gnutls: Remove the need for OpenSSL compatibility headers

This commit is contained in:
Kaian 2016-05-29 13:15:35 +02:00
parent 47da6f6e5f
commit c4fad21ccd
2 changed files with 40 additions and 16 deletions

View File

@ -187,13 +187,9 @@ tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr
memcpy(&conn->client_port, &cport, sizeof(uint16_t)); memcpy(&conn->client_port, &cport, sizeof(uint16_t));
memcpy(&conn->server_port, &sport, sizeof(uint16_t)); memcpy(&conn->server_port, &sport, sizeof(uint16_t));
SSL_library_init(); gnutls_global_init();
OpenSSL_add_all_algorithms();
if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) if (gnutls_init(&conn->ssl, GNUTLS_SERVER) < GNUTLS_E_SUCCESS)
return NULL;
if (!(conn->ssl = SSL_new(conn->ssl_ctx)))
return NULL; return NULL;
if (!(keyfp = fopen(capture_keyfile(), "rb"))) if (!(keyfp = fopen(capture_keyfile(), "rb")))
@ -237,8 +233,7 @@ tls_connection_destroy(struct SSLConnection *conn)
} }
// Deallocate connection memory // Deallocate connection memory
SSL_CTX_free(conn->ssl_ctx); gnutls_deinit(conn->ssl);
SSL_free(conn->ssl);
sng_free(conn); sng_free(conn);
} }
@ -252,12 +247,13 @@ int
tls_check_keyfile(const char *keyfile) tls_check_keyfile(const char *keyfile)
{ {
gnutls_x509_privkey_t key; gnutls_x509_privkey_t key;
gnutls_privkey_t privkey;
gnutls_datum_t keycontent = { NULL, 0 }; gnutls_datum_t keycontent = { NULL, 0 };
FILE *keyfp; FILE *keyfp;
size_t br; size_t br;
int ret;
SSL_library_init(); gnutls_global_init();
OpenSSL_add_all_algorithms();
if (access(capture_keyfile(), R_OK) != 0) if (access(capture_keyfile(), R_OK) != 0)
return 0; return 0;
@ -272,11 +268,37 @@ tls_check_keyfile(const char *keyfile)
br = fread(keycontent.data, 1, keycontent.size, keyfp); br = fread(keycontent.data, 1, keycontent.size, keyfp);
fclose(keyfp); fclose(keyfp);
gnutls_x509_privkey_init(&key); // Check we have read something from keyfile
if (gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM) < 0) if (!keycontent.data)
return 0; return 0;
// Initialize keyfile structure
ret = gnutls_x509_privkey_init(&key);
if (ret < GNUTLS_E_SUCCESS) {
fprintf (stderr, "Error initializing keyfile: %s\n", gnutls_strerror(ret));
return 0;
}
ret = gnutls_privkey_init(&privkey);
if (ret < GNUTLS_E_SUCCESS) {
fprintf (stderr, "Error initializing keyfile: %s\n", gnutls_strerror(ret));
return 0;
}
// Import RSA keyfile
ret = gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM);
if (ret < GNUTLS_E_SUCCESS) {
fprintf (stderr, "Error loading keyfile: %s\n", gnutls_strerror(ret));
return 0;
}
sng_free(keycontent.data); sng_free(keycontent.data);
ret = gnutls_privkey_import_x509(privkey, key, 0);
if (ret < GNUTLS_E_SUCCESS) {
fprintf (stderr, "Error loading keyfile: %s\n", gnutls_strerror(ret));
return 0;
}
return 1; return 1;
} }
@ -393,7 +415,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
break; break;
case change_cipher_spec: case change_cipher_spec:
// From now on, this connection will be encrypted using MasterSecret // From now on, this connection will be encrypted using MasterSecret
if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher) if (conn->client_cipher_ctx && conn->server_cipher_ctx)
conn->encrypted = 1; conn->encrypted = 1;
break; break;
case application_data: case application_data:
@ -488,6 +510,9 @@ tls_process_record_handshake(struct SSLConnection *conn, const opaque *fragment,
tls_debug_print_hex("exchange keys",exkeys.data, exkeys.size); tls_debug_print_hex("exchange keys",exkeys.data, exkeys.size);
gnutls_privkey_decrypt_data(conn->server_private_key, 0, &exkeys, &pms); gnutls_privkey_decrypt_data(conn->server_private_key, 0, &exkeys, &pms);
if (!pms.data) break;
memcpy(&conn->pre_master_secret, pms.data, pms.size); memcpy(&conn->pre_master_secret, pms.data, pms.size);
tls_debug_print_hex("pre_master_secret", pms.data, pms.size); tls_debug_print_hex("pre_master_secret", pms.data, pms.size);
tls_debug_print_hex("client_random", &conn->client_random, 32); tls_debug_print_hex("client_random", &conn->client_random, 32);

View File

@ -47,7 +47,7 @@
#define __SNGREP_CAPTURE_TLS_ #define __SNGREP_CAPTURE_TLS_
#include "config.h" #include "config.h"
#include <gnutls/openssl.h> #include <gnutls/gnutls.h>
#include <gnutls/crypto.h> #include <gnutls/crypto.h>
#include <gnutls/abstract.h> #include <gnutls/abstract.h>
#include <gnutls/x509.h> #include <gnutls/x509.h>
@ -202,8 +202,7 @@ struct SSLConnection {
//! Server port //! Server port
uint16_t server_port; uint16_t server_port;
SSL *ssl; gnutls_session_t ssl;
SSL_CTX *ssl_ctx;
int ciph; int ciph;
gnutls_privkey_t server_private_key; gnutls_privkey_t server_private_key;
struct Random client_random; struct Random client_random;