summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xvchat-client.c5
-rwxr-xr-xvchat-commands.c2
-rwxr-xr-xvchat-config.h1
-rw-r--r--vchat-connection.c110
-rw-r--r--vchat-connection.h2
-rwxr-xr-xvchat-tls.c73
-rwxr-xr-xvchat-tls.h27
-rwxr-xr-xvchat.h3
8 files changed, 159 insertions, 64 deletions
diff --git a/vchat-client.c b/vchat-client.c
index d1afaa2..a22df94 100755
--- a/vchat-client.c
+++ b/vchat-client.c
@@ -430,7 +430,7 @@ void versions() {
430 puts(vchat_us_version); 430 puts(vchat_us_version);
431 puts(vchat_cm_version); 431 puts(vchat_cm_version);
432 puts(vchat_tls_version); 432 puts(vchat_tls_version);
433 puts(vchat_tls_version_external); 433 puts(vchat_tls_version_external());
434} 434}
435 435
436/* main - d'oh */ 436/* main - d'oh */
@@ -443,9 +443,6 @@ int main(int argc, char **argv) {
443 loadconfig(GLOBAL_CONFIG_FILE); 443 loadconfig(GLOBAL_CONFIG_FILE);
444 loadconfig(getstroption(CF_CONFIGFILE)); 444 loadconfig(getstroption(CF_CONFIGFILE));
445 445
446 /* make SSL version used visible */
447 vchat_tls_get_version_external();
448
449 /* parse commandline */ 446 /* parse commandline */
450 while (cmdsunparsed) { 447 while (cmdsunparsed) {
451 pchar = getopt(argc, argv, "C:F:lzs:p:c:n:f:kKL:hv"); 448 pchar = getopt(argc, argv, "C:F:lzs:p:c:n:f:kKL:hv");
diff --git a/vchat-commands.c b/vchat-commands.c
index 9aa3abd..3ef3132 100755
--- a/vchat-commands.c
+++ b/vchat-commands.c
@@ -449,7 +449,7 @@ void command_version(char *tail) {
449 writeout(vchat_us_version); 449 writeout(vchat_us_version);
450 writeout(vchat_cm_version); 450 writeout(vchat_cm_version);
451 writeout(vchat_tls_version); 451 writeout(vchat_tls_version);
452 writeout(vchat_tls_version_external); 452 writeout(vchat_tls_version_external());
453 showout(); 453 showout();
454} 454}
455 455
diff --git a/vchat-config.h b/vchat-config.h
index 56e0b60..24365dc 100755
--- a/vchat-config.h
+++ b/vchat-config.h
@@ -43,6 +43,7 @@ static volatile configoption configoptions[] = {
43 {CF_PINFINGER, CO_INT, "pinfinger", (char *) 0, (char *)-1, { NULL } }, 43 {CF_PINFINGER, CO_INT, "pinfinger", (char *) 0, (char *)-1, { NULL } },
44 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }}, 44 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }},
45 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } }, 45 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } },
46 {CF_TLSLIB, CO_STR, "tlslib", "mbedtls", NULL, { NULL } },
46 {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } }, 47 {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } },
47 {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } }, 48 {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } },
48 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } }, 49 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } },
diff --git a/vchat-connection.c b/vchat-connection.c
index 165ed9b..4680b6e 100644
--- a/vchat-connection.c
+++ b/vchat-connection.c
@@ -35,6 +35,9 @@
35static int serverfd = -1; 35static int serverfd = -1;
36unsigned int want_tcp_keepalive = 0; 36unsigned int want_tcp_keepalive = 0;
37 37
38enum { TLS_ENGINE_UNSET, TLS_ENGINE_OPENSSL, TLS_ENGINE_MBEDTLS };
39static int _engine = TLS_ENGINE_UNSET;
40
38#define STAGING_SIZE 16384 41#define STAGING_SIZE 16384
39#define RECEIVEBUF_SIZE 4096 42#define RECEIVEBUF_SIZE 4096
40 43
@@ -87,6 +90,7 @@ int vc_connect(const char *server, const char *port) {
87 90
88 /* pointer to tilde-expanded certificate/keyfile-names */ 91 /* pointer to tilde-expanded certificate/keyfile-names */
89 char *certfile, *cafile; 92 char *certfile, *cafile;
93 int result = -1, want_openssl = !strcmp(getstroption(CF_TLSLIB), "openssl");
90 94
91 /* Connect to the server */ 95 /* Connect to the server */
92 serverfd = connect_tcp_socket(server, port); 96 serverfd = connect_tcp_socket(server, port);
@@ -100,8 +104,35 @@ int vc_connect(const char *server, const char *port) {
100 if (!getintoption(CF_USESSL)) 104 if (!getintoption(CF_USESSL))
101 return 0; 105 return 0;
102 106
107#ifdef TLS_LIB_OPENSSL
108 _engine = TLS_ENGINE_OPENSSL;
109#endif
110#ifdef TLS_LIB_MBEDTLS
111 /* Make mbedtls default unless mbedtls is configured */
112 if (!want_openssl || _engine == TLS_ENGINE_UNSET)
113 _engine = TLS_ENGINE_MBEDTLS;
114#endif
115
116 if (_engine == TLS_ENGINE_UNSET) {
117 writecf(FS_ERR, "Error: tls requested but no tls engine compiled in.");
118 return -1;
119 }
120
121 if (want_openssl && _engine == TLS_ENGINE_MBEDTLS)
122 writecf(FS_SERV, "Warning: tls engine openssl requested but openssl engine not compiled in. Using mbedtls");
123
124 if (!want_openssl && _engine == TLS_ENGINE_OPENSSL)
125 writecf(FS_SERV, "Warning: tls engine mbedtls requested but mbedts engine not compiled in. Using openssl");
126
103 /* If SSL is requested, get our ssl-BIO running */ 127 /* If SSL is requested, get our ssl-BIO running */
104 vc_init_x509store(&vc_store); 128#ifdef TLS_LIB_OPENSSL
129 if (_engine == TLS_ENGINE_OPENSSL)
130 vc_openssl_init_x509store(&vc_store);
131#endif
132#ifdef TLS_LIB_MBEDTLS
133 if (_engine == TLS_ENGINE_MBEDTLS)
134 vc_mbedtls_init_x509store(&vc_store);
135#endif
105 136
106 /* get name of certificate file */ 137 /* get name of certificate file */
107 certfile = get_tilde_expanded(CF_CERTFILE); 138 certfile = get_tilde_expanded(CF_CERTFILE);
@@ -127,14 +158,30 @@ int vc_connect(const char *server, const char *port) {
127 free(cafile); 158 free(cafile);
128 159
129 /* upgrade our plain BIO to ssl */ 160 /* upgrade our plain BIO to ssl */
130 int result = vc_tls_connect(serverfd, &vc_store); 161#ifdef TLS_LIB_OPENSSL
162 if (_engine == TLS_ENGINE_OPENSSL)
163 result = vc_openssl_connect(serverfd, &vc_store);
164#endif
165#ifdef TLS_LIB_MBEDTLS
166 if (_engine == TLS_ENGINE_MBEDTLS)
167 result = vc_mbedtls_connect(serverfd, &vc_store);
168#endif
131 vc_cleanup_x509store(&vc_store); 169 vc_cleanup_x509store(&vc_store);
132 170
133 if (result) { 171 if (result) {
134 close(serverfd); 172 close(serverfd);
135 serverfd = -1; 173 serverfd = -1;
136 errno = EIO; 174 errno = EIO;
137 vc_tls_cleanup(); 175#ifdef TLS_LIB_OPENSSL
176 if (_engine == TLS_ENGINE_OPENSSL)
177 vc_openssl_cleanup();
178#endif
179#ifdef TLS_LIB_MBEDTLS
180 if (_engine == TLS_ENGINE_MBEDTLS)
181 vc_mbedtls_cleanup();
182#endif
183
184 _engine = TLS_ENGINE_UNSET;
138 snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_CANTCONNECT), server, port); 185 snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_CANTCONNECT), server, port);
139 writechan(tmpstr); 186 writechan(tmpstr);
140 return -1; 187 return -1;
@@ -175,27 +222,42 @@ void vc_disconnect() {
175 close(serverfd); 222 close(serverfd);
176 serverfd = -1; 223 serverfd = -1;
177 } 224 }
178 vc_tls_cleanup(); 225#ifdef TLS_LIB_OPENSSL
226 if (_engine == TLS_ENGINE_OPENSSL)
227 vc_openssl_cleanup();
228#endif
229#ifdef TLS_LIB_MBEDTLS
230 if (_engine == TLS_ENGINE_MBEDTLS)
231 vc_mbedtls_cleanup();
232#endif
233
234 _engine = TLS_ENGINE_UNSET;
179 loggedin = 0; 235 loggedin = 0;
180} 236}
181 237
182void vc_sendmessage(const char *msg) { 238void vc_sendmessage(const char *msg) {
183 static char staging[STAGING_SIZE]; 239 static char staging[STAGING_SIZE];
184 size_t sent, len = snprintf(staging, sizeof(staging), "%s\r\n", msg); 240 size_t sent = 0, len = snprintf(staging, sizeof(staging), "%s\r\n", msg);
185#ifdef DEBUG 241#ifdef DEBUG
186 /* debugging? log network output! */ 242 /* debugging? log network output! */
187 fprintf(dumpfile, ">| (%zd) %s\n", len - 2, msg); 243 fprintf(dumpfile, ">| (%zd) %s\n", len - 2, msg);
188#endif 244#endif
189 245
190 if (getintoption(CF_USESSL)) 246 if (getintoption(CF_USESSL)) {
191 sent = vc_tls_sendmessage(staging, len); 247#ifdef TLS_LIB_OPENSSL
192 else 248 if (_engine == TLS_ENGINE_OPENSSL)
249 sent = vc_openssl_sendmessage(staging, len);
250#endif
251#ifdef TLS_LIB_MBEDTLS
252 if (_engine == TLS_ENGINE_MBEDTLS)
253 sent = vc_mbedtls_sendmessage(staging, len);
254#endif
255 } else
193 sent = write(serverfd, staging, len); 256 sent = write(serverfd, staging, len);
194 if (sent != len) 257 if (sent != len)
195 writecf(FS_ERR, "Message sending fuzzy."); 258 writecf(FS_ERR, "Message sending fuzzy.");
196} 259}
197 260
198
199/* get data from servers connection */ 261/* get data from servers connection */
200int vc_receive(void) { 262int vc_receive(void) {
201/* offset in buffer (for linebreaks at packet borders) */ 263/* offset in buffer (for linebreaks at packet borders) */
@@ -203,12 +265,19 @@ int vc_receive(void) {
203 static size_t buf_fill; 265 static size_t buf_fill;
204 char *endmsg; 266 char *endmsg;
205 size_t freebytes = sizeof(buf) - buf_fill; 267 size_t freebytes = sizeof(buf) - buf_fill;
206 ssize_t bytes; 268 ssize_t bytes = 0;
207 269
208 if (!getintoption(CF_USESSL)) 270 if (!getintoption(CF_USESSL))
209 bytes = read(serverfd, buf + buf_fill, freebytes); 271 bytes = read(serverfd, buf + buf_fill, freebytes);
210 else 272 else
211 bytes = vc_tls_receivemessage(buf + buf_fill, freebytes); 273#ifdef TLS_LIB_OPENSSL
274 if (_engine == TLS_ENGINE_OPENSSL)
275 bytes = vc_openssl_receivemessage(buf + buf_fill, freebytes);
276#endif
277#ifdef TLS_LIB_MBEDTLS
278 if (_engine == TLS_ENGINE_MBEDTLS)
279 bytes = vc_mbedtls_receivemessage(buf + buf_fill, freebytes);
280#endif
212 281
213 /* Our tls functions may require retries with handshakes etc, this is 282 /* Our tls functions may require retries with handshakes etc, this is
214 * signalled by -2 */ 283 * signalled by -2 */
@@ -255,3 +324,22 @@ int vc_receive(void) {
255 } 324 }
256 return 0; 325 return 0;
257} 326}
327
328const char *vchat_tls_version_external() {
329#ifdef TLS_LIB_OPENSSL
330 char *openssl_version = vc_openssl_version();
331#else
332 char *openssl_version = strdup("not installed");
333#endif
334#ifdef TLS_LIB_MBEDTLS
335 char *mbedtls_version = vc_mbedtls_version();
336#else
337 char *mbedtls_version = strdup("not installed");
338#endif
339
340 snprintf(tmpstr, TMPSTRSIZE, "Module plain v0.1\nModule openssl version: %s\nModule mbedtls version: %s", openssl_version, mbedtls_version);
341
342 free(openssl_version);
343 free(mbedtls_version);
344 return tmpstr;
345}
diff --git a/vchat-connection.h b/vchat-connection.h
index 2889c82..766dc0a 100644
--- a/vchat-connection.h
+++ b/vchat-connection.h
@@ -7,3 +7,5 @@ void vc_sendmessage(const char *message);
7int vc_receive(); 7int vc_receive();
8int vc_poll(); 8int vc_poll();
9void vc_disconnect(); 9void vc_disconnect();
10
11const char *vchat_tls_version_external();
diff --git a/vchat-tls.c b/vchat-tls.c
index d2f3b01..f326b91 100755
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -28,8 +28,6 @@
28 28
29const char *vchat_tls_version = 29const char *vchat_tls_version =
30 "vchat-tls.c $Id$"; 30 "vchat-tls.c $Id$";
31const char *vchat_tls_version_external =
32 "Unknown implementation; version unknown";
33 31
34/* Helpers to work with vc_x509store_t used by all tls libs */ 32/* Helpers to work with vc_x509store_t used by all tls libs */
35void vc_cleanup_x509store(vc_x509store_t *store) { 33void vc_cleanup_x509store(vc_x509store_t *store) {
@@ -133,15 +131,6 @@ cleanup_happy:
133 return 0; 131 return 0;
134} 132}
135 133
136#if defined(TLS_LIB_OPENSSL) && defined(TLS_LIB_MBEDTLS)
137#error \
138 "Both TLS_LIB_OPENSSL and TLS_LIB_MBEDTLS are defined. Please select only one."
139#endif
140#if !defined(TLS_LIB_OPENSSL) && !defined(TLS_LIB_MBEDTLS)
141#error \
142 "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select exactly one."
143#endif
144
145#ifdef TLS_LIB_OPENSSL 134#ifdef TLS_LIB_OPENSSL
146 135
147#include <openssl/bio.h> 136#include <openssl/bio.h>
@@ -152,13 +141,13 @@ cleanup_happy:
152#include <openssl/x509.h> 141#include <openssl/x509.h>
153#include <openssl/x509v3.h> 142#include <openssl/x509v3.h>
154 143
155void vchat_tls_get_version_external() { 144char *vc_openssl_version() {
156 snprintf(tmpstr, sizeof(tmpstr), "OpenSSL %s with %s", 145 snprintf(tmpstr, sizeof(tmpstr), "OpenSSL %s with %s",
157 SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS)); 146 SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS));
158 vchat_tls_version_external = strdup(tmpstr); 147 return strdup(tmpstr);
159} 148}
160 149
161void vc_init_x509store(vc_x509store_t *store) { 150void vc_openssl_init_x509store(vc_x509store_t *store) {
162 static int sslinit; 151 static int sslinit;
163 if (!sslinit++) { 152 if (!sslinit++) {
164 SSL_library_init(); 153 SSL_library_init();
@@ -243,7 +232,7 @@ static SSL_CTX *vc_create_sslctx(vc_x509store_t *vc_store) {
243 return (ctx); 232 return (ctx);
244} 233}
245 234
246int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { 235int vc_openssl_connect(int serverfd, vc_x509store_t *vc_store) {
247 SSL_CTX *ctx = vc_create_sslctx(vc_store); 236 SSL_CTX *ctx = vc_create_sslctx(vc_store);
248 X509 *peercert = NULL; 237 X509 *peercert = NULL;
249 BIO *ssl_conn = NULL; 238 BIO *ssl_conn = NULL;
@@ -261,6 +250,10 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
261 250
262 long j; 251 long j;
263 252
253 writecf(FS_SERV, "[SOCKET CONNECTED ]");
254 writecf(FS_SERV, "[UPGRADING TO TLS ]");
255 writecf(FS_SERV, "[TLS ENGINE OPENSSL ]");
256
264 if (!ctx) 257 if (!ctx)
265 goto all_errors; 258 goto all_errors;
266 259
@@ -286,13 +279,13 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
286 cipher = SSL_get_current_cipher(sslp); 279 cipher = SSL_get_current_cipher(sslp);
287 if (cipher) { 280 if (cipher) {
288 char cipher_desc[TMPSTRSIZE]; 281 char cipher_desc[TMPSTRSIZE];
289 snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER ] %s", 282 snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER ] %s",
290 SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE)); 283 SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE));
291 writecf(FS_SERV, tmpstr); 284 writecf(FS_SERV, tmpstr);
292 } else { 285 } else {
293 snprintf( 286 snprintf(
294 tmpstr, TMPSTRSIZE, 287 tmpstr, TMPSTRSIZE,
295 "[SSL ERROR ] Cipher not known / SSL object can't be queried!"); 288 "[SSL ERROR ] Cipher not known / SSL object can't be queried!");
296 writecf(FS_ERR, tmpstr); 289 writecf(FS_ERR, tmpstr);
297 } 290 }
298 291
@@ -302,10 +295,10 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
302 goto ssl_error; 295 goto ssl_error;
303 296
304 /* show basic information about peer cert */ 297 /* show basic information about peer cert */
305 snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT ] %s", 298 snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT ] %s",
306 X509_NAME_oneline(X509_get_subject_name(peercert), 0, 0)); 299 X509_NAME_oneline(X509_get_subject_name(peercert), 0, 0));
307 writecf(FS_SERV, tmpstr); 300 writecf(FS_SERV, tmpstr);
308 snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER ] %s", 301 snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER ] %s",
309 X509_NAME_oneline(X509_get_issuer_name(peercert), 0, 0)); 302 X509_NAME_oneline(X509_get_issuer_name(peercert), 0, 0));
310 writecf(FS_SERV, tmpstr); 303 writecf(FS_SERV, tmpstr);
311 304
@@ -318,7 +311,7 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
318 fp += sprintf(fp, "%02X:", fingerprint_bin[j]); 311 fp += sprintf(fp, "%02X:", fingerprint_bin[j]);
319 assert(fp > fingerprint); 312 assert(fp > fingerprint);
320 fp[-1] = 0; 313 fp[-1] = 0;
321 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] %s (from server)", 314 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] %s (from server)",
322 fingerprint); 315 fingerprint);
323 writecf(FS_SERV, tmpstr); 316 writecf(FS_SERV, tmpstr);
324 317
@@ -333,12 +326,12 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
333 return 0; 326 return 0;
334 327
335 if (getintoption(CF_IGNSSL)) { 328 if (getintoption(CF_IGNSSL)) {
336 writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!"); 329 writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
337 return 0; 330 return 0;
338 } 331 }
339 332
340ssl_error: 333ssl_error:
341 snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", 334 snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR ] %s",
342 ERR_error_string(ERR_get_error(), NULL)); 335 ERR_error_string(ERR_get_error(), NULL));
343 writecf(FS_ERR, tmpstr); 336 writecf(FS_ERR, tmpstr);
344all_errors: 337all_errors:
@@ -396,18 +389,18 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) {
396 389
397int vc_verify_callback(int ok, X509_STORE_CTX *store) { 390int vc_verify_callback(int ok, X509_STORE_CTX *store) {
398 if (!ok) { 391 if (!ok) {
399 snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", 392 snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s",
400 X509_verify_cert_error_string(X509_STORE_CTX_get_error(store))); 393 X509_verify_cert_error_string(X509_STORE_CTX_get_error(store)));
401 writecf(FS_ERR, tmpstr); 394 writecf(FS_ERR, tmpstr);
402 } 395 }
403 return (ok | getintoption(CF_IGNSSL)); 396 return (ok | getintoption(CF_IGNSSL));
404} 397}
405 398
406ssize_t vc_tls_sendmessage(const void *buf, size_t size) { 399ssize_t vc_openssl_sendmessage(const void *buf, size_t size) {
407 return BIO_write(server_conn, buf, size); 400 return BIO_write(server_conn, buf, size);
408} 401}
409 402
410ssize_t vc_tls_receivemessage(void *buf, size_t size) { 403ssize_t vc_openssl_receivemessage(void *buf, size_t size) {
411 ssize_t received = (ssize_t)BIO_read(server_conn, buf, size); 404 ssize_t received = (ssize_t)BIO_read(server_conn, buf, size);
412 if (received != 0) 405 if (received != 0)
413 return received; 406 return received;
@@ -416,7 +409,7 @@ ssize_t vc_tls_receivemessage(void *buf, size_t size) {
416 return 0; 409 return 0;
417} 410}
418 411
419void vc_tls_cleanup() { 412void vc_openssl_cleanup() {
420 BIO_free_all(server_conn); 413 BIO_free_all(server_conn);
421 server_conn = NULL; 414 server_conn = NULL;
422} 415}
@@ -451,9 +444,9 @@ typedef struct {
451} mbedstate; 444} mbedstate;
452static mbedstate _mbedtls_state; 445static mbedstate _mbedtls_state;
453 446
454void vchat_tls_get_version_external() { 447char *vc_mbedtls_version() {
455 snprintf(tmpstr, sizeof(tmpstr), "%s", MBEDTLS_VERSION_STRING_FULL); 448 snprintf(tmpstr, sizeof(tmpstr), "%s", MBEDTLS_VERSION_STRING_FULL);
456 vchat_tls_version_external = strdup(tmpstr); 449 return strdup(tmpstr);
457} 450}
458 451
459static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len) { 452static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len) {
@@ -463,16 +456,13 @@ static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len) {
463 return send((int)(intptr_t)ctx, buf, len, 0); 456 return send((int)(intptr_t)ctx, buf, len, 0);
464} 457}
465static int map_openssl_suite(char *openssl_name); 458static int map_openssl_suite(char *openssl_name);
466void vc_init_x509store(vc_x509store_t *store) { 459void vc_mbedtls_init_x509store(vc_x509store_t *store) {
467 static int sslinit; 460 mbedtls_entropy_init(&_mbedtls_state._entropy);
468 if (!sslinit++) { 461 mbedtls_ctr_drbg_init(&_mbedtls_state._ctr_drbg);
469 mbedtls_entropy_init(&_mbedtls_state._entropy);
470 mbedtls_ctr_drbg_init(&_mbedtls_state._ctr_drbg);
471 462
472 mbedtls_ctr_drbg_seed(&_mbedtls_state._ctr_drbg, mbedtls_entropy_func, 463 mbedtls_ctr_drbg_seed(&_mbedtls_state._ctr_drbg, mbedtls_entropy_func,
473 &_mbedtls_state._entropy, 464 &_mbedtls_state._entropy,
474 (const unsigned char *)DRBG_PERS, sizeof(DRBG_PERS)); 465 (const unsigned char *)DRBG_PERS, sizeof(DRBG_PERS));
475 }
476 memset(store, 0, sizeof(vc_x509store_t)); 466 memset(store, 0, sizeof(vc_x509store_t));
477 467
478 /* We want to make verifying the peer the default */ 468 /* We want to make verifying the peer the default */
@@ -485,7 +475,7 @@ static void vc_tls_report_error(int error, char *message) {
485 writecf(FS_ERR, tmpstr); 475 writecf(FS_ERR, tmpstr);
486} 476}
487 477
488int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { 478int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) {
489 /* Some aliases for shorter references */ 479 /* Some aliases for shorter references */
490 mbedstate *s = &_mbedtls_state; 480 mbedstate *s = &_mbedtls_state;
491 mbedtls_ssl_config *conf = &_mbedtls_state._conf; 481 mbedtls_ssl_config *conf = &_mbedtls_state._conf;
@@ -502,6 +492,7 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
502 492
503 writecf(FS_SERV, "[SOCKET CONNECTED ]"); 493 writecf(FS_SERV, "[SOCKET CONNECTED ]");
504 writecf(FS_SERV, "[UPGRADING TO TLS ]"); 494 writecf(FS_SERV, "[UPGRADING TO TLS ]");
495 writecf(FS_SERV, "[TLS ENGINE MBEDTLS ]");
505 496
506 if ((ret = mbedtls_ssl_config_defaults(conf, MBEDTLS_SSL_IS_CLIENT, 497 if ((ret = mbedtls_ssl_config_defaults(conf, MBEDTLS_SSL_IS_CLIENT,
507 MBEDTLS_SSL_TRANSPORT_STREAM, 498 MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -688,11 +679,11 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) {
688 return 0; 679 return 0;
689} 680}
690 681
691ssize_t vc_tls_sendmessage(const void *buf, size_t size) { 682ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size) {
692 return mbedtls_ssl_write(&_mbedtls_state._ssl, buf, size); 683 return mbedtls_ssl_write(&_mbedtls_state._ssl, buf, size);
693} 684}
694 685
695ssize_t vc_tls_receivemessage(void *buf, size_t size) { 686ssize_t vc_mbedtls_receivemessage(void *buf, size_t size) {
696 ssize_t received = (ssize_t)mbedtls_ssl_read(&_mbedtls_state._ssl, buf, size); 687 ssize_t received = (ssize_t)mbedtls_ssl_read(&_mbedtls_state._ssl, buf, size);
697 switch (received) { 688 switch (received) {
698 case MBEDTLS_ERR_SSL_WANT_READ: 689 case MBEDTLS_ERR_SSL_WANT_READ:
@@ -709,7 +700,7 @@ ssize_t vc_tls_receivemessage(void *buf, size_t size) {
709 } 700 }
710} 701}
711 702
712void vc_tls_cleanup() { 703void vc_mbedtls_cleanup() {
713 mbedtls_x509_crt_free(&_mbedtls_state._cacert); 704 mbedtls_x509_crt_free(&_mbedtls_state._cacert);
714 mbedtls_x509_crt_free(&_mbedtls_state._cert); 705 mbedtls_x509_crt_free(&_mbedtls_state._cert);
715 mbedtls_pk_free(&_mbedtls_state._key); 706 mbedtls_pk_free(&_mbedtls_state._key);
diff --git a/vchat-tls.h b/vchat-tls.h
index 17d2687..5399820 100755
--- a/vchat-tls.h
+++ b/vchat-tls.h
@@ -14,7 +14,6 @@ struct vc_x509store_t {
14}; 14};
15typedef struct vc_x509store_t vc_x509store_t; 15typedef struct vc_x509store_t vc_x509store_t;
16 16
17void vc_init_x509store(vc_x509store_t *);
18void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); 17void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
19void vc_x509store_setflags(vc_x509store_t *, int); 18void vc_x509store_setflags(vc_x509store_t *, int);
20void vc_x509store_setkeyfile(vc_x509store_t *, char *); 19void vc_x509store_setkeyfile(vc_x509store_t *, char *);
@@ -25,10 +24,28 @@ void vc_x509store_setcapath(vc_x509store_t *, char *);
25void vc_x509store_setcrlfile(vc_x509store_t *, char *); 24void vc_x509store_setcrlfile(vc_x509store_t *, char *);
26void vc_cleanup_x509store(vc_x509store_t *s); 25void vc_cleanup_x509store(vc_x509store_t *s);
27 26
28int vc_tls_connect(int serverfd, vc_x509store_t *); 27#if !defined(TLS_LIB_OPENSSL) && !defined(TLS_LIB_MBEDTLS)
29ssize_t vc_tls_sendmessage(const void *buf, size_t size); 28#error \
30ssize_t vc_tls_receivemessage(void *buf, size_t size); 29 "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select exactly one."
31void vc_tls_cleanup(); 30#endif
31
32#ifdef TLS_LIB_OPENSSL
33void vc_openssl_init_x509store(vc_x509store_t *);
34int vc_openssl_connect(int serverfd, vc_x509store_t *);
35ssize_t vc_openssl_sendmessage(const void *buf, size_t size);
36ssize_t vc_openssl_receivemessage(void *buf, size_t size);
37void vc_openssl_cleanup();
38char *vc_openssl_version();
39#endif
40
41#ifdef TLS_LIB_MBEDTLS
42void vc_mbedtls_init_x509store(vc_x509store_t *);
43int vc_mbedtls_connect(int serverfd, vc_x509store_t *);
44ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size);
45ssize_t vc_mbedtls_receivemessage(void *buf, size_t size);
46void vc_mbedtls_cleanup();
47char *vc_mbedtls_version();
48#endif
32 49
33#define VC_X509S_USE_CAFILE 0x01 50#define VC_X509S_USE_CAFILE 0x01
34#define VC_X509S_USE_CAPATH 0x02 51#define VC_X509S_USE_CAPATH 0x02
diff --git a/vchat.h b/vchat.h
index dbd5a9f..412566a 100755
--- a/vchat.h
+++ b/vchat.h
@@ -44,6 +44,7 @@ typedef enum {
44 CF_FINGERPRINT, 44 CF_FINGERPRINT,
45 CF_PINFINGER, 45 CF_PINFINGER,
46 CF_USESSL, 46 CF_USESSL,
47 CF_TLSLIB,
47 CF_IGNSSL, 48 CF_IGNSSL,
48 CF_VERIFYSSL, 49 CF_VERIFYSSL,
49 CF_USECERT, 50 CF_USECERT,
@@ -243,5 +244,3 @@ typedef struct {
243 244
244/* vchat-tls.c */ 245/* vchat-tls.c */
245extern const char *vchat_tls_version; 246extern const char *vchat_tls_version;
246extern const char *vchat_tls_version_external;
247void vchat_tls_get_version_external();