summaryrefslogtreecommitdiffstats
path: root/x11vnc/sslhelper.c
diff options
context:
space:
mode:
authorrunge <runge>2008-09-21 23:04:47 +0000
committerrunge <runge>2008-09-21 23:04:47 +0000
commit16c7ea1b357ab518ee5a40f2a663843f064479a9 (patch)
tree4f8cceaaa9920ae1ca6e4cb0468e5d87f1d63326 /x11vnc/sslhelper.c
parenta1e5d55e356f4913169f6dd746b14548cc51695d (diff)
downloadlibtdevnc-16c7ea1b357ab518ee5a40f2a663843f064479a9.tar.gz
libtdevnc-16c7ea1b357ab518ee5a40f2a663843f064479a9.zip
x11vnc: Add symmetric key encryption -enc cipher:keyfile,
works with SSVNC. Make -remap work on MacOSX console. update to 0.9.5 strings. Add a couple menu items to tkx11vnc.
Diffstat (limited to 'x11vnc/sslhelper.c')
-rw-r--r--x11vnc/sslhelper.c81
1 files changed, 77 insertions, 4 deletions
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c
index d7fb06b..1fd2958 100644
--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -702,6 +702,14 @@ void openssl_init(int isclient) {
do_dh = DO_DH;
+ if (enc_str != NULL) {
+ if (first) {
+ init_prng();
+ }
+ first = 0;
+ return;
+ }
+
if (! quiet) {
rfbLog("\n");
rfbLog("Initializing SSL (%s connect mode).\n", isclient ? "client":"server");
@@ -2079,6 +2087,9 @@ static int ssl_init(int s_in, int s_out) {
double start = dnow();
int timeout = 20;
+ if (enc_str != NULL) {
+ return 1;
+ }
if (getenv("SSL_DEBUG")) {
db = atoi(getenv("SSL_DEBUG"));
}
@@ -2247,6 +2258,8 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
return 1;
}
+static symmetric_encryption_xfer(int csock, int s_in, int s_out);
+
static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
int dbxfer = 0, db = 0, check_pending, fdmax, nfd, n, i, err;
char cbuf[ABSIZE], sbuf[ABSIZE];
@@ -2274,6 +2287,10 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
raw_xfer(csock, s_in, s_out);
return;
}
+ if (enc_str != NULL) {
+ symmetric_encryption_xfer(csock, s_in, s_out);
+ return;
+ }
if (getenv("SSL_DEBUG")) {
db = atoi(getenv("SSL_DEBUG"));
}
@@ -2685,8 +2702,8 @@ void check_https(void) {
#define MSZ 4096
static void init_prng(void) {
- int db = 0, bytes;
- char file[MSZ];
+ int db = 0, bytes, ubytes, fd;
+ char file[MSZ], dtmp[100];
RAND_file_name(file, MSZ);
@@ -2695,19 +2712,42 @@ static void init_prng(void) {
bytes = RAND_load_file(file, -1);
if (db) fprintf(stderr, "bytes read: %d\n", bytes);
- bytes += RAND_load_file("/dev/urandom", 64);
- if (db) fprintf(stderr, "bytes read: %d\n", bytes);
+ ubytes = RAND_load_file("/dev/urandom", 64);
+ bytes += ubytes;
+ if (db) fprintf(stderr, "bytes read: %d / %d\n", bytes, ubytes);
+
+ /* mix in more predictable stuff as well for fallback */
+ sprintf(dtmp, "/tmp/p%.8f.XXXXXX", dnow());
+ fd = mkstemp(dtmp);
+ RAND_add(dtmp, strlen(dtmp), 0);
+ if (fd >= 0) {
+ close(fd);
+ unlink(dtmp);
+ }
+ sprintf(dtmp, "%d-%.8f", (int) getpid(), dnow());
+ RAND_add(dtmp, strlen(dtmp), 0);
+
+ if (!RAND_status()) {
+ ubytes = -1;
+ rfbLog("calling RAND_poll()\n");
+ RAND_poll();
+ }
if (bytes > 0) {
if (! quiet) {
rfbLog("initialized PRNG with %d random bytes.\n",
bytes);
}
+ if (ubytes > 32 && rnow() < 0.25) {
+ RAND_write_file(file);
+ }
return;
}
bytes += RAND_load_file("/dev/random", 8);
if (db) fprintf(stderr, "bytes read: %d\n", bytes);
+ RAND_poll();
+
if (! quiet) {
rfbLog("initialized PRNG with %d random bytes.\n", bytes);
}
@@ -2800,3 +2840,36 @@ if (db) fprintf(stderr, "raw_xfer bad write: %d -> %d | %d/%d errno=%d\n", cso
#endif /* FORK_OK */
}
+#define ENC_MODULE
+#if LIBVNCSERVER_HAVE_LIBSSL
+#define ENC_HAVE_OPENSSL 1
+#else
+#define ENC_HAVE_OPENSSL 0
+#endif
+#include "enc.h"
+
+static symmetric_encryption_xfer(int csock, int s_in, int s_out) {
+ char tmp[100];
+ char *cipher, *keyfile, *q;
+ if (! enc_str) {
+ return;
+ }
+ cipher = (char *) malloc(strlen(enc_str) + 100);
+ q = strchr(enc_str, ':');
+ if (!q) return;
+ *q = '\0';
+ if (getenv("X11VNC_USE_ULTRADSM_IV")) {
+ sprintf(cipher, "rev:%s", enc_str);
+ } else {
+ sprintf(cipher, "noultra:rev:%s", enc_str);
+ }
+ keyfile = strdup(q+1);
+ *q = ':';
+
+
+ /* TBD: s_in != s_out */
+ sprintf(tmp, "fd=%d,%d", s_in, csock);
+
+ enc_do(cipher, keyfile, "-1", tmp);
+}
+