[b7d3cc34] | 1 | /********************************************************************\ |
---|
| 2 | * BitlBee -- An IRC to other IM-networks gateway * |
---|
| 3 | * * |
---|
| 4 | * Copyright 2002-2004 Wilmer van der Gaast and others * |
---|
| 5 | \********************************************************************/ |
---|
| 6 | |
---|
| 7 | /* SSL module */ |
---|
| 8 | |
---|
| 9 | /* |
---|
| 10 | This program is free software; you can redistribute it and/or modify |
---|
| 11 | it under the terms of the GNU General Public License as published by |
---|
| 12 | the Free Software Foundation; either version 2 of the License, or |
---|
| 13 | (at your option) any later version. |
---|
| 14 | |
---|
| 15 | This program is distributed in the hope that it will be useful, |
---|
| 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 18 | GNU General Public License for more details. |
---|
| 19 | |
---|
| 20 | You should have received a copy of the GNU General Public License with |
---|
| 21 | the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL; |
---|
| 22 | if not, write to the Free Software Foundation, Inc., 59 Temple Place, |
---|
| 23 | Suite 330, Boston, MA 02111-1307 USA |
---|
| 24 | */ |
---|
| 25 | |
---|
[0aaca60] | 26 | /* ssl_client makes it easier to open SSL connections to servers. (It |
---|
| 27 | doesn't offer SSL server functionality yet, but it could be useful |
---|
| 28 | to add it later.) Different ssl_client modules are available, and |
---|
| 29 | ssl_client tries to make them all behave the same. It's very simple |
---|
| 30 | and basic, it just imitates the proxy_connect() function from the |
---|
| 31 | Gaim libs and passes the socket to the program once the handshake |
---|
| 32 | is completed. */ |
---|
| 33 | |
---|
[b7d3cc34] | 34 | #include <glib.h> |
---|
| 35 | #include "proxy.h" |
---|
| 36 | |
---|
[0aaca60] | 37 | /* Some generic error codes. Especially SSL_AGAIN is important if you |
---|
| 38 | want to do asynchronous I/O. */ |
---|
[701acdd4] | 39 | #define SSL_OK 0 |
---|
| 40 | #define SSL_NOHANDSHAKE 1 |
---|
| 41 | #define SSL_AGAIN 2 |
---|
| 42 | |
---|
| 43 | extern int ssl_errno; |
---|
| 44 | |
---|
[0aaca60] | 45 | /* This is what your callback function should look like. */ |
---|
[ba9edaa] | 46 | typedef gboolean (*ssl_input_function)(gpointer, void*, b_input_condition); |
---|
[b7d3cc34] | 47 | |
---|
[0aaca60] | 48 | |
---|
[ba5add7] | 49 | /* Perform any global initialization the SSL library might need. */ |
---|
| 50 | G_MODULE_EXPORT void ssl_init( void ); |
---|
| 51 | |
---|
[0aaca60] | 52 | /* Connect to host:port, call the given function when the connection is |
---|
| 53 | ready to be used for SSL traffic. This is all done asynchronously, no |
---|
| 54 | blocking I/O! (Except for the DNS lookups, for now...) */ |
---|
[3d64e5b] | 55 | G_MODULE_EXPORT void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data ); |
---|
[0aaca60] | 56 | |
---|
[42127dc] | 57 | /* Start an SSL session on an existing fd. Useful for STARTTLS functionality, |
---|
| 58 | for example in Jabber. */ |
---|
| 59 | G_MODULE_EXPORT void *ssl_starttls( int fd, ssl_input_function func, gpointer data ); |
---|
| 60 | |
---|
[0aaca60] | 61 | /* Obviously you need special read/write functions to read data. */ |
---|
[b7d3cc34] | 62 | G_MODULE_EXPORT int ssl_read( void *conn, char *buf, int len ); |
---|
| 63 | G_MODULE_EXPORT int ssl_write( void *conn, const char *buf, int len ); |
---|
[0aaca60] | 64 | |
---|
[80acb6d] | 65 | /* Now needed by most SSL libs. See for more info: |
---|
| 66 | http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209 |
---|
| 67 | http://www.openssl.org/docs/ssl/SSL_pending.html |
---|
| 68 | |
---|
| 69 | Required because OpenSSL empties the TCP buffer completely but doesn't |
---|
| 70 | necessarily give us all the unencrypted data. Or maybe you didn't ask |
---|
| 71 | for all of it because your buffer is too small. |
---|
| 72 | |
---|
| 73 | Returns 0 if there's nothing left, 1 if there's more data. */ |
---|
[8a2221a7] | 74 | G_MODULE_EXPORT int ssl_pending( void *conn ); |
---|
| 75 | |
---|
[0aaca60] | 76 | /* Abort the SSL connection and disconnect the socket. Do not use close() |
---|
| 77 | directly, both the SSL library and the peer will be unhappy! */ |
---|
[b7d3cc34] | 78 | G_MODULE_EXPORT void ssl_disconnect( void *conn_ ); |
---|
[0aaca60] | 79 | |
---|
| 80 | /* Get the fd for this connection, you will usually need it for event |
---|
| 81 | handling. */ |
---|
[b7d3cc34] | 82 | G_MODULE_EXPORT int ssl_getfd( void *conn ); |
---|
[0aaca60] | 83 | |
---|
[e046390] | 84 | /* This function returns B_EV_IO_READ/WRITE. With SSL connections it's |
---|
[0aaca60] | 85 | possible that something has to be read while actually were trying to |
---|
| 86 | write something (think about key exchange/refresh/etc). So when an |
---|
| 87 | SSL operation returned SSL_AGAIN, *always* use this function when |
---|
| 88 | adding an event handler to the queue. (And it should perform exactly |
---|
| 89 | the same action as the handler that just received the SSL_AGAIN.) */ |
---|
[ba9edaa] | 90 | G_MODULE_EXPORT b_input_condition ssl_getdirection( void *conn ); |
---|
[523fb23] | 91 | |
---|
| 92 | G_MODULE_EXPORT size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, size_t input_len, const unsigned char *iv, unsigned char **res); |
---|