[5ebff60] | 1 | /********************************************************************\ |
---|
[b7d3cc34] | 2 | * BitlBee -- An IRC to other IM-networks gateway * |
---|
| 3 | * * |
---|
| 4 | * Copyright 2002-2004 Wilmer van der Gaast and others * |
---|
| 5 | \********************************************************************/ |
---|
| 6 | |
---|
| 7 | /* SSL module */ |
---|
| 8 | |
---|
| 9 | /* |
---|
| 10 | This program is free software; you can redistribute it and/or modify |
---|
| 11 | it under the terms of the GNU General Public License as published by |
---|
| 12 | the Free Software Foundation; either version 2 of the License, or |
---|
| 13 | (at your option) any later version. |
---|
| 14 | |
---|
| 15 | This program is distributed in the hope that it will be useful, |
---|
| 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 18 | GNU General Public License for more details. |
---|
| 19 | |
---|
| 20 | You should have received a copy of the GNU General Public License with |
---|
| 21 | the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL; |
---|
[6f10697] | 22 | if not, write to the Free Software Foundation, Inc., 51 Franklin St., |
---|
| 23 | Fifth Floor, Boston, MA 02110-1301 USA |
---|
[b7d3cc34] | 24 | */ |
---|
| 25 | |
---|
[0aaca60] | 26 | /* ssl_client makes it easier to open SSL connections to servers. (It |
---|
| 27 | doesn't offer SSL server functionality yet, but it could be useful |
---|
| 28 | to add it later.) Different ssl_client modules are available, and |
---|
| 29 | ssl_client tries to make them all behave the same. It's very simple |
---|
| 30 | and basic, it just imitates the proxy_connect() function from the |
---|
| 31 | Gaim libs and passes the socket to the program once the handshake |
---|
| 32 | is completed. */ |
---|
| 33 | |
---|
[b7d3cc34] | 34 | #include <glib.h> |
---|
| 35 | #include "proxy.h" |
---|
| 36 | |
---|
[0aaca60] | 37 | /* Some generic error codes. Especially SSL_AGAIN is important if you |
---|
| 38 | want to do asynchronous I/O. */ |
---|
[701acdd4] | 39 | #define SSL_OK 0 |
---|
| 40 | #define SSL_NOHANDSHAKE 1 |
---|
| 41 | #define SSL_AGAIN 2 |
---|
[486ddb5] | 42 | #define VERIFY_CERT_ERROR 2 |
---|
| 43 | #define VERIFY_CERT_INVALID 4 |
---|
| 44 | #define VERIFY_CERT_REVOKED 8 |
---|
| 45 | #define VERIFY_CERT_SIGNER_NOT_FOUND 16 |
---|
| 46 | #define VERIFY_CERT_SIGNER_NOT_CA 32 |
---|
| 47 | #define VERIFY_CERT_INSECURE_ALGORITHM 64 |
---|
| 48 | #define VERIFY_CERT_NOT_ACTIVATED 128 |
---|
| 49 | #define VERIFY_CERT_EXPIRED 256 |
---|
| 50 | #define VERIFY_CERT_WRONG_HOSTNAME 512 |
---|
[701acdd4] | 51 | |
---|
| 52 | extern int ssl_errno; |
---|
| 53 | |
---|
[0aaca60] | 54 | /* This is what your callback function should look like. */ |
---|
[486ddb5] | 55 | typedef gboolean (*ssl_input_function)(gpointer, int, void*, b_input_condition); |
---|
[b7d3cc34] | 56 | |
---|
[0aaca60] | 57 | |
---|
[ba5add7] | 58 | /* Perform any global initialization the SSL library might need. */ |
---|
[5ebff60] | 59 | G_MODULE_EXPORT void ssl_init(void); |
---|
[ba5add7] | 60 | |
---|
[0aaca60] | 61 | /* Connect to host:port, call the given function when the connection is |
---|
| 62 | ready to be used for SSL traffic. This is all done asynchronously, no |
---|
| 63 | blocking I/O! (Except for the DNS lookups, for now...) */ |
---|
[5ebff60] | 64 | G_MODULE_EXPORT void *ssl_connect(char *host, int port, gboolean verify, ssl_input_function func, gpointer data); |
---|
[0aaca60] | 65 | |
---|
[42127dc] | 66 | /* Start an SSL session on an existing fd. Useful for STARTTLS functionality, |
---|
| 67 | for example in Jabber. */ |
---|
[5ebff60] | 68 | G_MODULE_EXPORT void *ssl_starttls(int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data); |
---|
[42127dc] | 69 | |
---|
[0aaca60] | 70 | /* Obviously you need special read/write functions to read data. */ |
---|
[5ebff60] | 71 | G_MODULE_EXPORT int ssl_read(void *conn, char *buf, int len); |
---|
| 72 | G_MODULE_EXPORT int ssl_write(void *conn, const char *buf, int len); |
---|
[0aaca60] | 73 | |
---|
[80acb6d] | 74 | /* Now needed by most SSL libs. See for more info: |
---|
| 75 | http://www.gnu.org/software/gnutls/manual/gnutls.html#index-gnutls_005frecord_005fcheck_005fpending-209 |
---|
| 76 | http://www.openssl.org/docs/ssl/SSL_pending.html |
---|
[5ebff60] | 77 | |
---|
[80acb6d] | 78 | Required because OpenSSL empties the TCP buffer completely but doesn't |
---|
| 79 | necessarily give us all the unencrypted data. Or maybe you didn't ask |
---|
| 80 | for all of it because your buffer is too small. |
---|
[5ebff60] | 81 | |
---|
[80acb6d] | 82 | Returns 0 if there's nothing left, 1 if there's more data. */ |
---|
[5ebff60] | 83 | G_MODULE_EXPORT int ssl_pending(void *conn); |
---|
[8a2221a7] | 84 | |
---|
[0aaca60] | 85 | /* Abort the SSL connection and disconnect the socket. Do not use close() |
---|
| 86 | directly, both the SSL library and the peer will be unhappy! */ |
---|
[5ebff60] | 87 | G_MODULE_EXPORT void ssl_disconnect(void *conn_); |
---|
[0aaca60] | 88 | |
---|
| 89 | /* Get the fd for this connection, you will usually need it for event |
---|
| 90 | handling. */ |
---|
[5ebff60] | 91 | G_MODULE_EXPORT int ssl_getfd(void *conn); |
---|
[0aaca60] | 92 | |
---|
[e046390] | 93 | /* This function returns B_EV_IO_READ/WRITE. With SSL connections it's |
---|
[0aaca60] | 94 | possible that something has to be read while actually were trying to |
---|
| 95 | write something (think about key exchange/refresh/etc). So when an |
---|
| 96 | SSL operation returned SSL_AGAIN, *always* use this function when |
---|
| 97 | adding an event handler to the queue. (And it should perform exactly |
---|
| 98 | the same action as the handler that just received the SSL_AGAIN.) */ |
---|
[5ebff60] | 99 | G_MODULE_EXPORT b_input_condition ssl_getdirection(void *conn); |
---|
[523fb23] | 100 | |
---|
[78b8401] | 101 | /* Converts a verification bitfield passed to ssl_input_function into |
---|
| 102 | a more useful string. Or NULL if it had no useful bits set. */ |
---|
[5ebff60] | 103 | G_MODULE_EXPORT char *ssl_verify_strerror(int code); |
---|
[78b8401] | 104 | |
---|
[5ebff60] | 105 | G_MODULE_EXPORT size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, const unsigned char *input, |
---|
| 106 | size_t input_len, const unsigned char *iv, unsigned char **res); |
---|