From 7357e0ee1e8ae1ee9259a3181e400db0d570362b Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Fri, 22 Dec 2023 20:39:57 +0100 Subject: Add support for OpenSSL, mbedTLS 2 and mbedTLS 3 Brings the previous OpenSSL implementation into src/IO/tls_openssl.c. Now, the TLS functions have the implementation name as prefix, like a_Tls_openssl_connect(). The generic interface at IO/tls.h hides the implementation which is selected at configure time. The appropriate functions of that implementation are called from IO/tls.c to IO/tls_.c. In this way, support for more TLS libraries can easily be added. In the case of mbedTLS, there are some incompatible changes from version 2 to 3, so we use some ifdefs to fix the differences. --- src/IO/tls.c | 175 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 src/IO/tls.c (limited to 'src/IO/tls.c') diff --git a/src/IO/tls.c b/src/IO/tls.c new file mode 100644 index 00000000..2a27c1a6 --- /dev/null +++ b/src/IO/tls.c @@ -0,0 +1,175 @@ +/* + * File: tls.c + * + * Copyright (C) 2011 Benjamin Johnson + * (for the https code offered from dplus browser that formed the basis...) + * Copyright 2016 corvid + * Copyright (C) 2023 Rodrigo Arias Mallo + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * As a special exception, permission is granted to link Dillo with the OpenSSL + * or LibreSSL library, and distribute the linked executables without + * including the source code for OpenSSL or LibreSSL in the source + * distribution. You must obey the GNU General Public License, version 3, in + * all respects for all of the code used other than OpenSSL or LibreSSL. + */ + +#include "config.h" +#include "../msg.h" + +#include "tls.h" +#include "tls_openssl.h" +#include "tls_mbedtls.h" + +void a_Tls_init() +{ +#if ! defined(ENABLE_TLS) + MSG("TLS: Disabled at compilation time.\n"); +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_init(); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_init(); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Return TLS connection information for a given file + * descriptor, or NULL if no TLS connection was found. + */ +void *a_Tls_connection(int fd) +{ +#if ! defined(ENABLE_TLS) + return NULL; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_connection(fd); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_connection(fd); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * The purpose here is to permit a single initial connection to a server. + * Once we have the certificate, know whether we like it -- and whether the + * user accepts it -- HTTP can run through queued sockets as normal. + * + * Return: TLS_CONNECT_READY or TLS_CONNECT_NOT_YET or TLS_CONNECT_NEVER. + */ +int a_Tls_connect_ready(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return TLS_CONNECT_NEVER; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_connect_ready(url); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_connect_ready(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Did everything seem proper with the certificate -- no warnings to + * click through? + */ +int a_Tls_certificate_is_clean(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_certificate_is_clean(url); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_certificate_is_clean(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +/* + * Clean up the OpenSSL library + */ +void a_Tls_freeall(void) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_freeall(); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_freeall(); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + + +void a_Tls_reset_server_state(const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_reset_server_state(url); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_reset_server_state(url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +void a_Tls_connect(int fd, const DilloUrl *url) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_connect(fd, url); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_connect(fd, url); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +void a_Tls_close_by_fd(int fd) +{ +#if ! defined(ENABLE_TLS) + return; +#elif defined(HAVE_OPENSSL) + a_Tls_openssl_close_by_fd(fd); +#elif defined(HAVE_MBEDTLS) + a_Tls_mbedtls_close_by_fd(fd); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +int a_Tls_read(void *conn, void *buf, size_t len) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_read(conn, buf, len); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_read(conn, buf, len); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} + +int a_Tls_write(void *conn, void *buf, size_t len) +{ +#if ! defined(ENABLE_TLS) + return 0; +#elif defined(HAVE_OPENSSL) + return a_Tls_openssl_write(conn, buf, len); +#elif defined(HAVE_MBEDTLS) + return a_Tls_mbedtls_write(conn, buf, len); +#else +# error "no TLS library found but ENABLE_TLS set" +#endif +} -- cgit v1.2.3