aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl_gnutls.c
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-04-02 16:22:57 +0200
committerJelmer Vernooij <jelmer@samba.org>2008-04-02 16:22:57 +0200
commit85d7b857fb8ca8e3c03d4abb3368a0966760630c (patch)
treea16163e557bcae3af41bde7d2d771d64ca248a97 /lib/ssl_gnutls.c
parent875ad4201402b1a8f80ba22a6cdcdb152c6e5510 (diff)
parentdd345753c1742905c9f81aa71d8b09109fbc5456 (diff)
Merge trunk.
Diffstat (limited to 'lib/ssl_gnutls.c')
-rw-r--r--lib/ssl_gnutls.c247
1 files changed, 247 insertions, 0 deletions
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
new file mode 100644
index 00000000..f5945442
--- /dev/null
+++ b/lib/ssl_gnutls.c
@@ -0,0 +1,247 @@
+ /********************************************************************\
+ * BitlBee -- An IRC to other IM-networks gateway *
+ * *
+ * Copyright 2002-2004 Wilmer van der Gaast and others *
+ \********************************************************************/
+
+/* SSL module - GnuTLS version */
+
+/*
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License with
+ the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
+ if not, write to the Free Software Foundation, Inc., 59 Temple Place,
+ Suite 330, Boston, MA 02111-1307 USA
+*/
+
+#include <gnutls/gnutls.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include "proxy.h"
+#include "ssl_client.h"
+#include "sock.h"
+#include "stdlib.h"
+
+int ssl_errno = 0;
+
+static gboolean initialized = FALSE;
+
+#include <limits.h>
+
+#if defined(ULONG_MAX) && ULONG_MAX > 4294967295UL
+#define GNUTLS_STUPID_CAST (long)
+#else
+#define GNUTLS_STUPID_CAST (int)
+#endif
+
+struct scd
+{
+ ssl_input_function func;
+ gpointer data;
+ int fd;
+ gboolean established;
+ int inpa;
+
+ gnutls_session session;
+ gnutls_certificate_credentials xcred;
+};
+
+static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
+static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
+
+
+void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
+{
+ struct scd *conn = g_new0( struct scd, 1 );
+
+ conn->fd = proxy_connect( host, port, ssl_connected, conn );
+ conn->func = func;
+ conn->data = data;
+ conn->inpa = -1;
+
+ if( conn->fd < 0 )
+ {
+ g_free( conn );
+ return NULL;
+ }
+
+ return conn;
+}
+
+void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
+{
+ struct scd *conn = g_new0( struct scd, 1 );
+
+ conn->fd = fd;
+ conn->func = func;
+ conn->data = data;
+ conn->inpa = -1;
+
+ /* This function should be called via a (short) timeout instead of
+ directly from here, because these SSL calls are *supposed* to be
+ *completely* asynchronous and not ready yet when this function
+ (or *_connect, for examle) returns. Also, errors are reported via
+ the callback function, not via this function's return value.
+
+ In short, doing things like this makes the rest of the code a lot
+ simpler. */
+
+ b_timeout_add( 1, ssl_starttls_real, conn );
+
+ return conn;
+}
+
+static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
+{
+ struct scd *conn = data;
+
+ return ssl_connected( conn, conn->fd, GAIM_INPUT_WRITE );
+}
+
+static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
+{
+ struct scd *conn = data;
+
+ if( source == -1 )
+ {
+ conn->func( conn->data, NULL, cond );
+ g_free( conn );
+ return FALSE;
+ }
+
+ if( !initialized )
+ {
+ gnutls_global_init();
+ initialized = TRUE;
+ atexit( gnutls_global_deinit );
+ }
+
+ gnutls_certificate_allocate_credentials( &conn->xcred );
+ gnutls_init( &conn->session, GNUTLS_CLIENT );
+ gnutls_set_default_priority( conn->session );
+ gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
+
+ sock_make_nonblocking( conn->fd );
+ gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd );
+
+ return ssl_handshake( data, source, cond );
+}
+
+static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
+{
+ struct scd *conn = data;
+ int st;
+
+ if( ( st = gnutls_handshake( conn->session ) ) < 0 )
+ {
+ if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
+ {
+ conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
+ ssl_handshake, data );
+ }
+ else
+ {
+ conn->func( conn->data, NULL, cond );
+
+ gnutls_deinit( conn->session );
+ gnutls_certificate_free_credentials( conn->xcred );
+ closesocket( conn->fd );
+
+ g_free( conn );
+ }
+ }
+ else
+ {
+ /* For now we can't handle non-blocking perfectly everywhere... */
+ sock_make_blocking( conn->fd );
+
+ conn->established = TRUE;
+ conn->func( conn->data, conn, cond );
+ }
+
+ return FALSE;
+}
+
+int ssl_read( void *conn, char *buf, int len )
+{
+ int st;
+
+ if( !((struct scd*)conn)->established )
+ {
+ ssl_errno = SSL_NOHANDSHAKE;
+ return( -1 );
+ }
+
+ st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
+
+ ssl_errno = SSL_OK;
+ if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
+ ssl_errno = SSL_AGAIN;
+
+ return st;
+}
+
+int ssl_write( void *conn, const char *buf, int len )
+{
+ int st;
+
+ if( !((struct scd*)conn)->established )
+ {
+ ssl_errno = SSL_NOHANDSHAKE;
+ return( -1 );
+ }
+
+ st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
+
+ ssl_errno = SSL_OK;
+ if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
+ ssl_errno = SSL_AGAIN;
+
+ return st;
+}
+
+/* See ssl_openssl.c for an explanation. */
+int ssl_pending( void *conn )
+{
+ return 0;
+}
+
+void ssl_disconnect( void *conn_ )
+{
+ struct scd *conn = conn_;
+
+ if( conn->inpa != -1 )
+ b_event_remove( conn->inpa );
+
+ if( conn->established )
+ gnutls_bye( conn->session, GNUTLS_SHUT_WR );
+
+ closesocket( conn->fd );
+
+ if( conn->session )
+ gnutls_deinit( conn->session );
+ if( conn->xcred )
+ gnutls_certificate_free_credentials( conn->xcred );
+ g_free( conn );
+}
+
+int ssl_getfd( void *conn )
+{
+ return( ((struct scd*)conn)->fd );
+}
+
+b_input_condition ssl_getdirection( void *conn )
+{
+ return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
+ GAIM_INPUT_WRITE : GAIM_INPUT_READ );
+}