diff options
author | Olivier Crête <olivier.crete@collabora.com> | 2017-03-31 21:23:12 -0400 |
---|---|---|
committer | Olivier Crête <olivier.crete@collabora.com> | 2017-04-03 11:27:13 -0400 |
commit | 6e45d1866ea92a019b9cd18642cb43123980b0ca (patch) | |
tree | 591a1577c31d384c4626a3a92547a6447cb83ba1 | |
parent | 4c79b8659da1a627463b5b66c56ddf863801aaab (diff) | |
download | libnice-6e45d1866ea92a019b9cd18642cb43123980b0ca.tar.gz |
stun: Switch from gcrypt to gnutls
GLib already uses it, instead of adding another dep.
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.freedesktop.org/D1705
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | configure.ac | 28 | ||||
-rw-r--r-- | nice/nice.pc.in | 1 | ||||
-rw-r--r-- | stun/Makefile.am | 4 | ||||
-rw-r--r-- | stun/rand.c | 18 | ||||
-rw-r--r-- | stun/stunhmac.c | 55 |
6 files changed, 42 insertions, 66 deletions
@@ -20,7 +20,7 @@ Requirements pkg-config gupnp-igd >= 0.1.2 (optional) gstreamer-0.10 >= 0.10.0 (optional) - gcrypt >= 1.4.5 + gnutls >= 2.12.0 Build instructions ------------------ diff --git a/configure.ac b/configure.ac index 2b4a68a..93bf1e2 100644 --- a/configure.ac +++ b/configure.ac @@ -184,14 +184,20 @@ AC_CHECK_FUNCS([poll]) AC_SUBST(LIBRT) # Dependencies + +GNUTLS_PACKAGES_PRIVATE="gnutls >= 2.12.0" +PKG_CHECK_MODULES(GNUTLS, [$GNUTLS_PACKAGES_PRIVATE]) + NICE_PACKAGES_PUBLIC="glib-2.0 >= $GLIB_REQ gio-2.0 >= $GLIB_REQ gobject-2.0 >= $GLIB_REQ" NICE_PACKAGES_PRIVATE="gthread-2.0" -NICE_PACKAGES="$NICE_PACKAGES_PUBLIC $NICE_PACKAGES_PRIVATE" + +PKG_CHECK_MODULES(GLIB, [$NICE_PACKAGES_PUBLIC $NICE_PACKAGES_PRIVATE]) + +NICE_PACKAGES_PRIVATE="$NICE_PACKAGES_PRIVATE $GNUTLS_PACKAGES_PRIVATE" + AC_SUBST([NICE_PACKAGES_PUBLIC]) AC_SUBST([NICE_PACKAGES_PRIVATE]) -AC_SUBST([NICE_PACKAGES]) -PKG_CHECK_MODULES(GLIB, [$NICE_PACKAGES]) AC_ARG_WITH(gstreamer, AS_HELP_STRING([--with-gstreamer],[build GStreamer plugin]), @@ -301,22 +307,6 @@ AC_SUBST([GUPNP_PACKAGES]) AC_SUBST(HAVE_GUPNP) AC_SUBST([UPNP_ENABLED]) -dnl libgcrypt -GCRYPT_VERSION=1.6.0 -GCRYPT_LIBVER=1 - -AM_PATH_LIBGCRYPT($GCRYPT_LIBVER:$GCRYPT_VERSION,,AC_MSG_ERROR([[ -*** -*** libgcrypt was not found. You may want to get it from -*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ -*** -]])) -libgcrypt=yes -AC_DEFINE_UNQUOTED(LIBGCRYPT_VERSION, "$GCRYPT_VERSION", [Version of GCRYPT we expect]) - -AC_SUBST([LIBGCRYPT_CFLAGS]) -AC_SUBST([LIBGCRYPT_LIBS]) - dnl Test coverage AC_ARG_ENABLE([coverage], [AS_HELP_STRING([--enable-coverage], diff --git a/nice/nice.pc.in b/nice/nice.pc.in index b968ca8..8805f0d 100644 --- a/nice/nice.pc.in +++ b/nice/nice.pc.in @@ -10,5 +10,4 @@ Version: @VERSION@ Requires: @NICE_PACKAGES_PUBLIC@ @GUPNP_PACKAGES_PUBLIC@ Requires.private: @NICE_PACKAGES_PRIVATE@ @GUPNP_PACKAGES_PRIVATE@ Libs: -L${libdir} -lnice -Libs.private: @LIBGCRYPT_LIBS@ Cflags: -I${includedir}/nice -I${includedir} diff --git a/stun/Makefile.am b/stun/Makefile.am index f532616..c9b0cb2 100644 --- a/stun/Makefile.am +++ b/stun/Makefile.am @@ -14,7 +14,7 @@ AM_CFLAGS = \ -std=gnu99 \ -DG_LOG_DOMAIN=\"libnice-stun\" \ $(LIBNICE_CFLAGS) \ - $(LIBGCRYPT_CFLAGS) \ + $(GNUTLS_CFLAGS) \ $(NULL) AM_CPPFLAGS = -I$(top_srcdir) @@ -38,7 +38,7 @@ libstun_la_SOURCES = constants.h \ usages/turn.c usages/turn.h \ usages/timer.c usages/timer.h -libstun_la_LIBADD = $(LIBRT) $(LIBGCRYPT_LIBS) +libstun_la_LIBADD = $(LIBRT) $(GNUTLS_LIBS) EXTRA_DIST = win32_common.h diff --git a/stun/rand.c b/stun/rand.c index a375f33..1deaf56 100644 --- a/stun/rand.c +++ b/stun/rand.c @@ -68,23 +68,13 @@ void nice_RAND_bytes (uint8_t *dst, int len) } #else -#include <gcrypt.h> +#include <sys/types.h> +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> void nice_RAND_bytes (uint8_t *dst, int len) { - /* Initialise libgcrypt. The application might do this first, but we need to - * do it otherwise. Abort if this fails, as we can’t do random number - * generation. */ - if (!gcry_check_version (GCRYPT_VERSION)) - abort (); - - if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) - { - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - } - - gcry_randomize (dst, len, GCRY_STRONG_RANDOM); + gnutls_rnd (GNUTLS_RND_NONCE, dst, len); } #endif /* _WIN32 */ diff --git a/stun/stunhmac.c b/stun/stunhmac.c index 795e987..825656a 100644 --- a/stun/stunhmac.c +++ b/stun/stunhmac.c @@ -47,40 +47,40 @@ #include <string.h> #include <assert.h> -#include <gcrypt.h> +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> void stun_sha1 (const uint8_t *msg, size_t len, size_t msg_len, uint8_t *sha, const void *key, size_t keylen, int padding) { uint16_t fakelen = htons (msg_len); uint8_t pad_char[64] = {0}; - gcry_mac_hd_t hd; - size_t sha_len = 20; - -#define TRY(s) \ - if (!(s)) \ - abort (); + gnutls_hmac_hd_t handle; + int ret; assert (len >= 44u); - TRY (gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA1, 0 /* flags */, NULL) == 0); - TRY (gcry_mac_setkey (hd, key, keylen) == 0); + assert (gnutls_hmac_get_len (GNUTLS_MAC_SHA1) == 20); + ret = gnutls_hmac_init (&handle, GNUTLS_MAC_SHA1, key, keylen); + assert (ret >= 0); - TRY (gcry_mac_write (hd, msg, 2) == 0); - TRY (gcry_mac_write (hd, &fakelen, 2) == 0); - TRY (gcry_mac_write (hd, msg + 4, len - 28) == 0); + ret = gnutls_hmac (handle, msg, 2); + assert (ret >= 0); + ret = gnutls_hmac (handle, &fakelen, 2); + assert (ret >= 0); + ret = gnutls_hmac (handle, msg + 4, len - 28); + assert (ret >= 0); /* RFC 3489 specifies that the message's size should be 64 bytes, and \x00 padding should be done */ if (padding && ((len - 24) % 64) > 0) { uint16_t pad_size = 64 - ((len - 24) % 64); - TRY (gcry_mac_write (hd, pad_char, pad_size) == 0); - } - TRY (gcry_mac_read (hd, sha, &sha_len) == 0); - assert (sha_len == 20); + ret = gnutls_hmac (handle, pad_char, pad_size); + assert (ret >= 0); + } - gcry_mac_close (hd); + gnutls_hmac_deinit (handle, sha); } static const uint8_t *priv_trim_var (const uint8_t *var, size_t *var_len) @@ -109,19 +109,16 @@ void stun_hash_creds (const uint8_t *realm, size_t realm_len, const uint8_t *password_trimmed = priv_trim_var (password, &password_len); const uint8_t *realm_trimmed = priv_trim_var (realm, &realm_len); const uint8_t *colon = (uint8_t *)":"; + gnutls_hash_hd_t handle; + + gnutls_hash_init (&handle, GNUTLS_DIG_MD5); + gnutls_hash (handle, username_trimmed, username_len); + gnutls_hash (handle, colon, 1); + gnutls_hash (handle, realm_trimmed, realm_len); + gnutls_hash (handle, colon, 1); + gnutls_hash (handle, password_trimmed, password_len); - /* https://gnupg.org/documentation/manuals/gcrypt/Buffer-description.html */ - const gcry_buffer_t iov[] = { - /* size, off, len, data */ - { 0, 0, username_len, (void *) username_trimmed }, - { 0, 0, 1, (void *) colon }, - { 0, 0, realm_len, (void *) realm_trimmed }, - { 0, 0, 1, (void *) colon }, - { 0, 0, password_len, (void *) password_trimmed }, - }; - - gcry_md_hash_buffers (GCRY_MD_MD5, 0 /* flags */, md5, - iov, sizeof (iov) / sizeof (*iov)); + gnutls_hash_deinit (handle, md5); } |