From f6eeb5d383a254787e7f5bc6e59b016bc99c435a Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Sat, 27 Aug 2011 20:39:13 +0200 Subject: cmake: set SOVERSION --- CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3b1a0ef..ba3ff43 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -217,6 +217,10 @@ target_link_libraries(vncserver ${WEBSOCKET_LIBRARIES} ) +SET_TARGET_PROPERTIES(vncclient vncserver + PROPERTIES SOVERSION "0.0.0" +) + # tests set(LIBVNCSERVER_TESTS backchannel -- cgit v1.2.1 From eab1531525086900db9b8c3b1d69c3b4d222fee4 Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Sun, 28 Aug 2011 22:47:28 +0200 Subject: configure: Add AM_SILENT_RULES MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Working with “silent make mode” makes debugging a lot of easier since warnings wont shadowed by useless compiler noise --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 79ce830..3e7c901 100644 --- a/configure.ac +++ b/configure.ac @@ -3,6 +3,7 @@ AC_INIT(LibVNCServer, 0.9.8, http://sourceforge.net/projects/libvncserver) AM_INIT_AUTOMAKE(LibVNCServer, 0.9.8) AM_CONFIG_HEADER(rfbconfig.h) AX_PREFIX_CONFIG_H([rfb/rfbconfig.h]) +AM_SILENT_RULES([yes]) # Checks for programs. AC_PROG_CC -- cgit v1.2.1 From 98a9d49c056a3c5a06cba78888210566c3b65dd6 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 18:05:13 +0200 Subject: Update AUTHORS regarding the websocket guys. --- AUTHORS | 3 ++- libvncserver/websockets.c | 0 2 files changed, 2 insertions(+), 1 deletion(-) mode change 100755 => 100644 libvncserver/websockets.c diff --git a/AUTHORS b/AUTHORS index 4e1b618..ba75f64 100644 --- a/AUTHORS +++ b/AUTHORS @@ -32,7 +32,8 @@ Alberto Lusiani, Malvina Mazin, Dave Stuart, Rohit Kumar, Donald Dugger, Steven Carr, Uwe Völker, Charles Coffing, Guillaume Rousse, Alessandro Praduroux, Brad Hards, Timo Ketola, Christian Ehrlicher, Noriaki Yamazaki, Ben Klopfenstein, Vic Lee, Christian Beier, -Alexander Dorokhine, Corentin Chary, Wouter Van Meir and George Kiagiadakis. +Alexander Dorokhine, Corentin Chary, Wouter Van Meir, George Kiagiadakis, +Joel Martin and Gernot Tenchio. Probably I forgot quite a few people sending a patch here and there, which really made a difference. Without those, some obscure bugs still would diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c old mode 100755 new mode 100644 -- cgit v1.2.1 From 2046cc9abd284528075abbaa758b148cece62d82 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 20:00:29 +0200 Subject: Fix libvncserver GnuTLS init. gnutls_certificate_set_x509_trust_file() returns the number of processed certs and _not_ GNUTLS_E_SUCCESS (0) on success! --- libvncserver/rfbssl_gnutls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvncserver/rfbssl_gnutls.c b/libvncserver/rfbssl_gnutls.c index 0689c01..cf60cdc 100644 --- a/libvncserver/rfbssl_gnutls.c +++ b/libvncserver/rfbssl_gnutls.c @@ -95,7 +95,7 @@ struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert) /* */ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) { /* */ - } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM))) { + } else if ((ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM)) < 0) { /* */ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) { /* */ -- cgit v1.2.1 From cb0340ccc5351a2ab31ad03b2dc13334ba349d71 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 11 Sep 2011 21:02:55 +0200 Subject: Autotools: Fix OpenSSL and GnuTLS advertisement. --- configure.ac | 3 ++- libvncserver/Makefile.am | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 3e7c901..a986912 100644 --- a/configure.ac +++ b/configure.ac @@ -146,7 +146,7 @@ something like libssl-dev) and run configure again. [AC_DEFINE(HAVE_X509_PRINT_EX_FP) HAVE_X509_PRINT_EX_FP="true"], , $SSL_LIBS ) fi -AM_CONDITIONAL(HAVE_LIBSSL, test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno") +AM_CONDITIONAL(HAVE_LIBSSL, test ! -z "$SSL_LIBS") # Checks for X libraries HAVE_X11="false" @@ -796,6 +796,7 @@ if test "x$with_gnutls" != "xno"; then AC_DEFINE(WITH_CLIENT_TLS) fi fi +AM_CONDITIONAL(HAVE_GNUTLS, test ! -z "$GNUTLS_LIBS") # IPv6 AH_TEMPLATE(IPv6, [Enable IPv6 support]) diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 4a031af..98d97bc 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -17,11 +17,11 @@ if WITH_WEBSOCKETS if HAVE_LIBSSL WEBSOCKETSSSLSRCS = rfbssl_openssl.c else -#if HAVE_GNUTLS -#WEBSOCKETSSSLSRCS = rfbssl_gnutls.c -#else +if HAVE_GNUTLS +WEBSOCKETSSSLSRCS = rfbssl_gnutls.c +else WEBSOCKETSSSLSRCS = rfbssl_none.c -#endif +endif endif WEBSOCKETSSRCS = websockets.c ../common/md5.c ../common/sha1.c $(WEBSOCKETSSSLSRCS) -- cgit v1.2.1 From bd9cae3d122bc602e5a3d2638c0bb9435f8fc47c Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Sun, 18 Sep 2011 21:20:53 +0200 Subject: Add support for different crypto implementations --- libvncserver/Makefile.am | 12 +++++---- libvncserver/rfbcrypto.h | 12 +++++++++ libvncserver/rfbcrypto_gnutls.c | 50 ++++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_included.c | 49 +++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_openssl.c | 49 +++++++++++++++++++++++++++++++++++++ libvncserver/rfbcrypto_polarssl.c | 26 ++++++++++++++++++++ libvncserver/websockets.c | 51 +++++++++++++++------------------------ 7 files changed, 212 insertions(+), 37 deletions(-) create mode 100644 libvncserver/rfbcrypto.h create mode 100644 libvncserver/rfbcrypto_gnutls.c create mode 100644 libvncserver/rfbcrypto_included.c create mode 100644 libvncserver/rfbcrypto_openssl.c create mode 100644 libvncserver/rfbcrypto_polarssl.c diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am index 98d97bc..287f1c9 100644 --- a/libvncserver/Makefile.am +++ b/libvncserver/Makefile.am @@ -15,16 +15,18 @@ endif if WITH_WEBSOCKETS if HAVE_LIBSSL -WEBSOCKETSSSLSRCS = rfbssl_openssl.c +WEBSOCKETSSSLSRCS = rfbssl_openssl.c rfbcrypto_openssl.c +WEBSOCKETSSSLLIBS = @SSL_LIBS@ @CRYPT_LIBS@ else if HAVE_GNUTLS -WEBSOCKETSSSLSRCS = rfbssl_gnutls.c +WEBSOCKETSSSLSRCS = rfbssl_gnutls.c rfbcrypto_gnutls.c +WEBSOCKETSSSLLIBS = @GNUTLS_LIBS@ else -WEBSOCKETSSSLSRCS = rfbssl_none.c +WEBSOCKETSSSLSRCS = rfbssl_none.c rfbcrypto_included.c ../common/md5.c ../common/sha1.c endif endif -WEBSOCKETSSRCS = websockets.c ../common/md5.c ../common/sha1.c $(WEBSOCKETSSSLSRCS) +WEBSOCKETSSRCS = websockets.c $(WEBSOCKETSSSLSRCS) endif includedir=$(prefix)/include/rfb @@ -59,7 +61,7 @@ LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \ $(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS) libvncserver_la_SOURCES=$(LIB_SRCS) -libvncserver_la_LIBADD=@SSL_LIBS@ @CRYPT_LIBS@ +libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) lib_LTLIBRARIES=libvncserver.la diff --git a/libvncserver/rfbcrypto.h b/libvncserver/rfbcrypto.h new file mode 100644 index 0000000..9dc3e63 --- /dev/null +++ b/libvncserver/rfbcrypto.h @@ -0,0 +1,12 @@ +#ifndef _RFB_CRYPTO_H +#define _RFB_CRYPTO_H 1 + +#include + +#define SHA1_HASH_SIZE 20 +#define MD5_HASH_SIZE 16 + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest); +void digestsha1(const struct iovec *iov, int iovcnt, void *dest); + +#endif diff --git a/libvncserver/rfbcrypto_gnutls.c b/libvncserver/rfbcrypto_gnutls.c new file mode 100644 index 0000000..2ecb2da --- /dev/null +++ b/libvncserver/rfbcrypto_gnutls.c @@ -0,0 +1,50 @@ +/* + * rfbcrypto_gnutls.c - Crypto wrapper (gnutls version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + gcry_md_hd_t c; + int i; + + gcry_md_open(&c, GCRY_MD_MD5, 0); + for (i = 0; i < iovcnt; i++) + gcry_md_write(c, iov[i].iov_base, iov[i].iov_len); + gcry_md_final(c); + memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_MD5)); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + gcry_md_hd_t c; + int i; + + gcry_md_open(&c, GCRY_MD_SHA1, 0); + for (i = 0; i < iovcnt; i++) + gcry_md_write(c, iov[i].iov_base, iov[i].iov_len); + gcry_md_final(c); + memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1)); +} diff --git a/libvncserver/rfbcrypto_included.c b/libvncserver/rfbcrypto_included.c new file mode 100644 index 0000000..e02b623 --- /dev/null +++ b/libvncserver/rfbcrypto_included.c @@ -0,0 +1,49 @@ +/* + * rfbcrypto_included.c - Crypto wrapper (included version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include "md5.h" +#include "sha1.h" +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + md5_context c; + int i; + + __md5_init_ctx(&c); + for (i = 0; i < iovcnt; i++) + __md5_process_bytes(&c, iov[i].iov_base, iov[i].iov_len); + __md5_finish_ctx(&c, dest); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + SHA1Context c; + int i; + + SHA1Reset(&c); + for (i = 0; i < iovcnt; i++) + SHA1Input(&c, iov[i].iov_base, iov[i].iov_len); + SHA1Result(&c, dest); +} diff --git a/libvncserver/rfbcrypto_openssl.c b/libvncserver/rfbcrypto_openssl.c new file mode 100644 index 0000000..29ec5c1 --- /dev/null +++ b/libvncserver/rfbcrypto_openssl.c @@ -0,0 +1,49 @@ +/* + * rfbcrypto_openssl.c - Crypto wrapper (openssl version) + */ + +/* + * Copyright (C) 2011 Gernot Tenchio + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this software; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +#include +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + MD5_CTX c; + int i; + + MD5_Init(&c); + for (i = 0; i < iovcnt; i++) + MD5_Update(&c, iov[i].iov_base, iov[i].iov_len); + MD5_Final(dest, &c); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + SHA_CTX c; + int i; + + SHA1_Init(&c); + for (i = 0; i < iovcnt; i++) + SHA1_Update(&c, iov[i].iov_base, iov[i].iov_len); + SHA1_Final(dest, &c); +} diff --git a/libvncserver/rfbcrypto_polarssl.c b/libvncserver/rfbcrypto_polarssl.c new file mode 100644 index 0000000..f28dca3 --- /dev/null +++ b/libvncserver/rfbcrypto_polarssl.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include "rfbcrypto.h" + +void digestmd5(const struct iovec *iov, int iovcnt, void *dest) +{ + md5_context c; + int i; + + md5_starts(&c); + for (i = 0; i < iovcnt; i++) + md5_update(&c, iov[i].iov_base, iov[i].iov_len); + md5_finish(dest, &c); +} + +void digestsha1(const struct iovec *iov, int iovcnt, void *dest) +{ + sha1_context c; + int i; + + sha1_starts(&c); + for (i = 0; i < iovcnt; i++) + sha1_update(&c, iov[i].iov_base, iov[i].iov_len); + sha1_finish(dest, &c); +} diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c index a030b15..7532e33 100644 --- a/libvncserver/websockets.c +++ b/libvncserver/websockets.c @@ -33,10 +33,9 @@ #include #include -#include "md5.h" -#include "sha1.h" #include "rfbconfig.h" #include "rfbssl.h" +#include "rfbcrypto.h" #if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN #define WS_NTOH64(n) (n) @@ -165,36 +164,20 @@ min (int a, int b) { return a < b ? a : b; } -void -webSocketsGenSha1Key(char * target, int size, char *key) +static void webSocketsGenSha1Key(char *target, int size, char *key) { - int len; - SHA1Context sha; - uint8_t digest[SHA1HashSize]; - - if (size < B64LEN(SHA1HashSize) + 1) { - rfbErr("webSocketsGenSha1Key: not enough space in target\n"); - target[0] = '\0'; - return; - } - - SHA1Reset(&sha); - SHA1Input(&sha, (unsigned char *)key, strlen(key)); - SHA1Input(&sha, (unsigned char *)GUID, strlen(GUID)); - SHA1Result(&sha, digest); - - len = __b64_ntop((unsigned char *)digest, SHA1HashSize, target, size); - if (len < size - 1) { - rfbErr("webSocketsGenSha1Key: b64_ntop failed\n"); - target[0] = '\0'; - return; - } - - target[len] = '\0'; - return; + struct iovec iov[2]; + unsigned char hash[20]; + + iov[0].iov_base = key; + iov[0].iov_len = strlen(key); + iov[1].iov_base = GUID; + iov[1].iov_len = sizeof(GUID) - 1; + digestsha1(iov, 2, hash); + if (-1 == __b64_ntop(hash, sizeof(hash), target, size)) + rfbErr("b64_ntop failed\n"); } - /* * rfbWebSocketsHandshake is called to handle new WebSockets connections */ @@ -389,7 +372,7 @@ webSocketsHandshake(rfbClientPtr cl, char *scheme) */ if (sec_ws_version) { - char accept[B64LEN(SHA1HashSize) + 1]; + char accept[B64LEN(SHA1_HASH_SIZE) + 1]; rfbLog(" - WebSockets client version hybi-%02d\n", sec_ws_version); webSocketsGenSha1Key(accept, sizeof(accept), sec_ws_key); len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, @@ -436,13 +419,15 @@ webSocketsHandshake(rfbClientPtr cl, char *scheme) cl->wsctx = (wsCtx *)wsctx; return TRUE; } - + void webSocketsGenMd5(char * target, char *key1, char *key2, char *key3) { unsigned int i, spaces1 = 0, spaces2 = 0; unsigned long num1 = 0, num2 = 0; unsigned char buf[17]; + struct iovec iov[1]; + for (i=0; i < strlen(key1); i++) { if (key1[i] == ' ') { spaces1 += 1; @@ -477,7 +462,9 @@ webSocketsGenMd5(char * target, char *key1, char *key2, char *key3) strncpy((char *)buf+8, key3, 8); buf[16] = '\0'; - md5_buffer((char *)buf, 16, target); + iov[0].iov_base = buf; + iov[0].iov_len = 16; + digestmd5(iov, 1, target); target[16] = '\0'; return; -- cgit v1.2.1 From d4cfc260fe7eb164f9e53dd4fb524b9fedd35c04 Mon Sep 17 00:00:00 2001 From: Gernot Tenchio Date: Tue, 20 Sep 2011 00:22:55 +0200 Subject: rfbcrypto_polarssl: it was way to late last night... --- libvncserver/rfbcrypto_polarssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libvncserver/rfbcrypto_polarssl.c b/libvncserver/rfbcrypto_polarssl.c index f28dca3..55e3a7b 100644 --- a/libvncserver/rfbcrypto_polarssl.c +++ b/libvncserver/rfbcrypto_polarssl.c @@ -11,7 +11,7 @@ void digestmd5(const struct iovec *iov, int iovcnt, void *dest) md5_starts(&c); for (i = 0; i < iovcnt; i++) md5_update(&c, iov[i].iov_base, iov[i].iov_len); - md5_finish(dest, &c); + md5_finish(&c, dest); } void digestsha1(const struct iovec *iov, int iovcnt, void *dest) @@ -22,5 +22,5 @@ void digestsha1(const struct iovec *iov, int iovcnt, void *dest) sha1_starts(&c); for (i = 0; i < iovcnt; i++) sha1_update(&c, iov[i].iov_base, iov[i].iov_len); - sha1_finish(dest, &c); + sha1_finish(&c, dest); } -- cgit v1.2.1