X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssl.h;h=3c59f440b109611174571e07e6f178781bd92b8d;hb=2ce951c559f61bdae2a424e378e40bfd6fc815ec;hp=8aa3f30b96c09056c9e49f41733532cb37ff4cbf;hpb=18d8a6a0b45e622bf18af3be30f1c60c2e1022e8;p=umurmur.git

diff --git a/src/ssl.h b/src/ssl.h
index 8aa3f30..3c59f44 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -1,6 +1,6 @@
-/* Copyright (C) 2009-2011, Martin Johansson <martin@fatbob.nu>
-   Copyright (C) 2005-2011, Thorvald Natvig <thorvald@natvig.com>
+/* Copyright (C) 2009-2014, Martin Johansson <martin@fatbob.nu>
 
+   Copyright (C) 2005-2014, Thorvald Natvig <thorvald@natvig.com>
    All rights reserved.
 
    Redistribution and use in source and binary forms, with or without
@@ -32,68 +32,110 @@
 #ifndef SSL_H_987698
 #define SSL_H_987698
 
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
+#include "config.h"
+#include "types.h"
+
+#include <inttypes.h>
+#include <string.h>
 
-#ifdef USE_POLARSSL
+#if defined(USE_POLARSSL)
 #include <polarssl/ssl.h>
 #include <polarssl/version.h>
 
-#ifndef POLARSSL_VERSION_MAJOR
-	#define POLARSSL_API_V0
-#else
-#if (POLARSSL_VERSION_MAJOR == 0)
-	#define POLARSSL_API_V0
-    #define HAVEGE_RAND (havege_rand)
-    #define RAND_bytes(_dst_, _size_) do { \
-	    int i; \
-	    for (i = 0; i < _size_; i++) { \
-	        _dst_[i] = havege_rand(&hs); \
-	    } \
-    } while (0)
+#if defined(POLARSSL_VERSION_MAJOR)
+#if (POLARSSL_VERSION_MAJOR < 1)
+#error PolarSSL version 1.0.0 or greater is required!
+#endif
 #else
-	#define POLARSSL_API_V1
+#error PolarSSL version 1.0.0 or greater is required!
+#endif
+
+#if defined(USE_POLARSSL_HAVEGE)
+#include <polarssl/havege.h>
     #if (POLARSSL_VERSION_MINOR >= 1)
         #define HAVEGE_RAND (havege_random)
         #define RAND_bytes(_dst_, _size_) do { \
 	        havege_random(&hs, _dst_, _size_); \
-		} while (0)
+        } while (0)
     #else
         #define HAVEGE_RAND (havege_rand)
         #define RAND_bytes(_dst_, _size_) do { \
-	         int i; \
-	         for (i = 0; i < _size_; i++) { \
-	             _dst_[i] = havege_rand(&hs); \
-	         } \
+            int i; \
+	        for (i = 0; i < _size_; i++) { \
+	            _dst_[i] = havege_rand(&hs); \
+	        } \
         } while (0)
     #endif
-#endif
+#else
+#define RAND_bytes(_dst_, _size_) do { urandom_bytes(NULL, _dst_, _size_); } while (0)
+int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
 #endif
 
-#else /* OpenSSL */
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
+#if (POLARSSL_VERSION_MINOR >= 2)
+    #define POLARSSL_API_V1_2_ABOVE
+#endif
+#if (POLARSSL_VERSION_MINOR == 3)
+    #define POLARSSL_API_V1_3_ABOVE
 #endif
 
-#include "types.h"
-#include <inttypes.h>
-
-#ifdef USE_POLARSSL
 #define SSLI_ERROR_WANT_READ -0x0F300 /* PolarSSL v0.x.x uses -0x0f00 -> --0x0f90, v1.x.x uses -0x7080 -> -0x7e80 */
 #define SSLI_ERROR_WANT_WRITE -0x0F310
 
-#ifdef POLARSSL_API_V1
 #define SSLI_ERROR_ZERO_RETURN 0
-#else
-#define SSLI_ERROR_ZERO_RETURN POLARSSL_ERR_NET_CONN_RESET
-#endif
 #define SSLI_ERROR_CONNRESET POLARSSL_ERR_NET_CONN_RESET
 #define SSLI_ERROR_SYSCALL POLARSSL_ERR_NET_RECV_FAILED
 
 typedef	ssl_context SSL_handle_t;
 
+#elif defined(USE_MBEDTLS)
+#include <mbedtls/version.h>
+
+#if !defined(MBEDTLS_VERSION_MAJOR) || (MBEDTLS_VERSION_MAJOR < 2)
+#error mbedTLS version 2.0.0 or greater is required!
+#endif
+
+#include <mbedtls/ssl.h>
+#if (MBEDTLS_VERSION_MINOR > 3)
+#include <mbedtls/net_sockets.h>
 #else
+#include <mbedtls/net.h>
+#endif
+
+#if defined(USE_MBEDTLS_HAVEGE)
+#include <mbedtls/havege.h>
+    #define HAVEGE_RAND (havege_random)
+    #define RAND_bytes(_dst_, _size_) do { \
+        mbedtls_havege_random(&hs, _dst_, _size_); \
+    } while (0)
+#else
+#define RAND_bytes(_dst_, _size_) do { urandom_bytes(NULL, _dst_, _size_); } while (0)
+int urandom_bytes(void *ctx, unsigned char *dest, size_t len);
+#endif
+
+#define SSLI_ERROR_WANT_READ -0x0F300 /* mbedTLS v0.x.x uses -0x0f00 -> --0x0f90, v1.x.x uses -0x7080 -> -0x7e80 */
+#define SSLI_ERROR_WANT_WRITE -0x0F310
+
+#define SSLI_ERROR_ZERO_RETURN 0
+#define SSLI_ERROR_CONNRESET MBEDTLS_ERR_NET_CONN_RESET
+#define SSLI_ERROR_SYSCALL MBEDTLS_ERR_NET_RECV_FAILED
+
+typedef	mbedtls_ssl_context SSL_handle_t;
+
+#elif defined(USE_GNUTLS)
+
+#include <gnutls/gnutls.h>
+
+#define SSLI_ERROR_WANT_READ GNUTLS_E_AGAIN
+#define SSLI_ERROR_WANT_WRITE GNUTLS_E_AGAIN
+#define SSLI_ERROR_ZERO_RETURN GNUTLS_E_PREMATURE_TERMINATION
+#define SSLI_ERROR_CONNRESET GNUTLS_E_PREMATURE_TERMINATION
+#define SSLI_ERROR_SYSCALL GNUTLS_E_PREMATURE_TERMINATION
+
+typedef gnutls_session_t SSL_handle_t;
+
+#else /* OpenSSL */
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
 
 #define SSLI_ERROR_WANT_READ SSL_ERROR_WANT_READ
 #define SSLI_ERROR_WANT_WRITE SSL_ERROR_WANT_WRITE
@@ -108,6 +150,7 @@ typedef SSL SSL_handle_t;
 void SSLi_init(void);
 void SSLi_deinit(void);
 SSL_handle_t *SSLi_newconnection(int *fd, bool_t *SSLready);
+bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash);
 void SSLi_closeconnection(SSL_handle_t *ssl);
 int SSLi_nonblockaccept(SSL_handle_t *ssl, bool_t *SSLready);
 int SSLi_read(SSL_handle_t *ssl, uint8_t *buf, int len);
@@ -117,4 +160,43 @@ bool_t SSLi_data_pending(SSL_handle_t *ssl);
 void SSLi_shutdown(SSL_handle_t *ssl);
 void SSLi_free(SSL_handle_t *ssl);
 
+static inline void SSLi_hash2hex(uint8_t *hash, char *out)
+{
+	const char hexdigits[] = "0123456789abcdef";
+	int i, offset = 0;
+	for (i = 0; i < 20; i++) {
+		out[offset++] = hexdigits[hash[i] >> 4];
+		out[offset++] = hexdigits[hash[i] & 0x0f];
+	}
+
+	out[offset] = '\0';
+}
+
+static inline uint8_t nibble(char c)
+{
+	if (c >= '0' && c <= '9')
+		return c - '0';
+
+	/* Force lower case so we don't need to check
+	 * for upper case characters.
+	 */
+	c |= 32;
+
+	return c - 'a' + 10;
+}
+
+static inline void SSLi_hex2hash(char *in, uint8_t *hash)
+{
+	int i, offset = 0;
+
+	for (i = 0; i < 20; i++) {
+		uint8_t upper, lower;
+
+		upper = nibble(in[offset++]);
+		lower = nibble(in[offset++]);
+
+		hash[i] = (upper << 4) | lower;
+	}
+}
 #endif
+