forked from Mirrors/sngrep
gnutls: Remove the need for OpenSSL compatibility headers
This commit is contained in:
parent
47da6f6e5f
commit
c4fad21ccd
|
@ -187,13 +187,9 @@ tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr
|
||||||
memcpy(&conn->client_port, &cport, sizeof(uint16_t));
|
memcpy(&conn->client_port, &cport, sizeof(uint16_t));
|
||||||
memcpy(&conn->server_port, &sport, sizeof(uint16_t));
|
memcpy(&conn->server_port, &sport, sizeof(uint16_t));
|
||||||
|
|
||||||
SSL_library_init();
|
gnutls_global_init();
|
||||||
OpenSSL_add_all_algorithms();
|
|
||||||
|
|
||||||
if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
|
if (gnutls_init(&conn->ssl, GNUTLS_SERVER) < GNUTLS_E_SUCCESS)
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (!(conn->ssl = SSL_new(conn->ssl_ctx)))
|
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (!(keyfp = fopen(capture_keyfile(), "rb")))
|
if (!(keyfp = fopen(capture_keyfile(), "rb")))
|
||||||
|
@ -237,8 +233,7 @@ tls_connection_destroy(struct SSLConnection *conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Deallocate connection memory
|
// Deallocate connection memory
|
||||||
SSL_CTX_free(conn->ssl_ctx);
|
gnutls_deinit(conn->ssl);
|
||||||
SSL_free(conn->ssl);
|
|
||||||
sng_free(conn);
|
sng_free(conn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -252,12 +247,13 @@ int
|
||||||
tls_check_keyfile(const char *keyfile)
|
tls_check_keyfile(const char *keyfile)
|
||||||
{
|
{
|
||||||
gnutls_x509_privkey_t key;
|
gnutls_x509_privkey_t key;
|
||||||
|
gnutls_privkey_t privkey;
|
||||||
gnutls_datum_t keycontent = { NULL, 0 };
|
gnutls_datum_t keycontent = { NULL, 0 };
|
||||||
FILE *keyfp;
|
FILE *keyfp;
|
||||||
size_t br;
|
size_t br;
|
||||||
|
int ret;
|
||||||
|
|
||||||
SSL_library_init();
|
gnutls_global_init();
|
||||||
OpenSSL_add_all_algorithms();
|
|
||||||
|
|
||||||
if (access(capture_keyfile(), R_OK) != 0)
|
if (access(capture_keyfile(), R_OK) != 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -272,11 +268,37 @@ tls_check_keyfile(const char *keyfile)
|
||||||
br = fread(keycontent.data, 1, keycontent.size, keyfp);
|
br = fread(keycontent.data, 1, keycontent.size, keyfp);
|
||||||
fclose(keyfp);
|
fclose(keyfp);
|
||||||
|
|
||||||
gnutls_x509_privkey_init(&key);
|
// Check we have read something from keyfile
|
||||||
if (gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM) < 0)
|
if (!keycontent.data)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
// Initialize keyfile structure
|
||||||
|
ret = gnutls_x509_privkey_init(&key);
|
||||||
|
if (ret < GNUTLS_E_SUCCESS) {
|
||||||
|
fprintf (stderr, "Error initializing keyfile: %s\n", gnutls_strerror(ret));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = gnutls_privkey_init(&privkey);
|
||||||
|
if (ret < GNUTLS_E_SUCCESS) {
|
||||||
|
fprintf (stderr, "Error initializing keyfile: %s\n", gnutls_strerror(ret));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Import RSA keyfile
|
||||||
|
ret = gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM);
|
||||||
|
if (ret < GNUTLS_E_SUCCESS) {
|
||||||
|
fprintf (stderr, "Error loading keyfile: %s\n", gnutls_strerror(ret));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
sng_free(keycontent.data);
|
sng_free(keycontent.data);
|
||||||
|
|
||||||
|
ret = gnutls_privkey_import_x509(privkey, key, 0);
|
||||||
|
if (ret < GNUTLS_E_SUCCESS) {
|
||||||
|
fprintf (stderr, "Error loading keyfile: %s\n", gnutls_strerror(ret));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -393,7 +415,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
|
||||||
break;
|
break;
|
||||||
case change_cipher_spec:
|
case change_cipher_spec:
|
||||||
// From now on, this connection will be encrypted using MasterSecret
|
// From now on, this connection will be encrypted using MasterSecret
|
||||||
if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher)
|
if (conn->client_cipher_ctx && conn->server_cipher_ctx)
|
||||||
conn->encrypted = 1;
|
conn->encrypted = 1;
|
||||||
break;
|
break;
|
||||||
case application_data:
|
case application_data:
|
||||||
|
@ -488,6 +510,9 @@ tls_process_record_handshake(struct SSLConnection *conn, const opaque *fragment,
|
||||||
tls_debug_print_hex("exchange keys",exkeys.data, exkeys.size);
|
tls_debug_print_hex("exchange keys",exkeys.data, exkeys.size);
|
||||||
|
|
||||||
gnutls_privkey_decrypt_data(conn->server_private_key, 0, &exkeys, &pms);
|
gnutls_privkey_decrypt_data(conn->server_private_key, 0, &exkeys, &pms);
|
||||||
|
if (!pms.data) break;
|
||||||
|
|
||||||
|
|
||||||
memcpy(&conn->pre_master_secret, pms.data, pms.size);
|
memcpy(&conn->pre_master_secret, pms.data, pms.size);
|
||||||
tls_debug_print_hex("pre_master_secret", pms.data, pms.size);
|
tls_debug_print_hex("pre_master_secret", pms.data, pms.size);
|
||||||
tls_debug_print_hex("client_random", &conn->client_random, 32);
|
tls_debug_print_hex("client_random", &conn->client_random, 32);
|
||||||
|
|
|
@ -47,7 +47,7 @@
|
||||||
#define __SNGREP_CAPTURE_TLS_
|
#define __SNGREP_CAPTURE_TLS_
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include <gnutls/openssl.h>
|
#include <gnutls/gnutls.h>
|
||||||
#include <gnutls/crypto.h>
|
#include <gnutls/crypto.h>
|
||||||
#include <gnutls/abstract.h>
|
#include <gnutls/abstract.h>
|
||||||
#include <gnutls/x509.h>
|
#include <gnutls/x509.h>
|
||||||
|
@ -202,8 +202,7 @@ struct SSLConnection {
|
||||||
//! Server port
|
//! Server port
|
||||||
uint16_t server_port;
|
uint16_t server_port;
|
||||||
|
|
||||||
SSL *ssl;
|
gnutls_session_t ssl;
|
||||||
SSL_CTX *ssl_ctx;
|
|
||||||
int ciph;
|
int ciph;
|
||||||
gnutls_privkey_t server_private_key;
|
gnutls_privkey_t server_private_key;
|
||||||
struct Random client_random;
|
struct Random client_random;
|
||||||
|
|
Loading…
Reference in New Issue