diff options
-rwxr-xr-x | vchat-client.c | 5 | ||||
-rwxr-xr-x | vchat-commands.c | 2 | ||||
-rwxr-xr-x | vchat-config.h | 1 | ||||
-rw-r--r-- | vchat-connection.c | 110 | ||||
-rw-r--r-- | vchat-connection.h | 2 | ||||
-rwxr-xr-x | vchat-tls.c | 73 | ||||
-rwxr-xr-x | vchat-tls.h | 27 | ||||
-rwxr-xr-x | vchat.h | 3 |
8 files changed, 159 insertions, 64 deletions
diff --git a/vchat-client.c b/vchat-client.c index d1afaa2..a22df94 100755 --- a/vchat-client.c +++ b/vchat-client.c | |||
@@ -430,7 +430,7 @@ void versions() { | |||
430 | puts(vchat_us_version); | 430 | puts(vchat_us_version); |
431 | puts(vchat_cm_version); | 431 | puts(vchat_cm_version); |
432 | puts(vchat_tls_version); | 432 | puts(vchat_tls_version); |
433 | puts(vchat_tls_version_external); | 433 | puts(vchat_tls_version_external()); |
434 | } | 434 | } |
435 | 435 | ||
436 | /* main - d'oh */ | 436 | /* main - d'oh */ |
@@ -443,9 +443,6 @@ int main(int argc, char **argv) { | |||
443 | loadconfig(GLOBAL_CONFIG_FILE); | 443 | loadconfig(GLOBAL_CONFIG_FILE); |
444 | loadconfig(getstroption(CF_CONFIGFILE)); | 444 | loadconfig(getstroption(CF_CONFIGFILE)); |
445 | 445 | ||
446 | /* make SSL version used visible */ | ||
447 | vchat_tls_get_version_external(); | ||
448 | |||
449 | /* parse commandline */ | 446 | /* parse commandline */ |
450 | while (cmdsunparsed) { | 447 | while (cmdsunparsed) { |
451 | pchar = getopt(argc, argv, "C:F:lzs:p:c:n:f:kKL:hv"); | 448 | pchar = getopt(argc, argv, "C:F:lzs:p:c:n:f:kKL:hv"); |
diff --git a/vchat-commands.c b/vchat-commands.c index 9aa3abd..3ef3132 100755 --- a/vchat-commands.c +++ b/vchat-commands.c | |||
@@ -449,7 +449,7 @@ void command_version(char *tail) { | |||
449 | writeout(vchat_us_version); | 449 | writeout(vchat_us_version); |
450 | writeout(vchat_cm_version); | 450 | writeout(vchat_cm_version); |
451 | writeout(vchat_tls_version); | 451 | writeout(vchat_tls_version); |
452 | writeout(vchat_tls_version_external); | 452 | writeout(vchat_tls_version_external()); |
453 | showout(); | 453 | showout(); |
454 | } | 454 | } |
455 | 455 | ||
diff --git a/vchat-config.h b/vchat-config.h index 56e0b60..24365dc 100755 --- a/vchat-config.h +++ b/vchat-config.h | |||
@@ -43,6 +43,7 @@ static volatile configoption configoptions[] = { | |||
43 | {CF_PINFINGER, CO_INT, "pinfinger", (char *) 0, (char *)-1, { NULL } }, | 43 | {CF_PINFINGER, CO_INT, "pinfinger", (char *) 0, (char *)-1, { NULL } }, |
44 | {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }}, | 44 | {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }}, |
45 | {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } }, | 45 | {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } }, |
46 | {CF_TLSLIB, CO_STR, "tlslib", "mbedtls", NULL, { NULL } }, | ||
46 | {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } }, | 47 | {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } }, |
47 | {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } }, | 48 | {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } }, |
48 | {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } }, | 49 | {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } }, |
diff --git a/vchat-connection.c b/vchat-connection.c index 165ed9b..4680b6e 100644 --- a/vchat-connection.c +++ b/vchat-connection.c | |||
@@ -35,6 +35,9 @@ | |||
35 | static int serverfd = -1; | 35 | static int serverfd = -1; |
36 | unsigned int want_tcp_keepalive = 0; | 36 | unsigned int want_tcp_keepalive = 0; |
37 | 37 | ||
38 | enum { TLS_ENGINE_UNSET, TLS_ENGINE_OPENSSL, TLS_ENGINE_MBEDTLS }; | ||
39 | static int _engine = TLS_ENGINE_UNSET; | ||
40 | |||
38 | #define STAGING_SIZE 16384 | 41 | #define STAGING_SIZE 16384 |
39 | #define RECEIVEBUF_SIZE 4096 | 42 | #define RECEIVEBUF_SIZE 4096 |
40 | 43 | ||
@@ -87,6 +90,7 @@ int vc_connect(const char *server, const char *port) { | |||
87 | 90 | ||
88 | /* pointer to tilde-expanded certificate/keyfile-names */ | 91 | /* pointer to tilde-expanded certificate/keyfile-names */ |
89 | char *certfile, *cafile; | 92 | char *certfile, *cafile; |
93 | int result = -1, want_openssl = !strcmp(getstroption(CF_TLSLIB), "openssl"); | ||
90 | 94 | ||
91 | /* Connect to the server */ | 95 | /* Connect to the server */ |
92 | serverfd = connect_tcp_socket(server, port); | 96 | serverfd = connect_tcp_socket(server, port); |
@@ -100,8 +104,35 @@ int vc_connect(const char *server, const char *port) { | |||
100 | if (!getintoption(CF_USESSL)) | 104 | if (!getintoption(CF_USESSL)) |
101 | return 0; | 105 | return 0; |
102 | 106 | ||
107 | #ifdef TLS_LIB_OPENSSL | ||
108 | _engine = TLS_ENGINE_OPENSSL; | ||
109 | #endif | ||
110 | #ifdef TLS_LIB_MBEDTLS | ||
111 | /* Make mbedtls default unless mbedtls is configured */ | ||
112 | if (!want_openssl || _engine == TLS_ENGINE_UNSET) | ||
113 | _engine = TLS_ENGINE_MBEDTLS; | ||
114 | #endif | ||
115 | |||
116 | if (_engine == TLS_ENGINE_UNSET) { | ||
117 | writecf(FS_ERR, "Error: tls requested but no tls engine compiled in."); | ||
118 | return -1; | ||
119 | } | ||
120 | |||
121 | if (want_openssl && _engine == TLS_ENGINE_MBEDTLS) | ||
122 | writecf(FS_SERV, "Warning: tls engine openssl requested but openssl engine not compiled in. Using mbedtls"); | ||
123 | |||
124 | if (!want_openssl && _engine == TLS_ENGINE_OPENSSL) | ||
125 | writecf(FS_SERV, "Warning: tls engine mbedtls requested but mbedts engine not compiled in. Using openssl"); | ||
126 | |||
103 | /* If SSL is requested, get our ssl-BIO running */ | 127 | /* If SSL is requested, get our ssl-BIO running */ |
104 | vc_init_x509store(&vc_store); | 128 | #ifdef TLS_LIB_OPENSSL |
129 | if (_engine == TLS_ENGINE_OPENSSL) | ||
130 | vc_openssl_init_x509store(&vc_store); | ||
131 | #endif | ||
132 | #ifdef TLS_LIB_MBEDTLS | ||
133 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
134 | vc_mbedtls_init_x509store(&vc_store); | ||
135 | #endif | ||
105 | 136 | ||
106 | /* get name of certificate file */ | 137 | /* get name of certificate file */ |
107 | certfile = get_tilde_expanded(CF_CERTFILE); | 138 | certfile = get_tilde_expanded(CF_CERTFILE); |
@@ -127,14 +158,30 @@ int vc_connect(const char *server, const char *port) { | |||
127 | free(cafile); | 158 | free(cafile); |
128 | 159 | ||
129 | /* upgrade our plain BIO to ssl */ | 160 | /* upgrade our plain BIO to ssl */ |
130 | int result = vc_tls_connect(serverfd, &vc_store); | 161 | #ifdef TLS_LIB_OPENSSL |
162 | if (_engine == TLS_ENGINE_OPENSSL) | ||
163 | result = vc_openssl_connect(serverfd, &vc_store); | ||
164 | #endif | ||
165 | #ifdef TLS_LIB_MBEDTLS | ||
166 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
167 | result = vc_mbedtls_connect(serverfd, &vc_store); | ||
168 | #endif | ||
131 | vc_cleanup_x509store(&vc_store); | 169 | vc_cleanup_x509store(&vc_store); |
132 | 170 | ||
133 | if (result) { | 171 | if (result) { |
134 | close(serverfd); | 172 | close(serverfd); |
135 | serverfd = -1; | 173 | serverfd = -1; |
136 | errno = EIO; | 174 | errno = EIO; |
137 | vc_tls_cleanup(); | 175 | #ifdef TLS_LIB_OPENSSL |
176 | if (_engine == TLS_ENGINE_OPENSSL) | ||
177 | vc_openssl_cleanup(); | ||
178 | #endif | ||
179 | #ifdef TLS_LIB_MBEDTLS | ||
180 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
181 | vc_mbedtls_cleanup(); | ||
182 | #endif | ||
183 | |||
184 | _engine = TLS_ENGINE_UNSET; | ||
138 | snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_CANTCONNECT), server, port); | 185 | snprintf(tmpstr, TMPSTRSIZE, getformatstr(FS_CANTCONNECT), server, port); |
139 | writechan(tmpstr); | 186 | writechan(tmpstr); |
140 | return -1; | 187 | return -1; |
@@ -175,27 +222,42 @@ void vc_disconnect() { | |||
175 | close(serverfd); | 222 | close(serverfd); |
176 | serverfd = -1; | 223 | serverfd = -1; |
177 | } | 224 | } |
178 | vc_tls_cleanup(); | 225 | #ifdef TLS_LIB_OPENSSL |
226 | if (_engine == TLS_ENGINE_OPENSSL) | ||
227 | vc_openssl_cleanup(); | ||
228 | #endif | ||
229 | #ifdef TLS_LIB_MBEDTLS | ||
230 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
231 | vc_mbedtls_cleanup(); | ||
232 | #endif | ||
233 | |||
234 | _engine = TLS_ENGINE_UNSET; | ||
179 | loggedin = 0; | 235 | loggedin = 0; |
180 | } | 236 | } |
181 | 237 | ||
182 | void vc_sendmessage(const char *msg) { | 238 | void vc_sendmessage(const char *msg) { |
183 | static char staging[STAGING_SIZE]; | 239 | static char staging[STAGING_SIZE]; |
184 | size_t sent, len = snprintf(staging, sizeof(staging), "%s\r\n", msg); | 240 | size_t sent = 0, len = snprintf(staging, sizeof(staging), "%s\r\n", msg); |
185 | #ifdef DEBUG | 241 | #ifdef DEBUG |
186 | /* debugging? log network output! */ | 242 | /* debugging? log network output! */ |
187 | fprintf(dumpfile, ">| (%zd) %s\n", len - 2, msg); | 243 | fprintf(dumpfile, ">| (%zd) %s\n", len - 2, msg); |
188 | #endif | 244 | #endif |
189 | 245 | ||
190 | if (getintoption(CF_USESSL)) | 246 | if (getintoption(CF_USESSL)) { |
191 | sent = vc_tls_sendmessage(staging, len); | 247 | #ifdef TLS_LIB_OPENSSL |
192 | else | 248 | if (_engine == TLS_ENGINE_OPENSSL) |
249 | sent = vc_openssl_sendmessage(staging, len); | ||
250 | #endif | ||
251 | #ifdef TLS_LIB_MBEDTLS | ||
252 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
253 | sent = vc_mbedtls_sendmessage(staging, len); | ||
254 | #endif | ||
255 | } else | ||
193 | sent = write(serverfd, staging, len); | 256 | sent = write(serverfd, staging, len); |
194 | if (sent != len) | 257 | if (sent != len) |
195 | writecf(FS_ERR, "Message sending fuzzy."); | 258 | writecf(FS_ERR, "Message sending fuzzy."); |
196 | } | 259 | } |
197 | 260 | ||
198 | |||
199 | /* get data from servers connection */ | 261 | /* get data from servers connection */ |
200 | int vc_receive(void) { | 262 | int vc_receive(void) { |
201 | /* offset in buffer (for linebreaks at packet borders) */ | 263 | /* offset in buffer (for linebreaks at packet borders) */ |
@@ -203,12 +265,19 @@ int vc_receive(void) { | |||
203 | static size_t buf_fill; | 265 | static size_t buf_fill; |
204 | char *endmsg; | 266 | char *endmsg; |
205 | size_t freebytes = sizeof(buf) - buf_fill; | 267 | size_t freebytes = sizeof(buf) - buf_fill; |
206 | ssize_t bytes; | 268 | ssize_t bytes = 0; |
207 | 269 | ||
208 | if (!getintoption(CF_USESSL)) | 270 | if (!getintoption(CF_USESSL)) |
209 | bytes = read(serverfd, buf + buf_fill, freebytes); | 271 | bytes = read(serverfd, buf + buf_fill, freebytes); |
210 | else | 272 | else |
211 | bytes = vc_tls_receivemessage(buf + buf_fill, freebytes); | 273 | #ifdef TLS_LIB_OPENSSL |
274 | if (_engine == TLS_ENGINE_OPENSSL) | ||
275 | bytes = vc_openssl_receivemessage(buf + buf_fill, freebytes); | ||
276 | #endif | ||
277 | #ifdef TLS_LIB_MBEDTLS | ||
278 | if (_engine == TLS_ENGINE_MBEDTLS) | ||
279 | bytes = vc_mbedtls_receivemessage(buf + buf_fill, freebytes); | ||
280 | #endif | ||
212 | 281 | ||
213 | /* Our tls functions may require retries with handshakes etc, this is | 282 | /* Our tls functions may require retries with handshakes etc, this is |
214 | * signalled by -2 */ | 283 | * signalled by -2 */ |
@@ -255,3 +324,22 @@ int vc_receive(void) { | |||
255 | } | 324 | } |
256 | return 0; | 325 | return 0; |
257 | } | 326 | } |
327 | |||
328 | const char *vchat_tls_version_external() { | ||
329 | #ifdef TLS_LIB_OPENSSL | ||
330 | char *openssl_version = vc_openssl_version(); | ||
331 | #else | ||
332 | char *openssl_version = strdup("not installed"); | ||
333 | #endif | ||
334 | #ifdef TLS_LIB_MBEDTLS | ||
335 | char *mbedtls_version = vc_mbedtls_version(); | ||
336 | #else | ||
337 | char *mbedtls_version = strdup("not installed"); | ||
338 | #endif | ||
339 | |||
340 | snprintf(tmpstr, TMPSTRSIZE, "Module plain v0.1\nModule openssl version: %s\nModule mbedtls version: %s", openssl_version, mbedtls_version); | ||
341 | |||
342 | free(openssl_version); | ||
343 | free(mbedtls_version); | ||
344 | return tmpstr; | ||
345 | } | ||
diff --git a/vchat-connection.h b/vchat-connection.h index 2889c82..766dc0a 100644 --- a/vchat-connection.h +++ b/vchat-connection.h | |||
@@ -7,3 +7,5 @@ void vc_sendmessage(const char *message); | |||
7 | int vc_receive(); | 7 | int vc_receive(); |
8 | int vc_poll(); | 8 | int vc_poll(); |
9 | void vc_disconnect(); | 9 | void vc_disconnect(); |
10 | |||
11 | const char *vchat_tls_version_external(); | ||
diff --git a/vchat-tls.c b/vchat-tls.c index d2f3b01..f326b91 100755 --- a/vchat-tls.c +++ b/vchat-tls.c | |||
@@ -28,8 +28,6 @@ | |||
28 | 28 | ||
29 | const char *vchat_tls_version = | 29 | const char *vchat_tls_version = |
30 | "vchat-tls.c $Id$"; | 30 | "vchat-tls.c $Id$"; |
31 | const char *vchat_tls_version_external = | ||
32 | "Unknown implementation; version unknown"; | ||
33 | 31 | ||
34 | /* Helpers to work with vc_x509store_t used by all tls libs */ | 32 | /* Helpers to work with vc_x509store_t used by all tls libs */ |
35 | void vc_cleanup_x509store(vc_x509store_t *store) { | 33 | void vc_cleanup_x509store(vc_x509store_t *store) { |
@@ -133,15 +131,6 @@ cleanup_happy: | |||
133 | return 0; | 131 | return 0; |
134 | } | 132 | } |
135 | 133 | ||
136 | #if defined(TLS_LIB_OPENSSL) && defined(TLS_LIB_MBEDTLS) | ||
137 | #error \ | ||
138 | "Both TLS_LIB_OPENSSL and TLS_LIB_MBEDTLS are defined. Please select only one." | ||
139 | #endif | ||
140 | #if !defined(TLS_LIB_OPENSSL) && !defined(TLS_LIB_MBEDTLS) | ||
141 | #error \ | ||
142 | "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select exactly one." | ||
143 | #endif | ||
144 | |||
145 | #ifdef TLS_LIB_OPENSSL | 134 | #ifdef TLS_LIB_OPENSSL |
146 | 135 | ||
147 | #include <openssl/bio.h> | 136 | #include <openssl/bio.h> |
@@ -152,13 +141,13 @@ cleanup_happy: | |||
152 | #include <openssl/x509.h> | 141 | #include <openssl/x509.h> |
153 | #include <openssl/x509v3.h> | 142 | #include <openssl/x509v3.h> |
154 | 143 | ||
155 | void vchat_tls_get_version_external() { | 144 | char *vc_openssl_version() { |
156 | snprintf(tmpstr, sizeof(tmpstr), "OpenSSL %s with %s", | 145 | snprintf(tmpstr, sizeof(tmpstr), "OpenSSL %s with %s", |
157 | SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS)); | 146 | SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS)); |
158 | vchat_tls_version_external = strdup(tmpstr); | 147 | return strdup(tmpstr); |
159 | } | 148 | } |
160 | 149 | ||
161 | void vc_init_x509store(vc_x509store_t *store) { | 150 | void vc_openssl_init_x509store(vc_x509store_t *store) { |
162 | static int sslinit; | 151 | static int sslinit; |
163 | if (!sslinit++) { | 152 | if (!sslinit++) { |
164 | SSL_library_init(); | 153 | SSL_library_init(); |
@@ -243,7 +232,7 @@ static SSL_CTX *vc_create_sslctx(vc_x509store_t *vc_store) { | |||
243 | return (ctx); | 232 | return (ctx); |
244 | } | 233 | } |
245 | 234 | ||
246 | int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | 235 | int vc_openssl_connect(int serverfd, vc_x509store_t *vc_store) { |
247 | SSL_CTX *ctx = vc_create_sslctx(vc_store); | 236 | SSL_CTX *ctx = vc_create_sslctx(vc_store); |
248 | X509 *peercert = NULL; | 237 | X509 *peercert = NULL; |
249 | BIO *ssl_conn = NULL; | 238 | BIO *ssl_conn = NULL; |
@@ -261,6 +250,10 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
261 | 250 | ||
262 | long j; | 251 | long j; |
263 | 252 | ||
253 | writecf(FS_SERV, "[SOCKET CONNECTED ]"); | ||
254 | writecf(FS_SERV, "[UPGRADING TO TLS ]"); | ||
255 | writecf(FS_SERV, "[TLS ENGINE OPENSSL ]"); | ||
256 | |||
264 | if (!ctx) | 257 | if (!ctx) |
265 | goto all_errors; | 258 | goto all_errors; |
266 | 259 | ||
@@ -286,13 +279,13 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
286 | cipher = SSL_get_current_cipher(sslp); | 279 | cipher = SSL_get_current_cipher(sslp); |
287 | if (cipher) { | 280 | if (cipher) { |
288 | char cipher_desc[TMPSTRSIZE]; | 281 | char cipher_desc[TMPSTRSIZE]; |
289 | snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER ] %s", | 282 | snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER ] %s", |
290 | SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE)); | 283 | SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE)); |
291 | writecf(FS_SERV, tmpstr); | 284 | writecf(FS_SERV, tmpstr); |
292 | } else { | 285 | } else { |
293 | snprintf( | 286 | snprintf( |
294 | tmpstr, TMPSTRSIZE, | 287 | tmpstr, TMPSTRSIZE, |
295 | "[SSL ERROR ] Cipher not known / SSL object can't be queried!"); | 288 | "[SSL ERROR ] Cipher not known / SSL object can't be queried!"); |
296 | writecf(FS_ERR, tmpstr); | 289 | writecf(FS_ERR, tmpstr); |
297 | } | 290 | } |
298 | 291 | ||
@@ -302,10 +295,10 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
302 | goto ssl_error; | 295 | goto ssl_error; |
303 | 296 | ||
304 | /* show basic information about peer cert */ | 297 | /* show basic information about peer cert */ |
305 | snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT ] %s", | 298 | snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT ] %s", |
306 | X509_NAME_oneline(X509_get_subject_name(peercert), 0, 0)); | 299 | X509_NAME_oneline(X509_get_subject_name(peercert), 0, 0)); |
307 | writecf(FS_SERV, tmpstr); | 300 | writecf(FS_SERV, tmpstr); |
308 | snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER ] %s", | 301 | snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER ] %s", |
309 | X509_NAME_oneline(X509_get_issuer_name(peercert), 0, 0)); | 302 | X509_NAME_oneline(X509_get_issuer_name(peercert), 0, 0)); |
310 | writecf(FS_SERV, tmpstr); | 303 | writecf(FS_SERV, tmpstr); |
311 | 304 | ||
@@ -318,7 +311,7 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
318 | fp += sprintf(fp, "%02X:", fingerprint_bin[j]); | 311 | fp += sprintf(fp, "%02X:", fingerprint_bin[j]); |
319 | assert(fp > fingerprint); | 312 | assert(fp > fingerprint); |
320 | fp[-1] = 0; | 313 | fp[-1] = 0; |
321 | snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] %s (from server)", | 314 | snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] %s (from server)", |
322 | fingerprint); | 315 | fingerprint); |
323 | writecf(FS_SERV, tmpstr); | 316 | writecf(FS_SERV, tmpstr); |
324 | 317 | ||
@@ -333,12 +326,12 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
333 | return 0; | 326 | return 0; |
334 | 327 | ||
335 | if (getintoption(CF_IGNSSL)) { | 328 | if (getintoption(CF_IGNSSL)) { |
336 | writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!"); | 329 | writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!"); |
337 | return 0; | 330 | return 0; |
338 | } | 331 | } |
339 | 332 | ||
340 | ssl_error: | 333 | ssl_error: |
341 | snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", | 334 | snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR ] %s", |
342 | ERR_error_string(ERR_get_error(), NULL)); | 335 | ERR_error_string(ERR_get_error(), NULL)); |
343 | writecf(FS_ERR, tmpstr); | 336 | writecf(FS_ERR, tmpstr); |
344 | all_errors: | 337 | all_errors: |
@@ -396,18 +389,18 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store) { | |||
396 | 389 | ||
397 | int vc_verify_callback(int ok, X509_STORE_CTX *store) { | 390 | int vc_verify_callback(int ok, X509_STORE_CTX *store) { |
398 | if (!ok) { | 391 | if (!ok) { |
399 | snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", | 392 | snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", |
400 | X509_verify_cert_error_string(X509_STORE_CTX_get_error(store))); | 393 | X509_verify_cert_error_string(X509_STORE_CTX_get_error(store))); |
401 | writecf(FS_ERR, tmpstr); | 394 | writecf(FS_ERR, tmpstr); |
402 | } | 395 | } |
403 | return (ok | getintoption(CF_IGNSSL)); | 396 | return (ok | getintoption(CF_IGNSSL)); |
404 | } | 397 | } |
405 | 398 | ||
406 | ssize_t vc_tls_sendmessage(const void *buf, size_t size) { | 399 | ssize_t vc_openssl_sendmessage(const void *buf, size_t size) { |
407 | return BIO_write(server_conn, buf, size); | 400 | return BIO_write(server_conn, buf, size); |
408 | } | 401 | } |
409 | 402 | ||
410 | ssize_t vc_tls_receivemessage(void *buf, size_t size) { | 403 | ssize_t vc_openssl_receivemessage(void *buf, size_t size) { |
411 | ssize_t received = (ssize_t)BIO_read(server_conn, buf, size); | 404 | ssize_t received = (ssize_t)BIO_read(server_conn, buf, size); |
412 | if (received != 0) | 405 | if (received != 0) |
413 | return received; | 406 | return received; |
@@ -416,7 +409,7 @@ ssize_t vc_tls_receivemessage(void *buf, size_t size) { | |||
416 | return 0; | 409 | return 0; |
417 | } | 410 | } |
418 | 411 | ||
419 | void vc_tls_cleanup() { | 412 | void vc_openssl_cleanup() { |
420 | BIO_free_all(server_conn); | 413 | BIO_free_all(server_conn); |
421 | server_conn = NULL; | 414 | server_conn = NULL; |
422 | } | 415 | } |
@@ -451,9 +444,9 @@ typedef struct { | |||
451 | } mbedstate; | 444 | } mbedstate; |
452 | static mbedstate _mbedtls_state; | 445 | static mbedstate _mbedtls_state; |
453 | 446 | ||
454 | void vchat_tls_get_version_external() { | 447 | char *vc_mbedtls_version() { |
455 | snprintf(tmpstr, sizeof(tmpstr), "%s", MBEDTLS_VERSION_STRING_FULL); | 448 | snprintf(tmpstr, sizeof(tmpstr), "%s", MBEDTLS_VERSION_STRING_FULL); |
456 | vchat_tls_version_external = strdup(tmpstr); | 449 | return strdup(tmpstr); |
457 | } | 450 | } |
458 | 451 | ||
459 | static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len) { | 452 | static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len) { |
@@ -463,16 +456,13 @@ static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len) { | |||
463 | return send((int)(intptr_t)ctx, buf, len, 0); | 456 | return send((int)(intptr_t)ctx, buf, len, 0); |
464 | } | 457 | } |
465 | static int map_openssl_suite(char *openssl_name); | 458 | static int map_openssl_suite(char *openssl_name); |
466 | void vc_init_x509store(vc_x509store_t *store) { | 459 | void vc_mbedtls_init_x509store(vc_x509store_t *store) { |
467 | static int sslinit; | 460 | mbedtls_entropy_init(&_mbedtls_state._entropy); |
468 | if (!sslinit++) { | 461 | mbedtls_ctr_drbg_init(&_mbedtls_state._ctr_drbg); |
469 | mbedtls_entropy_init(&_mbedtls_state._entropy); | ||
470 | mbedtls_ctr_drbg_init(&_mbedtls_state._ctr_drbg); | ||
471 | 462 | ||
472 | mbedtls_ctr_drbg_seed(&_mbedtls_state._ctr_drbg, mbedtls_entropy_func, | 463 | mbedtls_ctr_drbg_seed(&_mbedtls_state._ctr_drbg, mbedtls_entropy_func, |
473 | &_mbedtls_state._entropy, | 464 | &_mbedtls_state._entropy, |
474 | (const unsigned char *)DRBG_PERS, sizeof(DRBG_PERS)); | 465 | (const unsigned char *)DRBG_PERS, sizeof(DRBG_PERS)); |
475 | } | ||
476 | memset(store, 0, sizeof(vc_x509store_t)); | 466 | memset(store, 0, sizeof(vc_x509store_t)); |
477 | 467 | ||
478 | /* We want to make verifying the peer the default */ | 468 | /* We want to make verifying the peer the default */ |
@@ -485,7 +475,7 @@ static void vc_tls_report_error(int error, char *message) { | |||
485 | writecf(FS_ERR, tmpstr); | 475 | writecf(FS_ERR, tmpstr); |
486 | } | 476 | } |
487 | 477 | ||
488 | int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | 478 | int vc_mbedtls_connect(int serverfd, vc_x509store_t *vc_store) { |
489 | /* Some aliases for shorter references */ | 479 | /* Some aliases for shorter references */ |
490 | mbedstate *s = &_mbedtls_state; | 480 | mbedstate *s = &_mbedtls_state; |
491 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; | 481 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; |
@@ -502,6 +492,7 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
502 | 492 | ||
503 | writecf(FS_SERV, "[SOCKET CONNECTED ]"); | 493 | writecf(FS_SERV, "[SOCKET CONNECTED ]"); |
504 | writecf(FS_SERV, "[UPGRADING TO TLS ]"); | 494 | writecf(FS_SERV, "[UPGRADING TO TLS ]"); |
495 | writecf(FS_SERV, "[TLS ENGINE MBEDTLS ]"); | ||
505 | 496 | ||
506 | if ((ret = mbedtls_ssl_config_defaults(conf, MBEDTLS_SSL_IS_CLIENT, | 497 | if ((ret = mbedtls_ssl_config_defaults(conf, MBEDTLS_SSL_IS_CLIENT, |
507 | MBEDTLS_SSL_TRANSPORT_STREAM, | 498 | MBEDTLS_SSL_TRANSPORT_STREAM, |
@@ -688,11 +679,11 @@ int vc_tls_connect(int serverfd, vc_x509store_t *vc_store) { | |||
688 | return 0; | 679 | return 0; |
689 | } | 680 | } |
690 | 681 | ||
691 | ssize_t vc_tls_sendmessage(const void *buf, size_t size) { | 682 | ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size) { |
692 | return mbedtls_ssl_write(&_mbedtls_state._ssl, buf, size); | 683 | return mbedtls_ssl_write(&_mbedtls_state._ssl, buf, size); |
693 | } | 684 | } |
694 | 685 | ||
695 | ssize_t vc_tls_receivemessage(void *buf, size_t size) { | 686 | ssize_t vc_mbedtls_receivemessage(void *buf, size_t size) { |
696 | ssize_t received = (ssize_t)mbedtls_ssl_read(&_mbedtls_state._ssl, buf, size); | 687 | ssize_t received = (ssize_t)mbedtls_ssl_read(&_mbedtls_state._ssl, buf, size); |
697 | switch (received) { | 688 | switch (received) { |
698 | case MBEDTLS_ERR_SSL_WANT_READ: | 689 | case MBEDTLS_ERR_SSL_WANT_READ: |
@@ -709,7 +700,7 @@ ssize_t vc_tls_receivemessage(void *buf, size_t size) { | |||
709 | } | 700 | } |
710 | } | 701 | } |
711 | 702 | ||
712 | void vc_tls_cleanup() { | 703 | void vc_mbedtls_cleanup() { |
713 | mbedtls_x509_crt_free(&_mbedtls_state._cacert); | 704 | mbedtls_x509_crt_free(&_mbedtls_state._cacert); |
714 | mbedtls_x509_crt_free(&_mbedtls_state._cert); | 705 | mbedtls_x509_crt_free(&_mbedtls_state._cert); |
715 | mbedtls_pk_free(&_mbedtls_state._key); | 706 | mbedtls_pk_free(&_mbedtls_state._key); |
diff --git a/vchat-tls.h b/vchat-tls.h index 17d2687..5399820 100755 --- a/vchat-tls.h +++ b/vchat-tls.h | |||
@@ -14,7 +14,6 @@ struct vc_x509store_t { | |||
14 | }; | 14 | }; |
15 | typedef struct vc_x509store_t vc_x509store_t; | 15 | typedef struct vc_x509store_t vc_x509store_t; |
16 | 16 | ||
17 | void vc_init_x509store(vc_x509store_t *); | ||
18 | void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); | 17 | void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); |
19 | void vc_x509store_setflags(vc_x509store_t *, int); | 18 | void vc_x509store_setflags(vc_x509store_t *, int); |
20 | void vc_x509store_setkeyfile(vc_x509store_t *, char *); | 19 | void vc_x509store_setkeyfile(vc_x509store_t *, char *); |
@@ -25,10 +24,28 @@ void vc_x509store_setcapath(vc_x509store_t *, char *); | |||
25 | void vc_x509store_setcrlfile(vc_x509store_t *, char *); | 24 | void vc_x509store_setcrlfile(vc_x509store_t *, char *); |
26 | void vc_cleanup_x509store(vc_x509store_t *s); | 25 | void vc_cleanup_x509store(vc_x509store_t *s); |
27 | 26 | ||
28 | int vc_tls_connect(int serverfd, vc_x509store_t *); | 27 | #if !defined(TLS_LIB_OPENSSL) && !defined(TLS_LIB_MBEDTLS) |
29 | ssize_t vc_tls_sendmessage(const void *buf, size_t size); | 28 | #error \ |
30 | ssize_t vc_tls_receivemessage(void *buf, size_t size); | 29 | "Neither TLS_LIB_OPENSSL nor TLS_LIB_MBEDTLS are defined. Please select exactly one." |
31 | void vc_tls_cleanup(); | 30 | #endif |
31 | |||
32 | #ifdef TLS_LIB_OPENSSL | ||
33 | void vc_openssl_init_x509store(vc_x509store_t *); | ||
34 | int vc_openssl_connect(int serverfd, vc_x509store_t *); | ||
35 | ssize_t vc_openssl_sendmessage(const void *buf, size_t size); | ||
36 | ssize_t vc_openssl_receivemessage(void *buf, size_t size); | ||
37 | void vc_openssl_cleanup(); | ||
38 | char *vc_openssl_version(); | ||
39 | #endif | ||
40 | |||
41 | #ifdef TLS_LIB_MBEDTLS | ||
42 | void vc_mbedtls_init_x509store(vc_x509store_t *); | ||
43 | int vc_mbedtls_connect(int serverfd, vc_x509store_t *); | ||
44 | ssize_t vc_mbedtls_sendmessage(const void *buf, size_t size); | ||
45 | ssize_t vc_mbedtls_receivemessage(void *buf, size_t size); | ||
46 | void vc_mbedtls_cleanup(); | ||
47 | char *vc_mbedtls_version(); | ||
48 | #endif | ||
32 | 49 | ||
33 | #define VC_X509S_USE_CAFILE 0x01 | 50 | #define VC_X509S_USE_CAFILE 0x01 |
34 | #define VC_X509S_USE_CAPATH 0x02 | 51 | #define VC_X509S_USE_CAPATH 0x02 |
@@ -44,6 +44,7 @@ typedef enum { | |||
44 | CF_FINGERPRINT, | 44 | CF_FINGERPRINT, |
45 | CF_PINFINGER, | 45 | CF_PINFINGER, |
46 | CF_USESSL, | 46 | CF_USESSL, |
47 | CF_TLSLIB, | ||
47 | CF_IGNSSL, | 48 | CF_IGNSSL, |
48 | CF_VERIFYSSL, | 49 | CF_VERIFYSSL, |
49 | CF_USECERT, | 50 | CF_USECERT, |
@@ -243,5 +244,3 @@ typedef struct { | |||
243 | 244 | ||
244 | /* vchat-tls.c */ | 245 | /* vchat-tls.c */ |
245 | extern const char *vchat_tls_version; | 246 | extern const char *vchat_tls_version; |
246 | extern const char *vchat_tls_version_external; | ||
247 | void vchat_tls_get_version_external(); | ||