Use gcrypt for 3DES encryption (used for new MSN authentication) so we

mostly don't need lib/des.c anymore.

2 files changed, 36 insertions, 10 deletions

diff --git a/configure b/configure
index fa7a76bd..ff68da8a 100755
--- a/configure
+++ b/configure
@@ -268,15 +268,15 @@ detect_gnutls()
 {
 	if $PKG_CONFIG --exists gnutls; then
 		cat <<EOF>>Makefile.settings
-EFLAGS+=`$PKG_CONFIG --libs gnutls`
-CFLAGS+=`$PKG_CONFIG --cflags gnutls`
+EFLAGS+=`$PKG_CONFIG --libs gnutls` `libgcrypt-config --libs`
+CFLAGS+=`$PKG_CONFIG --cflags gnutls` `libgcrypt-config --cflags`
 EOF
 		ssl=gnutls
 		ret=1
 	elif libgnutls-config --version > /dev/null 2> /dev/null; then
 		cat <<EOF>>Makefile.settings
-EFLAGS+=`libgnutls-config --libs`
-CFLAGS+=`libgnutls-config --cflags`
+EFLAGS+=`libgnutls-config --libs` `libgcrypt-config --libs`
+CFLAGS+=`libgnutls-config --cflags` `libgcrypt-config --cflags`
 EOF
 		
 		ssl=gnutls
@@ -426,9 +426,11 @@ if [ "$ret" = "0" ]; then
 	exit 1
 fi;
 
-if [ "$msn" = "1" -a "$ssl" != "openssl" ]; then
+if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "gnutls" ]; then
 	# Needed for MSN only. OpenSSL exports nice cipher functions already,
-	# others don't, so use our own 3des code.
+	# in case of GnuTLS we should be able to use gcrypt. Otherwise, use
+	# built-in stuff. (Since right now those are the only two supported
+	# SSL modules anyway, this is mostly unnecessary.)
 	echo 'DES=des.o' >> Makefile.settings
 fi
 
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index ee166bd1..cdc7c498 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -24,6 +24,7 @@
 */
 
 #include <gnutls/gnutls.h>
+#include <gcrypt.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include "proxy.h"
@@ -62,6 +63,9 @@ static gboolean ssl_handshake( gpointer data, gint source, b_input_condition con
 
 void ssl_init( void )
 {
+	if( initialized )
+		return;
+	
 	gnutls_global_init();
 	initialized = TRUE;
 	atexit( gnutls_global_deinit );
@@ -126,10 +130,7 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con
 		return FALSE;
 	}
 	
-	if( !initialized )
-	{
-		ssl_init();
-	}
+	ssl_init();
 	
 	gnutls_certificate_allocate_credentials( &conn->xcred );
 	gnutls_init( &conn->session, GNUTLS_CLIENT );
@@ -254,3 +255,26 @@ b_input_condition ssl_getdirection( void *conn )
 	return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ?
 	        B_EV_IO_WRITE : B_EV_IO_READ );
 }
+
+size_t ssl_des3_encrypt( const unsigned char *key, size_t key_len, const unsigned char *input,
+                         size_t input_len, const unsigned char *iv, unsigned char **res )
+{
+	gcry_cipher_hd_t gcr;
+	gcry_error_t st;
+	
+	ssl_init();
+	
+	*res = g_malloc( input_len  );
+	st = gcry_cipher_open( &gcr, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0 ) ||
+	     gcry_cipher_setkey( gcr, key, key_len ) ||
+	     gcry_cipher_setiv( gcr, iv, 8 ) ||
+	     gcry_cipher_encrypt( gcr, *res, input_len, input, input_len );
+	
+	gcry_cipher_close( gcr );
+	
+	if( st == 0 )
+		return input_len;
+	
+	g_free( *res );
+	return 0;
+}