From: Pierre Ossman <ossman@cendio.se>
Date: Wed, 14 Jul 2021 12:24:08 +0000 (+0200)
Subject: Merge branch 'utilize-system-wide-crypto' of https://github.com/grulja/tigervnc
X-Git-Tag: v1.11.90~27
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=dfc9421dcf0fc97ad99638df501b95cb162e95b2;p=tigervnc.git

Merge branch 'utilize-system-wide-crypto' of https://github.com/grulja/tigervnc
---

dfc9421dcf0fc97ad99638df501b95cb162e95b2
diff --cc common/rfb/SSecurityTLS.cxx
index 4abc158f,2c236c71..6216ffd9
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@@ -201,29 -176,66 +201,67 @@@ void SSecurityTLS::setParams(gnutls_ses
    static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
  
    int ret;
-   char *prio;
-   const char *err;
  
-   prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
-                        strlen(kx_anon_priority) + 1);
-   if (prio == NULL)
-     throw AuthFailureException("Not enough memory for GnuTLS priority string");
+   // Custom priority string specified?
+   if (strcmp(Security::GnuTLSPriority, "") != 0) {
+     char *prio;
+     const char *err;
  
-   strcpy(prio, Security::GnuTLSPriority);
-   if (anon)
+     prio = (char*)malloc(strlen(Security::GnuTLSPriority) +
+                          strlen(kx_anon_priority) + 1);
+     if (prio == NULL)
+       throw AuthFailureException("Not enough memory for GnuTLS priority string");
+ 
+     strcpy(prio, Security::GnuTLSPriority);
+     if (anon)
+       strcat(prio, kx_anon_priority);
+ 
+     ret = gnutls_priority_set_direct(session, prio, &err);
+ 
+     free(prio);
+ 
+     if (ret != GNUTLS_E_SUCCESS) {
+       if (ret == GNUTLS_E_INVALID_REQUEST)
+         vlog.error("GnuTLS priority syntax error at: %s", err);
+       throw AuthFailureException("gnutls_set_priority_direct failed");
+     }
+   } else if (anon) {
+     const char *err;
+ 
+ #if GNUTLS_VERSION_NUMBER >= 0x030603
+     ret = gnutls_set_default_priority_append(session, kx_anon_priority, &err, 0);
+     if (ret != GNUTLS_E_SUCCESS) {
+       if (ret == GNUTLS_E_INVALID_REQUEST)
+         vlog.error("GnuTLS priority syntax error at: %s", err);
+       throw AuthFailureException("gnutls_set_default_priority_append failed");
+     }
+ #else
+     // We don't know what the system default priority is, so we guess
+     // it's what upstream GnuTLS has
+     static const char gnutls_default_priority[] = "NORMAL";
+     char *prio;
+ 
+     prio = (char*)malloc(strlen(gnutls_default_priority) +
+                          strlen(kx_anon_priority) + 1);
+     if (prio == NULL)
+       throw AuthFailureException("Not enough memory for GnuTLS priority string");
+ 
+     strcpy(prio, gnutls_default_priority);
      strcat(prio, kx_anon_priority);
  
-   ret = gnutls_priority_set_direct(session, prio, &err);
+     ret = gnutls_priority_set_direct(session, prio, &err);
  
-   free(prio);
+     free(prio);
  
-   if (ret != GNUTLS_E_SUCCESS) {
-     if (ret == GNUTLS_E_INVALID_REQUEST)
-       vlog.error("GnuTLS priority syntax error at: %s", err);
-     throw AuthFailureException("gnutls_set_priority_direct failed");
+     if (ret != GNUTLS_E_SUCCESS) {
+       if (ret == GNUTLS_E_INVALID_REQUEST)
+         vlog.error("GnuTLS priority syntax error at: %s", err);
+       throw AuthFailureException("gnutls_set_priority_direct failed");
+     }
+ #endif
    }
  
 +#if defined (SSECURITYTLS__USE_DEPRECATED_DH)
    if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
      throw AuthFailureException("gnutls_dh_params_init failed");