source: lib/ssl_gnutls.c @ 70f6aab8

Last change on this file since 70f6aab8 was df1694b, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-06-25T12:15:42Z

Moving all generic files to lib/ instead of having some in / and some in
protocols/, and adding RC4 code.

  • Property mode set to 100644
File size: 4.8 KB
RevLine 
[b7d3cc34]1  /********************************************************************\
2  * BitlBee -- An IRC to other IM-networks gateway                     *
3  *                                                                    *
4  * Copyright 2002-2004 Wilmer van der Gaast and others                *
5  \********************************************************************/
6
7/* SSL module - GnuTLS version                                          */
8
9/*
10  This program is free software; you can redistribute it and/or modify
11  it under the terms of the GNU General Public License as published by
12  the Free Software Foundation; either version 2 of the License, or
13  (at your option) any later version.
14
15  This program is distributed in the hope that it will be useful,
16  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  GNU General Public License for more details.
19
20  You should have received a copy of the GNU General Public License with
21  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
22  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
23  Suite 330, Boston, MA  02111-1307  USA
24*/
25
26#include <gnutls/gnutls.h>
[701acdd4]27#include <fcntl.h>
28#include <unistd.h>
[b7d3cc34]29#include "proxy.h"
30#include "ssl_client.h"
31#include "sock.h"
32#include "stdlib.h"
33
[701acdd4]34int ssl_errno = 0;
35
[b7d3cc34]36static gboolean initialized = FALSE;
37
38struct scd
39{
[3d64e5b]40        ssl_input_function func;
[b7d3cc34]41        gpointer data;
42        int fd;
43        gboolean established;
[701acdd4]44        int inpa;
[b7d3cc34]45       
46        gnutls_session session;
47        gnutls_certificate_credentials xcred;
48};
49
[2b7d2d1]50static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
[b7d3cc34]51
52
[3d64e5b]53void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
[b7d3cc34]54{
55        struct scd *conn = g_new0( struct scd, 1 );
56       
57        conn->fd = proxy_connect( host, port, ssl_connected, conn );
58        conn->func = func;
59        conn->data = data;
[701acdd4]60        conn->inpa = -1;
[b7d3cc34]61       
62        if( conn->fd < 0 )
63        {
64                g_free( conn );
65                return( NULL );
66        }
67       
68        if( !initialized )
69        {
70                gnutls_global_init();
71                initialized = TRUE;
72                atexit( gnutls_global_deinit );
73        }
74       
75        gnutls_certificate_allocate_credentials( &conn->xcred );
76        gnutls_init( &conn->session, GNUTLS_CLIENT );
77        gnutls_set_default_priority( conn->session );
78        gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
79       
80        return( conn );
81}
82
[2b7d2d1]83static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
[701acdd4]84
[2b7d2d1]85static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
[b7d3cc34]86{
87        struct scd *conn = data;
88       
89        if( source == -1 )
[701acdd4]90        {
91                conn->func( conn->data, NULL, cond );
92               
93                gnutls_deinit( conn->session );
94                gnutls_certificate_free_credentials( conn->xcred );
95               
96                g_free( conn );
97               
[2b7d2d1]98                return FALSE;
[701acdd4]99        }
[b7d3cc34]100       
[701acdd4]101        sock_make_nonblocking( conn->fd );
[b7d3cc34]102        gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd );
103       
[2b7d2d1]104        return ssl_handshake( data, source, cond );
[701acdd4]105}
106
[2b7d2d1]107static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
[701acdd4]108{
109        struct scd *conn = data;
110        int st;
[b7d3cc34]111       
[701acdd4]112        if( ( st = gnutls_handshake( conn->session ) ) < 0 )
113        {
114                if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
115                {
[2b7d2d1]116                        conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
117                                                  ssl_handshake, data );
[701acdd4]118                }
119                else
120                {
121                        conn->func( conn->data, NULL, cond );
122                       
123                        gnutls_deinit( conn->session );
124                        gnutls_certificate_free_credentials( conn->xcred );
125                        closesocket( conn->fd );
126                       
127                        g_free( conn );
128                }
129        }
130        else
131        {
132                /* For now we can't handle non-blocking perfectly everywhere... */
133                sock_make_blocking( conn->fd );
134               
135                conn->established = TRUE;
136                conn->func( conn->data, conn, cond );
137        }
[2b7d2d1]138       
139        return FALSE;
[b7d3cc34]140}
141
142int ssl_read( void *conn, char *buf, int len )
143{
[8a9afe4]144        int st;
145       
[b7d3cc34]146        if( !((struct scd*)conn)->established )
[701acdd4]147        {
148                ssl_errno = SSL_NOHANDSHAKE;
149                return( -1 );
150        }
[b7d3cc34]151       
[8a9afe4]152        st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
153       
154        ssl_errno = SSL_OK;
155        if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
156                ssl_errno = SSL_AGAIN;
[701acdd4]157       
[8a9afe4]158        return st;
[b7d3cc34]159}
160
161int ssl_write( void *conn, const char *buf, int len )
162{
[8a9afe4]163        int st;
164       
[b7d3cc34]165        if( !((struct scd*)conn)->established )
[701acdd4]166        {
167                ssl_errno = SSL_NOHANDSHAKE;
168                return( -1 );
169        }
[b7d3cc34]170       
[8a9afe4]171        st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
172       
173        ssl_errno = SSL_OK;
174        if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
175                ssl_errno = SSL_AGAIN;
176       
177        return st;
[b7d3cc34]178}
179
180void ssl_disconnect( void *conn_ )
181{
182        struct scd *conn = conn_;
183       
[a03a9f3]184        if( conn->inpa != -1 )
[2b7d2d1]185                b_event_remove( conn->inpa );
[a03a9f3]186       
[b7d3cc34]187        if( conn->established )
188                gnutls_bye( conn->session, GNUTLS_SHUT_WR );
189       
190        closesocket( conn->fd );
191       
192        gnutls_deinit( conn->session );
193        gnutls_certificate_free_credentials( conn->xcred );
194        g_free( conn );
195}
196
197int ssl_getfd( void *conn )
198{
199        return( ((struct scd*)conn)->fd );
200}
[8a9afe4]201
[ba9edaa]202b_input_condition ssl_getdirection( void *conn )
[8a9afe4]203{
204        return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
205                GAIM_INPUT_WRITE : GAIM_INPUT_READ );
206}
Note: See TracBrowser for help on using the repository browser.