wok diff openvas-libraries/stuff/gnutls.2.2.u @ rev 25064
openvas-libraries, openvas-client: update gnutls calls
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Jun 08 16:46:37 2022 +0000 (23 months ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/openvas-libraries/stuff/gnutls.2.2.u Wed Jun 08 16:46:37 2022 +0000 1.3 @@ -0,0 +1,212 @@ 1.4 +--- openvas-libraries-3.1.4/misc/network.c 1.5 ++++ openvas-libraries-3.1.4/misc/network.c 1.6 +@@ -406,113 +406,27 @@ ovas_get_tlssession_from_connection (int 1.7 + } 1.8 + 1.9 + static int 1.10 +-set_gnutls_priorities (gnutls_session_t session, int *protocol_priority, 1.11 +- int *cipher_priority, int *comp_priority, 1.12 +- int *kx_priority, int *mac_priority) 1.13 +-{ 1.14 +- int err; 1.15 +- 1.16 +- if ((err = gnutls_protocol_set_priority (session, protocol_priority)) 1.17 +- || (err = gnutls_cipher_set_priority (session, cipher_priority)) 1.18 +- || (err = gnutls_compression_set_priority (session, comp_priority)) 1.19 +- || (err = gnutls_kx_set_priority (session, kx_priority)) 1.20 +- || (err = gnutls_mac_set_priority (session, mac_priority))) 1.21 +- { 1.22 +- tlserror ("setting session priorities", err); 1.23 +- return -1; 1.24 +- } 1.25 +- return 0; 1.26 +-} 1.27 +- 1.28 +-static int 1.29 + set_gnutls_sslv23 (gnutls_session_t session) 1.30 + { 1.31 +- static int protocol_priority[] = { GNUTLS_TLS1, 1.32 +- GNUTLS_SSL3, 1.33 +- 0 1.34 +- }; 1.35 +- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 1.36 +- GNUTLS_CIPHER_3DES_CBC, 1.37 +- GNUTLS_CIPHER_AES_256_CBC, 1.38 +- GNUTLS_CIPHER_ARCFOUR_128, 1.39 +- 0 1.40 +- }; 1.41 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 1.42 +- GNUTLS_COMP_NULL, 1.43 +- 0 1.44 +- }; 1.45 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 1.46 +- GNUTLS_KX_RSA, 1.47 +- GNUTLS_KX_DHE_DSS, 1.48 +- 0 1.49 +- }; 1.50 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 1.51 +- GNUTLS_MAC_MD5, 1.52 +- 0 1.53 +- }; 1.54 +- 1.55 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 1.56 +- comp_priority, kx_priority, mac_priority); 1.57 ++ // gnutls 2.2.0+ 1.58 ++ return gnutls_priority_set_direct(session, 1.59 ++ "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 1.60 + } 1.61 + 1.62 + static int 1.63 + set_gnutls_sslv3 (gnutls_session_t session) 1.64 + { 1.65 +- static int protocol_priority[] = { GNUTLS_SSL3, 1.66 +- 0 1.67 +- }; 1.68 +- static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, 1.69 +- GNUTLS_CIPHER_ARCFOUR_128, 1.70 +- 0 1.71 +- }; 1.72 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 1.73 +- GNUTLS_COMP_NULL, 1.74 +- 0 1.75 +- }; 1.76 +- 1.77 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 1.78 +- GNUTLS_KX_RSA, 1.79 +- GNUTLS_KX_DHE_DSS, 1.80 +- 0 1.81 +- }; 1.82 +- 1.83 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 1.84 +- GNUTLS_MAC_MD5, 1.85 +- 0 1.86 +- }; 1.87 +- 1.88 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 1.89 +- comp_priority, kx_priority, mac_priority); 1.90 ++ // gnutls 2.2.0+ 1.91 ++ return gnutls_priority_set_direct(session, 1.92 ++ "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 1.93 + } 1.94 + 1.95 + static int 1.96 + set_gnutls_tlsv1 (gnutls_session_t session) 1.97 + { 1.98 +- static int protocol_priority[] = { GNUTLS_TLS1, 1.99 +- 0 1.100 +- }; 1.101 +- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 1.102 +- GNUTLS_CIPHER_3DES_CBC, 1.103 +- GNUTLS_CIPHER_AES_256_CBC, 1.104 +- GNUTLS_CIPHER_ARCFOUR_128, 1.105 +- 0 1.106 +- }; 1.107 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 1.108 +- GNUTLS_COMP_NULL, 1.109 +- 0 1.110 +- }; 1.111 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 1.112 +- GNUTLS_KX_RSA, 1.113 +- GNUTLS_KX_DHE_DSS, 1.114 +- 0 1.115 +- }; 1.116 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 1.117 +- GNUTLS_MAC_MD5, 1.118 +- 0 1.119 +- }; 1.120 +- 1.121 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 1.122 +- comp_priority, kx_priority, mac_priority); 1.123 ++ // gnutls 2.2.0+ 1.124 ++ return gnutls_priority_set_direct(session, 1.125 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 1.126 + } 1.127 + 1.128 + /** 1.129 +--- openvas-libraries-3.1.4/misc/openvas_server.c 1.130 ++++ openvas-libraries-3.1.4/misc/openvas_server.c 1.131 +@@ -142,12 +142,8 @@ openvas_server_open (gnutls_session_t * 1.132 + return -1; 1.133 + } 1.134 + 1.135 +- const int kx_priority[] = { GNUTLS_KX_DHE_RSA, 1.136 +- GNUTLS_KX_RSA, 1.137 +- GNUTLS_KX_DHE_DSS, 1.138 +- 0 1.139 +- }; 1.140 +- if (gnutls_kx_set_priority (*session, kx_priority)) 1.141 ++ // gnutls 2.2.0+ 1.142 ++ if (gnutls_priority_set_direct(*session, "+DHE_RSA:+RSA:+DHE_DSS", NULL)) 1.143 + { 1.144 + g_message ("Failed to set server key exchange priority."); 1.145 + gnutls_deinit (*session); 1.146 +@@ -593,30 +589,6 @@ openvas_server_new (unsigned int end_typ 1.147 + gnutls_session_t * server_session, 1.148 + gnutls_certificate_credentials_t * server_credentials) 1.149 + { 1.150 +- // FIX static vars? 1.151 +- const int protocol_priority[] = { GNUTLS_TLS1, 1.152 +- 0 1.153 +- }; 1.154 +- const int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 1.155 +- GNUTLS_CIPHER_3DES_CBC, 1.156 +- GNUTLS_CIPHER_AES_256_CBC, 1.157 +- GNUTLS_CIPHER_ARCFOUR_128, 1.158 +- 0 1.159 +- }; 1.160 +- const int comp_priority[] = { GNUTLS_COMP_ZLIB, 1.161 +- GNUTLS_COMP_NULL, 1.162 +- 0 1.163 +- }; 1.164 +- const int kx_priority[] = { GNUTLS_KX_DHE_RSA, 1.165 +- GNUTLS_KX_RSA, 1.166 +- GNUTLS_KX_DHE_DSS, 1.167 +- 0 1.168 +- }; 1.169 +- const int mac_priority[] = { GNUTLS_MAC_SHA1, 1.170 +- GNUTLS_MAC_MD5, 1.171 +- 0 1.172 +- }; 1.173 +- 1.174 + /* Turn off use of /dev/random, as this can block. */ 1.175 + 1.176 + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); 1.177 +@@ -664,34 +636,11 @@ openvas_server_new (unsigned int end_typ 1.178 + goto server_free_fail; 1.179 + } 1.180 + 1.181 +- if (gnutls_protocol_set_priority (*server_session, protocol_priority)) 1.182 +- { 1.183 +- g_warning ("%s: failed to set protocol priority\n", __FUNCTION__); 1.184 +- goto server_fail; 1.185 +- } 1.186 +- 1.187 +- if (gnutls_cipher_set_priority (*server_session, cipher_priority)) 1.188 +- { 1.189 +- g_warning ("%s: failed to set cipher priority\n", __FUNCTION__); 1.190 +- goto server_fail; 1.191 +- } 1.192 +- 1.193 +- if (gnutls_compression_set_priority (*server_session, comp_priority)) 1.194 +- { 1.195 +- g_warning ("%s: failed to set compression priority\n", __FUNCTION__); 1.196 +- goto server_fail; 1.197 +- } 1.198 +- 1.199 +- if (gnutls_kx_set_priority (*server_session, kx_priority)) 1.200 +- { 1.201 +- g_warning ("%s: failed to set server key exchange priority\n", 1.202 +- __FUNCTION__); 1.203 +- goto server_fail; 1.204 +- } 1.205 +- 1.206 +- if (gnutls_mac_set_priority (*server_session, mac_priority)) 1.207 ++ // gnutls 2.2.0+ 1.208 ++ if (gnutls_priority_set_direct(*server_session, 1.209 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+MD5", NULL)) 1.210 + { 1.211 +- g_warning ("%s: failed to set mac priority\n", __FUNCTION__); 1.212 ++ g_warning ("%s: failed to set priority\n", __FUNCTION__); 1.213 + goto server_fail; 1.214 + } 1.215 +