED=1
+       USE_CYASSL="yes"
+       curl_ssl_msg="enabled (CyaSSL)"
+       ],
+       [
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+       ])
+    fi
+
+    if test "x$USE_CYASSL" = "xyes"; then
+      AC_MSG_NOTICE([detected CyaSSL])
+
+      CURL_LIBS="$CURL_LIBS -lcyassl -lm"
+      LIBS="$LIBS -lcyassl -lm"
+
+      if test -n "$cyassllib"; then
+        dnl when shared libs were found in a path that the run-time
+        dnl linker doesn't search through, we need to add it to
+        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+        dnl due to this
+
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
+        export LD_LIBRARY_PATH
+        AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+      fi
+
+    fi
+
+  fi dnl CyaSSL not disabled
+
+fi dnl OPENSSL != 1
+
 dnl ----------------------------------------------------
 dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
 dnl ----------------------------------------------------
@@ -2001,9 +2090,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
   fi
 fi
 
-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED" = "x"; then
   AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
-  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-nss or --with-axtls to address this.])
+  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss or --with-axtls to address this.])
 else
   # SSL is enabled, genericly
   AC_SUBST(SSL_ENABLED)
diff --git a/lib/Makefile.inc b/lib/Makefile.inc
index c749168f3..a71900bcf 100644
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -21,7 +21,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c		\
   curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c	\
   warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\
-  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c
+  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c
 
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -36,5 +36,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
   curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
   warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h      \
-  gopher.h axtls.h
+  gopher.h axtls.h cyassl.h
 
diff --git a/lib/http.c b/lib/http.c
index 121b7b2a9..807bbeb84 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1850,7 +1850,7 @@ static int https_getsock(struct connectdata *conn,
 }
 #else
 #if defined(USE_NSS) || defined(USE_QSOSSL) || \
-    defined(USE_POLARSSL) || defined(USE_AXTLS)
+  defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_CYASSL)
 static int https_getsock(struct connectdata *conn,
                          curl_socket_t *socks,
                          int numsocks)
diff --git a/lib/setup.h b/lib/setup.h
index 68c09a091..477d4690b 100644
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -551,7 +551,7 @@ int netware_init(void);
 
 #define LIBIDN_REQUIRED_VERSION "0.4.1"
 
-#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS)
+#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_CYASSL)
 #define USE_SSL    /* SSL support has been enabled */
 #endif
 
diff --git a/lib/sslgen.c b/lib/sslgen.c
index c1a8a3073..b614e086d 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -32,6 +32,7 @@
    Curl_gtls_ - prefix for GnuTLS ones
    Curl_nss_ - prefix for NSS ones
    Curl_polarssl_ - prefix for PolarSSL ones
+   Curl_cyassl_ - prefix for CyaSSL ones
 
    Note that this source code uses curlssl_* functions, and they are all
    defines/macros #defined by the lib-specific header files.
@@ -58,6 +59,7 @@
 #include "qssl.h"   /* QSOSSL versions */
 #include "polarssl.h" /* PolarSSL versions */
 #include "axtls.h"  /* axTLS versions */
+#include "cyassl.h"  /* CyaSSL versions */
 #include "sendf.h"
 #include "rawstr.h"
 #include "url.h"
diff --git a/lib/urldata.h b/lib/urldata.h
index bf74aaf7c..23ade02fe 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -111,6 +111,10 @@
 #include <polarssl/ssl.h>
 #endif
 
+#ifdef USE_CYASSL
+#include <openssl/ssl.h>
+#endif
+
 #ifdef USE_NSS
 #include <nspr.h>
 #include <pk11pub.h>
@@ -266,6 +270,11 @@ struct ssl_connect_data {
   x509_crl crl;
   rsa_context rsa;
 #endif /* USE_POLARSSL */
+#ifdef USE_CYASSL
+  SSL_CTX* ctx;
+  SSL*     handle;
+  ssl_connect_state connecting_state;
+#endif /* USE_CYASSL */
 #ifdef USE_NSS
   PRFileDesc *handle;
   char *client_nickname;