-/* Copyright (C) 2009-2012, Martin Johansson <martin@fatbob.nu>
- Copyright (C) 2005-2012, Thorvald Natvig <thorvald@natvig.com>
+/* Copyright (C) 2009-2014, Martin Johansson <martin@fatbob.nu>
+ Copyright (C) 2005-2014, Thorvald Natvig <thorvald@natvig.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
#ifndef SSL_H_987698
#define SSL_H_987698
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
+#include "config.h"
+#include "types.h"
+
+#include <inttypes.h>
+#include <stdio.h>
+#include <string.h>
-#ifdef USE_POLARSSL
+#if defined(USE_POLARSSL)
#include <polarssl/ssl.h>
#include <polarssl/version.h>
-#ifndef POLARSSL_VERSION_MAJOR
- #define POLARSSL_API_V0
-#else
-#if (POLARSSL_VERSION_MAJOR == 0)
- #define POLARSSL_API_V0
- #define HAVEGE_RAND (havege_rand)
- #define RAND_bytes(_dst_, _size_) do { \
- int i; \
- for (i = 0; i < _size_; i++) { \
- _dst_[i] = havege_rand(&hs); \
- } \
- } while (0)
+#if defined(POLARSSL_VERSION_MAJOR)
+#if (POLARSSL_VERSION_MAJOR < 1)
+#error PolarSSL version 1.0.0 or greater is required!
+#endif
#else
- #define POLARSSL_API_V1
+#error PolarSSL version 1.0.0 or greater is required!
+#endif
+
+#if defined(USE_POLARSSL_HAVEGE)
+#include <polarssl/havege.h>
#if (POLARSSL_VERSION_MINOR >= 1)
#define HAVEGE_RAND (havege_random)
#define RAND_bytes(_dst_, _size_) do { \
havege_random(&hs, _dst_, _size_); \
- } while (0)
+ } while (0)
#else
#define HAVEGE_RAND (havege_rand)
#define RAND_bytes(_dst_, _size_) do { \
- int i; \
- for (i = 0; i < _size_; i++) { \
- _dst_[i] = havege_rand(&hs); \
- } \
+ int i; \
+ for (i = 0; i < _size_; i++) { \
+ _dst_[i] = havege_rand(&hs); \
+ } \
} while (0)
#endif
-#endif
+#else
+#define RAND_bytes(_dst_, _size_) do { urandom_bytes(NULL, _dst_, _size_); } while (0)
+int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
#endif
-#else /* OpenSSL */
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
+#if (POLARSSL_VERSION_MINOR >= 2)
+ #define POLARSSL_API_V1_2_ABOVE
+#endif
+#if (POLARSSL_VERSION_MINOR == 3)
+ #define POLARSSL_API_V1_3_ABOVE
#endif
-#include "types.h"
-#include <inttypes.h>
-
-#ifdef USE_POLARSSL
#define SSLI_ERROR_WANT_READ -0x0F300 /* PolarSSL v0.x.x uses -0x0f00 -> --0x0f90, v1.x.x uses -0x7080 -> -0x7e80 */
#define SSLI_ERROR_WANT_WRITE -0x0F310
-#ifdef POLARSSL_API_V1
#define SSLI_ERROR_ZERO_RETURN 0
-#else
-#define SSLI_ERROR_ZERO_RETURN POLARSSL_ERR_NET_CONN_RESET
-#endif
#define SSLI_ERROR_CONNRESET POLARSSL_ERR_NET_CONN_RESET
#define SSLI_ERROR_SYSCALL POLARSSL_ERR_NET_RECV_FAILED
typedef ssl_context SSL_handle_t;
+#elif defined(USE_MBEDTLS)
+#include <mbedtls/version.h>
+
+#if !defined(MBEDTLS_VERSION_MAJOR) || (MBEDTLS_VERSION_MAJOR < 2)
+#error mbedTLS version 2.0.0 or greater is required!
+#endif
+
+#include <mbedtls/ssl.h>
+#if (MBEDTLS_VERSION_MINOR > 3)
+#include <mbedtls/net_sockets.h>
+#else
+#include <mbedtls/net.h>
+#endif
+
+#if defined(USE_MBEDTLS_HAVEGE)
+#include <mbedtls/havege.h>
+ #define HAVEGE_RAND (havege_random)
+ #define RAND_bytes(_dst_, _size_) do { \
+ mbedtls_havege_random(&hs, _dst_, _size_); \
+ } while (0)
#else
+#define RAND_bytes(_dst_, _size_) do { urandom_bytes(NULL, _dst_, _size_); } while (0)
+int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
+#endif
+
+#define SSLI_ERROR_WANT_READ -0x0F300 /* mbedTLS v0.x.x uses -0x0f00 -> --0x0f90, v1.x.x uses -0x7080 -> -0x7e80 */
+#define SSLI_ERROR_WANT_WRITE -0x0F310
+
+#define SSLI_ERROR_ZERO_RETURN 0
+#define SSLI_ERROR_CONNRESET MBEDTLS_ERR_NET_CONN_RESET
+#define SSLI_ERROR_SYSCALL MBEDTLS_ERR_NET_RECV_FAILED
+
+typedef mbedtls_ssl_context SSL_handle_t;
+
+#elif defined(USE_GNUTLS)
+
+#include <gnutls/gnutls.h>
+
+#define SSLI_ERROR_WANT_READ GNUTLS_E_AGAIN
+#define SSLI_ERROR_WANT_WRITE GNUTLS_E_AGAIN
+#define SSLI_ERROR_ZERO_RETURN GNUTLS_E_PREMATURE_TERMINATION
+#define SSLI_ERROR_CONNRESET GNUTLS_E_PREMATURE_TERMINATION
+#define SSLI_ERROR_SYSCALL GNUTLS_E_PREMATURE_TERMINATION
+
+typedef gnutls_session_t SSL_handle_t;
+
+#else /* OpenSSL */
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
#define SSLI_ERROR_WANT_READ SSL_ERROR_WANT_READ
#define SSLI_ERROR_WANT_WRITE SSL_ERROR_WANT_WRITE
for (i = 0; i < 20; i++)
offset += sprintf(out + offset, "%02x", hash[i]);
}
+
+static inline void SSLi_hex2hash(char *in, uint8_t *hash)
+{
+ int i;
+ char byte[3];
+ int scanned;
+
+ byte[2] = '\0';
+ for (i = 0; i < 20; i++) {
+ memcpy(byte, &in[i * 2], 2);
+ sscanf(byte, "%02x", &scanned);
+ hash[i] = scanned;
+ }
+}
#endif
+