wok annotate openvas-libraries/stuff/gnutls.2.2.u @ rev 25064

openvas-libraries, openvas-client: update gnutls calls
author Pascal Bellard <pascal.bellard@slitaz.org>
date Wed Jun 08 16:46:37 2022 +0000 (23 months ago)
parents
children
rev   line source
pascal@25064 1 --- openvas-libraries-3.1.4/misc/network.c
pascal@25064 2 +++ openvas-libraries-3.1.4/misc/network.c
pascal@25064 3 @@ -406,113 +406,27 @@ ovas_get_tlssession_from_connection (int
pascal@25064 4 }
pascal@25064 5
pascal@25064 6 static int
pascal@25064 7 -set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
pascal@25064 8 - int *cipher_priority, int *comp_priority,
pascal@25064 9 - int *kx_priority, int *mac_priority)
pascal@25064 10 -{
pascal@25064 11 - int err;
pascal@25064 12 -
pascal@25064 13 - if ((err = gnutls_protocol_set_priority (session, protocol_priority))
pascal@25064 14 - || (err = gnutls_cipher_set_priority (session, cipher_priority))
pascal@25064 15 - || (err = gnutls_compression_set_priority (session, comp_priority))
pascal@25064 16 - || (err = gnutls_kx_set_priority (session, kx_priority))
pascal@25064 17 - || (err = gnutls_mac_set_priority (session, mac_priority)))
pascal@25064 18 - {
pascal@25064 19 - tlserror ("setting session priorities", err);
pascal@25064 20 - return -1;
pascal@25064 21 - }
pascal@25064 22 - return 0;
pascal@25064 23 -}
pascal@25064 24 -
pascal@25064 25 -static int
pascal@25064 26 set_gnutls_sslv23 (gnutls_session_t session)
pascal@25064 27 {
pascal@25064 28 - static int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064 29 - GNUTLS_SSL3,
pascal@25064 30 - 0
pascal@25064 31 - };
pascal@25064 32 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064 33 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064 34 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064 35 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064 36 - 0
pascal@25064 37 - };
pascal@25064 38 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064 39 - GNUTLS_COMP_NULL,
pascal@25064 40 - 0
pascal@25064 41 - };
pascal@25064 42 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064 43 - GNUTLS_KX_RSA,
pascal@25064 44 - GNUTLS_KX_DHE_DSS,
pascal@25064 45 - 0
pascal@25064 46 - };
pascal@25064 47 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064 48 - GNUTLS_MAC_MD5,
pascal@25064 49 - 0
pascal@25064 50 - };
pascal@25064 51 -
pascal@25064 52 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064 53 - comp_priority, kx_priority, mac_priority);
pascal@25064 54 + // gnutls 2.2.0+
pascal@25064 55 + return gnutls_priority_set_direct(session,
pascal@25064 56 + "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064 57 }
pascal@25064 58
pascal@25064 59 static int
pascal@25064 60 set_gnutls_sslv3 (gnutls_session_t session)
pascal@25064 61 {
pascal@25064 62 - static int protocol_priority[] = { GNUTLS_SSL3,
pascal@25064 63 - 0
pascal@25064 64 - };
pascal@25064 65 - static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
pascal@25064 66 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064 67 - 0
pascal@25064 68 - };
pascal@25064 69 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064 70 - GNUTLS_COMP_NULL,
pascal@25064 71 - 0
pascal@25064 72 - };
pascal@25064 73 -
pascal@25064 74 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064 75 - GNUTLS_KX_RSA,
pascal@25064 76 - GNUTLS_KX_DHE_DSS,
pascal@25064 77 - 0
pascal@25064 78 - };
pascal@25064 79 -
pascal@25064 80 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064 81 - GNUTLS_MAC_MD5,
pascal@25064 82 - 0
pascal@25064 83 - };
pascal@25064 84 -
pascal@25064 85 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064 86 - comp_priority, kx_priority, mac_priority);
pascal@25064 87 + // gnutls 2.2.0+
pascal@25064 88 + return gnutls_priority_set_direct(session,
pascal@25064 89 + "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064 90 }
pascal@25064 91
pascal@25064 92 static int
pascal@25064 93 set_gnutls_tlsv1 (gnutls_session_t session)
pascal@25064 94 {
pascal@25064 95 - static int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064 96 - 0
pascal@25064 97 - };
pascal@25064 98 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064 99 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064 100 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064 101 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064 102 - 0
pascal@25064 103 - };
pascal@25064 104 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064 105 - GNUTLS_COMP_NULL,
pascal@25064 106 - 0
pascal@25064 107 - };
pascal@25064 108 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064 109 - GNUTLS_KX_RSA,
pascal@25064 110 - GNUTLS_KX_DHE_DSS,
pascal@25064 111 - 0
pascal@25064 112 - };
pascal@25064 113 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064 114 - GNUTLS_MAC_MD5,
pascal@25064 115 - 0
pascal@25064 116 - };
pascal@25064 117 -
pascal@25064 118 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
pascal@25064 119 - comp_priority, kx_priority, mac_priority);
pascal@25064 120 + // gnutls 2.2.0+
pascal@25064 121 + return gnutls_priority_set_direct(session,
pascal@25064 122 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
pascal@25064 123 }
pascal@25064 124
pascal@25064 125 /**
pascal@25064 126 --- openvas-libraries-3.1.4/misc/openvas_server.c
pascal@25064 127 +++ openvas-libraries-3.1.4/misc/openvas_server.c
pascal@25064 128 @@ -142,12 +142,8 @@ openvas_server_open (gnutls_session_t *
pascal@25064 129 return -1;
pascal@25064 130 }
pascal@25064 131
pascal@25064 132 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064 133 - GNUTLS_KX_RSA,
pascal@25064 134 - GNUTLS_KX_DHE_DSS,
pascal@25064 135 - 0
pascal@25064 136 - };
pascal@25064 137 - if (gnutls_kx_set_priority (*session, kx_priority))
pascal@25064 138 + // gnutls 2.2.0+
pascal@25064 139 + if (gnutls_priority_set_direct(*session, "+DHE_RSA:+RSA:+DHE_DSS", NULL))
pascal@25064 140 {
pascal@25064 141 g_message ("Failed to set server key exchange priority.");
pascal@25064 142 gnutls_deinit (*session);
pascal@25064 143 @@ -593,30 +589,6 @@ openvas_server_new (unsigned int end_typ
pascal@25064 144 gnutls_session_t * server_session,
pascal@25064 145 gnutls_certificate_credentials_t * server_credentials)
pascal@25064 146 {
pascal@25064 147 - // FIX static vars?
pascal@25064 148 - const int protocol_priority[] = { GNUTLS_TLS1,
pascal@25064 149 - 0
pascal@25064 150 - };
pascal@25064 151 - const int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
pascal@25064 152 - GNUTLS_CIPHER_3DES_CBC,
pascal@25064 153 - GNUTLS_CIPHER_AES_256_CBC,
pascal@25064 154 - GNUTLS_CIPHER_ARCFOUR_128,
pascal@25064 155 - 0
pascal@25064 156 - };
pascal@25064 157 - const int comp_priority[] = { GNUTLS_COMP_ZLIB,
pascal@25064 158 - GNUTLS_COMP_NULL,
pascal@25064 159 - 0
pascal@25064 160 - };
pascal@25064 161 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
pascal@25064 162 - GNUTLS_KX_RSA,
pascal@25064 163 - GNUTLS_KX_DHE_DSS,
pascal@25064 164 - 0
pascal@25064 165 - };
pascal@25064 166 - const int mac_priority[] = { GNUTLS_MAC_SHA1,
pascal@25064 167 - GNUTLS_MAC_MD5,
pascal@25064 168 - 0
pascal@25064 169 - };
pascal@25064 170 -
pascal@25064 171 /* Turn off use of /dev/random, as this can block. */
pascal@25064 172
pascal@25064 173 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
pascal@25064 174 @@ -664,34 +636,11 @@ openvas_server_new (unsigned int end_typ
pascal@25064 175 goto server_free_fail;
pascal@25064 176 }
pascal@25064 177
pascal@25064 178 - if (gnutls_protocol_set_priority (*server_session, protocol_priority))
pascal@25064 179 - {
pascal@25064 180 - g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
pascal@25064 181 - goto server_fail;
pascal@25064 182 - }
pascal@25064 183 -
pascal@25064 184 - if (gnutls_cipher_set_priority (*server_session, cipher_priority))
pascal@25064 185 - {
pascal@25064 186 - g_warning ("%s: failed to set cipher priority\n", __FUNCTION__);
pascal@25064 187 - goto server_fail;
pascal@25064 188 - }
pascal@25064 189 -
pascal@25064 190 - if (gnutls_compression_set_priority (*server_session, comp_priority))
pascal@25064 191 - {
pascal@25064 192 - g_warning ("%s: failed to set compression priority\n", __FUNCTION__);
pascal@25064 193 - goto server_fail;
pascal@25064 194 - }
pascal@25064 195 -
pascal@25064 196 - if (gnutls_kx_set_priority (*server_session, kx_priority))
pascal@25064 197 - {
pascal@25064 198 - g_warning ("%s: failed to set server key exchange priority\n",
pascal@25064 199 - __FUNCTION__);
pascal@25064 200 - goto server_fail;
pascal@25064 201 - }
pascal@25064 202 -
pascal@25064 203 - if (gnutls_mac_set_priority (*server_session, mac_priority))
pascal@25064 204 + // gnutls 2.2.0+
pascal@25064 205 + if (gnutls_priority_set_direct(*server_session,
pascal@25064 206 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+MD5", NULL))
pascal@25064 207 {
pascal@25064 208 - g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
pascal@25064 209 + g_warning ("%s: failed to set priority\n", __FUNCTION__);
pascal@25064 210 goto server_fail;
pascal@25064 211 }
pascal@25064 212