2 * Copyright (C) 2004, 2005, 2006, 2008, 2010 Free Software Foundation,
4 * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
6 * This file is part of GNUTLS-EXTRA.
8 * GNUTLS-EXTRA is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
13 * GNUTLS-EXTRA is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include <gnutls/gnutls.h>
25 #include <openssl_compat.h>
29 #include <gnutls/openssl.h>
30 #include "../lib/gnutls_int.h"
31 #include "../lib/random.h"
32 #include "../lib/gnutls_hash_int.h"
34 /* Gnulib re-defines shutdown on mingw. We only use it as a variable
35 name, so restore the original name. */
38 /* XXX: See lib/gnutls_int.h. */
39 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
40 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
42 /* WARNING: Error functions aren't currently thread-safe */
44 static int last_error
= 0;
46 /* Library initialisation functions */
49 SSL_library_init (void)
51 gnutls_global_init ();
52 /* NB: we haven't got anywhere to call gnutls_global_deinit() */
57 OpenSSL_add_all_algorithms (void)
62 /* SSL_CTX structure handling */
65 SSL_CTX_new (SSL_METHOD
* method
)
69 ctx
= (SSL_CTX
*) calloc (1, sizeof (SSL_CTX
));
76 SSL_CTX_free (SSL_CTX
* ctx
)
83 SSL_CTX_set_default_verify_paths (SSL_CTX
* ctx
)
89 SSL_CTX_use_certificate_file (SSL_CTX
* ctx
, const char *certfile
, int type
)
91 ctx
->certfile
= (char *) calloc (1, strlen (certfile
) + 1);
94 memcpy (ctx
->certfile
, certfile
, strlen (certfile
));
96 ctx
->certfile_type
= type
;
102 SSL_CTX_use_PrivateKey_file (SSL_CTX
* ctx
, const char *keyfile
, int type
)
104 ctx
->keyfile
= (char *) calloc (1, strlen (keyfile
) + 1);
107 memcpy (ctx
->keyfile
, keyfile
, strlen (keyfile
));
109 ctx
->keyfile_type
= type
;
116 SSL_CTX_set_verify (SSL_CTX
* ctx
, int verify_mode
,
117 int (*verify_callback
) (int, X509_STORE_CTX
*))
119 ctx
->verify_mode
= verify_mode
;
120 ctx
->verify_callback
= verify_callback
;
124 SSL_CTX_set_options (SSL_CTX
* ctx
, unsigned long options
)
126 return (ctx
->options
|= options
);
130 SSL_CTX_set_mode (SSL_CTX
* ctx
, long mode
)
136 SSL_CTX_set_cipher_list (SSL_CTX
* ctx
, const char *list
)
138 /* FIXME: ignore this for the moment */
139 /* We're going to have to parse the "list" string to do this */
140 /* It is a string, which in its simplest form is something like
141 "DES-CBC3-SHA:IDEA-CBC-MD5", but can be rather more complicated
142 (see OpenSSL's ciphers(1) manpage for details) */
148 /* SSL_CTX statistics */
151 SSL_CTX_sess_number (SSL_CTX
* ctx
)
157 SSL_CTX_sess_connect (SSL_CTX
* ctx
)
163 SSL_CTX_sess_connect_good (SSL_CTX
* ctx
)
169 SSL_CTX_sess_connect_renegotiate (SSL_CTX
* ctx
)
175 SSL_CTX_sess_accept (SSL_CTX
* ctx
)
181 SSL_CTX_sess_accept_good (SSL_CTX
* ctx
)
187 SSL_CTX_sess_accept_renegotiate (SSL_CTX
* ctx
)
193 SSL_CTX_sess_hits (SSL_CTX
* ctx
)
199 SSL_CTX_sess_misses (SSL_CTX
* ctx
)
205 SSL_CTX_sess_timeouts (SSL_CTX
* ctx
)
212 /* SSL structure handling */
215 SSL_new (SSL_CTX
* ctx
)
220 ssl
= (SSL
*) calloc (1, sizeof (SSL
));
224 err
= gnutls_certificate_allocate_credentials (&ssl
->gnutls_cred
);
232 gnutls_init (&ssl
->gnutls_state
, ctx
->method
->connend
);
234 gnutls_protocol_set_priority (ssl
->gnutls_state
,
235 ctx
->method
->protocol_priority
);
236 gnutls_cipher_set_priority (ssl
->gnutls_state
,
237 ctx
->method
->cipher_priority
);
238 gnutls_compression_set_priority (ssl
->gnutls_state
,
239 ctx
->method
->comp_priority
);
240 gnutls_kx_set_priority (ssl
->gnutls_state
, ctx
->method
->kx_priority
);
241 gnutls_mac_set_priority (ssl
->gnutls_state
, ctx
->method
->mac_priority
);
243 gnutls_credentials_set (ssl
->gnutls_state
, GNUTLS_CRD_CERTIFICATE
,
246 gnutls_certificate_set_x509_trust_file (ssl
->gnutls_cred
,
250 gnutls_certificate_set_x509_key_file (ssl
->gnutls_cred
,
251 ctx
->certfile
, ctx
->keyfile
,
254 ssl
->verify_mode
= ctx
->verify_mode
;
255 ssl
->verify_callback
= ctx
->verify_callback
;
257 ssl
->options
= ctx
->options
;
259 ssl
->rfd
= (gnutls_transport_ptr_t
) - 1;
260 ssl
->wfd
= (gnutls_transport_ptr_t
) - 1;
268 gnutls_certificate_free_credentials (ssl
->gnutls_cred
);
269 gnutls_deinit (ssl
->gnutls_state
);
274 SSL_load_error_strings (void)
279 SSL_get_error (SSL
* ssl
, int ret
)
282 return SSL_ERROR_NONE
;
284 return SSL_ERROR_ZERO_RETURN
;
288 SSL_set_fd (SSL
* ssl
, int fd
)
290 gnutls_transport_set_ptr (ssl
->gnutls_state
, GNUTLS_INT_TO_POINTER (fd
));
295 SSL_set_rfd (SSL
* ssl
, int fd
)
297 ssl
->rfd
= GNUTLS_INT_TO_POINTER (fd
);
299 if (ssl
->wfd
!= (gnutls_transport_ptr_t
) - 1)
300 gnutls_transport_set_ptr2 (ssl
->gnutls_state
, ssl
->rfd
, ssl
->wfd
);
306 SSL_set_wfd (SSL
* ssl
, int fd
)
308 ssl
->wfd
= GNUTLS_INT_TO_POINTER (fd
);
310 if (ssl
->rfd
!= (gnutls_transport_ptr_t
) - 1)
311 gnutls_transport_set_ptr2 (ssl
->gnutls_state
, ssl
->rfd
, ssl
->wfd
);
317 SSL_set_bio (SSL
* ssl
, BIO
* rbio
, BIO
* wbio
)
319 gnutls_transport_set_ptr2 (ssl
->gnutls_state
, rbio
->fd
, wbio
->fd
);
324 SSL_set_connect_state (SSL
* ssl
)
329 SSL_pending (SSL
* ssl
)
331 return gnutls_record_check_pending (ssl
->gnutls_state
);
335 SSL_set_verify (SSL
* ssl
, int verify_mode
,
336 int (*verify_callback
) (int, X509_STORE_CTX
*))
338 ssl
->verify_mode
= verify_mode
;
339 ssl
->verify_callback
= verify_callback
;
343 SSL_get_peer_certificate (SSL
* ssl
)
345 const gnutls_datum_t
*cert_list
;
346 int cert_list_size
= 0;
348 cert_list
= gnutls_certificate_get_peers (ssl
->gnutls_state
,
354 /* SSL connection open/close/read/write functions */
357 SSL_connect (SSL
* ssl
)
359 X509_STORE_CTX
*store
;
360 int cert_list_size
= 0;
363 int x_priority
[GNUTLS_MAX_ALGORITHM_NUM
];
364 /* take options into account before connecting */
366 memset (x_priority
, 0, sizeof (x_priority
));
367 if (ssl
->options
& SSL_OP_NO_TLSv1
)
370 i
< GNUTLS_MAX_ALGORITHM_NUM
&& x_priority
[i
] != 0; i
++, j
++)
372 if (ssl
->ctx
->method
->protocol_priority
[j
] == GNUTLS_TLS1
)
375 x_priority
[i
] = ssl
->ctx
->method
->protocol_priority
[j
];
377 if (i
< GNUTLS_MAX_ALGORITHM_NUM
)
379 gnutls_protocol_set_priority (ssl
->gnutls_state
,
380 ssl
->ctx
->method
->protocol_priority
);
383 err
= gnutls_handshake (ssl
->gnutls_state
);
384 ssl
->last_error
= err
;
392 store
= (X509_STORE_CTX
*) calloc (1, sizeof (X509_STORE_CTX
));
394 store
->cert_list
= gnutls_certificate_get_peers (ssl
->gnutls_state
,
397 if (ssl
->verify_callback
)
399 ssl
->verify_callback (1 /*FIXME*/, store
);
401 ssl
->state
= SSL_ST_OK
;
406 /* FIXME: deal with error from callback */
412 SSL_accept (SSL
* ssl
)
414 X509_STORE_CTX
*store
;
415 int cert_list_size
= 0;
418 int x_priority
[GNUTLS_MAX_ALGORITHM_NUM
];
419 /* take options into account before accepting */
421 memset (x_priority
, 0, sizeof (x_priority
));
422 if (ssl
->options
& SSL_OP_NO_TLSv1
)
425 i
< GNUTLS_MAX_ALGORITHM_NUM
&& x_priority
[i
] != 0; i
++, j
++)
427 if (ssl
->ctx
->method
->protocol_priority
[j
] == GNUTLS_TLS1
)
430 x_priority
[i
] = ssl
->ctx
->method
->protocol_priority
[j
];
432 if (i
< GNUTLS_MAX_ALGORITHM_NUM
)
434 gnutls_protocol_set_priority (ssl
->gnutls_state
,
435 ssl
->ctx
->method
->protocol_priority
);
438 /* FIXME: dh params, do we want client cert? */
440 err
= gnutls_handshake (ssl
->gnutls_state
);
441 ssl
->last_error
= err
;
449 store
= (X509_STORE_CTX
*) calloc (1, sizeof (X509_STORE_CTX
));
451 store
->cert_list
= gnutls_certificate_get_peers (ssl
->gnutls_state
,
454 if (ssl
->verify_callback
)
456 ssl
->verify_callback (1 /*FIXME*/, store
);
458 ssl
->state
= SSL_ST_OK
;
463 /* FIXME: deal with error from callback */
469 SSL_shutdown (SSL
* ssl
)
473 gnutls_bye (ssl
->gnutls_state
, GNUTLS_SHUT_WR
);
478 gnutls_bye (ssl
->gnutls_state
, GNUTLS_SHUT_RDWR
);
487 SSL_read (SSL
* ssl
, void *buf
, int len
)
491 ret
= gnutls_record_recv (ssl
->gnutls_state
, buf
, len
);
492 ssl
->last_error
= ret
;
504 SSL_write (SSL
* ssl
, const void *buf
, int len
)
508 ret
= gnutls_record_send (ssl
->gnutls_state
, buf
, len
);
509 ssl
->last_error
= ret
;
527 /* SSL_METHOD functions */
530 SSLv23_client_method (void)
533 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
537 m
->protocol_priority
[0] = GNUTLS_TLS1
;
538 m
->protocol_priority
[1] = GNUTLS_SSL3
;
539 m
->protocol_priority
[2] = 0;
541 m
->cipher_priority
[0] = GNUTLS_CIPHER_AES_128_CBC
;
542 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
543 m
->cipher_priority
[2] = GNUTLS_CIPHER_AES_256_CBC
;
544 #ifdef ENABLE_CAMELLIA
545 m
->cipher_priority
[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC
;
546 m
->cipher_priority
[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC
;
547 m
->cipher_priority
[5] = GNUTLS_CIPHER_ARCFOUR_128
;
548 m
->cipher_priority
[6] = 0;
550 m
->cipher_priority
[3] = GNUTLS_CIPHER_ARCFOUR_128
;
551 m
->cipher_priority
[4] = 0;
554 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
555 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
556 m
->comp_priority
[2] = 0;
558 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
559 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
560 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
561 m
->kx_priority
[3] = 0;
563 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
564 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
565 m
->mac_priority
[2] = 0;
567 m
->connend
= GNUTLS_CLIENT
;
573 SSLv23_server_method (void)
576 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
580 m
->protocol_priority
[0] = GNUTLS_TLS1
;
581 m
->protocol_priority
[1] = GNUTLS_SSL3
;
582 m
->protocol_priority
[2] = 0;
584 m
->cipher_priority
[0] = GNUTLS_CIPHER_AES_128_CBC
;
585 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
586 m
->cipher_priority
[2] = GNUTLS_CIPHER_AES_256_CBC
;
587 #ifdef ENABLE_CAMELLIA
588 m
->cipher_priority
[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC
;
589 m
->cipher_priority
[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC
;
590 m
->cipher_priority
[5] = GNUTLS_CIPHER_ARCFOUR_128
;
591 m
->cipher_priority
[6] = 0;
593 m
->cipher_priority
[3] = GNUTLS_CIPHER_ARCFOUR_128
;
594 m
->cipher_priority
[4] = 0;
597 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
598 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
599 m
->comp_priority
[2] = 0;
601 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
602 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
603 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
604 m
->kx_priority
[3] = 0;
606 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
607 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
608 m
->mac_priority
[2] = 0;
610 m
->connend
= GNUTLS_SERVER
;
616 SSLv3_client_method (void)
619 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
623 m
->protocol_priority
[0] = GNUTLS_SSL3
;
624 m
->protocol_priority
[2] = 0;
626 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
627 m
->cipher_priority
[2] = GNUTLS_CIPHER_ARCFOUR_128
;
628 m
->cipher_priority
[3] = 0;
630 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
631 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
632 m
->comp_priority
[2] = 0;
634 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
635 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
636 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
637 m
->kx_priority
[3] = 0;
639 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
640 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
641 m
->mac_priority
[2] = 0;
643 m
->connend
= GNUTLS_CLIENT
;
649 SSLv3_server_method (void)
652 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
656 m
->protocol_priority
[0] = GNUTLS_SSL3
;
657 m
->protocol_priority
[2] = 0;
659 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
660 m
->cipher_priority
[2] = GNUTLS_CIPHER_ARCFOUR_128
;
661 m
->cipher_priority
[3] = 0;
663 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
664 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
665 m
->comp_priority
[2] = 0;
667 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
668 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
669 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
670 m
->kx_priority
[3] = 0;
672 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
673 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
674 m
->mac_priority
[2] = 0;
676 m
->connend
= GNUTLS_SERVER
;
682 TLSv1_client_method (void)
685 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
689 m
->protocol_priority
[0] = GNUTLS_TLS1
;
690 m
->protocol_priority
[1] = 0;
692 m
->cipher_priority
[0] = GNUTLS_CIPHER_AES_128_CBC
;
693 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
694 m
->cipher_priority
[2] = GNUTLS_CIPHER_AES_256_CBC
;
695 #ifdef ENABLE_CAMELLIA
696 m
->cipher_priority
[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC
;
697 m
->cipher_priority
[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC
;
698 m
->cipher_priority
[5] = GNUTLS_CIPHER_ARCFOUR_128
;
699 m
->cipher_priority
[6] = 0;
701 m
->cipher_priority
[3] = GNUTLS_CIPHER_ARCFOUR_128
;
702 m
->cipher_priority
[4] = 0;
705 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
706 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
707 m
->comp_priority
[2] = 0;
709 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
710 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
711 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
712 m
->kx_priority
[3] = 0;
714 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
715 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
716 m
->mac_priority
[2] = 0;
718 m
->connend
= GNUTLS_CLIENT
;
724 TLSv1_server_method (void)
727 m
= (SSL_METHOD
*) calloc (1, sizeof (SSL_METHOD
));
731 m
->protocol_priority
[0] = GNUTLS_TLS1
;
732 m
->protocol_priority
[1] = 0;
734 m
->cipher_priority
[0] = GNUTLS_CIPHER_AES_128_CBC
;
735 m
->cipher_priority
[1] = GNUTLS_CIPHER_3DES_CBC
;
736 m
->cipher_priority
[2] = GNUTLS_CIPHER_AES_256_CBC
;
737 #ifdef ENABLE_CAMELLIA
738 m
->cipher_priority
[3] = GNUTLS_CIPHER_CAMELLIA_128_CBC
;
739 m
->cipher_priority
[4] = GNUTLS_CIPHER_CAMELLIA_256_CBC
;
740 m
->cipher_priority
[5] = GNUTLS_CIPHER_ARCFOUR_128
;
741 m
->cipher_priority
[6] = 0;
743 m
->cipher_priority
[3] = GNUTLS_CIPHER_ARCFOUR_128
;
744 m
->cipher_priority
[4] = 0;
747 m
->comp_priority
[0] = GNUTLS_COMP_ZLIB
;
748 m
->comp_priority
[1] = GNUTLS_COMP_NULL
;
749 m
->comp_priority
[2] = 0;
751 m
->kx_priority
[0] = GNUTLS_KX_DHE_RSA
;
752 m
->kx_priority
[1] = GNUTLS_KX_RSA
;
753 m
->kx_priority
[2] = GNUTLS_KX_DHE_DSS
;
754 m
->kx_priority
[3] = 0;
756 m
->mac_priority
[0] = GNUTLS_MAC_SHA1
;
757 m
->mac_priority
[1] = GNUTLS_MAC_MD5
;
758 m
->mac_priority
[2] = 0;
760 m
->connend
= GNUTLS_SERVER
;
766 /* SSL_CIPHER functions */
769 SSL_get_current_cipher (SSL
* ssl
)
774 ssl
->ciphersuite
.version
= gnutls_protocol_get_version (ssl
->gnutls_state
);
775 ssl
->ciphersuite
.cipher
= gnutls_cipher_get (ssl
->gnutls_state
);
776 ssl
->ciphersuite
.kx
= gnutls_kx_get (ssl
->gnutls_state
);
777 ssl
->ciphersuite
.mac
= gnutls_mac_get (ssl
->gnutls_state
);
778 ssl
->ciphersuite
.compression
= gnutls_compression_get (ssl
->gnutls_state
);
779 ssl
->ciphersuite
.cert
= gnutls_certificate_type_get (ssl
->gnutls_state
);
781 return &(ssl
->ciphersuite
);
785 SSL_CIPHER_get_name (SSL_CIPHER
* cipher
)
790 return gnutls_cipher_suite_get_name (cipher
->kx
,
791 cipher
->cipher
, cipher
->mac
);
795 SSL_CIPHER_get_bits (SSL_CIPHER
* cipher
, int *bits
)
802 bit_result
= (8 * gnutls_cipher_get_key_size (cipher
->cipher
));
811 SSL_CIPHER_get_version (SSL_CIPHER
* cipher
)
818 ret
= gnutls_protocol_get_name (cipher
->version
);
826 SSL_CIPHER_description (SSL_CIPHER
* cipher
, char *buf
, int size
)
840 tmpbuf
= (char *) malloc (128);
845 if (snprintf (tmpbuf
, tmpsize
, "%s %s %s %s",
846 gnutls_protocol_get_name (cipher
->version
),
847 gnutls_kx_get_name (cipher
->kx
),
848 gnutls_cipher_get_name (cipher
->cipher
),
849 gnutls_mac_get_name (cipher
->mac
)) == -1)
853 return (char *) "Buffer too small";
863 X509_get_subject_name (const X509
* cert
)
866 dn
= (gnutls_x509_dn
*) calloc (1, sizeof (gnutls_x509_dn
));
867 if (gnutls_x509_extract_certificate_dn (cert
, dn
) < 0)
876 X509_get_issuer_name (const X509
* cert
)
879 dn
= (gnutls_x509_dn
*) calloc (1, sizeof (gnutls_x509_dn
));
880 if (gnutls_x509_extract_certificate_issuer_dn (cert
, dn
) < 0)
889 X509_NAME_oneline (gnutls_x509_dn
* name
, char *buf
, int len
)
891 /* XXX openssl allocates buffer if buf == NULL */
894 memset (buf
, 0, len
);
896 snprintf (buf
, len
- 1,
897 "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s",
898 name
->country
, name
->state_or_province_name
,
899 name
->locality_name
, name
->organization
,
900 name
->organizational_unit_name
, name
->common_name
, name
->email
);
905 X509_free (const X509
* cert
)
907 /* only get certificates as const items */
914 BIO_get_fd (gnutls_session_t gnutls_state
, int *fd
)
916 gnutls_transport_ptr_t tmp
= gnutls_transport_get_ptr (gnutls_state
);
917 *fd
= GNUTLS_POINTER_TO_INT (tmp
);
921 BIO_new_socket (int sock
, int close_flag
)
925 bio
= (BIO
*) malloc (sizeof (BIO
));
929 bio
->fd
= GNUTLS_INT_TO_POINTER (sock
);
942 ret
= -1 * last_error
;
949 ERR_error_string (unsigned long e
, char *buf
)
951 return gnutls_strerror (-1 * e
);
964 RAND_seed (const void *buf
, int num
)
969 RAND_bytes (unsigned char *buf
, int num
)
971 _gnutls_rnd (GNUTLS_RND_RANDOM
, buf
, num
);
976 RAND_pseudo_bytes (unsigned char *buf
, int num
)
978 _gnutls_rnd (GNUTLS_RND_NONCE
, buf
, num
);
983 RAND_file_name (char *buf
, size_t len
)
989 RAND_load_file (const char *name
, long maxbytes
)
995 RAND_write_file (const char *name
)
1001 RAND_egd_bytes (const char *path
, int bytes
)
1008 /* message digest functions */
1011 MD5_Init (MD5_CTX
* ctx
)
1013 ctx
->handle
= gnutls_malloc (sizeof (digest_hd_st
));
1016 _gnutls_hash_init (ctx
->handle
, GNUTLS_DIG_MD5
);
1020 MD5_Update (MD5_CTX
* ctx
, const void *buf
, int len
)
1022 _gnutls_hash (ctx
->handle
, buf
, len
);
1026 MD5_Final (unsigned char *md
, MD5_CTX
* ctx
)
1028 _gnutls_hash_deinit (ctx
->handle
, md
);
1029 gnutls_free (ctx
->handle
);
1033 MD5 (const unsigned char *buf
, unsigned long len
, unsigned char *md
)
1038 _gnutls_hash_fast (GNUTLS_DIG_MD5
, buf
, len
, md
);
1044 RIPEMD160_Init (RIPEMD160_CTX
* ctx
)
1046 ctx
->handle
= gnutls_malloc (sizeof (digest_hd_st
));
1049 _gnutls_hash_init (ctx
->handle
, GNUTLS_DIG_RMD160
);
1053 RIPEMD160_Update (RIPEMD160_CTX
* ctx
, const void *buf
, int len
)
1055 _gnutls_hash (ctx
->handle
, buf
, len
);
1059 RIPEMD160_Final (unsigned char *md
, RIPEMD160_CTX
* ctx
)
1061 _gnutls_hash_deinit (ctx
->handle
, md
);
1062 gnutls_free (ctx
->handle
);
1066 RIPEMD160 (const unsigned char *buf
, unsigned long len
, unsigned char *md
)
1071 _gnutls_hash_fast (GNUTLS_DIG_RMD160
, buf
, len
, md
);