diff options
| -rwxr-xr-x | configure | 14 | ||||
| -rw-r--r-- | lib/ssl_gnutls.c | 32 |
2 files changed, 36 insertions, 10 deletions
@@ -268,15 +268,15 @@ detect_gnutls() { if $PKG_CONFIG --exists gnutls; then cat <<EOF>>Makefile.settings -EFLAGS+=`$PKG_CONFIG --libs gnutls` -CFLAGS+=`$PKG_CONFIG --cflags gnutls` +EFLAGS+=`$PKG_CONFIG --libs gnutls` `libgcrypt-config --libs` +CFLAGS+=`$PKG_CONFIG --cflags gnutls` `libgcrypt-config --cflags` EOF ssl=gnutls ret=1 elif libgnutls-config --version > /dev/null 2> /dev/null; then cat <<EOF>>Makefile.settings -EFLAGS+=`libgnutls-config --libs` -CFLAGS+=`libgnutls-config --cflags` +EFLAGS+=`libgnutls-config --libs` `libgcrypt-config --libs` +CFLAGS+=`libgnutls-config --cflags` `libgcrypt-config --cflags` EOF ssl=gnutls @@ -426,9 +426,11 @@ if [ "$ret" = "0" ]; then exit 1 fi; -if [ "$msn" = "1" -a "$ssl" != "openssl" ]; then +if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "gnutls" ]; then # Needed for MSN only. OpenSSL exports nice cipher functions already, - # others don't, so use our own 3des code. + # in case of GnuTLS we should be able to use gcrypt. Otherwise, use + # built-in stuff. (Since right now those are the only two supported + # SSL modules anyway, this is mostly unnecessary.) echo 'DES=des.o' >> Makefile.settings fi diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c index ee166bd1..cdc7c498 100644 --- a/lib/ssl_gnutls.c +++ b/lib/ssl_gnutls.c @@ -24,6 +24,7 @@ */ #include <gnutls/gnutls.h> +#include <gcrypt.h> #include <fcntl.h> #include <unistd.h> #include "proxy.h" @@ -62,6 +63,9 @@ static gboolean ssl_handshake( gpointer data, gint source, b_input_condition con void ssl_init( void ) { + if( initialized ) + return; + gnutls_global_init(); initialized = TRUE; atexit( gnutls_global_deinit ); @@ -126,10 +130,7 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con return FALSE; } - if( !initialized ) - { - ssl_init(); - } + ssl_init(); gnutls_certificate_allocate_credentials( &conn->xcred ); gnutls_init( &conn->session, GNUTLS_CLIENT ); @@ -254,3 +255,26 @@ b_input_condition ssl_getdirection( void *conn ) return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ? B_EV_IO_WRITE : B_EV_IO_READ ); } + +size_t ssl_des3_encrypt( const unsigned char *key, size_t key_len, const unsigned char *input, + size_t input_len, const unsigned char *iv, unsigned char **res ) +{ + gcry_cipher_hd_t gcr; + gcry_error_t st; + + ssl_init(); + + *res = g_malloc( input_len ); + st = gcry_cipher_open( &gcr, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0 ) || + gcry_cipher_setkey( gcr, key, key_len ) || + gcry_cipher_setiv( gcr, iv, 8 ) || + gcry_cipher_encrypt( gcr, *res, input_len, input, input_len ); + + gcry_cipher_close( gcr ); + + if( st == 0 ) + return input_len; + + g_free( *res ); + return 0; +} |