Context Navigation

source: lib/ssl_gnutls.c @ cc2cb2d

Last change on this file since cc2cb2d was c1ed6527, checked in by Wilmer van der Gaast <wilmer@…>, at 2006-10-02T13:19:13Z
No more double free()/crashes when trying to set up an SSL connection to a non-SSL server, and better handling of TLS connection setup by initializing the TLS session from a callback function (which guarantees a valid return value from ssl_starttls() before any error callback could be called).
Property mode set to `100644`
File size: 5.7 KB

Rev	Line
[b7d3cc34]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2004 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* SSL module - GnuTLS version */
	8
	9	/*
	10	This program is free software; you can redistribute it and/or modify
	11	it under the terms of the GNU General Public License as published by
	12	the Free Software Foundation; either version 2 of the License, or
	13	(at your option) any later version.
	14
	15	This program is distributed in the hope that it will be useful,
	16	but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	GNU General Public License for more details.
	19
	20	You should have received a copy of the GNU General Public License with
	21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	23	Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
	26	#include <gnutls/gnutls.h>
[701acdd4]	27	#include <fcntl.h>
	28	#include <unistd.h>
[b7d3cc34]	29	#include "proxy.h"
	30	#include "ssl_client.h"
	31	#include "sock.h"
	32	#include "stdlib.h"
	33
[701acdd4]	34	int ssl_errno = 0;
	35
[b7d3cc34]	36	static gboolean initialized = FALSE;
	37
	38	struct scd
	39	{
[3d64e5b]	40	ssl_input_function func;
[b7d3cc34]	41	gpointer data;
	42	int fd;
	43	gboolean established;
[701acdd4]	44	int inpa;
[b7d3cc34]	45
	46	gnutls_session session;
	47	gnutls_certificate_credentials xcred;
	48	};
	49
[2b7d2d1]	50	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
[c1ed6527]	51	static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
	52	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond );
[b7d3cc34]	53
	54
[3d64e5b]	55	void ssl_connect( char host, int port, ssl_input_function func, gpointer data )
[b7d3cc34]	56	{
	57	struct scd *conn = g_new0( struct scd, 1 );
	58
	59	conn->fd = proxy_connect( host, port, ssl_connected, conn );
	60	conn->func = func;
	61	conn->data = data;
[701acdd4]	62	conn->inpa = -1;
[b7d3cc34]	63
	64	if( conn->fd < 0 )
	65	{
	66	g_free( conn );
[42127dc]	67	return NULL;
[b7d3cc34]	68	}
	69
[42127dc]	70	return conn;
	71	}
	72
	73	void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
	74	{
	75	struct scd *conn = g_new0( struct scd, 1 );
[b7d3cc34]	76
[42127dc]	77	conn->fd = fd;
	78	conn->func = func;
	79	conn->data = data;
	80	conn->inpa = -1;
	81
[c1ed6527]	82	/* This function should be called via a (short) timeout instead of
	83	directly from here, because these SSL calls are supposed to be
	84	completely asynchronous and not ready yet when this function
	85	(or *_connect, for examle) returns. Also, errors are reported via
	86	the callback function, not via this function's return value.
	87
	88	In short, doing things like this makes the rest of the code a lot
	89	simpler. */
	90
	91	b_timeout_add( 1, ssl_starttls_real, conn );
[b7d3cc34]	92
[42127dc]	93	return conn;
[b7d3cc34]	94	}
	95
[c1ed6527]	96	static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
	97	{
	98	struct scd *conn = data;
	99
	100	return ssl_connected( conn, conn->fd, GAIM_INPUT_WRITE );
	101	}
[701acdd4]	102
[2b7d2d1]	103	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
[b7d3cc34]	104	{
	105	struct scd *conn = data;
	106
	107	if( source == -1 )
[701acdd4]	108	{
	109	conn->func( conn->data, NULL, cond );
	110
	111	g_free( conn );
	112
[2b7d2d1]	113	return FALSE;
[701acdd4]	114	}
[b7d3cc34]	115
[42127dc]	116	if( !initialized )
	117	{
	118	gnutls_global_init();
	119	initialized = TRUE;
	120	atexit( gnutls_global_deinit );
	121	}
	122
	123	gnutls_certificate_allocate_credentials( &conn->xcred );
	124	gnutls_init( &conn->session, GNUTLS_CLIENT );
	125	gnutls_set_default_priority( conn->session );
	126	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
	127
[701acdd4]	128	sock_make_nonblocking( conn->fd );
[b7d3cc34]	129	gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd );
	130
[2b7d2d1]	131	return ssl_handshake( data, source, cond );
[701acdd4]	132	}
	133
[2b7d2d1]	134	static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
[701acdd4]	135	{
	136	struct scd *conn = data;
	137	int st;
[b7d3cc34]	138
[701acdd4]	139	if( ( st = gnutls_handshake( conn->session ) ) < 0 )
	140	{
	141	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	142	{
[2b7d2d1]	143	conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
	144	ssl_handshake, data );
[701acdd4]	145	}
	146	else
	147	{
	148	conn->func( conn->data, NULL, cond );
	149
	150	gnutls_deinit( conn->session );
	151	gnutls_certificate_free_credentials( conn->xcred );
	152	closesocket( conn->fd );
	153
	154	g_free( conn );
	155	}
	156	}
	157	else
	158	{
	159	/* For now we can't handle non-blocking perfectly everywhere... */
	160	sock_make_blocking( conn->fd );
	161
	162	conn->established = TRUE;
	163	conn->func( conn->data, conn, cond );
	164	}
[2b7d2d1]	165
	166	return FALSE;
[b7d3cc34]	167	}
	168
	169	int ssl_read( void conn, char buf, int len )
	170	{
[8a9afe4]	171	int st;
	172
[b7d3cc34]	173	if( !((struct scd*)conn)->established )
[701acdd4]	174	{
	175	ssl_errno = SSL_NOHANDSHAKE;
	176	return( -1 );
	177	}
[b7d3cc34]	178
[8a9afe4]	179	st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len );
	180
	181	ssl_errno = SSL_OK;
	182	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	183	ssl_errno = SSL_AGAIN;
[701acdd4]	184
[8a9afe4]	185	return st;
[b7d3cc34]	186	}
	187
	188	int ssl_write( void conn, const char buf, int len )
	189	{
[8a9afe4]	190	int st;
	191
[b7d3cc34]	192	if( !((struct scd*)conn)->established )
[701acdd4]	193	{
	194	ssl_errno = SSL_NOHANDSHAKE;
	195	return( -1 );
	196	}
[b7d3cc34]	197
[8a9afe4]	198	st = gnutls_record_send( ((struct scd*)conn)->session, buf, len );
	199
	200	ssl_errno = SSL_OK;
	201	if( st == GNUTLS_E_AGAIN \|\| st == GNUTLS_E_INTERRUPTED )
	202	ssl_errno = SSL_AGAIN;
	203
	204	return st;
[b7d3cc34]	205	}
	206
	207	void ssl_disconnect( void *conn_ )
	208	{
	209	struct scd *conn = conn_;
	210
[a03a9f3]	211	if( conn->inpa != -1 )
[2b7d2d1]	212	b_event_remove( conn->inpa );
[a03a9f3]	213
[b7d3cc34]	214	if( conn->established )
	215	gnutls_bye( conn->session, GNUTLS_SHUT_WR );
	216
	217	closesocket( conn->fd );
	218
	219	gnutls_deinit( conn->session );
	220	gnutls_certificate_free_credentials( conn->xcred );
	221	g_free( conn );
	222	}
	223
	224	int ssl_getfd( void *conn )
	225	{
	226	return( ((struct scd*)conn)->fd );
	227	}
[8a9afe4]	228
[ba9edaa]	229	b_input_condition ssl_getdirection( void *conn )
[8a9afe4]	230	{
	231	return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
	232	GAIM_INPUT_WRITE : GAIM_INPUT_READ );
	233	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: