search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / libextra / gnutls_openssl.c
blob4c2bb2383a501a9610a96364b47c87f505147b77
1 /*
2 * Copyright (C) 2004, 2005, 2006 Free Software Foundation
3 * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
4 *
5 * This file is part of GNUTLS-EXTRA.
6 *
7 * GNUTLS-EXTRA is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of the
10 * License, or (at your option) any later version.
11 *
12 * GNUTLS-EXTRA is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with GNUTLS-EXTRA; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 * 02110-1301, USA.
21 *
22 */
23
24 #include <config.h>
25
26 #include <gnutls/gnutls.h>
27 #include <openssl_compat.h>
28 #include <gc.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <gnutls/openssl.h>
33
34 /* XXX: See lib/gnutls_int.h. */
35 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
36 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
37
38 /* WARNING: Error functions aren't currently thread-safe */
39
40 static int last_error = 0;
41
42
43 /* Library initialisation functions */
44
45 int
46 SSL_library_init (void)
47 {
48 gnutls_global_init ();
49 /* NB: we haven't got anywhere to call gnutls_global_deinit() */
50 return 1;
51 }
52
53 void
54 OpenSSL_add_all_algorithms (void)
55 {
56 }
57
58
59 /* SSL_CTX structure handling */
60
61 SSL_CTX *
62 SSL_CTX_new (SSL_METHOD * method)
63 {
64 SSL_CTX *ctx;
65
66 ctx = (SSL_CTX *) calloc (1, sizeof (SSL_CTX));
67 ctx->method = method;
68
69 return ctx;
70 }
71
72 void
73 SSL_CTX_free (SSL_CTX * ctx)
74 {
75 free (ctx->method);
76 free (ctx);
77 }
78
79 int
80 SSL_CTX_set_default_verify_paths (SSL_CTX * ctx)
81 {
82 return 0;
83 }
84
85 int
86 SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, int type)
87 {
88 ctx->certfile = (char *) calloc (1, strlen (certfile) + 1);
89 if (!ctx->certfile)
90 return -1;
91 memcpy (ctx->certfile, certfile, strlen (certfile));
92
93 ctx->certfile_type = type;
94
95 return 1;
96 }
97
98 int
99 SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type)
100 {
101 ctx->keyfile = (char *) calloc (1, strlen (keyfile) + 1);
102 if (!ctx->keyfile)
103 return -1;
104 memcpy (ctx->keyfile, keyfile, strlen (keyfile));
105
106 ctx->keyfile_type = type;
107
108 return 1;
109
110 }
111
112 void
113 SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
114 int (*verify_callback) (int, X509_STORE_CTX *))
115 {
116 ctx->verify_mode = verify_mode;
117 ctx->verify_callback = verify_callback;
118 }
119
120 unsigned long
121 SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options)
122 {
123 return (ctx->options |= options);
124 }
125
126 long
127 SSL_CTX_set_mode (SSL_CTX * ctx, long mode)
128 {
129 return 0;
130 }
131
132 int
133 SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list)
134 {
135 /* FIXME: ignore this for the moment */
136 /* We're going to have to parse the "list" string to do this */
137 /* It is a string, which in its simplest form is something like
138 "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
139 (see OpenSSL's ciphers(1) manpage for details) */
140
141 return 1;
142 }
143
144
145 /* SSL_CTX statistics */
146
147 long
148 SSL_CTX_sess_number (SSL_CTX * ctx)
149 {
150 return 0;
151 }
152
153 long
154 SSL_CTX_sess_connect (SSL_CTX * ctx)
155 {
156 return 0;
157 }
158
159 long
160 SSL_CTX_sess_connect_good (SSL_CTX * ctx)
161 {
162 return 0;
163 }
164
165 long
166 SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx)
167 {
168 return 0;
169 }
170
171 long
172 SSL_CTX_sess_accept (SSL_CTX * ctx)
173 {
174 return 0;
175 }
176
177 long
178 SSL_CTX_sess_accept_good (SSL_CTX * ctx)
179 {
180 return 0;
181 }
182
183 long
184 SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx)
185 {
186 return 0;
187 }
188
189 long
190 SSL_CTX_sess_hits (SSL_CTX * ctx)
191 {
192 return 0;
193 }
194
195 long
196 SSL_CTX_sess_misses (SSL_CTX * ctx)
197 {
198 return 0;
199 }
200
201 long
202 SSL_CTX_sess_timeouts (SSL_CTX * ctx)
203 {
204 return 0;
205 }
206
207
208
209 /* SSL structure handling */
210
211 SSL *
212 SSL_new (SSL_CTX * ctx)
213 {
214 SSL *ssl;
215 int err;
216
217 ssl = (SSL *) calloc (1, sizeof (SSL));
218 if (!ssl)
219 return NULL;
220
221 err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
222 if (err < 0)
223 {
224 last_error = err;
225 free (ssl);
226 return NULL;
227 }
228
229 gnutls_init (&ssl->gnutls_state, ctx->method->connend);
230
231 gnutls_protocol_set_priority (ssl->gnutls_state,
232 ctx->method->protocol_priority);
233 gnutls_cipher_set_priority (ssl->gnutls_state,
234 ctx->method->cipher_priority);
235 gnutls_compression_set_priority (ssl->gnutls_state,
236 ctx->method->comp_priority);
237 gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
238 gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
239
240 gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
241 ssl->gnutls_cred);
242 if (ctx->certfile)
243 gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
244 ctx->certfile,
245 ctx->certfile_type);
246 if (ctx->keyfile)
247 gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
248 ctx->certfile, ctx->keyfile,
249 ctx->keyfile_type);
250 ssl->ctx = ctx;
251 ssl->verify_mode = ctx->verify_mode;
252 ssl->verify_callback = ctx->verify_callback;
253
254 ssl->options = ctx->options;
255
256 ssl->rfd = (gnutls_transport_ptr_t) - 1;
257 ssl->wfd = (gnutls_transport_ptr_t) - 1;
258
259 return ssl;
260 }
261
262 void
263 SSL_free (SSL * ssl)
264 {
265 gnutls_certificate_free_credentials (ssl->gnutls_cred);
266 gnutls_deinit (ssl->gnutls_state);
267 free (ssl);
268 }
269
270 void
271 SSL_load_error_strings (void)
272 {
273 }
274
275 int
276 SSL_get_error (SSL * ssl, int ret)
277 {
278 if (ret > 0)
279 return SSL_ERROR_NONE;
280
281 return SSL_ERROR_ZERO_RETURN;
282 }
283
284 int
285 SSL_set_fd (SSL * ssl, int fd)
286 {
287 gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd));
288 return 1;
289 }
290
291 int
292 SSL_set_rfd (SSL * ssl, int fd)
293 {
294 ssl->rfd = GNUTLS_INT_TO_POINTER (fd);
295
296 if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
297 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
298
299 return 1;
300 }
301
302 int
303 SSL_set_wfd (SSL * ssl, int fd)
304 {
305 ssl->wfd = GNUTLS_INT_TO_POINTER (fd);
306
307 if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
308 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
309
310 return 1;
311 }
312
313 void
314 SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio)
315 {
316 gnutls_transport_set_ptr2 (ssl->gnutls_state, rbio->fd, wbio->fd);
317 /* free(BIO); ? */
318 }
319
320 void
321 SSL_set_connect_state (SSL * ssl)
322 {
323 }
324
325 int
326 SSL_pending (SSL * ssl)
327 {
328 return gnutls_record_check_pending (ssl->gnutls_state);
329 }
330
331 void
332 SSL_set_verify (SSL * ssl, int verify_mode,
333 int (*verify_callback) (int, X509_STORE_CTX *))
334 {
335 ssl->verify_mode = verify_mode;
336 ssl->verify_callback = verify_callback;
337 }
338
339 const X509 *
340 SSL_get_peer_certificate (SSL * ssl)
341 {
342 const gnutls_datum_t *cert_list;
343 int cert_list_size = 0;
344
345 cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
346 &cert_list_size);
347
348 return cert_list;
349 }
350
351 /* SSL connection open/close/read/write functions */
352
353 int
354 SSL_connect (SSL * ssl)
355 {
356 X509_STORE_CTX *store;
357 int cert_list_size = 0;
358 int err;
359 int i, j;
360 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
361 /* take options into account before connecting */
362
363 memset (x_priority, 0, sizeof (x_priority));
364 if (ssl->options & SSL_OP_NO_TLSv1)
365 {
366 for (i = 0, j = 0;
367 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
368 {
369 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
370 j++;
371 else
372 x_priority[i] = ssl->ctx->method->protocol_priority[j];
373 }
374 if (i < GNUTLS_MAX_ALGORITHM_NUM)
375 x_priority[i] = 0;
376 gnutls_protocol_set_priority (ssl->gnutls_state,
377 ssl->ctx->method->protocol_priority);
378 }
379
380 err = gnutls_handshake (ssl->gnutls_state);
381 ssl->last_error = err;
382
383 if (err < 0)
384 {
385 last_error = err;
386 return 0;
387 }
388
389 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
390 store->ssl = ssl;
391 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
392 &cert_list_size);
393
394 if (ssl->verify_callback)
395 {
396 ssl->verify_callback (1 /*FIXME*/, store);
397 }
398 ssl->state = SSL_ST_OK;
399
400 err = store->error;
401 free (store);
402
403 /* FIXME: deal with error from callback */
404
405 return 1;
406 }
407
408 int
409 SSL_accept (SSL * ssl)
410 {
411 X509_STORE_CTX *store;
412 int cert_list_size = 0;
413 int err;
414 int i, j;
415 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
416 /* take options into account before accepting */
417
418 memset (x_priority, 0, sizeof (x_priority));
419 if (ssl->options & SSL_OP_NO_TLSv1)
420 {
421 for (i = 0, j = 0;
422 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
423 {
424 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
425 j++;
426 else
427 x_priority[i] = ssl->ctx->method->protocol_priority[j];
428 }
429 if (i < GNUTLS_MAX_ALGORITHM_NUM)
430 x_priority[i] = 0;
431 gnutls_protocol_set_priority (ssl->gnutls_state,
432 ssl->ctx->method->protocol_priority);
433 }
434
435 /* FIXME: dh params, do we want client cert? */
436
437 err = gnutls_handshake (ssl->gnutls_state);
438 ssl->last_error = err;
439
440 if (err < 0)
441 {
442 last_error = err;
443 return 0;
444 }
445
446 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
447 store->ssl = ssl;
448 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
449 &cert_list_size);
450
451 if (ssl->verify_callback)
452 {
453 ssl->verify_callback (1 /*FIXME*/, store);
454 }
455 ssl->state = SSL_ST_OK;
456
457 err = store->error;
458 free (store);
459
460 /* FIXME: deal with error from callback */
461
462 return 1;
463 }
464
465 int
466 SSL_shutdown (SSL * ssl)
467 {
468 if (!ssl->shutdown)
469 {
470 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_WR);
471 ssl->shutdown++;
472 }
473 else
474 {
475 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_RDWR);
476 ssl->shutdown++;
477 }
478
479 /* FIXME */
480 return 1;
481 }
482
483 int
484 SSL_read (SSL * ssl, void *buf, int len)
485 {
486 int ret;
487
488 ret = gnutls_record_recv (ssl->gnutls_state, buf, len);
489 ssl->last_error = ret;
490
491 if (ret < 0)
492 {
493 last_error = ret;
494 return 0;
495 }
496
497 return ret;
498 }
499
500 int
501 SSL_write (SSL * ssl, const void *buf, int len)
502 {
503 int ret;
504
505 ret = gnutls_record_send (ssl->gnutls_state, buf, len);
506 ssl->last_error = ret;
507
508 if (ret < 0)
509 {
510 last_error = ret;
511 return 0;
512 }
513
514 return ret;
515 }
516
517 int
518 SSL_want (SSL * ssl)
519 {
520 return SSL_NOTHING;
521 }
522
523
524 /* SSL_METHOD functions */
525
526 SSL_METHOD *
527 SSLv23_client_method (void)
528 {
529 SSL_METHOD *m;
530 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
531 if (!m)
532 return NULL;
533
534 m->protocol_priority[0] = GNUTLS_TLS1;
535 m->protocol_priority[1] = GNUTLS_SSL3;
536 m->protocol_priority[2] = 0;
537
538 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
539 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
540 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
541 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
542 m->cipher_priority[4] = 0;
543
544 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
545 m->comp_priority[1] = GNUTLS_COMP_NULL;
546 m->comp_priority[2] = 0;
547
548 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
549 m->kx_priority[1] = GNUTLS_KX_RSA;
550 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
551 m->kx_priority[3] = 0;
552
553 m->mac_priority[0] = GNUTLS_MAC_SHA1;
554 m->mac_priority[1] = GNUTLS_MAC_MD5;
555 m->mac_priority[2] = 0;
556
557 m->connend = GNUTLS_CLIENT;
558
559 return m;
560 }
561
562 SSL_METHOD *
563 SSLv23_server_method (void)
564 {
565 SSL_METHOD *m;
566 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
567 if (!m)
568 return NULL;
569
570 m->protocol_priority[0] = GNUTLS_TLS1;
571 m->protocol_priority[1] = GNUTLS_SSL3;
572 m->protocol_priority[2] = 0;
573
574 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
575 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
576 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
577 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
578 m->cipher_priority[4] = 0;
579
580 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
581 m->comp_priority[1] = GNUTLS_COMP_NULL;
582 m->comp_priority[2] = 0;
583
584 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
585 m->kx_priority[1] = GNUTLS_KX_RSA;
586 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
587 m->kx_priority[3] = 0;
588
589 m->mac_priority[0] = GNUTLS_MAC_SHA1;
590 m->mac_priority[1] = GNUTLS_MAC_MD5;
591 m->mac_priority[2] = 0;
592
593 m->connend = GNUTLS_SERVER;
594
595 return m;
596 }
597
598 SSL_METHOD *
599 SSLv3_client_method (void)
600 {
601 SSL_METHOD *m;
602 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
603 if (!m)
604 return NULL;
605
606 m->protocol_priority[0] = GNUTLS_SSL3;
607 m->protocol_priority[2] = 0;
608
609 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
610 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
611 m->cipher_priority[3] = 0;
612
613 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
614 m->comp_priority[1] = GNUTLS_COMP_NULL;
615 m->comp_priority[2] = 0;
616
617 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
618 m->kx_priority[1] = GNUTLS_KX_RSA;
619 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
620 m->kx_priority[3] = 0;
621
622 m->mac_priority[0] = GNUTLS_MAC_SHA1;
623 m->mac_priority[1] = GNUTLS_MAC_MD5;
624 m->mac_priority[2] = 0;
625
626 m->connend = GNUTLS_CLIENT;
627
628 return m;
629 }
630
631 SSL_METHOD *
632 SSLv3_server_method (void)
633 {
634 SSL_METHOD *m;
635 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
636 if (!m)
637 return NULL;
638
639 m->protocol_priority[0] = GNUTLS_SSL3;
640 m->protocol_priority[2] = 0;
641
642 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
643 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
644 m->cipher_priority[3] = 0;
645
646 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
647 m->comp_priority[1] = GNUTLS_COMP_NULL;
648 m->comp_priority[2] = 0;
649
650 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
651 m->kx_priority[1] = GNUTLS_KX_RSA;
652 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
653 m->kx_priority[3] = 0;
654
655 m->mac_priority[0] = GNUTLS_MAC_SHA1;
656 m->mac_priority[1] = GNUTLS_MAC_MD5;
657 m->mac_priority[2] = 0;
658
659 m->connend = GNUTLS_SERVER;
660
661 return m;
662 }
663
664 SSL_METHOD *
665 TLSv1_client_method (void)
666 {
667 SSL_METHOD *m;
668 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
669 if (!m)
670 return NULL;
671
672 m->protocol_priority[0] = GNUTLS_TLS1;
673 m->protocol_priority[1] = 0;
674
675 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
676 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
677 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
678 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
679 m->cipher_priority[4] = 0;
680
681 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
682 m->comp_priority[1] = GNUTLS_COMP_NULL;
683 m->comp_priority[2] = 0;
684
685 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
686 m->kx_priority[1] = GNUTLS_KX_RSA;
687 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
688 m->kx_priority[3] = 0;
689
690 m->mac_priority[0] = GNUTLS_MAC_SHA1;
691 m->mac_priority[1] = GNUTLS_MAC_MD5;
692 m->mac_priority[2] = 0;
693
694 m->connend = GNUTLS_CLIENT;
695
696 return m;
697 }
698
699 SSL_METHOD *
700 TLSv1_server_method (void)
701 {
702 SSL_METHOD *m;
703 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
704 if (!m)
705 return NULL;
706
707 m->protocol_priority[0] = GNUTLS_TLS1;
708 m->protocol_priority[1] = 0;
709
710 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
711 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
712 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
713 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
714 m->cipher_priority[4] = 0;
715
716 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
717 m->comp_priority[1] = GNUTLS_COMP_NULL;
718 m->comp_priority[2] = 0;
719
720 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
721 m->kx_priority[1] = GNUTLS_KX_RSA;
722 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
723 m->kx_priority[3] = 0;
724
725 m->mac_priority[0] = GNUTLS_MAC_SHA1;
726 m->mac_priority[1] = GNUTLS_MAC_MD5;
727 m->mac_priority[2] = 0;
728
729 m->connend = GNUTLS_SERVER;
730
731 return m;
732 }
733
734
735 /* SSL_CIPHER functions */
736
737 SSL_CIPHER *
738 SSL_get_current_cipher (SSL * ssl)
739 {
740 if (!ssl)
741 return NULL;
742
743 ssl->ciphersuite.version = gnutls_protocol_get_version (ssl->gnutls_state);
744 ssl->ciphersuite.cipher = gnutls_cipher_get (ssl->gnutls_state);
745 ssl->ciphersuite.kx = gnutls_kx_get (ssl->gnutls_state);
746 ssl->ciphersuite.mac = gnutls_mac_get (ssl->gnutls_state);
747 ssl->ciphersuite.compression = gnutls_compression_get (ssl->gnutls_state);
748 ssl->ciphersuite.cert = gnutls_certificate_type_get (ssl->gnutls_state);
749
750 return &(ssl->ciphersuite);
751 }
752
753 const char *
754 SSL_CIPHER_get_name (SSL_CIPHER * cipher)
755 {
756 if (!cipher)
757 return ("NONE");
758
759 return gnutls_cipher_suite_get_name (cipher->kx,
760 cipher->cipher, cipher->mac);
761 }
762
763 int
764 SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits)
765 {
766 int bit_result;
767
768 if (!cipher)
769 return 0;
770
771 bit_result = (8 * gnutls_cipher_get_key_size (cipher->cipher));
772
773 if (bits)
774 *bits = bit_result;
775
776 return bit_result;
777 }
778
779 const char *
780 SSL_CIPHER_get_version (SSL_CIPHER * cipher)
781 {
782 const char *ret;
783
784 if (!cipher)
785 return ("(NONE)");
786
787 ret = gnutls_protocol_get_name (cipher->version);
788 if (ret)
789 return ret;
790
791 return ("unknown");
792 }
793
794 char *
795 SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size)
796 {
797 char *tmpbuf;
798 int tmpsize;
799 int local_alloc;
800
801 if (buf)
802 {
803 tmpbuf = buf;
804 tmpsize = size;
805 local_alloc = 0;
806 }
807 else
808 {
809 tmpbuf = (char *) malloc (128);
810 tmpsize = 128;
811 local_alloc = 1;
812 }
813
814 if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
815 gnutls_protocol_get_name (cipher->version),
816 gnutls_kx_get_name (cipher->kx),
817 gnutls_cipher_get_name (cipher->cipher),
818 gnutls_mac_get_name (cipher->mac)) == -1)
819 {
820 if (local_alloc)
821 free (tmpbuf);
822 return "Buffer too small";
823 }
824
825 return tmpbuf;
826 }
827
828
829 /* X509 functions */
830
831 X509_NAME *
832 X509_get_subject_name (const X509 * cert)
833 {
834 gnutls_x509_dn *dn;
835 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
836 if (gnutls_x509_extract_certificate_dn (&cert[0], dn) < 0)
837 {
838 free (dn);
839 return NULL;
840 }
841 return dn;
842 }
843
844 X509_NAME *
845 X509_get_issuer_name (const X509 * cert)
846 {
847 gnutls_x509_dn *dn;
848 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
849 if (gnutls_x509_extract_certificate_dn (&cert[1], dn) < 0)
850 {
851 free (dn);
852 return NULL;
853 }
854 return dn;
855 }
856
857 char *
858 X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
859 {
860 memset (buf, 0, len);
861 if (!buf)
862 return NULL;
863
864 snprintf (buf, len - 1,
865 "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
866 name->country, name->state_or_province_name,
867 name->locality_name, name->organization,
868 name->organizational_unit_name, name->common_name, name->email);
869 return buf;
870 }
871
872 void
873 X509_free (const X509 * cert)
874 {
875 /* only get certificates as const items */
876 }
877
878
879 /* BIO functions */
880
881 void
882 BIO_get_fd (gnutls_session_t gnutls_state, int *fd)
883 {
884 *fd = GNUTLS_POINTER_TO_INT (gnutls_transport_get_ptr (gnutls_state));
885 }
886
887 BIO *
888 BIO_new_socket (int sock, int close_flag)
889 {
890 BIO *bio;
891
892 bio = (BIO *) malloc (sizeof (BIO));
893 if (!bio)
894 return NULL;
895
896 bio->fd = GNUTLS_INT_TO_POINTER (sock);
897
898 return bio;
899 }
900
901
902 /* error handling */
903
904 unsigned long
905 ERR_get_error (void)
906 {
907 unsigned long ret;
908
909 ret = -1 * last_error;
910 last_error = 0;
911
912 return ret;
913 }
914
915 const char *
916 ERR_error_string (unsigned long e, char *buf)
917 {
918 return gnutls_strerror (-1 * e);
919 }
920
921
922 /* RAND functions */
923
924 int
925 RAND_status (void)
926 {
927 return 1;
928 }
929
930 void
931 RAND_seed (const void *buf, int num)
932 {
933 }
934
935 int
936 RAND_bytes (unsigned char *buf, int num)
937 {
938 gc_random (buf, num);
939 return 1;
940 }
941
942 const char *
943 RAND_file_name (char *buf, size_t len)
944 {
945 return "";
946 }
947
948 int
949 RAND_load_file (const char *name, long maxbytes)
950 {
951 return maxbytes;
952 }
953
954 int
955 RAND_write_file (const char *name)
956 {
957 return 0;
958 }
959
960 int
961 RAND_egd_bytes (const char *path, int bytes)
962 {
963 /* fake it */
964 return bytes;
965 }
966
967
968 /* message digest functions */
969
970 void
971 MD5_Init (MD5_CTX * ctx)
972 {
973 gc_hash_open (GC_MD5, 0, &ctx->handle);
974 }
975
976 void
977 MD5_Update (MD5_CTX * ctx, const void *buf, int len)
978 {
979 gc_hash_write (ctx->handle, len, buf);
980 }
981
982 void
983 MD5_Final (unsigned char *md, MD5_CTX * ctx)
984 {
985 const char *local_md;
986
987 local_md = gc_hash_read (ctx->handle);
988 if (md)
989 memcpy (md, local_md, gc_hash_digest_length (GC_MD5));
990 gc_hash_close (ctx->handle);
991 }
992
993 unsigned char *
994 MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
995 {
996 if (!md)
997 return NULL;
998
999 gc_hash_buffer (GC_MD5, buf, len, md);
1000
1001 return md;
1002 }
1003
1004 void
1005 RIPEMD160_Init (RIPEMD160_CTX * ctx)
1006 {
1007 gc_hash_open (GC_RMD160, 0, &ctx->handle);
1008 }
1009
1010 void
1011 RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len)
1012 {
1013 gc_hash_write (ctx->handle, len, buf);
1014 }
1015
1016 void
1017 RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx)
1018 {
1019 const char *local_md;
1020
1021 local_md = gc_hash_read (ctx->handle);
1022 if (md)
1023 memcpy (md, local_md, gc_hash_digest_length (GC_RMD160));
1024 gc_hash_close (ctx->handle);
1025 }
1026
1027 unsigned char *
1028 RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
1029 {
1030 if (!md)
1031 return NULL;
1032
1033 gc_hash_buffer (GC_RMD160, buf, len, md);
1034
1035 return md;
1036 }
Implementation of the SSL/TLS protocol