wok view openvas-libraries/stuff/gnutls.2.2.u @ rev 25064
openvas-libraries, openvas-client: update gnutls calls
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Jun 08 16:46:37 2022 +0000 (23 months ago) |
| parents | |
| children |
line source
1 --- openvas-libraries-3.1.4/misc/network.c
2 +++ openvas-libraries-3.1.4/misc/network.c
3 @@ -406,113 +406,27 @@ ovas_get_tlssession_from_connection (int
4 }
6 static int
7 -set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
8 - int *cipher_priority, int *comp_priority,
9 - int *kx_priority, int *mac_priority)
10 -{
11 - int err;
12 -
13 - if ((err = gnutls_protocol_set_priority (session, protocol_priority))
14 - || (err = gnutls_cipher_set_priority (session, cipher_priority))
15 - || (err = gnutls_compression_set_priority (session, comp_priority))
16 - || (err = gnutls_kx_set_priority (session, kx_priority))
17 - || (err = gnutls_mac_set_priority (session, mac_priority)))
18 - {
19 - tlserror ("setting session priorities", err);
20 - return -1;
21 - }
22 - return 0;
23 -}
24 -
25 -static int
26 set_gnutls_sslv23 (gnutls_session_t session)
27 {
28 - static int protocol_priority[] = { GNUTLS_TLS1,
29 - GNUTLS_SSL3,
30 - 0
31 - };
32 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
33 - GNUTLS_CIPHER_3DES_CBC,
34 - GNUTLS_CIPHER_AES_256_CBC,
35 - GNUTLS_CIPHER_ARCFOUR_128,
36 - 0
37 - };
38 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
39 - GNUTLS_COMP_NULL,
40 - 0
41 - };
42 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
43 - GNUTLS_KX_RSA,
44 - GNUTLS_KX_DHE_DSS,
45 - 0
46 - };
47 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
48 - GNUTLS_MAC_MD5,
49 - 0
50 - };
51 -
52 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
53 - comp_priority, kx_priority, mac_priority);
54 + // gnutls 2.2.0+
55 + return gnutls_priority_set_direct(session,
56 + "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
57 }
59 static int
60 set_gnutls_sslv3 (gnutls_session_t session)
61 {
62 - static int protocol_priority[] = { GNUTLS_SSL3,
63 - 0
64 - };
65 - static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
66 - GNUTLS_CIPHER_ARCFOUR_128,
67 - 0
68 - };
69 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
70 - GNUTLS_COMP_NULL,
71 - 0
72 - };
73 -
74 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
75 - GNUTLS_KX_RSA,
76 - GNUTLS_KX_DHE_DSS,
77 - 0
78 - };
79 -
80 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
81 - GNUTLS_MAC_MD5,
82 - 0
83 - };
84 -
85 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
86 - comp_priority, kx_priority, mac_priority);
87 + // gnutls 2.2.0+
88 + return gnutls_priority_set_direct(session,
89 + "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
90 }
92 static int
93 set_gnutls_tlsv1 (gnutls_session_t session)
94 {
95 - static int protocol_priority[] = { GNUTLS_TLS1,
96 - 0
97 - };
98 - static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
99 - GNUTLS_CIPHER_3DES_CBC,
100 - GNUTLS_CIPHER_AES_256_CBC,
101 - GNUTLS_CIPHER_ARCFOUR_128,
102 - 0
103 - };
104 - static int comp_priority[] = { GNUTLS_COMP_ZLIB,
105 - GNUTLS_COMP_NULL,
106 - 0
107 - };
108 - static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
109 - GNUTLS_KX_RSA,
110 - GNUTLS_KX_DHE_DSS,
111 - 0
112 - };
113 - static int mac_priority[] = { GNUTLS_MAC_SHA1,
114 - GNUTLS_MAC_MD5,
115 - 0
116 - };
117 -
118 - return set_gnutls_priorities (session, protocol_priority, cipher_priority,
119 - comp_priority, kx_priority, mac_priority);
120 + // gnutls 2.2.0+
121 + return gnutls_priority_set_direct(session,
122 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL);
123 }
125 /**
126 --- openvas-libraries-3.1.4/misc/openvas_server.c
127 +++ openvas-libraries-3.1.4/misc/openvas_server.c
128 @@ -142,12 +142,8 @@ openvas_server_open (gnutls_session_t *
129 return -1;
130 }
132 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
133 - GNUTLS_KX_RSA,
134 - GNUTLS_KX_DHE_DSS,
135 - 0
136 - };
137 - if (gnutls_kx_set_priority (*session, kx_priority))
138 + // gnutls 2.2.0+
139 + if (gnutls_priority_set_direct(*session, "+DHE_RSA:+RSA:+DHE_DSS", NULL))
140 {
141 g_message ("Failed to set server key exchange priority.");
142 gnutls_deinit (*session);
143 @@ -593,30 +589,6 @@ openvas_server_new (unsigned int end_typ
144 gnutls_session_t * server_session,
145 gnutls_certificate_credentials_t * server_credentials)
146 {
147 - // FIX static vars?
148 - const int protocol_priority[] = { GNUTLS_TLS1,
149 - 0
150 - };
151 - const int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
152 - GNUTLS_CIPHER_3DES_CBC,
153 - GNUTLS_CIPHER_AES_256_CBC,
154 - GNUTLS_CIPHER_ARCFOUR_128,
155 - 0
156 - };
157 - const int comp_priority[] = { GNUTLS_COMP_ZLIB,
158 - GNUTLS_COMP_NULL,
159 - 0
160 - };
161 - const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
162 - GNUTLS_KX_RSA,
163 - GNUTLS_KX_DHE_DSS,
164 - 0
165 - };
166 - const int mac_priority[] = { GNUTLS_MAC_SHA1,
167 - GNUTLS_MAC_MD5,
168 - 0
169 - };
170 -
171 /* Turn off use of /dev/random, as this can block. */
173 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
174 @@ -664,34 +636,11 @@ openvas_server_new (unsigned int end_typ
175 goto server_free_fail;
176 }
178 - if (gnutls_protocol_set_priority (*server_session, protocol_priority))
179 - {
180 - g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
181 - goto server_fail;
182 - }
183 -
184 - if (gnutls_cipher_set_priority (*server_session, cipher_priority))
185 - {
186 - g_warning ("%s: failed to set cipher priority\n", __FUNCTION__);
187 - goto server_fail;
188 - }
189 -
190 - if (gnutls_compression_set_priority (*server_session, comp_priority))
191 - {
192 - g_warning ("%s: failed to set compression priority\n", __FUNCTION__);
193 - goto server_fail;
194 - }
195 -
196 - if (gnutls_kx_set_priority (*server_session, kx_priority))
197 - {
198 - g_warning ("%s: failed to set server key exchange priority\n",
199 - __FUNCTION__);
200 - goto server_fail;
201 - }
202 -
203 - if (gnutls_mac_set_priority (*server_session, mac_priority))
204 + // gnutls 2.2.0+
205 + if (gnutls_priority_set_direct(*server_session,
206 + "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+MD5", NULL))
207 {
208 - g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
209 + g_warning ("%s: failed to set priority\n", __FUNCTION__);
210 goto server_fail;
211 }