From 98a9d49c056a3c5a06cba78888210566c3b65dd6 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 18:05:13 +0200 Subject: Update AUTHORS regarding the websocket guys. --- libvncserver/websockets.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 libvncserver/websockets.c (limited to 'libvncserver') diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c old mode 100755 new mode 100644 -- cgit v1.2.3 From 2046cc9abd284528075abbaa758b148cece62d82 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 20:00:29 +0200 Subject: Fix libvncserver GnuTLS init. gnutls_certificate_set_x509_trust_file() returns the number of processed certs and _not_ GNUTLS_E_SUCCESS (0) on success! --- libvncserver/rfbssl_gnutls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbssl_gnutls.c b/libvncserver/rfbssl_gnutls.c index 0689c01..cf60cdc 100644 --- a/libvncserver/rfbssl_gnutls.c +++ b/libvncserver/rfbssl_gnutls.c @@ -95,7 +95,7 @@ struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert) /* */ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) { /* */ - } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM))) { + } else if ((ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM)) < 0) { /* */ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) { /* */ -- cgit v1.2.3 From cb0340ccc5351a2ab31ad03b2dc13334ba349d71 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 21:02:55 +0200 Subject: Autotools: Fix OpenSSL and GnuTLS advertisement. --- configure.ac | 3 ++- libvncserver/Makefile.am | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'libvncserver') diff --git a/configure.ac b/configure.ac index 3e7c901..a986912 100644 --- a/configure.ac +++ b/configure.ac @@ -146,7 +146,7 @@ something like libssl-dev) and run configure again. [AC_DEFINE(HAVE_X509_PRINT_EX_FP) HAVE_X509_PRINT_EX_FP="true"], , $SSL_LIBS ) fi -AM_CONDITIONAL(HAVE_LIBSSL, test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno") +AM_CONDITIONAL(HAVE_LIBSSL, test ! -z "$SSL_LIBS") # Checks for X libraries HAVE_X11="false" @@ -796,6 +796,7 @@ if test "x$with_gnutls" != "xno"; then AC_DEFINE(WITH_CLIENT_TLS) fi fi +AM_CONDITIONAL(HAVE_GNUTLS, test ! -z "$GNUTLS_LIBS") # IPv6 AH_TEMPLATE(IPv6, [Enable IPv6 support]) diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 4a031af..98d97bc 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -17,11 +17,11 @@ if WITH_WEBSOCKETS if HAVE_LIBSSL WEBSOCKETSSSLSRCS = rfbssl_openssl.c else -#if HAVE_GNUTLS -#WEBSOCKETSSSLSRCS = rfbssl_gnutls.c -#else +if HAVE_GNUTLS +WEBSOCKETSSSLSRCS = rfbssl_gnutls.c +else WEBSOCKETSSSLSRCS = rfbssl_none.c -#endif +endif endif WEBSOCKETSSRCS = websockets.c ../common/md5.c ../common/sha1.c $(WEBSOCKETSSSLSRCS) -- cgit v1.2.3 From bd9cae3d122bc602e5a3d2638c0bb9435f8fc47c Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Sun, 18 Sep 2011 21:20:53 +0200 Subject: Add support for different crypto implementations --- libvncserver/Makefile.am | 12 +++++---- libvncserver/rfbcrypto.h | 12 +++++++++ libvncserver/rfbcrypto_gnutls.c | 50 ++++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_included.c | 49 +++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_openssl.c | 49 +++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_polarssl.c | 26 ++++++++++++++++++++ libvncserver/websockets.c | 51 +++++++++++++++------------------------ 7 files changed, 212 insertions(+), 37 deletions(-) create mode 100644 libvncserver/rfbcrypto.h create mode 100644 libvncserver/rfbcrypto_gnutls.c create mode 100644 libvncserver/rfbcrypto_included.c create mode 100644 libvncserver/rfbcrypto_openssl.c create mode 100644 libvncserver/rfbcrypto_polarssl.c (limited to 'libvncserver') diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 98d97bc..287f1c9 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -15,16 +15,18 @@ endif if WITH_WEBSOCKETS if HAVE_LIBSSL -WEBSOCKETSSSLSRCS = rfbssl_openssl.c +WEBSOCKETSSSLSRCS = rfbssl_openssl.c rfbcrypto_openssl.c +WEBSOCKETSSSLLIBS = @SSL_LIBS@ @CRYPT_LIBS@ else if HAVE_GNUTLS -WEBSOCKETSSSLSRCS = rfbssl_gnutls.c +WEBSOCKETSSSLSRCS = rfbssl_gnutls.c rfbcrypto_gnutls.c +WEBSOCKETSSSLLIBS = @GNUTLS_LIBS@ else -WEBSOCKETSSSLSRCS = rfbssl_none.c +WEBSOCKETSSSLSRCS = rfbssl_none.c rfbcrypto_included.c ../common/md5.c ../common/sha1.c endif endif -WEBSOCKETSSRCS = websockets.c ../common/md5.c ../common/sha1.c $(WEBSOCKETSSSLSRCS) +WEBSOCKETSSRCS = websockets.c $(WEBSOCKETSSSLSRCS) endif includedir=$(prefix)/include/rfb @@ -59,7 +61,7 @@ LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \ $(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS) libvncserver_la_SOURCES=$(LIB_SRCS) -libvncserver_la_LIBADD=@SSL_LIBS@ @CRYPT_LIBS@ +libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) lib_LTLIBRARIES=libvncserver.la diff --git a/libvncserver/rfbcrypto.h b/libvncserver/rfbcrypto.h new file mode 100644 index 0000000..9dc3e63 --- /dev/null +++ b/libvncserver/rfbcrypto.h @@ -0,0 +1,12 @@ +#ifndef _RFB_CRYPTO_H +#define _RFB_CRYPTO_H 1 + +#include + +#define SHA1_HASH_SIZE 20 +#define MD5_HASH_SIZE 16 + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest); +void digestsha1(const struct iovec *iov, int iovcnt, void *dest); + +#endif diff --git a/libvncserver/rfbcrypto_gnutls.c b/libvncserver/rfbcrypto_gnutls.c new file mode 100644 index 0000000..2ecb2da --- /dev/null +++ b/libvncserver/rfbcrypto_gnutls.c @@ -0,0 +1,50 @@ +/* + * rfbcrypto_gnutls.c - Crypto wrapper (gnutls version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + gcry_md_hd_t c; + int i; + + gcry_md_open(&c, GCRY_MD_MD5, 0); + for (i = 0; i < iovcnt; i++) + gcry_md_write(c, iov[i].iov_base, iov[i].iov_len); + gcry_md_final(c); + memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_MD5)); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + gcry_md_hd_t c; + int i; + + gcry_md_open(&c, GCRY_MD_SHA1, 0); + for (i = 0; i < iovcnt; i++) + gcry_md_write(c, iov[i].iov_base, iov[i].iov_len); + gcry_md_final(c); + memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1)); +} diff --git a/libvncserver/rfbcrypto_included.c b/libvncserver/rfbcrypto_included.c new file mode 100644 index 0000000..e02b623 --- /dev/null +++ b/libvncserver/rfbcrypto_included.c @@ -0,0 +1,49 @@ +/* + * rfbcrypto_included.c - Crypto wrapper (included version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include "md5.h" +#include "sha1.h" +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + md5_context c; + int i; + + __md5_init_ctx(&c); + for (i = 0; i < iovcnt; i++) + __md5_process_bytes(&c, iov[i].iov_base, iov[i].iov_len); + __md5_finish_ctx(&c, dest); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + SHA1Context c; + int i; + + SHA1Reset(&c); + for (i = 0; i < iovcnt; i++) + SHA1Input(&c, iov[i].iov_base, iov[i].iov_len); + SHA1Result(&c, dest); +} diff --git a/libvncserver/rfbcrypto_openssl.c b/libvncserver/rfbcrypto_openssl.c new file mode 100644 index 0000000..29ec5c1 --- /dev/null +++ b/libvncserver/rfbcrypto_openssl.c @@ -0,0 +1,49 @@ +/* + * rfbcrypto_openssl.c - Crypto wrapper (openssl version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + MD5_CTX c; + int i; + + MD5_Init(&c); + for (i = 0; i < iovcnt; i++) + MD5_Update(&c, iov[i].iov_base, iov[i].iov_len); + MD5_Final(dest, &c); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + SHA_CTX c; + int i; + + SHA1_Init(&c); + for (i = 0; i < iovcnt; i++) + SHA1_Update(&c, iov[i].iov_base, iov[i].iov_len); + SHA1_Final(dest, &c); +} diff --git a/libvncserver/rfbcrypto_polarssl.c b/libvncserver/rfbcrypto_polarssl.c new file mode 100644 index 0000000..f28dca3 --- /dev/null +++ b/libvncserver/rfbcrypto_polarssl.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + md5_context c; + int i; + + md5_starts(&c); + for (i = 0; i < iovcnt; i++) + md5_update(&c, iov[i].iov_base, iov[i].iov_len); + md5_finish(dest, &c); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + sha1_context c; + int i; + + sha1_starts(&c); + for (i = 0; i < iovcnt; i++) + sha1_update(&c, iov[i].iov_base, iov[i].iov_len); + sha1_finish(dest, &c); +} diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c index a030b15..7532e33 100644 --- a/libvncserver/websockets.c +++ b/libvncserver/websockets.c @@ -33,10 +33,9 @@ #include #include -#include "md5.h" -#include "sha1.h" #include "rfbconfig.h" #include "rfbssl.h" +#include "rfbcrypto.h" #if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN #define WS_NTOH64(n) (n) @@ -165,36 +164,20 @@ min (int a, int b) { return a < b ? a : b; } -void -webSocketsGenSha1Key(char * target, int size, char *key) +static void webSocketsGenSha1Key(char *target, int size, char *key) { - int len; - SHA1Context sha; - uint8_t digest[SHA1HashSize]; - - if (size < B64LEN(SHA1HashSize) + 1) { - rfbErr("webSocketsGenSha1Key: not enough space in target\n"); - target[0] = '\0'; - return; - } - - SHA1Reset(&sha); - SHA1Input(&sha, (unsigned char *)key, strlen(key)); - SHA1Input(&sha, (unsigned char *)GUID, strlen(GUID)); - SHA1Result(&sha, digest); - - len = __b64_ntop((unsigned char *)digest, SHA1HashSize, target, size); - if (len < size - 1) { - rfbErr("webSocketsGenSha1Key: b64_ntop failed\n"); - target[0] = '\0'; - return; - } - - target[len] = '\0'; - return; + struct iovec iov[2]; + unsigned char hash[20]; + + iov[0].iov_base = key; + iov[0].iov_len = strlen(key); + iov[1].iov_base = GUID; + iov[1].iov_len = sizeof(GUID) - 1; + digestsha1(iov, 2, hash); + if (-1 == __b64_ntop(hash, sizeof(hash), target, size)) + rfbErr("b64_ntop failed\n"); } - /* * rfbWebSocketsHandshake is called to handle new WebSockets connections */ @@ -389,7 +372,7 @@ webSocketsHandshake(rfbClientPtr cl, char *scheme) */ if (sec_ws_version) { - char accept[B64LEN(SHA1HashSize) + 1]; + char accept[B64LEN(SHA1_HASH_SIZE) + 1]; rfbLog(" - WebSockets client version hybi-%02d\n", sec_ws_version); webSocketsGenSha1Key(accept, sizeof(accept), sec_ws_key); len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, @@ -436,13 +419,15 @@ webSocketsHandshake(rfbClientPtr cl, char *scheme) cl->wsctx = (wsCtx *)wsctx; return TRUE; } - + void webSocketsGenMd5(char * target, char *key1, char *key2, char *key3) { unsigned int i, spaces1 = 0, spaces2 = 0; unsigned long num1 = 0, num2 = 0; unsigned char buf[17]; + struct iovec iov[1]; + for (i=0; i < strlen(key1); i++) { if (key1[i] == ' ') { spaces1 += 1; @@ -477,7 +462,9 @@ webSocketsGenMd5(char * target, char *key1, char *key2, char *key3) strncpy((char *)buf+8, key3, 8); buf[16] = '\0'; - md5_buffer((char *)buf, 16, target); + iov[0].iov_base = buf; + iov[0].iov_len = 16; + digestmd5(iov, 1, target); target[16] = '\0'; return; -- cgit v1.2.3 From d4cfc260fe7eb164f9e53dd4fb524b9fedd35c04 Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Tue, 20 Sep 2011 00:22:55 +0200 Subject: rfbcrypto_polarssl: it was way to late last night... --- libvncserver/rfbcrypto_polarssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libvncserver') diff --git a/libvncserver/rfbcrypto_polarssl.c b/libvncserver/rfbcrypto_polarssl.c index f28dca3..55e3a7b 100644 --- a/libvncserver/rfbcrypto_polarssl.c +++ b/libvncserver/rfbcrypto_polarssl.c @@ -11,7 +11,7 @@ void digestmd5(const struct iovec *iov, int iovcnt, void *dest) md5_starts(&c); for (i = 0; i < iovcnt; i++) md5_update(&c, iov[i].iov_base, iov[i].iov_len); - md5_finish(dest, &c); + md5_finish(&c, dest); } void digestsha1(const struct iovec *iov, int iovcnt, void *dest) @@ -22,5 +22,5 @@ void digestsha1(const struct iovec *iov, int iovcnt, void *dest) sha1_starts(&c); for (i = 0; i < iovcnt; i++) sha1_update(&c, iov[i].iov_base, iov[i].iov_len); - sha1_finish(dest, &c); + sha1_finish(&c, dest); } -- cgit v1.2.3