search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix symbol export rules.
[gnutls.git] / libextra / gnutls_openssl.c
blobb079088f3916ffa66d12d08848d7931242598b7d
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2008 Free Software Foundation
3 * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
4 *
5 * This file is part of GNUTLS-EXTRA.
6 *
7 * GNUTLS-EXTRA is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS-EXTRA is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 #include <gnutls/gnutls.h>
24 #include <openssl_compat.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <gnutls/openssl.h>
29 #include "../lib/gnutls_int.h"
30 #include "../lib/random.h"
31 #include "../lib/gnutls_hash_int.h"
32
33 /* Gnulib re-defines shutdown on mingw. We only use it as a variable
34 name, so restore the original name. */
35 #undef shutdown
36
37 /* XXX: See lib/gnutls_int.h. */
38 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
39 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
40
41 /* WARNING: Error functions aren't currently thread-safe */
42
43 static int last_error = 0;
44
45 /* Library initialisation functions */
46
47 int
48 SSL_library_init (void)
49 {
50 gnutls_global_init ();
51 /* NB: we haven't got anywhere to call gnutls_global_deinit() */
52 return 1;
53 }
54
55 void
56 OpenSSL_add_all_algorithms (void)
57 {
58 }
59
60
61 /* SSL_CTX structure handling */
62
63 SSL_CTX *
64 SSL_CTX_new (SSL_METHOD * method)
65 {
66 SSL_CTX *ctx;
67
68 ctx = (SSL_CTX *) calloc (1, sizeof (SSL_CTX));
69 ctx->method = method;
70
71 return ctx;
72 }
73
74 void
75 SSL_CTX_free (SSL_CTX * ctx)
76 {
77 free (ctx->method);
78 free (ctx);
79 }
80
81 int
82 SSL_CTX_set_default_verify_paths (SSL_CTX * ctx)
83 {
84 return 0;
85 }
86
87 int
88 SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, int type)
89 {
90 ctx->certfile = (char *) calloc (1, strlen (certfile) + 1);
91 if (!ctx->certfile)
92 return -1;
93 memcpy (ctx->certfile, certfile, strlen (certfile));
94
95 ctx->certfile_type = type;
96
97 return 1;
98 }
99
100 int
101 SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type)
102 {
103 ctx->keyfile = (char *) calloc (1, strlen (keyfile) + 1);
104 if (!ctx->keyfile)
105 return -1;
106 memcpy (ctx->keyfile, keyfile, strlen (keyfile));
107
108 ctx->keyfile_type = type;
109
110 return 1;
111
112 }
113
114 void
115 SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
116 int (*verify_callback) (int, X509_STORE_CTX *))
117 {
118 ctx->verify_mode = verify_mode;
119 ctx->verify_callback = verify_callback;
120 }
121
122 unsigned long
123 SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options)
124 {
125 return (ctx->options |= options);
126 }
127
128 long
129 SSL_CTX_set_mode (SSL_CTX * ctx, long mode)
130 {
131 return 0;
132 }
133
134 int
135 SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list)
136 {
137 /* FIXME: ignore this for the moment */
138 /* We're going to have to parse the "list" string to do this */
139 /* It is a string, which in its simplest form is something like
140 "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
141 (see OpenSSL's ciphers(1) manpage for details) */
142
143 return 1;
144 }
145
146
147 /* SSL_CTX statistics */
148
149 long
150 SSL_CTX_sess_number (SSL_CTX * ctx)
151 {
152 return 0;
153 }
154
155 long
156 SSL_CTX_sess_connect (SSL_CTX * ctx)
157 {
158 return 0;
159 }
160
161 long
162 SSL_CTX_sess_connect_good (SSL_CTX * ctx)
163 {
164 return 0;
165 }
166
167 long
168 SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx)
169 {
170 return 0;
171 }
172
173 long
174 SSL_CTX_sess_accept (SSL_CTX * ctx)
175 {
176 return 0;
177 }
178
179 long
180 SSL_CTX_sess_accept_good (SSL_CTX * ctx)
181 {
182 return 0;
183 }
184
185 long
186 SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx)
187 {
188 return 0;
189 }
190
191 long
192 SSL_CTX_sess_hits (SSL_CTX * ctx)
193 {
194 return 0;
195 }
196
197 long
198 SSL_CTX_sess_misses (SSL_CTX * ctx)
199 {
200 return 0;
201 }
202
203 long
204 SSL_CTX_sess_timeouts (SSL_CTX * ctx)
205 {
206 return 0;
207 }
208
209
210
211 /* SSL structure handling */
212
213 SSL *
214 SSL_new (SSL_CTX * ctx)
215 {
216 SSL *ssl;
217 int err;
218
219 ssl = (SSL *) calloc (1, sizeof (SSL));
220 if (!ssl)
221 return NULL;
222
223 err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
224 if (err < 0)
225 {
226 last_error = err;
227 free (ssl);
228 return NULL;
229 }
230
231 gnutls_init (&ssl->gnutls_state, ctx->method->connend);
232
233 gnutls_protocol_set_priority (ssl->gnutls_state,
234 ctx->method->protocol_priority);
235 gnutls_cipher_set_priority (ssl->gnutls_state,
236 ctx->method->cipher_priority);
237 gnutls_compression_set_priority (ssl->gnutls_state,
238 ctx->method->comp_priority);
239 gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
240 gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
241
242 gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
243 ssl->gnutls_cred);
244 if (ctx->certfile)
245 gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
246 ctx->certfile,
247 ctx->certfile_type);
248 if (ctx->keyfile)
249 gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
250 ctx->certfile, ctx->keyfile,
251 ctx->keyfile_type);
252 ssl->ctx = ctx;
253 ssl->verify_mode = ctx->verify_mode;
254 ssl->verify_callback = ctx->verify_callback;
255
256 ssl->options = ctx->options;
257
258 ssl->rfd = (gnutls_transport_ptr_t) - 1;
259 ssl->wfd = (gnutls_transport_ptr_t) - 1;
260
261 return ssl;
262 }
263
264 void
265 SSL_free (SSL * ssl)
266 {
267 gnutls_certificate_free_credentials (ssl->gnutls_cred);
268 gnutls_deinit (ssl->gnutls_state);
269 free (ssl);
270 }
271
272 void
273 SSL_load_error_strings (void)
274 {
275 }
276
277 int
278 SSL_get_error (SSL * ssl, int ret)
279 {
280 if (ret > 0)
281 return SSL_ERROR_NONE;
282
283 return SSL_ERROR_ZERO_RETURN;
284 }
285
286 int
287 SSL_set_fd (SSL * ssl, int fd)
288 {
289 gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd));
290 return 1;
291 }
292
293 int
294 SSL_set_rfd (SSL * ssl, int fd)
295 {
296 ssl->rfd = GNUTLS_INT_TO_POINTER (fd);
297
298 if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
299 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
300
301 return 1;
302 }
303
304 int
305 SSL_set_wfd (SSL * ssl, int fd)
306 {
307 ssl->wfd = GNUTLS_INT_TO_POINTER (fd);
308
309 if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
310 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
311
312 return 1;
313 }
314
315 void
316 SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio)
317 {
318 gnutls_transport_set_ptr2 (ssl->gnutls_state, rbio->fd, wbio->fd);
319 /* free(BIO); ? */
320 }
321
322 void
323 SSL_set_connect_state (SSL * ssl)
324 {
325 }
326
327 int
328 SSL_pending (SSL * ssl)
329 {
330 return gnutls_record_check_pending (ssl->gnutls_state);
331 }
332
333 void
334 SSL_set_verify (SSL * ssl, int verify_mode,
335 int (*verify_callback) (int, X509_STORE_CTX *))
336 {
337 ssl->verify_mode = verify_mode;
338 ssl->verify_callback = verify_callback;
339 }
340
341 const X509 *
342 SSL_get_peer_certificate (SSL * ssl)
343 {
344 const gnutls_datum_t *cert_list;
345 int cert_list_size = 0;
346
347 cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
348 &cert_list_size);
349
350 return cert_list;
351 }
352
353 /* SSL connection open/close/read/write functions */
354
355 int
356 SSL_connect (SSL * ssl)
357 {
358 X509_STORE_CTX *store;
359 int cert_list_size = 0;
360 int err;
361 int i, j;
362 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
363 /* take options into account before connecting */
364
365 memset (x_priority, 0, sizeof (x_priority));
366 if (ssl->options & SSL_OP_NO_TLSv1)
367 {
368 for (i = 0, j = 0;
369 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
370 {
371 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
372 j++;
373 else
374 x_priority[i] = ssl->ctx->method->protocol_priority[j];
375 }
376 if (i < GNUTLS_MAX_ALGORITHM_NUM)
377 x_priority[i] = 0;
378 gnutls_protocol_set_priority (ssl->gnutls_state,
379 ssl->ctx->method->protocol_priority);
380 }
381
382 err = gnutls_handshake (ssl->gnutls_state);
383 ssl->last_error = err;
384
385 if (err < 0)
386 {
387 last_error = err;
388 return 0;
389 }
390
391 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
392 store->ssl = ssl;
393 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
394 &cert_list_size);
395
396 if (ssl->verify_callback)
397 {
398 ssl->verify_callback (1 /*FIXME*/, store);
399 }
400 ssl->state = SSL_ST_OK;
401
402 err = store->error;
403 free (store);
404
405 /* FIXME: deal with error from callback */
406
407 return 1;
408 }
409
410 int
411 SSL_accept (SSL * ssl)
412 {
413 X509_STORE_CTX *store;
414 int cert_list_size = 0;
415 int err;
416 int i, j;
417 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
418 /* take options into account before accepting */
419
420 memset (x_priority, 0, sizeof (x_priority));
421 if (ssl->options & SSL_OP_NO_TLSv1)
422 {
423 for (i = 0, j = 0;
424 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
425 {
426 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
427 j++;
428 else
429 x_priority[i] = ssl->ctx->method->protocol_priority[j];
430 }
431 if (i < GNUTLS_MAX_ALGORITHM_NUM)
432 x_priority[i] = 0;
433 gnutls_protocol_set_priority (ssl->gnutls_state,
434 ssl->ctx->method->protocol_priority);
435 }
436
437 /* FIXME: dh params, do we want client cert? */
438
439 err = gnutls_handshake (ssl->gnutls_state);
440 ssl->last_error = err;
441
442 if (err < 0)
443 {
444 last_error = err;
445 return 0;
446 }
447
448 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
449 store->ssl = ssl;
450 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
451 &cert_list_size);
452
453 if (ssl->verify_callback)
454 {
455 ssl->verify_callback (1 /*FIXME*/, store);
456 }
457 ssl->state = SSL_ST_OK;
458
459 err = store->error;
460 free (store);
461
462 /* FIXME: deal with error from callback */
463
464 return 1;
465 }
466
467 int
468 SSL_shutdown (SSL * ssl)
469 {
470 if (!ssl->shutdown)
471 {
472 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_WR);
473 ssl->shutdown++;
474 }
475 else
476 {
477 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_RDWR);
478 ssl->shutdown++;
479 }
480
481 /* FIXME */
482 return 1;
483 }
484
485 int
486 SSL_read (SSL * ssl, void *buf, int len)
487 {
488 int ret;
489
490 ret = gnutls_record_recv (ssl->gnutls_state, buf, len);
491 ssl->last_error = ret;
492
493 if (ret < 0)
494 {
495 last_error = ret;
496 return 0;
497 }
498
499 return ret;
500 }
501
502 int
503 SSL_write (SSL * ssl, const void *buf, int len)
504 {
505 int ret;
506
507 ret = gnutls_record_send (ssl->gnutls_state, buf, len);
508 ssl->last_error = ret;
509
510 if (ret < 0)
511 {
512 last_error = ret;
513 return 0;
514 }
515
516 return ret;
517 }
518
519 int
520 SSL_want (SSL * ssl)
521 {
522 return SSL_NOTHING;
523 }
524
525
526 /* SSL_METHOD functions */
527
528 SSL_METHOD *
529 SSLv23_client_method (void)
530 {
531 SSL_METHOD *m;
532 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
533 if (!m)
534 return NULL;
535
536 m->protocol_priority[0] = GNUTLS_TLS1;
537 m->protocol_priority[1] = GNUTLS_SSL3;
538 m->protocol_priority[2] = 0;
539
540 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
541 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
542 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
543 #ifdef ENABLE_CAMELLIA
544 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
545 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
546 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
547 m->cipher_priority[6] = 0;
548 #else
549 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
550 m->cipher_priority[4] = 0;
551 #endif
552
553 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
554 m->comp_priority[1] = GNUTLS_COMP_NULL;
555 m->comp_priority[2] = 0;
556
557 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
558 m->kx_priority[1] = GNUTLS_KX_RSA;
559 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
560 m->kx_priority[3] = 0;
561
562 m->mac_priority[0] = GNUTLS_MAC_SHA1;
563 m->mac_priority[1] = GNUTLS_MAC_MD5;
564 m->mac_priority[2] = 0;
565
566 m->connend = GNUTLS_CLIENT;
567
568 return m;
569 }
570
571 SSL_METHOD *
572 SSLv23_server_method (void)
573 {
574 SSL_METHOD *m;
575 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
576 if (!m)
577 return NULL;
578
579 m->protocol_priority[0] = GNUTLS_TLS1;
580 m->protocol_priority[1] = GNUTLS_SSL3;
581 m->protocol_priority[2] = 0;
582
583 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
584 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
585 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
586 #ifdef ENABLE_CAMELLIA
587 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
588 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
589 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
590 m->cipher_priority[6] = 0;
591 #else
592 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
593 m->cipher_priority[4] = 0;
594 #endif
595
596 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
597 m->comp_priority[1] = GNUTLS_COMP_NULL;
598 m->comp_priority[2] = 0;
599
600 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
601 m->kx_priority[1] = GNUTLS_KX_RSA;
602 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
603 m->kx_priority[3] = 0;
604
605 m->mac_priority[0] = GNUTLS_MAC_SHA1;
606 m->mac_priority[1] = GNUTLS_MAC_MD5;
607 m->mac_priority[2] = 0;
608
609 m->connend = GNUTLS_SERVER;
610
611 return m;
612 }
613
614 SSL_METHOD *
615 SSLv3_client_method (void)
616 {
617 SSL_METHOD *m;
618 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
619 if (!m)
620 return NULL;
621
622 m->protocol_priority[0] = GNUTLS_SSL3;
623 m->protocol_priority[2] = 0;
624
625 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
626 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
627 m->cipher_priority[3] = 0;
628
629 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
630 m->comp_priority[1] = GNUTLS_COMP_NULL;
631 m->comp_priority[2] = 0;
632
633 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
634 m->kx_priority[1] = GNUTLS_KX_RSA;
635 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
636 m->kx_priority[3] = 0;
637
638 m->mac_priority[0] = GNUTLS_MAC_SHA1;
639 m->mac_priority[1] = GNUTLS_MAC_MD5;
640 m->mac_priority[2] = 0;
641
642 m->connend = GNUTLS_CLIENT;
643
644 return m;
645 }
646
647 SSL_METHOD *
648 SSLv3_server_method (void)
649 {
650 SSL_METHOD *m;
651 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
652 if (!m)
653 return NULL;
654
655 m->protocol_priority[0] = GNUTLS_SSL3;
656 m->protocol_priority[2] = 0;
657
658 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
659 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
660 m->cipher_priority[3] = 0;
661
662 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
663 m->comp_priority[1] = GNUTLS_COMP_NULL;
664 m->comp_priority[2] = 0;
665
666 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
667 m->kx_priority[1] = GNUTLS_KX_RSA;
668 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
669 m->kx_priority[3] = 0;
670
671 m->mac_priority[0] = GNUTLS_MAC_SHA1;
672 m->mac_priority[1] = GNUTLS_MAC_MD5;
673 m->mac_priority[2] = 0;
674
675 m->connend = GNUTLS_SERVER;
676
677 return m;
678 }
679
680 SSL_METHOD *
681 TLSv1_client_method (void)
682 {
683 SSL_METHOD *m;
684 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
685 if (!m)
686 return NULL;
687
688 m->protocol_priority[0] = GNUTLS_TLS1;
689 m->protocol_priority[1] = 0;
690
691 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
692 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
693 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
694 #ifdef ENABLE_CAMELLIA
695 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
696 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
697 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
698 m->cipher_priority[6] = 0;
699 #else
700 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
701 m->cipher_priority[4] = 0;
702 #endif
703
704 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
705 m->comp_priority[1] = GNUTLS_COMP_NULL;
706 m->comp_priority[2] = 0;
707
708 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
709 m->kx_priority[1] = GNUTLS_KX_RSA;
710 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
711 m->kx_priority[3] = 0;
712
713 m->mac_priority[0] = GNUTLS_MAC_SHA1;
714 m->mac_priority[1] = GNUTLS_MAC_MD5;
715 m->mac_priority[2] = 0;
716
717 m->connend = GNUTLS_CLIENT;
718
719 return m;
720 }
721
722 SSL_METHOD *
723 TLSv1_server_method (void)
724 {
725 SSL_METHOD *m;
726 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
727 if (!m)
728 return NULL;
729
730 m->protocol_priority[0] = GNUTLS_TLS1;
731 m->protocol_priority[1] = 0;
732
733 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
734 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
735 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
736 #ifdef ENABLE_CAMELLIA
737 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
738 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
739 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
740 m->cipher_priority[6] = 0;
741 #else
742 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
743 m->cipher_priority[4] = 0;
744 #endif
745
746 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
747 m->comp_priority[1] = GNUTLS_COMP_NULL;
748 m->comp_priority[2] = 0;
749
750 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
751 m->kx_priority[1] = GNUTLS_KX_RSA;
752 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
753 m->kx_priority[3] = 0;
754
755 m->mac_priority[0] = GNUTLS_MAC_SHA1;
756 m->mac_priority[1] = GNUTLS_MAC_MD5;
757 m->mac_priority[2] = 0;
758
759 m->connend = GNUTLS_SERVER;
760
761 return m;
762 }
763
764
765 /* SSL_CIPHER functions */
766
767 SSL_CIPHER *
768 SSL_get_current_cipher (SSL * ssl)
769 {
770 if (!ssl)
771 return NULL;
772
773 ssl->ciphersuite.version = gnutls_protocol_get_version (ssl->gnutls_state);
774 ssl->ciphersuite.cipher = gnutls_cipher_get (ssl->gnutls_state);
775 ssl->ciphersuite.kx = gnutls_kx_get (ssl->gnutls_state);
776 ssl->ciphersuite.mac = gnutls_mac_get (ssl->gnutls_state);
777 ssl->ciphersuite.compression = gnutls_compression_get (ssl->gnutls_state);
778 ssl->ciphersuite.cert = gnutls_certificate_type_get (ssl->gnutls_state);
779
780 return &(ssl->ciphersuite);
781 }
782
783 const char *
784 SSL_CIPHER_get_name (SSL_CIPHER * cipher)
785 {
786 if (!cipher)
787 return ("NONE");
788
789 return gnutls_cipher_suite_get_name (cipher->kx,
790 cipher->cipher, cipher->mac);
791 }
792
793 int
794 SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits)
795 {
796 int bit_result;
797
798 if (!cipher)
799 return 0;
800
801 bit_result = (8 * gnutls_cipher_get_key_size (cipher->cipher));
802
803 if (bits)
804 *bits = bit_result;
805
806 return bit_result;
807 }
808
809 const char *
810 SSL_CIPHER_get_version (SSL_CIPHER * cipher)
811 {
812 const char *ret;
813
814 if (!cipher)
815 return ("(NONE)");
816
817 ret = gnutls_protocol_get_name (cipher->version);
818 if (ret)
819 return ret;
820
821 return ("unknown");
822 }
823
824 char *
825 SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size)
826 {
827 char *tmpbuf;
828 int tmpsize;
829 int local_alloc;
830
831 if (buf)
832 {
833 tmpbuf = buf;
834 tmpsize = size;
835 local_alloc = 0;
836 }
837 else
838 {
839 tmpbuf = (char *) malloc (128);
840 tmpsize = 128;
841 local_alloc = 1;
842 }
843
844 if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
845 gnutls_protocol_get_name (cipher->version),
846 gnutls_kx_get_name (cipher->kx),
847 gnutls_cipher_get_name (cipher->cipher),
848 gnutls_mac_get_name (cipher->mac)) == -1)
849 {
850 if (local_alloc)
851 free (tmpbuf);
852 return (char*) "Buffer too small";
853 }
854
855 return tmpbuf;
856 }
857
858
859 /* X509 functions */
860
861 X509_NAME *
862 X509_get_subject_name (const X509 * cert)
863 {
864 gnutls_x509_dn *dn;
865 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
866 if (gnutls_x509_extract_certificate_dn (cert, dn) < 0)
867 {
868 free (dn);
869 return NULL;
870 }
871 return dn;
872 }
873
874 X509_NAME *
875 X509_get_issuer_name (const X509 * cert)
876 {
877 gnutls_x509_dn *dn;
878 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
879 if (gnutls_x509_extract_certificate_issuer_dn (cert, dn) < 0)
880 {
881 free (dn);
882 return NULL;
883 }
884 return dn;
885 }
886
887 char *
888 X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
889 {
890 memset (buf, 0, len);
891 if (!buf)
892 return NULL;
893
894 snprintf (buf, len - 1,
895 "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
896 name->country, name->state_or_province_name,
897 name->locality_name, name->organization,
898 name->organizational_unit_name, name->common_name, name->email);
899 return buf;
900 }
901
902 void
903 X509_free (const X509 * cert)
904 {
905 /* only get certificates as const items */
906 }
907
908
909 /* BIO functions */
910
911 void
912 BIO_get_fd (gnutls_session_t gnutls_state, int *fd)
913 {
914 gnutls_transport_ptr_t tmp = gnutls_transport_get_ptr (gnutls_state);
915 *fd = GNUTLS_POINTER_TO_INT (tmp);
916 }
917
918 BIO *
919 BIO_new_socket (int sock, int close_flag)
920 {
921 BIO *bio;
922
923 bio = (BIO *) malloc (sizeof (BIO));
924 if (!bio)
925 return NULL;
926
927 bio->fd = GNUTLS_INT_TO_POINTER (sock);
928
929 return bio;
930 }
931
932
933 /* error handling */
934
935 unsigned long
936 ERR_get_error (void)
937 {
938 unsigned long ret;
939
940 ret = -1 * last_error;
941 last_error = 0;
942
943 return ret;
944 }
945
946 const char *
947 ERR_error_string (unsigned long e, char *buf)
948 {
949 return gnutls_strerror (-1 * e);
950 }
951
952
953 /* RAND functions */
954
955 int
956 RAND_status (void)
957 {
958 return 1;
959 }
960
961 void
962 RAND_seed (const void *buf, int num)
963 {
964 }
965
966 int
967 RAND_bytes (unsigned char *buf, int num)
968 {
969 _gnutls_rnd (GNUTLS_RND_RANDOM, buf, num);
970 return 1;
971 }
972
973 int
974 RAND_pseudo_bytes (unsigned char *buf, int num)
975 {
976 _gnutls_rnd (GNUTLS_RND_NONCE, buf, num);
977 return 1;
978 }
979
980 const char *
981 RAND_file_name (char *buf, size_t len)
982 {
983 return "";
984 }
985
986 int
987 RAND_load_file (const char *name, long maxbytes)
988 {
989 return maxbytes;
990 }
991
992 int
993 RAND_write_file (const char *name)
994 {
995 return 0;
996 }
997
998 int
999 RAND_egd_bytes (const char *path, int bytes)
1000 {
1001 /* fake it */
1002 return bytes;
1003 }
1004
1005
1006 /* message digest functions */
1007
1008 void
1009 MD5_Init (MD5_CTX * ctx)
1010 {
1011 ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
1012 if (!ctx->handle)
1013 abort ();
1014 _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5);
1015 }
1016
1017 void
1018 MD5_Update (MD5_CTX * ctx, const void *buf, int len)
1019 {
1020 _gnutls_hash (ctx->handle, buf, len);
1021 }
1022
1023 void
1024 MD5_Final (unsigned char *md, MD5_CTX * ctx)
1025 {
1026 _gnutls_hash_deinit (ctx->handle, md);
1027 gnutls_free (ctx->handle);
1028 }
1029
1030 unsigned char *
1031 MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
1032 {
1033 if (!md)
1034 return NULL;
1035
1036 _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, md);
1037
1038 return md;
1039 }
1040
1041 void
1042 RIPEMD160_Init (RIPEMD160_CTX * ctx)
1043 {
1044 ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
1045 if (!ctx->handle)
1046 abort ();
1047 _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160);
1048 }
1049
1050 void
1051 RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len)
1052 {
1053 _gnutls_hash (ctx->handle, buf, len);
1054 }
1055
1056 void
1057 RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx)
1058 {
1059 _gnutls_hash_deinit (ctx->handle, md);
1060 gnutls_free (ctx->handle);
1061 }
1062
1063 unsigned char *
1064 RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
1065 {
1066 if (!md)
1067 return NULL;
1068
1069 _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, md);
1070
1071 return md;
1072 }
Implementation of the SSL/TLS protocol