Revert "Use base64 encode/decode routines from nettle instead of gnutls"
This reverts commit 252bc346e2379475f8547d4a458743bed067448d.
This commit is contained in:
parent
18287bdacf
commit
95fac5e1f6
40
tcp.c
40
tcp.c
@ -3,7 +3,7 @@
|
|||||||
Protocol services - TCP layer
|
Protocol services - TCP layer
|
||||||
Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
|
Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
|
||||||
Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
|
Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
|
||||||
Copyright 2012-2019 Henrik Andersson <hean01@cendio.se> for Cendio AB
|
Copyright 2012-2017 Henrik Andersson <hean01@cendio.se> for Cendio AB
|
||||||
Copyright 2017 Alexander Zakharov <uglym8@gmail.com>
|
Copyright 2017 Alexander Zakharov <uglym8@gmail.com>
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
@ -35,7 +35,6 @@
|
|||||||
|
|
||||||
#include <gnutls/gnutls.h>
|
#include <gnutls/gnutls.h>
|
||||||
#include <gnutls/x509.h>
|
#include <gnutls/x509.h>
|
||||||
#include <nettle/base64.h>
|
|
||||||
|
|
||||||
#include "rdesktop.h"
|
#include "rdesktop.h"
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
@ -117,10 +116,10 @@ cert_tdb_store(const char* db_name, const char* host, const char* service,
|
|||||||
{
|
{
|
||||||
UNUSED(service);
|
UNUSED(service);
|
||||||
FILE *out;
|
FILE *out;
|
||||||
|
gnutls_datum_t b64;
|
||||||
char filename[4096];
|
char filename[4096];
|
||||||
char b64[BASE64_ENCODE_RAW_LENGTH(4096)];
|
|
||||||
|
|
||||||
base64_encode_raw(b64, pubkey->size, pubkey->data);
|
CHECK(gnutls_base64_encode2(pubkey, &b64));
|
||||||
|
|
||||||
/* store pubkey */
|
/* store pubkey */
|
||||||
cert_store_cache_filename(db_name, host, filename, sizeof(filename));
|
cert_store_cache_filename(db_name, host, filename, sizeof(filename));
|
||||||
@ -128,9 +127,11 @@ cert_tdb_store(const char* db_name, const char* host, const char* service,
|
|||||||
|
|
||||||
out = fopen(filename, "w+");
|
out = fopen(filename, "w+");
|
||||||
fprintf(out, "%ld\n", expiration);
|
fprintf(out, "%ld\n", expiration);
|
||||||
fprintf(out, "%s\n", b64);
|
fprintf(out, "%s\n", (char *)b64.data);
|
||||||
fclose(out);
|
fclose(out);
|
||||||
|
|
||||||
|
gnutls_free(b64.data);
|
||||||
|
|
||||||
return GNUTLS_E_SUCCESS;
|
return GNUTLS_E_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -141,16 +142,13 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
|
|||||||
UNUSED(service);
|
UNUSED(service);
|
||||||
|
|
||||||
FILE *in;
|
FILE *in;
|
||||||
gnutls_datum_t store_pubkey;
|
gnutls_datum_t tmp, store_pubkey;
|
||||||
char buf[4096];
|
char buf[4096];
|
||||||
uint8 dst[4096];
|
|
||||||
char filename[4096];
|
char filename[4096];
|
||||||
struct base64_decode_ctx ctx;
|
|
||||||
size_t dst_size;
|
|
||||||
|
|
||||||
cert_store_cache_filename(db_name, host, filename, sizeof(filename));
|
cert_store_cache_filename(db_name, host, filename, sizeof(filename));
|
||||||
|
|
||||||
logger(Core, Debug, "%s(), verify public key for %s",__func__, host);
|
logger(Core, Debug, "%s(), verify pubkey for %s",__func__, host);
|
||||||
|
|
||||||
in = fopen(filename, "r");
|
in = fopen(filename, "r");
|
||||||
if (in == NULL)
|
if (in == NULL)
|
||||||
@ -160,7 +158,6 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
|
|||||||
return GNUTLS_E_NO_CERTIFICATE_FOUND;
|
return GNUTLS_E_NO_CERTIFICATE_FOUND;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get expiration line */
|
|
||||||
if (fgets(buf, sizeof(buf), in) == NULL)
|
if (fgets(buf, sizeof(buf), in) == NULL)
|
||||||
{
|
{
|
||||||
logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
|
logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
|
||||||
@ -168,7 +165,7 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
|
|||||||
return GNUTLS_E_NO_CERTIFICATE_FOUND;
|
return GNUTLS_E_NO_CERTIFICATE_FOUND;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get base64 line */
|
/* base64 decode stored key and compare */
|
||||||
if (fgets(buf, sizeof(buf), in) == NULL)
|
if (fgets(buf, sizeof(buf), in) == NULL)
|
||||||
{
|
{
|
||||||
logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
|
logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
|
||||||
@ -178,31 +175,24 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
|
|||||||
|
|
||||||
fclose(in);
|
fclose(in);
|
||||||
|
|
||||||
/* base64 decode stored key and compare */
|
tmp.data = (unsigned char*)buf;
|
||||||
base64_decode_init(&ctx);
|
tmp.size = strlen(buf);
|
||||||
dst_size = sizeof(dst);
|
CHECK(gnutls_base64_decode2(&tmp, &store_pubkey));
|
||||||
if (base64_decode_update(&ctx, &dst_size, dst, strlen(buf), buf) == 0)
|
|
||||||
{
|
|
||||||
logger(Core, Error, "%s(), failed to base64 decode public key from cache", __func__);
|
|
||||||
unlink(filename);
|
|
||||||
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
|
|
||||||
}
|
|
||||||
base64_decode_final(&ctx);
|
|
||||||
store_pubkey.size = dst_size;
|
|
||||||
store_pubkey.data = dst;
|
|
||||||
|
|
||||||
/* verify public key against cached key */
|
|
||||||
if (pubkey->size != store_pubkey.size)
|
if (pubkey->size != store_pubkey.size)
|
||||||
{
|
{
|
||||||
|
gnutls_free(store_pubkey.data);
|
||||||
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
|
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (memcmp(pubkey->data, store_pubkey.data, pubkey->size) != 0)
|
if (memcmp(pubkey->data, store_pubkey.data, pubkey->size) != 0)
|
||||||
{
|
{
|
||||||
|
gnutls_free(store_pubkey.data);
|
||||||
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
|
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Found mathcing public key in cache */
|
/* Found mathcing public key in cache */
|
||||||
|
gnutls_free(store_pubkey.data);
|
||||||
return GNUTLS_E_SUCCESS;
|
return GNUTLS_E_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user