diff options
| author | Rodrigo Arias Mallo <rodarima@gmail.com> | 2023-12-22 20:39:57 +0100 |
|---|---|---|
| committer | Rodrigo Arias Mallo <rodarima@gmail.com> | 2023-12-30 01:37:14 +0100 |
| commit | 7357e0ee1e8ae1ee9259a3181e400db0d570362b (patch) | |
| tree | 026805d25ea7500c160a113eae45c1a8019c7e6c /src/IO/tls.c | |
| parent | d3d890f3b48cf6f3494ed0d6d06b37e5376cd188 (diff) | |
Add support for OpenSSL, mbedTLS 2 and mbedTLS 3
Brings the previous OpenSSL implementation into src/IO/tls_openssl.c.
Now, the TLS functions have the implementation name as prefix, like
a_Tls_openssl_connect().
The generic interface at IO/tls.h hides the implementation which is
selected at configure time. The appropriate functions of that
implementation are called from IO/tls.c to IO/tls_<impl>.c. In this way,
support for more TLS libraries can easily be added.
In the case of mbedTLS, there are some incompatible changes from version
2 to 3, so we use some ifdefs to fix the differences.
Diffstat (limited to 'src/IO/tls.c')
| -rw-r--r-- | src/IO/tls.c | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/src/IO/tls.c b/src/IO/tls.c new file mode 100644 index 00000000..2a27c1a6 --- /dev/null +++ b/src/IO/tls.c @@ -0,0 +1,175 @@ +/* + * File: tls.c + * + * Copyright (C) 2011 Benjamin Johnson <obeythepenguin@users.sourceforge.net> + * (for the https code offered from dplus browser that formed the basis...) + * Copyright 2016 corvid + * Copyright (C) 2023 Rodrigo Arias Mallo <rodarima@gmail.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * As a special exception, permission is granted to link Dillo with the OpenSSL + * or LibreSSL library, and distribute the linked executables without + * including the source code for OpenSSL or LibreSSL in the source + * distribution. You must obey the GNU General Public License, version 3, in + * all respects for all of the code used other than OpenSSL or LibreSSL. + */ + +#include "config.h" +#include "../msg.h" + +#include "tls.h" +#include "tls_openssl.h" +#include "tls_mbedtls.h" + +void a_Tls_init() +{ +#if ! defined(ENABLE_TLS) + MSG("TLS: Disabled at compilation time.\n"); +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_init(); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_init(); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Return TLS connection information for a given file + * descriptor, or NULL if no TLS connection was found. + */ +void *a_Tls_connection(int fd) +{ +#if ! defined(ENABLE_TLS) + return NULL; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_connection(fd); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_connection(fd); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * The purpose here is to permit a single initial connection to a server. + * Once we have the certificate, know whether we like it -- and whether the + * user accepts it -- HTTP can run through queued sockets as normal. + * + * Return: TLS_CONNECT_READY or TLS_CONNECT_NOT_YET or TLS_CONNECT_NEVER. + */ +int a_Tls_connect_ready(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return TLS_CONNECT_NEVER; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_connect_ready(url); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_connect_ready(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Did everything seem proper with the certificate -- no warnings to + * click through? + */ +int a_Tls_certificate_is_clean(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_certificate_is_clean(url); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_certificate_is_clean(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Clean up the OpenSSL library + */ +void a_Tls_freeall(void) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_freeall(); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_freeall(); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + + +void a_Tls_reset_server_state(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_reset_server_state(url); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_reset_server_state(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +void a_Tls_connect(int fd, const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_connect(fd, url); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_connect(fd, url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +void a_Tls_close_by_fd(int fd) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_close_by_fd(fd); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_close_by_fd(fd); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +int a_Tls_read(void *conn, void *buf, size_t len) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_read(conn, buf, len); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_read(conn, buf, len); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +int a_Tls_write(void *conn, void *buf, size_t len) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_write(conn, buf, len); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_write(conn, buf, len); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} |