search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
guile: Don't declare `inline' functions that use `alloca ()'.
[gnutls.git] / libextra / gnutls_openssl.c
blobb667566ea356b689e1c9b2c08b7965b782dcd88e
1 /*
2 * Copyright (C) 2004, 2005, 2006 Free Software Foundation
3 * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
4 *
5 * This file is part of GNUTLS-EXTRA.
6 *
7 * GNUTLS-EXTRA is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS-EXTRA is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 #include <gnutls/gnutls.h>
24 #include <openssl_compat.h>
25 #include <gc.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <gnutls/openssl.h>
30
31 /* XXX: See lib/gnutls_int.h. */
32 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
33 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
34
35 /* WARNING: Error functions aren't currently thread-safe */
36
37 static int last_error = 0;
38
39
40 /* Library initialisation functions */
41
42 int
43 SSL_library_init (void)
44 {
45 gnutls_global_init ();
46 /* NB: we haven't got anywhere to call gnutls_global_deinit() */
47 return 1;
48 }
49
50 void
51 OpenSSL_add_all_algorithms (void)
52 {
53 }
54
55
56 /* SSL_CTX structure handling */
57
58 SSL_CTX *
59 SSL_CTX_new (SSL_METHOD * method)
60 {
61 SSL_CTX *ctx;
62
63 ctx = (SSL_CTX *) calloc (1, sizeof (SSL_CTX));
64 ctx->method = method;
65
66 return ctx;
67 }
68
69 void
70 SSL_CTX_free (SSL_CTX * ctx)
71 {
72 free (ctx->method);
73 free (ctx);
74 }
75
76 int
77 SSL_CTX_set_default_verify_paths (SSL_CTX * ctx)
78 {
79 return 0;
80 }
81
82 int
83 SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, int type)
84 {
85 ctx->certfile = (char *) calloc (1, strlen (certfile) + 1);
86 if (!ctx->certfile)
87 return -1;
88 memcpy (ctx->certfile, certfile, strlen (certfile));
89
90 ctx->certfile_type = type;
91
92 return 1;
93 }
94
95 int
96 SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type)
97 {
98 ctx->keyfile = (char *) calloc (1, strlen (keyfile) + 1);
99 if (!ctx->keyfile)
100 return -1;
101 memcpy (ctx->keyfile, keyfile, strlen (keyfile));
102
103 ctx->keyfile_type = type;
104
105 return 1;
106
107 }
108
109 void
110 SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
111 int (*verify_callback) (int, X509_STORE_CTX *))
112 {
113 ctx->verify_mode = verify_mode;
114 ctx->verify_callback = verify_callback;
115 }
116
117 unsigned long
118 SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options)
119 {
120 return (ctx->options |= options);
121 }
122
123 long
124 SSL_CTX_set_mode (SSL_CTX * ctx, long mode)
125 {
126 return 0;
127 }
128
129 int
130 SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list)
131 {
132 /* FIXME: ignore this for the moment */
133 /* We're going to have to parse the "list" string to do this */
134 /* It is a string, which in its simplest form is something like
135 "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
136 (see OpenSSL's ciphers(1) manpage for details) */
137
138 return 1;
139 }
140
141
142 /* SSL_CTX statistics */
143
144 long
145 SSL_CTX_sess_number (SSL_CTX * ctx)
146 {
147 return 0;
148 }
149
150 long
151 SSL_CTX_sess_connect (SSL_CTX * ctx)
152 {
153 return 0;
154 }
155
156 long
157 SSL_CTX_sess_connect_good (SSL_CTX * ctx)
158 {
159 return 0;
160 }
161
162 long
163 SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx)
164 {
165 return 0;
166 }
167
168 long
169 SSL_CTX_sess_accept (SSL_CTX * ctx)
170 {
171 return 0;
172 }
173
174 long
175 SSL_CTX_sess_accept_good (SSL_CTX * ctx)
176 {
177 return 0;
178 }
179
180 long
181 SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx)
182 {
183 return 0;
184 }
185
186 long
187 SSL_CTX_sess_hits (SSL_CTX * ctx)
188 {
189 return 0;
190 }
191
192 long
193 SSL_CTX_sess_misses (SSL_CTX * ctx)
194 {
195 return 0;
196 }
197
198 long
199 SSL_CTX_sess_timeouts (SSL_CTX * ctx)
200 {
201 return 0;
202 }
203
204
205
206 /* SSL structure handling */
207
208 SSL *
209 SSL_new (SSL_CTX * ctx)
210 {
211 SSL *ssl;
212 int err;
213
214 ssl = (SSL *) calloc (1, sizeof (SSL));
215 if (!ssl)
216 return NULL;
217
218 err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
219 if (err < 0)
220 {
221 last_error = err;
222 free (ssl);
223 return NULL;
224 }
225
226 gnutls_init (&ssl->gnutls_state, ctx->method->connend);
227
228 gnutls_protocol_set_priority (ssl->gnutls_state,
229 ctx->method->protocol_priority);
230 gnutls_cipher_set_priority (ssl->gnutls_state,
231 ctx->method->cipher_priority);
232 gnutls_compression_set_priority (ssl->gnutls_state,
233 ctx->method->comp_priority);
234 gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
235 gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
236
237 gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
238 ssl->gnutls_cred);
239 if (ctx->certfile)
240 gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
241 ctx->certfile,
242 ctx->certfile_type);
243 if (ctx->keyfile)
244 gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
245 ctx->certfile, ctx->keyfile,
246 ctx->keyfile_type);
247 ssl->ctx = ctx;
248 ssl->verify_mode = ctx->verify_mode;
249 ssl->verify_callback = ctx->verify_callback;
250
251 ssl->options = ctx->options;
252
253 ssl->rfd = (gnutls_transport_ptr_t) - 1;
254 ssl->wfd = (gnutls_transport_ptr_t) - 1;
255
256 return ssl;
257 }
258
259 void
260 SSL_free (SSL * ssl)
261 {
262 gnutls_certificate_free_credentials (ssl->gnutls_cred);
263 gnutls_deinit (ssl->gnutls_state);
264 free (ssl);
265 }
266
267 void
268 SSL_load_error_strings (void)
269 {
270 }
271
272 int
273 SSL_get_error (SSL * ssl, int ret)
274 {
275 if (ret > 0)
276 return SSL_ERROR_NONE;
277
278 return SSL_ERROR_ZERO_RETURN;
279 }
280
281 int
282 SSL_set_fd (SSL * ssl, int fd)
283 {
284 gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd));
285 return 1;
286 }
287
288 int
289 SSL_set_rfd (SSL * ssl, int fd)
290 {
291 ssl->rfd = GNUTLS_INT_TO_POINTER (fd);
292
293 if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
294 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
295
296 return 1;
297 }
298
299 int
300 SSL_set_wfd (SSL * ssl, int fd)
301 {
302 ssl->wfd = GNUTLS_INT_TO_POINTER (fd);
303
304 if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
305 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
306
307 return 1;
308 }
309
310 void
311 SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio)
312 {
313 gnutls_transport_set_ptr2 (ssl->gnutls_state, rbio->fd, wbio->fd);
314 /* free(BIO); ? */
315 }
316
317 void
318 SSL_set_connect_state (SSL * ssl)
319 {
320 }
321
322 int
323 SSL_pending (SSL * ssl)
324 {
325 return gnutls_record_check_pending (ssl->gnutls_state);
326 }
327
328 void
329 SSL_set_verify (SSL * ssl, int verify_mode,
330 int (*verify_callback) (int, X509_STORE_CTX *))
331 {
332 ssl->verify_mode = verify_mode;
333 ssl->verify_callback = verify_callback;
334 }
335
336 const X509 *
337 SSL_get_peer_certificate (SSL * ssl)
338 {
339 const gnutls_datum_t *cert_list;
340 int cert_list_size = 0;
341
342 cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
343 &cert_list_size);
344
345 return cert_list;
346 }
347
348 /* SSL connection open/close/read/write functions */
349
350 int
351 SSL_connect (SSL * ssl)
352 {
353 X509_STORE_CTX *store;
354 int cert_list_size = 0;
355 int err;
356 int i, j;
357 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
358 /* take options into account before connecting */
359
360 memset (x_priority, 0, sizeof (x_priority));
361 if (ssl->options & SSL_OP_NO_TLSv1)
362 {
363 for (i = 0, j = 0;
364 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
365 {
366 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
367 j++;
368 else
369 x_priority[i] = ssl->ctx->method->protocol_priority[j];
370 }
371 if (i < GNUTLS_MAX_ALGORITHM_NUM)
372 x_priority[i] = 0;
373 gnutls_protocol_set_priority (ssl->gnutls_state,
374 ssl->ctx->method->protocol_priority);
375 }
376
377 err = gnutls_handshake (ssl->gnutls_state);
378 ssl->last_error = err;
379
380 if (err < 0)
381 {
382 last_error = err;
383 return 0;
384 }
385
386 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
387 store->ssl = ssl;
388 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
389 &cert_list_size);
390
391 if (ssl->verify_callback)
392 {
393 ssl->verify_callback (1 /*FIXME*/, store);
394 }
395 ssl->state = SSL_ST_OK;
396
397 err = store->error;
398 free (store);
399
400 /* FIXME: deal with error from callback */
401
402 return 1;
403 }
404
405 int
406 SSL_accept (SSL * ssl)
407 {
408 X509_STORE_CTX *store;
409 int cert_list_size = 0;
410 int err;
411 int i, j;
412 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
413 /* take options into account before accepting */
414
415 memset (x_priority, 0, sizeof (x_priority));
416 if (ssl->options & SSL_OP_NO_TLSv1)
417 {
418 for (i = 0, j = 0;
419 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
420 {
421 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
422 j++;
423 else
424 x_priority[i] = ssl->ctx->method->protocol_priority[j];
425 }
426 if (i < GNUTLS_MAX_ALGORITHM_NUM)
427 x_priority[i] = 0;
428 gnutls_protocol_set_priority (ssl->gnutls_state,
429 ssl->ctx->method->protocol_priority);
430 }
431
432 /* FIXME: dh params, do we want client cert? */
433
434 err = gnutls_handshake (ssl->gnutls_state);
435 ssl->last_error = err;
436
437 if (err < 0)
438 {
439 last_error = err;
440 return 0;
441 }
442
443 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
444 store->ssl = ssl;
445 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
446 &cert_list_size);
447
448 if (ssl->verify_callback)
449 {
450 ssl->verify_callback (1 /*FIXME*/, store);
451 }
452 ssl->state = SSL_ST_OK;
453
454 err = store->error;
455 free (store);
456
457 /* FIXME: deal with error from callback */
458
459 return 1;
460 }
461
462 int
463 SSL_shutdown (SSL * ssl)
464 {
465 if (!ssl->shutdown)
466 {
467 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_WR);
468 ssl->shutdown++;
469 }
470 else
471 {
472 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_RDWR);
473 ssl->shutdown++;
474 }
475
476 /* FIXME */
477 return 1;
478 }
479
480 int
481 SSL_read (SSL * ssl, void *buf, int len)
482 {
483 int ret;
484
485 ret = gnutls_record_recv (ssl->gnutls_state, buf, len);
486 ssl->last_error = ret;
487
488 if (ret < 0)
489 {
490 last_error = ret;
491 return 0;
492 }
493
494 return ret;
495 }
496
497 int
498 SSL_write (SSL * ssl, const void *buf, int len)
499 {
500 int ret;
501
502 ret = gnutls_record_send (ssl->gnutls_state, buf, len);
503 ssl->last_error = ret;
504
505 if (ret < 0)
506 {
507 last_error = ret;
508 return 0;
509 }
510
511 return ret;
512 }
513
514 int
515 SSL_want (SSL * ssl)
516 {
517 return SSL_NOTHING;
518 }
519
520
521 /* SSL_METHOD functions */
522
523 SSL_METHOD *
524 SSLv23_client_method (void)
525 {
526 SSL_METHOD *m;
527 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
528 if (!m)
529 return NULL;
530
531 m->protocol_priority[0] = GNUTLS_TLS1;
532 m->protocol_priority[1] = GNUTLS_SSL3;
533 m->protocol_priority[2] = 0;
534
535 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
536 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
537 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
538 #ifdef ENABLE_CAMELLIA
539 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
540 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
541 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
542 m->cipher_priority[6] = 0;
543 #else
544 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
545 m->cipher_priority[4] = 0;
546 #endif
547
548 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
549 m->comp_priority[1] = GNUTLS_COMP_NULL;
550 m->comp_priority[2] = 0;
551
552 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
553 m->kx_priority[1] = GNUTLS_KX_RSA;
554 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
555 m->kx_priority[3] = 0;
556
557 m->mac_priority[0] = GNUTLS_MAC_SHA1;
558 m->mac_priority[1] = GNUTLS_MAC_MD5;
559 m->mac_priority[2] = 0;
560
561 m->connend = GNUTLS_CLIENT;
562
563 return m;
564 }
565
566 SSL_METHOD *
567 SSLv23_server_method (void)
568 {
569 SSL_METHOD *m;
570 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
571 if (!m)
572 return NULL;
573
574 m->protocol_priority[0] = GNUTLS_TLS1;
575 m->protocol_priority[1] = GNUTLS_SSL3;
576 m->protocol_priority[2] = 0;
577
578 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
579 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
580 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
581 #ifdef ENABLE_CAMELLIA
582 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
583 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
584 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
585 m->cipher_priority[6] = 0;
586 #else
587 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
588 m->cipher_priority[4] = 0;
589 #endif
590
591 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
592 m->comp_priority[1] = GNUTLS_COMP_NULL;
593 m->comp_priority[2] = 0;
594
595 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
596 m->kx_priority[1] = GNUTLS_KX_RSA;
597 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
598 m->kx_priority[3] = 0;
599
600 m->mac_priority[0] = GNUTLS_MAC_SHA1;
601 m->mac_priority[1] = GNUTLS_MAC_MD5;
602 m->mac_priority[2] = 0;
603
604 m->connend = GNUTLS_SERVER;
605
606 return m;
607 }
608
609 SSL_METHOD *
610 SSLv3_client_method (void)
611 {
612 SSL_METHOD *m;
613 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
614 if (!m)
615 return NULL;
616
617 m->protocol_priority[0] = GNUTLS_SSL3;
618 m->protocol_priority[2] = 0;
619
620 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
621 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
622 m->cipher_priority[3] = 0;
623
624 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
625 m->comp_priority[1] = GNUTLS_COMP_NULL;
626 m->comp_priority[2] = 0;
627
628 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
629 m->kx_priority[1] = GNUTLS_KX_RSA;
630 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
631 m->kx_priority[3] = 0;
632
633 m->mac_priority[0] = GNUTLS_MAC_SHA1;
634 m->mac_priority[1] = GNUTLS_MAC_MD5;
635 m->mac_priority[2] = 0;
636
637 m->connend = GNUTLS_CLIENT;
638
639 return m;
640 }
641
642 SSL_METHOD *
643 SSLv3_server_method (void)
644 {
645 SSL_METHOD *m;
646 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
647 if (!m)
648 return NULL;
649
650 m->protocol_priority[0] = GNUTLS_SSL3;
651 m->protocol_priority[2] = 0;
652
653 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
654 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
655 m->cipher_priority[3] = 0;
656
657 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
658 m->comp_priority[1] = GNUTLS_COMP_NULL;
659 m->comp_priority[2] = 0;
660
661 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
662 m->kx_priority[1] = GNUTLS_KX_RSA;
663 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
664 m->kx_priority[3] = 0;
665
666 m->mac_priority[0] = GNUTLS_MAC_SHA1;
667 m->mac_priority[1] = GNUTLS_MAC_MD5;
668 m->mac_priority[2] = 0;
669
670 m->connend = GNUTLS_SERVER;
671
672 return m;
673 }
674
675 SSL_METHOD *
676 TLSv1_client_method (void)
677 {
678 SSL_METHOD *m;
679 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
680 if (!m)
681 return NULL;
682
683 m->protocol_priority[0] = GNUTLS_TLS1;
684 m->protocol_priority[1] = 0;
685
686 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
687 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
688 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
689 #ifdef ENABLE_CAMELLIA
690 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
691 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
692 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
693 m->cipher_priority[6] = 0;
694 #else
695 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
696 m->cipher_priority[4] = 0;
697 #endif
698
699 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
700 m->comp_priority[1] = GNUTLS_COMP_NULL;
701 m->comp_priority[2] = 0;
702
703 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
704 m->kx_priority[1] = GNUTLS_KX_RSA;
705 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
706 m->kx_priority[3] = 0;
707
708 m->mac_priority[0] = GNUTLS_MAC_SHA1;
709 m->mac_priority[1] = GNUTLS_MAC_MD5;
710 m->mac_priority[2] = 0;
711
712 m->connend = GNUTLS_CLIENT;
713
714 return m;
715 }
716
717 SSL_METHOD *
718 TLSv1_server_method (void)
719 {
720 SSL_METHOD *m;
721 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
722 if (!m)
723 return NULL;
724
725 m->protocol_priority[0] = GNUTLS_TLS1;
726 m->protocol_priority[1] = 0;
727
728 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
729 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
730 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
731 #ifdef ENABLE_CAMELLIA
732 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
733 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
734 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
735 m->cipher_priority[6] = 0;
736 #else
737 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
738 m->cipher_priority[4] = 0;
739 #endif
740
741 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
742 m->comp_priority[1] = GNUTLS_COMP_NULL;
743 m->comp_priority[2] = 0;
744
745 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
746 m->kx_priority[1] = GNUTLS_KX_RSA;
747 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
748 m->kx_priority[3] = 0;
749
750 m->mac_priority[0] = GNUTLS_MAC_SHA1;
751 m->mac_priority[1] = GNUTLS_MAC_MD5;
752 m->mac_priority[2] = 0;
753
754 m->connend = GNUTLS_SERVER;
755
756 return m;
757 }
758
759
760 /* SSL_CIPHER functions */
761
762 SSL_CIPHER *
763 SSL_get_current_cipher (SSL * ssl)
764 {
765 if (!ssl)
766 return NULL;
767
768 ssl->ciphersuite.version = gnutls_protocol_get_version (ssl->gnutls_state);
769 ssl->ciphersuite.cipher = gnutls_cipher_get (ssl->gnutls_state);
770 ssl->ciphersuite.kx = gnutls_kx_get (ssl->gnutls_state);
771 ssl->ciphersuite.mac = gnutls_mac_get (ssl->gnutls_state);
772 ssl->ciphersuite.compression = gnutls_compression_get (ssl->gnutls_state);
773 ssl->ciphersuite.cert = gnutls_certificate_type_get (ssl->gnutls_state);
774
775 return &(ssl->ciphersuite);
776 }
777
778 const char *
779 SSL_CIPHER_get_name (SSL_CIPHER * cipher)
780 {
781 if (!cipher)
782 return ("NONE");
783
784 return gnutls_cipher_suite_get_name (cipher->kx,
785 cipher->cipher, cipher->mac);
786 }
787
788 int
789 SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits)
790 {
791 int bit_result;
792
793 if (!cipher)
794 return 0;
795
796 bit_result = (8 * gnutls_cipher_get_key_size (cipher->cipher));
797
798 if (bits)
799 *bits = bit_result;
800
801 return bit_result;
802 }
803
804 const char *
805 SSL_CIPHER_get_version (SSL_CIPHER * cipher)
806 {
807 const char *ret;
808
809 if (!cipher)
810 return ("(NONE)");
811
812 ret = gnutls_protocol_get_name (cipher->version);
813 if (ret)
814 return ret;
815
816 return ("unknown");
817 }
818
819 char *
820 SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size)
821 {
822 char *tmpbuf;
823 int tmpsize;
824 int local_alloc;
825
826 if (buf)
827 {
828 tmpbuf = buf;
829 tmpsize = size;
830 local_alloc = 0;
831 }
832 else
833 {
834 tmpbuf = (char *) malloc (128);
835 tmpsize = 128;
836 local_alloc = 1;
837 }
838
839 if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
840 gnutls_protocol_get_name (cipher->version),
841 gnutls_kx_get_name (cipher->kx),
842 gnutls_cipher_get_name (cipher->cipher),
843 gnutls_mac_get_name (cipher->mac)) == -1)
844 {
845 if (local_alloc)
846 free (tmpbuf);
847 return "Buffer too small";
848 }
849
850 return tmpbuf;
851 }
852
853
854 /* X509 functions */
855
856 X509_NAME *
857 X509_get_subject_name (const X509 * cert)
858 {
859 gnutls_x509_dn *dn;
860 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
861 if (gnutls_x509_extract_certificate_dn (&cert[0], dn) < 0)
862 {
863 free (dn);
864 return NULL;
865 }
866 return dn;
867 }
868
869 X509_NAME *
870 X509_get_issuer_name (const X509 * cert)
871 {
872 gnutls_x509_dn *dn;
873 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
874 if (gnutls_x509_extract_certificate_dn (&cert[1], dn) < 0)
875 {
876 free (dn);
877 return NULL;
878 }
879 return dn;
880 }
881
882 char *
883 X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
884 {
885 memset (buf, 0, len);
886 if (!buf)
887 return NULL;
888
889 snprintf (buf, len - 1,
890 "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
891 name->country, name->state_or_province_name,
892 name->locality_name, name->organization,
893 name->organizational_unit_name, name->common_name, name->email);
894 return buf;
895 }
896
897 void
898 X509_free (const X509 * cert)
899 {
900 /* only get certificates as const items */
901 }
902
903
904 /* BIO functions */
905
906 void
907 BIO_get_fd (gnutls_session_t gnutls_state, int *fd)
908 {
909 *fd = GNUTLS_POINTER_TO_INT (gnutls_transport_get_ptr (gnutls_state));
910 }
911
912 BIO *
913 BIO_new_socket (int sock, int close_flag)
914 {
915 BIO *bio;
916
917 bio = (BIO *) malloc (sizeof (BIO));
918 if (!bio)
919 return NULL;
920
921 bio->fd = GNUTLS_INT_TO_POINTER (sock);
922
923 return bio;
924 }
925
926
927 /* error handling */
928
929 unsigned long
930 ERR_get_error (void)
931 {
932 unsigned long ret;
933
934 ret = -1 * last_error;
935 last_error = 0;
936
937 return ret;
938 }
939
940 const char *
941 ERR_error_string (unsigned long e, char *buf)
942 {
943 return gnutls_strerror (-1 * e);
944 }
945
946
947 /* RAND functions */
948
949 int
950 RAND_status (void)
951 {
952 return 1;
953 }
954
955 void
956 RAND_seed (const void *buf, int num)
957 {
958 }
959
960 int
961 RAND_bytes (unsigned char *buf, int num)
962 {
963 gc_random (buf, num);
964 return 1;
965 }
966
967 const char *
968 RAND_file_name (char *buf, size_t len)
969 {
970 return "";
971 }
972
973 int
974 RAND_load_file (const char *name, long maxbytes)
975 {
976 return maxbytes;
977 }
978
979 int
980 RAND_write_file (const char *name)
981 {
982 return 0;
983 }
984
985 int
986 RAND_egd_bytes (const char *path, int bytes)
987 {
988 /* fake it */
989 return bytes;
990 }
991
992
993 /* message digest functions */
994
995 void
996 MD5_Init (MD5_CTX * ctx)
997 {
998 gc_hash_open (GC_MD5, 0, &ctx->handle);
999 }
1000
1001 void
1002 MD5_Update (MD5_CTX * ctx, const void *buf, int len)
1003 {
1004 gc_hash_write (ctx->handle, len, buf);
1005 }
1006
1007 void
1008 MD5_Final (unsigned char *md, MD5_CTX * ctx)
1009 {
1010 const char *local_md;
1011
1012 local_md = gc_hash_read (ctx->handle);
1013 if (md)
1014 memcpy (md, local_md, gc_hash_digest_length (GC_MD5));
1015 gc_hash_close (ctx->handle);
1016 }
1017
1018 unsigned char *
1019 MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
1020 {
1021 if (!md)
1022 return NULL;
1023
1024 gc_hash_buffer (GC_MD5, buf, len, md);
1025
1026 return md;
1027 }
1028
1029 void
1030 RIPEMD160_Init (RIPEMD160_CTX * ctx)
1031 {
1032 gc_hash_open (GC_RMD160, 0, &ctx->handle);
1033 }
1034
1035 void
1036 RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len)
1037 {
1038 gc_hash_write (ctx->handle, len, buf);
1039 }
1040
1041 void
1042 RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx)
1043 {
1044 const char *local_md;
1045
1046 local_md = gc_hash_read (ctx->handle);
1047 if (md)
1048 memcpy (md, local_md, gc_hash_digest_length (GC_RMD160));
1049 gc_hash_close (ctx->handle);
1050 }
1051
1052 unsigned char *
1053 RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
1054 {
1055 if (!md)
1056 return NULL;
1057
1058 gc_hash_buffer (GC_RMD160, buf, len, md);
1059
1060 return md;
1061 }
Implementation of the SSL/TLS protocol