repo: tlswrap
action: commit
revision: 
path_from: 
revision_from: f16b0d860ed97f347d3ebc50143690f0fac628c8:
path_to: 
revision_to:
git.thebackupbox.net
tlswrap
git clone git://git.thebackupbox.net/tlswrap
commit f16b0d860ed97f347d3ebc50143690f0fac628c8
Author: epoch 
Date:   Mon Sep 9 18:42:42 2024 +0000

    changed how the md5 is generated from deprecated functions to non-deprecated. also a few log messages got src and dst added.

diff --git a/tlswrap.c b/tlswrap.c
index 8eeb7e4484571c78888c8098e146b480f5510afd..
index ..82db90eeba591a0fe30a4eafb9c9f1b045acecdd 100644
--- a/tlswrap.c
+++ b/tlswrap.c
@@ -316,7 +316,24 @@ void ja3_shit(struct ja3 *j) { // how do we get ssl version?
   for(i=0;i < j->point_formats_sz;i++) offset += snprintf(s+offset,sz,"%u-",j->point_formats[i]);
   if(j->point_formats_sz) { offset-- ; } s[offset]='\0'; offset++;
   // I tested the hashing code. it works compared to https://github.com/salesforce/ja3/tree/master/python
-  unsigned char *p=MD5((unsigned char *)s,strlen(s),NULL);
+
+  // MD5() is deprecated.
+  //unsigned char *p=MD5((unsigned char *)s,strlen(s),NULL);
+
+  // these functions are deprecated too.
+  /*MD5_CTX c;
+  unsigned char p[16];
+  MD5_Init(&c);
+  MD5_Update(&c, s, strlen(s));
+  MD5_Final(p, &c);*/
+
+  // looked up what the non-deprecated way was supposed to be.
+  // https://github.com/openssl/openssl/discussions/23493
+  unsigned char p[16];
+  if(!EVP_Q_digest( NULL, "MD5", NULL, s, strlen(s), p, NULL )) {
+    syslog(LOG_DAEMON|LOG_ERR, "MD5 hashing failed: %s",strerror(errno));
+  }
+
   char q[33];
   for(i=0;i<16;i++) {
     snprintf(q+(i*2),sizeof(q),"%02x",p[i]);
@@ -661,7 +678,7 @@ int main(int argc,char *argv[]) {
     }

     if(recv(0,NULL,1, MSG_PEEK | MSG_DONTWAIT) == 0) { //make sure the TLS is still connected. :D
-      syslog(LOG_DAEMON|LOG_ERR,"TLS connection seems to have dropped unexpectedly.\n");
+      syslog(LOG_DAEMON|LOG_ERR,"%s -> %s TLS connection seems to have dropped unexpectedly.\n",ru,su);
       break;
     }

@@ -677,7 +694,7 @@ int main(int argc,char *argv[]) {
         syslog(LOG_DAEMON|LOG_DEBUG,"SSL read? %d msg: %s",r1,ERR_error_string(ERR_get_error(),NULL));
         syslog(LOG_DAEMON|LOG_DEBUG,"read %d bytes from ssl!",r1);
         if((r3=write(a[1],buffer,r1) < 0)) {
-          syslog(LOG_DAEMON|LOG_ERR,"a write failed. -_- %d",r3);
+          syslog(LOG_DAEMON|LOG_ERR,"%s -> %s a write failed. -_- %d",ru,su,r3);
         }
       }
     }
@@ -689,7 +706,7 @@ int main(int argc,char *argv[]) {
       } else {
         syslog(LOG_DAEMON|LOG_DEBUG,"read %d bytes from subprocess!",r2);
         if((r3=SSL_write(ssl,buffer,r2)) <= 0) {
-          syslog(LOG_DAEMON|LOG_ERR,"SSL_write had an error: %d %s",r3,ERR_error_string(ERR_get_error(),NULL));
+          syslog(LOG_DAEMON|LOG_ERR,"%s -> %s SSL_write had an error: %d %s",ru,su,r3,ERR_error_string(ERR_get_error(),NULL));
         }
       }
     }

-----END OF PAGE-----