wok-current: openvas-libraries/stuff/gnutls.2.2.u annotate

wok-current annotate openvas-libraries/stuff/gnutls.2.2.u @ rev 25064

openvas-libraries, openvas-client: update gnutls calls

author	Pascal Bellard <pascal.bellard@slitaz.org>
date	Wed Jun 08 16:46:37 2022 +0000 (2022-06-08)
parents
children

rev	line source
pascal@25064	1 --- openvas-libraries-3.1.4/misc/network.c
pascal@25064	2 +++ openvas-libraries-3.1.4/misc/network.c
pascal@25064	3 @@ -406,113 +406,27 @@ ovas_get_tlssession_from_connection (int
pascal@25064	4 }
pascal@25064	5
pascal@25064	6 static int
pascal@25064	7 -set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
pascal@25064	8 - int cipher_priority, int comp_priority,
pascal@25064	9 - int kx_priority, int mac_priority)
pascal@25064	10 -{
pascal@25064	11 - int err;
pascal@25064	12 -
pascal@25064	13 - if ((err = gnutls_protocol_set_priority (session, protocol_priority))
pascal@25064	14 - \|\| (err = gnutls_cipher_set_priority (session, cipher_priority))
pascal@25064	15 - \|\| (err = gnutls_compression_set_priority (session, comp_priority))
pascal@25064	16 - \|\| (err = gnutls_kx_set_priority (session, kx_priority))
pascal@25064	17 - \|\| (err = gnutls_mac_set_priority (session, mac_priority)))
pascal@25064	18 - {
pascal@25064	19 - tlserror ("setting session priorities", err);
pascal@25064	20 - return -1;
pascal@25064	21 - }
pascal@25064	22 - return 0;
pascal@25064	23 -}
pascal@25064	24 -
pascal@25064	25 -static int
pascal@25064	26 set_gnutls_sslv23 (gnutls_session_t session)
pascal@25064	27 {
pascal@25064	28 - static int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064	29 - GNUTLS_SSL3,
pascal@25064	30 - 0
pascal@25064	31 - };
pascal@25064	32 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064	33 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064	34 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064	35 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064	36 - 0
pascal@25064	37 - };
pascal@25064	38 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064	39 - GNUTLS_COMP_NULL,
pascal@25064	40 - 0
pascal@25064	41 - };
pascal@25064	42 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064	43 - GNUTLS_KX_RSA,
pascal@25064	44 - GNUTLS_KX_DHE_DSS,
pascal@25064	45 - 0
pascal@25064	46 - };
pascal@25064	47 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064	48 - GNUTLS_MAC_MD5,
pascal@25064	49 - 0
pascal@25064	50 - };
pascal@25064	51 -
pascal@25064	52 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064	53 - comp_priority, kx_priority, mac_priority);
pascal@25064	54 + // gnutls 2.2.0+
pascal@25064	55 + return gnutls_priority_set_direct(session,
pascal@25064	56 + "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064	57 }
pascal@25064	58
pascal@25064	59 static int
pascal@25064	60 set_gnutls_sslv3 (gnutls_session_t session)
pascal@25064	61 {
pascal@25064	62 - static int protocol_priority[] = { GNUTLS_SSL3,
pascal@25064	63 - 0
pascal@25064	64 - };
pascal@25064	65 - static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
pascal@25064	66 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064	67 - 0
pascal@25064	68 - };
pascal@25064	69 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064	70 - GNUTLS_COMP_NULL,
pascal@25064	71 - 0
pascal@25064	72 - };
pascal@25064	73 -
pascal@25064	74 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064	75 - GNUTLS_KX_RSA,
pascal@25064	76 - GNUTLS_KX_DHE_DSS,
pascal@25064	77 - 0
pascal@25064	78 - };
pascal@25064	79 -
pascal@25064	80 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064	81 - GNUTLS_MAC_MD5,
pascal@25064	82 - 0
pascal@25064	83 - };
pascal@25064	84 -
pascal@25064	85 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064	86 - comp_priority, kx_priority, mac_priority);
pascal@25064	87 + // gnutls 2.2.0+
pascal@25064	88 + return gnutls_priority_set_direct(session,
pascal@25064	89 + "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064	90 }
pascal@25064	91
pascal@25064	92 static int
pascal@25064	93 set_gnutls_tlsv1 (gnutls_session_t session)
pascal@25064	94 {
pascal@25064	95 - static int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064	96 - 0
pascal@25064	97 - };
pascal@25064	98 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064	99 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064	100 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064	101 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064	102 - 0
pascal@25064	103 - };
pascal@25064	104 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064	105 - GNUTLS_COMP_NULL,
pascal@25064	106 - 0
pascal@25064	107 - };
pascal@25064	108 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064	109 - GNUTLS_KX_RSA,
pascal@25064	110 - GNUTLS_KX_DHE_DSS,
pascal@25064	111 - 0
pascal@25064	112 - };
pascal@25064	113 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064	114 - GNUTLS_MAC_MD5,
pascal@25064	115 - 0
pascal@25064	116 - };
pascal@25064	117 -
pascal@25064	118 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064	119 - comp_priority, kx_priority, mac_priority);
pascal@25064	120 + // gnutls 2.2.0+
pascal@25064	121 + return gnutls_priority_set_direct(session,
pascal@25064	122 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064	123 }
pascal@25064	124
pascal@25064	125 /**
pascal@25064	126 --- openvas-libraries-3.1.4/misc/openvas_server.c
pascal@25064	127 +++ openvas-libraries-3.1.4/misc/openvas_server.c
pascal@25064	128 @@ -142,12 +142,8 @@ openvas_server_open (gnutls_session_t *
pascal@25064	129 return -1;
pascal@25064	130 }
pascal@25064	131
pascal@25064	132 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064	133 - GNUTLS_KX_RSA,
pascal@25064	134 - GNUTLS_KX_DHE_DSS,
pascal@25064	135 - 0
pascal@25064	136 - };
pascal@25064	137 - if (gnutls_kx_set_priority (*session, kx_priority))
pascal@25064	138 + // gnutls 2.2.0+
pascal@25064	139 + if (gnutls_priority_set_direct(*session, "+DHE_RSA:+RSA:+DHE_DSS", NULL))
pascal@25064	140 {
pascal@25064	141 g_message ("Failed to set server key exchange priority.");
pascal@25064	142 gnutls_deinit (*session);
pascal@25064	143 @@ -593,30 +589,6 @@ openvas_server_new (unsigned int end_typ
pascal@25064	144 gnutls_session_t * server_session,
pascal@25064	145 gnutls_certificate_credentials_t * server_credentials)
pascal@25064	146 {
pascal@25064	147 - // FIX static vars?
pascal@25064	148 - const int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064	149 - 0
pascal@25064	150 - };
pascal@25064	151 - const int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064	152 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064	153 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064	154 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064	155 - 0
pascal@25064	156 - };
pascal@25064	157 - const int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064	158 - GNUTLS_COMP_NULL,
pascal@25064	159 - 0
pascal@25064	160 - };
pascal@25064	161 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064	162 - GNUTLS_KX_RSA,
pascal@25064	163 - GNUTLS_KX_DHE_DSS,
pascal@25064	164 - 0
pascal@25064	165 - };
pascal@25064	166 - const int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064	167 - GNUTLS_MAC_MD5,
pascal@25064	168 - 0
pascal@25064	169 - };
pascal@25064	170 -
pascal@25064	171 /* Turn off use of /dev/random, as this can block. */
pascal@25064	172
pascal@25064	173 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
pascal@25064	174 @@ -664,34 +636,11 @@ openvas_server_new (unsigned int end_typ
pascal@25064	175 goto server_free_fail;
pascal@25064	176 }
pascal@25064	177
pascal@25064	178 - if (gnutls_protocol_set_priority (*server_session, protocol_priority))
pascal@25064	179 - {
pascal@25064	180 - g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
pascal@25064	181 - goto server_fail;
pascal@25064	182 - }
pascal@25064	183 -
pascal@25064	184 - if (gnutls_cipher_set_priority (*server_session, cipher_priority))
pascal@25064	185 - {
pascal@25064	186 - g_warning ("%s: failed to set cipher priority\n", __FUNCTION__);
pascal@25064	187 - goto server_fail;
pascal@25064	188 - }
pascal@25064	189 -
pascal@25064	190 - if (gnutls_compression_set_priority (*server_session, comp_priority))
pascal@25064	191 - {
pascal@25064	192 - g_warning ("%s: failed to set compression priority\n", __FUNCTION__);
pascal@25064	193 - goto server_fail;
pascal@25064	194 - }
pascal@25064	195 -
pascal@25064	196 - if (gnutls_kx_set_priority (*server_session, kx_priority))
pascal@25064	197 - {
pascal@25064	198 - g_warning ("%s: failed to set server key exchange priority\n",
pascal@25064	199 - __FUNCTION__);
pascal@25064	200 - goto server_fail;
pascal@25064	201 - }
pascal@25064	202 -
pascal@25064	203 - if (gnutls_mac_set_priority (*server_session, mac_priority))
pascal@25064	204 + // gnutls 2.2.0+
pascal@25064	205 + if (gnutls_priority_set_direct(*server_session,
pascal@25064	206 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+MD5", NULL))
pascal@25064	207 {
pascal@25064	208 - g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
pascal@25064	209 + g_warning ("%s: failed to set priority\n", __FUNCTION__);
pascal@25064	210 goto server_fail;
pascal@25064	211 }
pascal@25064	212

SliTaz Repositories

wok-current annotate openvas-libraries/stuff/gnutls.2.2.u @ rev 25064