search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add announcement message.
[gnutls.git] / libextra / gnutls_openssl.c
blobccd1c455de1faac295d619982a1f5c03c2d12581
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2008, 2010 Free Software Foundation,
3 * Inc.
4 * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
5 *
6 * This file is part of GNUTLS-EXTRA.
7 *
8 * GNUTLS-EXTRA is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS-EXTRA is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23
24 #include <gnutls/gnutls.h>
25 #include <openssl_compat.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <gnutls/openssl.h>
30 #include "../lib/gnutls_int.h"
31 #include "../lib/random.h"
32 #include "../lib/gnutls_hash_int.h"
33
34 /* Gnulib re-defines shutdown on mingw. We only use it as a variable
35 name, so restore the original name. */
36 #undef shutdown
37
38 /* XXX: See lib/gnutls_int.h. */
39 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
40 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
41
42 /* WARNING: Error functions aren't currently thread-safe */
43
44 static int last_error = 0;
45
46 /* Library initialisation functions */
47
48 int
49 SSL_library_init (void)
50 {
51 gnutls_global_init ();
52 /* NB: we haven't got anywhere to call gnutls_global_deinit() */
53 return 1;
54 }
55
56 void
57 OpenSSL_add_all_algorithms (void)
58 {
59 }
60
61
62 /* SSL_CTX structure handling */
63
64 SSL_CTX *
65 SSL_CTX_new (SSL_METHOD * method)
66 {
67 SSL_CTX *ctx;
68
69 ctx = (SSL_CTX *) calloc (1, sizeof (SSL_CTX));
70 ctx->method = method;
71
72 return ctx;
73 }
74
75 void
76 SSL_CTX_free (SSL_CTX * ctx)
77 {
78 free (ctx->method);
79 free (ctx);
80 }
81
82 int
83 SSL_CTX_set_default_verify_paths (SSL_CTX * ctx)
84 {
85 return 0;
86 }
87
88 int
89 SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, int type)
90 {
91 ctx->certfile = (char *) calloc (1, strlen (certfile) + 1);
92 if (!ctx->certfile)
93 return -1;
94 memcpy (ctx->certfile, certfile, strlen (certfile));
95
96 ctx->certfile_type = type;
97
98 return 1;
99 }
100
101 int
102 SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type)
103 {
104 ctx->keyfile = (char *) calloc (1, strlen (keyfile) + 1);
105 if (!ctx->keyfile)
106 return -1;
107 memcpy (ctx->keyfile, keyfile, strlen (keyfile));
108
109 ctx->keyfile_type = type;
110
111 return 1;
112
113 }
114
115 void
116 SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode,
117 int (*verify_callback) (int, X509_STORE_CTX *))
118 {
119 ctx->verify_mode = verify_mode;
120 ctx->verify_callback = verify_callback;
121 }
122
123 unsigned long
124 SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options)
125 {
126 return (ctx->options |= options);
127 }
128
129 long
130 SSL_CTX_set_mode (SSL_CTX * ctx, long mode)
131 {
132 return 0;
133 }
134
135 int
136 SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list)
137 {
138 /* FIXME: ignore this for the moment */
139 /* We're going to have to parse the "list" string to do this */
140 /* It is a string, which in its simplest form is something like
141 "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
142 (see OpenSSL's ciphers(1) manpage for details) */
143
144 return 1;
145 }
146
147
148 /* SSL_CTX statistics */
149
150 long
151 SSL_CTX_sess_number (SSL_CTX * ctx)
152 {
153 return 0;
154 }
155
156 long
157 SSL_CTX_sess_connect (SSL_CTX * ctx)
158 {
159 return 0;
160 }
161
162 long
163 SSL_CTX_sess_connect_good (SSL_CTX * ctx)
164 {
165 return 0;
166 }
167
168 long
169 SSL_CTX_sess_connect_renegotiate (SSL_CTX * ctx)
170 {
171 return 0;
172 }
173
174 long
175 SSL_CTX_sess_accept (SSL_CTX * ctx)
176 {
177 return 0;
178 }
179
180 long
181 SSL_CTX_sess_accept_good (SSL_CTX * ctx)
182 {
183 return 0;
184 }
185
186 long
187 SSL_CTX_sess_accept_renegotiate (SSL_CTX * ctx)
188 {
189 return 0;
190 }
191
192 long
193 SSL_CTX_sess_hits (SSL_CTX * ctx)
194 {
195 return 0;
196 }
197
198 long
199 SSL_CTX_sess_misses (SSL_CTX * ctx)
200 {
201 return 0;
202 }
203
204 long
205 SSL_CTX_sess_timeouts (SSL_CTX * ctx)
206 {
207 return 0;
208 }
209
210
211
212 /* SSL structure handling */
213
214 SSL *
215 SSL_new (SSL_CTX * ctx)
216 {
217 SSL *ssl;
218 int err;
219
220 ssl = (SSL *) calloc (1, sizeof (SSL));
221 if (!ssl)
222 return NULL;
223
224 err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
225 if (err < 0)
226 {
227 last_error = err;
228 free (ssl);
229 return NULL;
230 }
231
232 gnutls_init (&ssl->gnutls_state, ctx->method->connend);
233
234 gnutls_protocol_set_priority (ssl->gnutls_state,
235 ctx->method->protocol_priority);
236 gnutls_cipher_set_priority (ssl->gnutls_state,
237 ctx->method->cipher_priority);
238 gnutls_compression_set_priority (ssl->gnutls_state,
239 ctx->method->comp_priority);
240 gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
241 gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);
242
243 gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
244 ssl->gnutls_cred);
245 if (ctx->certfile)
246 gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
247 ctx->certfile,
248 ctx->certfile_type);
249 if (ctx->keyfile)
250 gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
251 ctx->certfile, ctx->keyfile,
252 ctx->keyfile_type);
253 ssl->ctx = ctx;
254 ssl->verify_mode = ctx->verify_mode;
255 ssl->verify_callback = ctx->verify_callback;
256
257 ssl->options = ctx->options;
258
259 ssl->rfd = (gnutls_transport_ptr_t) - 1;
260 ssl->wfd = (gnutls_transport_ptr_t) - 1;
261
262 return ssl;
263 }
264
265 void
266 SSL_free (SSL * ssl)
267 {
268 gnutls_certificate_free_credentials (ssl->gnutls_cred);
269 gnutls_deinit (ssl->gnutls_state);
270 free (ssl);
271 }
272
273 void
274 SSL_load_error_strings (void)
275 {
276 }
277
278 int
279 SSL_get_error (SSL * ssl, int ret)
280 {
281 if (ret > 0)
282 return SSL_ERROR_NONE;
283
284 return SSL_ERROR_ZERO_RETURN;
285 }
286
287 int
288 SSL_set_fd (SSL * ssl, int fd)
289 {
290 gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd));
291 return 1;
292 }
293
294 int
295 SSL_set_rfd (SSL * ssl, int fd)
296 {
297 ssl->rfd = GNUTLS_INT_TO_POINTER (fd);
298
299 if (ssl->wfd != (gnutls_transport_ptr_t) - 1)
300 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
301
302 return 1;
303 }
304
305 int
306 SSL_set_wfd (SSL * ssl, int fd)
307 {
308 ssl->wfd = GNUTLS_INT_TO_POINTER (fd);
309
310 if (ssl->rfd != (gnutls_transport_ptr_t) - 1)
311 gnutls_transport_set_ptr2 (ssl->gnutls_state, ssl->rfd, ssl->wfd);
312
313 return 1;
314 }
315
316 void
317 SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio)
318 {
319 gnutls_transport_set_ptr2 (ssl->gnutls_state, rbio->fd, wbio->fd);
320 /* free(BIO); ? */
321 }
322
323 void
324 SSL_set_connect_state (SSL * ssl)
325 {
326 }
327
328 int
329 SSL_pending (SSL * ssl)
330 {
331 return gnutls_record_check_pending (ssl->gnutls_state);
332 }
333
334 void
335 SSL_set_verify (SSL * ssl, int verify_mode,
336 int (*verify_callback) (int, X509_STORE_CTX *))
337 {
338 ssl->verify_mode = verify_mode;
339 ssl->verify_callback = verify_callback;
340 }
341
342 const X509 *
343 SSL_get_peer_certificate (SSL * ssl)
344 {
345 const gnutls_datum_t *cert_list;
346 int cert_list_size = 0;
347
348 cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
349 &cert_list_size);
350
351 return cert_list;
352 }
353
354 /* SSL connection open/close/read/write functions */
355
356 int
357 SSL_connect (SSL * ssl)
358 {
359 X509_STORE_CTX *store;
360 int cert_list_size = 0;
361 int err;
362 int i, j;
363 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
364 /* take options into account before connecting */
365
366 memset (x_priority, 0, sizeof (x_priority));
367 if (ssl->options & SSL_OP_NO_TLSv1)
368 {
369 for (i = 0, j = 0;
370 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
371 {
372 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
373 j++;
374 else
375 x_priority[i] = ssl->ctx->method->protocol_priority[j];
376 }
377 if (i < GNUTLS_MAX_ALGORITHM_NUM)
378 x_priority[i] = 0;
379 gnutls_protocol_set_priority (ssl->gnutls_state,
380 ssl->ctx->method->protocol_priority);
381 }
382
383 err = gnutls_handshake (ssl->gnutls_state);
384 ssl->last_error = err;
385
386 if (err < 0)
387 {
388 last_error = err;
389 return 0;
390 }
391
392 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
393 store->ssl = ssl;
394 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
395 &cert_list_size);
396
397 if (ssl->verify_callback)
398 {
399 ssl->verify_callback (1 /*FIXME*/, store);
400 }
401 ssl->state = SSL_ST_OK;
402
403 err = store->error;
404 free (store);
405
406 /* FIXME: deal with error from callback */
407
408 return 1;
409 }
410
411 int
412 SSL_accept (SSL * ssl)
413 {
414 X509_STORE_CTX *store;
415 int cert_list_size = 0;
416 int err;
417 int i, j;
418 int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
419 /* take options into account before accepting */
420
421 memset (x_priority, 0, sizeof (x_priority));
422 if (ssl->options & SSL_OP_NO_TLSv1)
423 {
424 for (i = 0, j = 0;
425 i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++)
426 {
427 if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
428 j++;
429 else
430 x_priority[i] = ssl->ctx->method->protocol_priority[j];
431 }
432 if (i < GNUTLS_MAX_ALGORITHM_NUM)
433 x_priority[i] = 0;
434 gnutls_protocol_set_priority (ssl->gnutls_state,
435 ssl->ctx->method->protocol_priority);
436 }
437
438 /* FIXME: dh params, do we want client cert? */
439
440 err = gnutls_handshake (ssl->gnutls_state);
441 ssl->last_error = err;
442
443 if (err < 0)
444 {
445 last_error = err;
446 return 0;
447 }
448
449 store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX));
450 store->ssl = ssl;
451 store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
452 &cert_list_size);
453
454 if (ssl->verify_callback)
455 {
456 ssl->verify_callback (1 /*FIXME*/, store);
457 }
458 ssl->state = SSL_ST_OK;
459
460 err = store->error;
461 free (store);
462
463 /* FIXME: deal with error from callback */
464
465 return 1;
466 }
467
468 int
469 SSL_shutdown (SSL * ssl)
470 {
471 if (!ssl->shutdown)
472 {
473 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_WR);
474 ssl->shutdown++;
475 }
476 else
477 {
478 gnutls_bye (ssl->gnutls_state, GNUTLS_SHUT_RDWR);
479 ssl->shutdown++;
480 }
481
482 /* FIXME */
483 return 1;
484 }
485
486 int
487 SSL_read (SSL * ssl, void *buf, int len)
488 {
489 int ret;
490
491 ret = gnutls_record_recv (ssl->gnutls_state, buf, len);
492 ssl->last_error = ret;
493
494 if (ret < 0)
495 {
496 last_error = ret;
497 return 0;
498 }
499
500 return ret;
501 }
502
503 int
504 SSL_write (SSL * ssl, const void *buf, int len)
505 {
506 int ret;
507
508 ret = gnutls_record_send (ssl->gnutls_state, buf, len);
509 ssl->last_error = ret;
510
511 if (ret < 0)
512 {
513 last_error = ret;
514 return 0;
515 }
516
517 return ret;
518 }
519
520 int
521 SSL_want (SSL * ssl)
522 {
523 return SSL_NOTHING;
524 }
525
526
527 /* SSL_METHOD functions */
528
529 SSL_METHOD *
530 SSLv23_client_method (void)
531 {
532 SSL_METHOD *m;
533 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
534 if (!m)
535 return NULL;
536
537 m->protocol_priority[0] = GNUTLS_TLS1;
538 m->protocol_priority[1] = GNUTLS_SSL3;
539 m->protocol_priority[2] = 0;
540
541 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
542 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
543 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
544 #ifdef ENABLE_CAMELLIA
545 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
546 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
547 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
548 m->cipher_priority[6] = 0;
549 #else
550 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
551 m->cipher_priority[4] = 0;
552 #endif
553
554 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
555 m->comp_priority[1] = GNUTLS_COMP_NULL;
556 m->comp_priority[2] = 0;
557
558 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
559 m->kx_priority[1] = GNUTLS_KX_RSA;
560 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
561 m->kx_priority[3] = 0;
562
563 m->mac_priority[0] = GNUTLS_MAC_SHA1;
564 m->mac_priority[1] = GNUTLS_MAC_MD5;
565 m->mac_priority[2] = 0;
566
567 m->connend = GNUTLS_CLIENT;
568
569 return m;
570 }
571
572 SSL_METHOD *
573 SSLv23_server_method (void)
574 {
575 SSL_METHOD *m;
576 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
577 if (!m)
578 return NULL;
579
580 m->protocol_priority[0] = GNUTLS_TLS1;
581 m->protocol_priority[1] = GNUTLS_SSL3;
582 m->protocol_priority[2] = 0;
583
584 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
585 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
586 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
587 #ifdef ENABLE_CAMELLIA
588 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
589 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
590 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
591 m->cipher_priority[6] = 0;
592 #else
593 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
594 m->cipher_priority[4] = 0;
595 #endif
596
597 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
598 m->comp_priority[1] = GNUTLS_COMP_NULL;
599 m->comp_priority[2] = 0;
600
601 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
602 m->kx_priority[1] = GNUTLS_KX_RSA;
603 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
604 m->kx_priority[3] = 0;
605
606 m->mac_priority[0] = GNUTLS_MAC_SHA1;
607 m->mac_priority[1] = GNUTLS_MAC_MD5;
608 m->mac_priority[2] = 0;
609
610 m->connend = GNUTLS_SERVER;
611
612 return m;
613 }
614
615 SSL_METHOD *
616 SSLv3_client_method (void)
617 {
618 SSL_METHOD *m;
619 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
620 if (!m)
621 return NULL;
622
623 m->protocol_priority[0] = GNUTLS_SSL3;
624 m->protocol_priority[2] = 0;
625
626 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
627 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
628 m->cipher_priority[3] = 0;
629
630 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
631 m->comp_priority[1] = GNUTLS_COMP_NULL;
632 m->comp_priority[2] = 0;
633
634 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
635 m->kx_priority[1] = GNUTLS_KX_RSA;
636 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
637 m->kx_priority[3] = 0;
638
639 m->mac_priority[0] = GNUTLS_MAC_SHA1;
640 m->mac_priority[1] = GNUTLS_MAC_MD5;
641 m->mac_priority[2] = 0;
642
643 m->connend = GNUTLS_CLIENT;
644
645 return m;
646 }
647
648 SSL_METHOD *
649 SSLv3_server_method (void)
650 {
651 SSL_METHOD *m;
652 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
653 if (!m)
654 return NULL;
655
656 m->protocol_priority[0] = GNUTLS_SSL3;
657 m->protocol_priority[2] = 0;
658
659 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
660 m->cipher_priority[2] = GNUTLS_CIPHER_ARCFOUR_128;
661 m->cipher_priority[3] = 0;
662
663 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
664 m->comp_priority[1] = GNUTLS_COMP_NULL;
665 m->comp_priority[2] = 0;
666
667 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
668 m->kx_priority[1] = GNUTLS_KX_RSA;
669 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
670 m->kx_priority[3] = 0;
671
672 m->mac_priority[0] = GNUTLS_MAC_SHA1;
673 m->mac_priority[1] = GNUTLS_MAC_MD5;
674 m->mac_priority[2] = 0;
675
676 m->connend = GNUTLS_SERVER;
677
678 return m;
679 }
680
681 SSL_METHOD *
682 TLSv1_client_method (void)
683 {
684 SSL_METHOD *m;
685 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
686 if (!m)
687 return NULL;
688
689 m->protocol_priority[0] = GNUTLS_TLS1;
690 m->protocol_priority[1] = 0;
691
692 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
693 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
694 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
695 #ifdef ENABLE_CAMELLIA
696 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
697 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
698 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
699 m->cipher_priority[6] = 0;
700 #else
701 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
702 m->cipher_priority[4] = 0;
703 #endif
704
705 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
706 m->comp_priority[1] = GNUTLS_COMP_NULL;
707 m->comp_priority[2] = 0;
708
709 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
710 m->kx_priority[1] = GNUTLS_KX_RSA;
711 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
712 m->kx_priority[3] = 0;
713
714 m->mac_priority[0] = GNUTLS_MAC_SHA1;
715 m->mac_priority[1] = GNUTLS_MAC_MD5;
716 m->mac_priority[2] = 0;
717
718 m->connend = GNUTLS_CLIENT;
719
720 return m;
721 }
722
723 SSL_METHOD *
724 TLSv1_server_method (void)
725 {
726 SSL_METHOD *m;
727 m = (SSL_METHOD *) calloc (1, sizeof (SSL_METHOD));
728 if (!m)
729 return NULL;
730
731 m->protocol_priority[0] = GNUTLS_TLS1;
732 m->protocol_priority[1] = 0;
733
734 m->cipher_priority[0] = GNUTLS_CIPHER_AES_128_CBC;
735 m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC;
736 m->cipher_priority[2] = GNUTLS_CIPHER_AES_256_CBC;
737 #ifdef ENABLE_CAMELLIA
738 m->cipher_priority[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
739 m->cipher_priority[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
740 m->cipher_priority[5] = GNUTLS_CIPHER_ARCFOUR_128;
741 m->cipher_priority[6] = 0;
742 #else
743 m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR_128;
744 m->cipher_priority[4] = 0;
745 #endif
746
747 m->comp_priority[0] = GNUTLS_COMP_ZLIB;
748 m->comp_priority[1] = GNUTLS_COMP_NULL;
749 m->comp_priority[2] = 0;
750
751 m->kx_priority[0] = GNUTLS_KX_DHE_RSA;
752 m->kx_priority[1] = GNUTLS_KX_RSA;
753 m->kx_priority[2] = GNUTLS_KX_DHE_DSS;
754 m->kx_priority[3] = 0;
755
756 m->mac_priority[0] = GNUTLS_MAC_SHA1;
757 m->mac_priority[1] = GNUTLS_MAC_MD5;
758 m->mac_priority[2] = 0;
759
760 m->connend = GNUTLS_SERVER;
761
762 return m;
763 }
764
765
766 /* SSL_CIPHER functions */
767
768 SSL_CIPHER *
769 SSL_get_current_cipher (SSL * ssl)
770 {
771 if (!ssl)
772 return NULL;
773
774 ssl->ciphersuite.version = gnutls_protocol_get_version (ssl->gnutls_state);
775 ssl->ciphersuite.cipher = gnutls_cipher_get (ssl->gnutls_state);
776 ssl->ciphersuite.kx = gnutls_kx_get (ssl->gnutls_state);
777 ssl->ciphersuite.mac = gnutls_mac_get (ssl->gnutls_state);
778 ssl->ciphersuite.compression = gnutls_compression_get (ssl->gnutls_state);
779 ssl->ciphersuite.cert = gnutls_certificate_type_get (ssl->gnutls_state);
780
781 return &(ssl->ciphersuite);
782 }
783
784 const char *
785 SSL_CIPHER_get_name (SSL_CIPHER * cipher)
786 {
787 if (!cipher)
788 return ("NONE");
789
790 return gnutls_cipher_suite_get_name (cipher->kx,
791 cipher->cipher, cipher->mac);
792 }
793
794 int
795 SSL_CIPHER_get_bits (SSL_CIPHER * cipher, int *bits)
796 {
797 int bit_result;
798
799 if (!cipher)
800 return 0;
801
802 bit_result = (8 * gnutls_cipher_get_key_size (cipher->cipher));
803
804 if (bits)
805 *bits = bit_result;
806
807 return bit_result;
808 }
809
810 const char *
811 SSL_CIPHER_get_version (SSL_CIPHER * cipher)
812 {
813 const char *ret;
814
815 if (!cipher)
816 return ("(NONE)");
817
818 ret = gnutls_protocol_get_name (cipher->version);
819 if (ret)
820 return ret;
821
822 return ("unknown");
823 }
824
825 char *
826 SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size)
827 {
828 char *tmpbuf;
829 int tmpsize;
830 int local_alloc;
831
832 if (buf)
833 {
834 tmpbuf = buf;
835 tmpsize = size;
836 local_alloc = 0;
837 }
838 else
839 {
840 tmpbuf = (char *) malloc (128);
841 tmpsize = 128;
842 local_alloc = 1;
843 }
844
845 if (snprintf (tmpbuf, tmpsize, "%s %s %s %s",
846 gnutls_protocol_get_name (cipher->version),
847 gnutls_kx_get_name (cipher->kx),
848 gnutls_cipher_get_name (cipher->cipher),
849 gnutls_mac_get_name (cipher->mac)) == -1)
850 {
851 if (local_alloc)
852 free (tmpbuf);
853 return (char *) "Buffer too small";
854 }
855
856 return tmpbuf;
857 }
858
859
860 /* X509 functions */
861
862 X509_NAME *
863 X509_get_subject_name (const X509 * cert)
864 {
865 gnutls_x509_dn *dn;
866 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
867 if (gnutls_x509_extract_certificate_dn (cert, dn) < 0)
868 {
869 free (dn);
870 return NULL;
871 }
872 return dn;
873 }
874
875 X509_NAME *
876 X509_get_issuer_name (const X509 * cert)
877 {
878 gnutls_x509_dn *dn;
879 dn = (gnutls_x509_dn *) calloc (1, sizeof (gnutls_x509_dn));
880 if (gnutls_x509_extract_certificate_issuer_dn (cert, dn) < 0)
881 {
882 free (dn);
883 return NULL;
884 }
885 return dn;
886 }
887
888 char *
889 X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len)
890 {
891 /* XXX openssl allocates buffer if buf == NULL */
892 if (!buf)
893 return NULL;
894 memset (buf, 0, len);
895
896 snprintf (buf, len - 1,
897 "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
898 name->country, name->state_or_province_name,
899 name->locality_name, name->organization,
900 name->organizational_unit_name, name->common_name, name->email);
901 return buf;
902 }
903
904 void
905 X509_free (const X509 * cert)
906 {
907 /* only get certificates as const items */
908 }
909
910
911 /* BIO functions */
912
913 void
914 BIO_get_fd (gnutls_session_t gnutls_state, int *fd)
915 {
916 gnutls_transport_ptr_t tmp = gnutls_transport_get_ptr (gnutls_state);
917 *fd = GNUTLS_POINTER_TO_INT (tmp);
918 }
919
920 BIO *
921 BIO_new_socket (int sock, int close_flag)
922 {
923 BIO *bio;
924
925 bio = (BIO *) malloc (sizeof (BIO));
926 if (!bio)
927 return NULL;
928
929 bio->fd = GNUTLS_INT_TO_POINTER (sock);
930
931 return bio;
932 }
933
934
935 /* error handling */
936
937 unsigned long
938 ERR_get_error (void)
939 {
940 unsigned long ret;
941
942 ret = -1 * last_error;
943 last_error = 0;
944
945 return ret;
946 }
947
948 const char *
949 ERR_error_string (unsigned long e, char *buf)
950 {
951 return gnutls_strerror (-1 * e);
952 }
953
954
955 /* RAND functions */
956
957 int
958 RAND_status (void)
959 {
960 return 1;
961 }
962
963 void
964 RAND_seed (const void *buf, int num)
965 {
966 }
967
968 int
969 RAND_bytes (unsigned char *buf, int num)
970 {
971 _gnutls_rnd (GNUTLS_RND_RANDOM, buf, num);
972 return 1;
973 }
974
975 int
976 RAND_pseudo_bytes (unsigned char *buf, int num)
977 {
978 _gnutls_rnd (GNUTLS_RND_NONCE, buf, num);
979 return 1;
980 }
981
982 const char *
983 RAND_file_name (char *buf, size_t len)
984 {
985 return "";
986 }
987
988 int
989 RAND_load_file (const char *name, long maxbytes)
990 {
991 return maxbytes;
992 }
993
994 int
995 RAND_write_file (const char *name)
996 {
997 return 0;
998 }
999
1000 int
1001 RAND_egd_bytes (const char *path, int bytes)
1002 {
1003 /* fake it */
1004 return bytes;
1005 }
1006
1007
1008 /* message digest functions */
1009
1010 void
1011 MD5_Init (MD5_CTX * ctx)
1012 {
1013 ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
1014 if (!ctx->handle)
1015 abort ();
1016 _gnutls_hash_init (ctx->handle, GNUTLS_DIG_MD5);
1017 }
1018
1019 void
1020 MD5_Update (MD5_CTX * ctx, const void *buf, int len)
1021 {
1022 _gnutls_hash (ctx->handle, buf, len);
1023 }
1024
1025 void
1026 MD5_Final (unsigned char *md, MD5_CTX * ctx)
1027 {
1028 _gnutls_hash_deinit (ctx->handle, md);
1029 gnutls_free (ctx->handle);
1030 }
1031
1032 unsigned char *
1033 MD5 (const unsigned char *buf, unsigned long len, unsigned char *md)
1034 {
1035 if (!md)
1036 return NULL;
1037
1038 _gnutls_hash_fast (GNUTLS_DIG_MD5, buf, len, md);
1039
1040 return md;
1041 }
1042
1043 void
1044 RIPEMD160_Init (RIPEMD160_CTX * ctx)
1045 {
1046 ctx->handle = gnutls_malloc (sizeof (digest_hd_st));
1047 if (!ctx->handle)
1048 abort ();
1049 _gnutls_hash_init (ctx->handle, GNUTLS_DIG_RMD160);
1050 }
1051
1052 void
1053 RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len)
1054 {
1055 _gnutls_hash (ctx->handle, buf, len);
1056 }
1057
1058 void
1059 RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx)
1060 {
1061 _gnutls_hash_deinit (ctx->handle, md);
1062 gnutls_free (ctx->handle);
1063 }
1064
1065 unsigned char *
1066 RIPEMD160 (const unsigned char *buf, unsigned long len, unsigned char *md)
1067 {
1068 if (!md)
1069 return NULL;
1070
1071 _gnutls_hash_fast (GNUTLS_DIG_RMD160, buf, len, md);
1072
1073 return md;
1074 }
Implementation of the SSL/TLS protocol