Beispiel #1
0
void utils::initialize_ssl_implementation(void) {
#if HAVE_OPENSSL
	openssl_mutexes_size = CRYPTO_num_locks();
	openssl_mutexes = new mutex[openssl_mutexes_size];
	CRYPTO_set_id_callback(openssl_mth_id_function);
	CRYPTO_set_locking_callback(openssl_mth_locking_function);
#endif

#if HAVE_GCRYPT
	gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
	gnutls_global_init();
#endif
}
Beispiel #2
0
/* Curl_gtls_init()
 *
 * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
 * are not thread-safe and thus this function itself is not thread-safe and
 * must only be called from within curl_global_init() to keep the thread
 * situation under control!
 */
int Curl_gtls_init(void)
{
  int ret = 1;
  if(!gtls_inited) {
    ret = gnutls_global_init()?0:1;
#ifdef GTLSDEBUG
    gnutls_global_set_log_function(tls_log_func);
    gnutls_global_set_log_level(2);
#endif
    gtls_inited = TRUE;
  }
  return ret;
}
int main()
{
	gnutls_global_init();
	gnutls_global_set_log_function(logfn);
	gnutls_global_set_audit_log_function(auditfn);
	gnutls_global_set_log_level(-99);

	nonblock = 0;
	debug = 0;
	run_tests(1000);

	gnutls_global_deinit();
}
Beispiel #4
0
static int
handshake (struct stream_data *data)
{
	const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
	const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
	const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
	const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
	const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
	int ret;

#ifndef WIN32
	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif

	if (gnutls_global_init () != 0)
		return IKS_NOMEM;

	if (gnutls_certificate_allocate_credentials (&data->cred) < 0)
		return IKS_NOMEM;

	if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) {
		gnutls_certificate_free_credentials (data->cred);
		return IKS_NOMEM;
	}
	gnutls_protocol_set_priority (data->sess, protocol_priority);
	gnutls_cipher_set_priority(data->sess, cipher_priority);
	gnutls_compression_set_priority(data->sess, comp_priority);
	gnutls_kx_set_priority(data->sess, kx_priority);
	gnutls_mac_set_priority(data->sess, mac_priority);
	gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);


	gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);
	gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull);
	
	gnutls_transport_set_ptr (data->sess, data->prs);

	ret = gnutls_handshake (data->sess);
	if (ret != 0) {
		gnutls_deinit (data->sess);
		gnutls_certificate_free_credentials (data->cred);
		return IKS_NET_TLSFAIL;
	}

	data->flags &= (~SF_TRY_SECURE);
	data->flags |= SF_SECURE;

	iks_send_header (data->prs, data->server);

	return IKS_OK;
} // HAVE_GNUTLS
Beispiel #5
0
G_GNUC_COLD void
tls_global_init(void)
{
    static const struct {
        const char * const name;
        const int major;
        const int minor;
    } f = {
        "tls", 1, 0
    };
    char *cert_file, *key_file;

#if !defined(REMAP_ZALLOC) && !defined(TRACK_MALLOC) && !defined(TRACK_ZALLOC)
    gnutls_global_set_mem_functions(halloc, halloc, NULL, hrealloc, hfree);
#endif

    if (gnutls_global_init()) {
        g_error("gnutls_global_init() failed");
    }

#ifdef USE_TLS_CUSTOM_IO
    gnutls_global_set_log_level(9);
    gnutls_global_set_log_function(tls_log_function);
#endif	/* USE_TLS_CUSTOM_IO */

    get_dh_params();
    gnutls_certificate_allocate_credentials(&cert_cred);

    key_file = make_pathname(settings_config_dir(), "key.pem");
    cert_file = make_pathname(settings_config_dir(), "cert.pem");

    if (file_exists(key_file) && file_exists(cert_file)) {
        int ret;

        ret = gnutls_certificate_set_x509_key_file(cert_cred,
                cert_file, key_file, GNUTLS_X509_FMT_PEM);
        if (ret < 0) {
            g_warning("gnutls_certificate_set_x509_key_file() failed: %s",
                      gnutls_strerror(ret));
        } else {
            gnutls_certificate_set_dh_params(cert_cred, get_dh_params());
        }
    }
    HFREE_NULL(key_file);
    HFREE_NULL(cert_file);

    header_features_add(FEATURES_CONNECTIONS, f.name, f.major, f.minor);
    header_features_add(FEATURES_G2_CONNECTIONS, f.name, f.major, f.minor);
    header_features_add(FEATURES_DOWNLOADS, f.name, f.major, f.minor);
    header_features_add(FEATURES_UPLOADS, f.name, f.major, f.minor);
}
Beispiel #6
0
void
doit (void)
{
  gnutls_certificate_credentials_t x509_cred;
  int ret, i;
  gnutls_x509_crt_t issuer;
  gnutls_x509_crt_t list[LIST_SIZE];
  char dn[128];
  size_t dn_size;
  unsigned int list_size;

  /* this must be called once in the program
   */
  gnutls_global_init ();

  gnutls_global_set_log_function (tls_log_func);
  if (debug)
    gnutls_global_set_log_level (6);

  gnutls_certificate_allocate_credentials (&x509_cred);
  gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);

  gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
                                       GNUTLS_X509_FMT_PEM);

  /* test for gnutls_certificate_get_issuer() */
  
  list_size = LIST_SIZE;
  ret = gnutls_x509_crt_list_import(list, &list_size, &cert, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
  if (ret < 0)
    fail("gnutls_x509_crt_list_import");

  ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0);
  if (ret < 0)
    fail("gnutls_certificate_get_isser");

  dn_size = sizeof(dn);
  ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
  if (ret < 0)
    fail("gnutls_certificate_get_isser");
  
  if (debug)
    fprintf(stderr, "Issuer's DN: %s\n", dn);
  for (i=0;i<list_size;i++)
    gnutls_x509_crt_deinit(list[i]);
  gnutls_certificate_free_credentials(x509_cred);
  
  gnutls_global_deinit();

  if (debug) success("success");
}
Beispiel #7
0
int main(int argc, char **argv)
{
	int port = 5556;
	char address[INET6_ADDRSTRLEN+1];
    int client = 0;
	memset(address, 0, INET6_ADDRSTRLEN+1);
    char message[MAX_MESSAGE_SIZE+1]; // message for client to send
    
    // parse command line args with getopt
    static struct option long_options[] = {
        {"client", no_argument, 0, 'c'},
        {"address", required_argument, 0, 'a'},
        {"port", required_argument, 0, 'p'},
        {"message", required_argument, 0, 'm'},
        {NULL, 0, NULL, 0}
    };
    
    int c;
    int option_index = 0;
    while ((c = getopt_long(argc, argv, "ca:p:m:",
             long_options, &option_index)) != -1) {
        switch (c) {
            case 'c':
                client = 1;
                break;
            case 'a':
                client = 1;
                strncpy(address, optarg, INET6_ADDRSTRLEN);
                break;
            case 'p':
                port = atoi(optarg);
                break;
            case 'm':
                strncpy(message, optarg, MAX_MESSAGE_SIZE);
                break;
            default:
                printf ("?? getopt returned character code 0%o ??\n", c);
        }
    }
    
    gnutls_global_init (); // init that shit!
	if (client) {
        printf("Starting in client mode\n");
        dtls_client (address, port, message);
	} else {
	    printf("Starting in server mode %s:%i\n", address, port);
        dtls_server (port);
    }
    
	return 0;
}
int
main (void)
{
  /* credentials */
  gnutls_anon_client_credentials_t c_anoncred;
  gnutls_certificate_credentials_t c_certcred;
  
  gnutls_session_t client;
  int sd;

  /* General init. */
  gnutls_global_init ();
  ecore_init();
  gnutls_global_set_log_function (tls_log_func);
    gnutls_global_set_log_level (6);

  /* Init client */
  gnutls_anon_allocate_client_credentials (&c_anoncred);
  gnutls_certificate_allocate_credentials (&c_certcred);
  gnutls_init (&client, GNUTLS_CLIENT);
  /* set very specific priorities */
  gnutls_priority_set_direct(client, "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0", NULL);
  gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
  gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
  gnutls_server_name_set(client, GNUTLS_NAME_DNS, "www.verisign.com", strlen("www.verisign.com"));


  /* connect to the peer
   */
  sd = tcp_connect ();

  /* associate gnutls with socket */
  gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd);
  /* add a callback for data being available for send/receive on socket */
  if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
    {
       print("could not create fd handler!");
       exit(1);
    }
  /* begin main loop */
  ecore_main_loop_begin();

  gnutls_bye (client, GNUTLS_SHUT_RDWR);

  gnutls_deinit (client);

  tcp_close (sd);
  
  return 0;
}
void * tls_init(const struct tls_config *conf)
{
	struct tls_global *global;

#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
	/* Because of the horrible hack to get master_secret and client/server
	 * random, we need to make sure that the gnutls version is something
	 * that is expected to have same structure definition for the session
	 * data.. */
	const char *ver;
	const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9",
				 "1.3.2",
				 NULL };
	int i;
#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */

	global = os_zalloc(sizeof(*global));
	if (global == NULL)
		return NULL;

	if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
		os_free(global);
		return NULL;
	}
	tls_gnutls_ref_count++;

#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
	ver = gnutls_check_version(NULL);
	if (ver == NULL) {
		tls_deinit(global);
		return NULL;
	}
	wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
	for (i = 0; ok_ver[i]; i++) {
		if (strcmp(ok_ver[i], ver) == 0)
			break;
	}
	if (ok_ver[i] == NULL) {
		wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
			   "to be tested and enabled in tls_gnutls.c", ver);
		tls_deinit(global);
		return NULL;
	}
#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */

	gnutls_global_set_log_function(tls_log_func);
	if (wpa_debug_show_keys)
		gnutls_global_set_log_level(11);
	return global;
}
Beispiel #10
0
static
int
__pkcs11h_crypto_gnutls_initialize (
	IN void * const global_data
) {
	(void)global_data;

	/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
	if (gnutls_global_init () != GNUTLS_E_SUCCESS) {
		return FALSE;
	}
	else {
		return TRUE;
	}
}
Beispiel #11
0
int
iks_init(void)
{
	int ok = 0;
	
#ifndef WIN32
	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif

	if (gnutls_global_init () != 0)
		return IKS_NOMEM;

	return ok;

}
Beispiel #12
0
PrivateKey
PrivateKey::generate(unsigned key_length)
{
    if (gnutls_global_init() != GNUTLS_E_SUCCESS)
        throw CryptoException("Can't initialize GnuTLS.");
    gnutls_x509_privkey_t key;
    if (gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS)
        throw CryptoException("Can't initialize private key.");
    int err = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, key_length, 0);
    if (err != GNUTLS_E_SUCCESS) {
        gnutls_x509_privkey_deinit(key);
        throw CryptoException(std::string("Can't generate RSA key pair: ") + gnutls_strerror(err));
    }
    return PrivateKey{key};
}
Beispiel #13
0
bool secure::init(void)
{
    static bool initialized = false;

    if(!initialized) {
        Thread::init();
        Socket::init();

        gnutls_global_init();
        gnutls_priority_init (&context::priority_cache, "NORMAL", NULL);
        atexit(secure_shutdown);
        initialized = true;
    }
    return true;
}
Beispiel #14
0
/*
 * Copyright (C) 2007-2012 Free Software Foundation, Inc.
 *
 * Author: Nikos Mavrogiannopoulos, Simon Josefsson
 *
 * This file is part of GnuTLS.
 *
 * GnuTLS is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * GnuTLS is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GnuTLS; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <stdio.h>

#include "utils.h"
#include "../lib/gnutls_int.h"
#include "../lib/gnutls_mpi.h"
#include "../lib/gnutls_errors.h"
#include "../lib/debug.h"

static void
tls_log_func (int level, const char *str)
{
  fprintf (stderr, "|<%d>| %s", level, str);
}

#define RND_BITS 510            /* not multiple of 8 */
void
doit (void)
{
  int rc;
  bigint_t n1, n2, n3, n4;

  gnutls_global_init ();

  gnutls_global_set_log_function (tls_log_func);
  if (debug)
    gnutls_global_set_log_level (99);

  n1 = _gnutls_mpi_new (1000);
  if (n1 == NULL)
    fail ("mpi_new failed\n");

  n2 = _gnutls_mpi_set_ui (NULL, 2);
  if (n2 == NULL)
    fail ("mpi_set_ui failed\n");

  n3 = _gnutls_mpi_set_ui (NULL, 5);
  if (n3 == NULL)
    fail ("mpi_set_ui failed\n");

  _gnutls_mpi_randomize (n1, RND_BITS, GNUTLS_RND_NONCE);

  _gnutls_mpi_log ("rand:", n1);

  rc = _gnutls_mpi_get_nbits (n1);
  if (rc > RND_BITS)
    fail ("mpi_get_nbits failed... returned %d\n", rc);

  n4 = _gnutls_mpi_addm (NULL, n1, n3, n2);
  if (n4 == NULL)
    fail ("mpi_set_ui failed\n");

  if (_gnutls_mpi_cmp_ui (n4, 0) != 0 && _gnutls_mpi_cmp_ui (n4, 1) != 0)
    fail ("mpi_cmp_ui failed\n");

  _gnutls_mpi_release (&n1);
  _gnutls_mpi_release (&n2);
  _gnutls_mpi_release (&n3);
  _gnutls_mpi_release (&n4);

  gnutls_global_deinit ();

  if (debug) success ("mpi ops ok\n");
}
Beispiel #15
0
int
main(int argc, char **argv)
{
#ifdef TEST_KEEP_FILES
	u_int flags;
#endif /* TEST_KEEP_FILES */
	DKIM_STAT status;
	DKIM *dkim;
	DKIM_LIB *lib;
	dkim_query_t qtype = DKIM_QUERY_FILE;
	unsigned char hdr[MAXHEADER + 1];

	printf("*** relaxed/relaxed rsa-sha1 verifying with empty \"t=\"\n");

#ifdef USE_GNUTLS
	(void) gnutls_global_init();
#endif /* USE_GNUTLS */

	/* instantiate the library */
	lib = dkim_init(NULL, NULL);
	assert(lib != NULL);

#ifdef TEST_KEEP_FILES
	/* set flags */
	flags = (DKIM_LIBFLAGS_TMPFILES|DKIM_LIBFLAGS_KEEPFILES);
	(void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_FLAGS, &flags,
	                    sizeof flags);
#endif /* TEST_KEEP_FILES */

	(void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_QUERYMETHOD,
	                    &qtype, sizeof qtype);
	(void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_QUERYINFO,
	                    KEYFILE, strlen(KEYFILE));

	dkim = dkim_verify(lib, JOBID, NULL, &status);
	assert(dkim != NULL);

	snprintf(hdr, sizeof hdr, "%s: %s", DKIM_SIGNHEADER, SIG2);
	status = dkim_header(dkim, hdr, strlen(hdr));
	assert(status == DKIM_STAT_SYNTAX);

	status = dkim_free(dkim);
	assert(status == DKIM_STAT_OK);

	dkim_close(lib);

	return 0;
}
Beispiel #16
0
void
doit (void)
{
  gnutls_openpgp_keyring_t keyring;
  gnutls_datum_t data;
  int ret;

  ret = gnutls_global_init ();
  if (ret < 0)
    fail ("init %d\n", ret);

  gnutls_global_set_log_function (tls_log_func);
  if (debug)
    gnutls_global_set_log_level (2);

  ret = gnutls_global_init_extra ();
  if (ret < 0)
    fail ("extra-init %d\n", ret);

  ret = gnutls_openpgp_keyring_init (&keyring);
  if (ret < 0)
    fail ("keyring-init %d\n", ret);

  data.data = raw_keyring;
  data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]);
  ret = gnutls_openpgp_keyring_import (keyring, &data,
				       GNUTLS_OPENPGP_FMT_RAW);
  if (ret < 0)
    fail ("keyring-import %d\n", ret);

  ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0);
  if (ret == 0)
    fail ("keyring-check-id (not-in-keyring) %d\n", ret);

  ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0);
  if (ret != 0)
    fail ("keyring-check-id first key %d\n", ret);

  ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0);
  if (ret != 0)
    fail ("keyring-check-id second key %d\n", ret);

  if (debug)
    success ("done\n");

  gnutls_openpgp_keyring_deinit (keyring);
  gnutls_global_deinit ();
}
Beispiel #17
0
/**
 * xmlSecGnuTLSAppInit:
 * @config:             the path to GnuTLS configuration (unused).
 *
 * General crypto engine initialization. This function is used
 * by XMLSec command line utility and called before
 * @xmlSecInit function.
 *
 * Returns: 0 on success or a negative value otherwise.
 */
int
xmlSecGnuTLSAppInit(const char* config) {
    int err;

    err = gnutls_global_init();
    if(err != GNUTLS_E_SUCCESS) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "gnutls_global_init",
                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
                    XMLSEC_GNUTLS_REPORT_ERROR(err));
        return(-1);
    }

    return(xmlSecGCryptAppInit(config));
}
Beispiel #18
0
static Ecore_Con_Ssl_Error
_ecore_con_ssl_init_gnutls(void)
{
#ifdef EFL_HAVE_PTHREAD
   if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
     WRN("YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!");
#endif
   if (gnutls_global_init())
     return ECORE_CON_SSL_ERROR_INIT_FAILED;

#ifdef ISCOMFITOR
   gnutls_global_set_log_level(9);
   gnutls_global_set_log_function(_gnutls_log_func);
#endif
   return ECORE_CON_SSL_ERROR_NONE;
}
Beispiel #19
0
void initialize_tls_global(void)
{
	gnutls_global_init ();

	gnutls_certificate_allocate_credentials (&x509_cred);
	gnutls_certificate_set_x509_trust_file (x509_cred, CACERT,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_crl_file (x509_cred, CACRL,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_key_file (x509_cred, SERVERCERT, SERVERKEY,
						GNUTLS_X509_FMT_PEM);
	gnutls_dh_params_init (&dh_params);
	gnutls_dh_params_generate2 (dh_params, DH_BITS);

	gnutls_certificate_set_dh_params (x509_cred, dh_params);
}
Beispiel #20
0
void TLSServer::init (
  const std::string& ca,
  const std::string& crl,
  const std::string& cert,
  const std::string& key)
{
  _ca   = ca;
  _crl  = crl;
  _cert = cert;
  _key  = key;

  gnutls_global_init ();
  gnutls_certificate_allocate_credentials (&_credentials);
  if (_ca != "" &&
      gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CA file.");

  if ( _crl != "" &&
      gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CRL file.");

  if (_cert != "" &&
      _key != "" &&
      gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CERT file.");

#if GNUTLS_VERSION_NUMBER >= 0x020b00
#if GNUTLS_VERSION_NUMBER >= 0x03000d
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
#else
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
#endif
#else
  unsigned int bits = DH_BITS;
#endif
  gnutls_dh_params_init (&_params);
  gnutls_dh_params_generate2 (_params, bits);

  if (_ciphers == "")
    _ciphers = "NORMAL";
  gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL);
  gnutls_certificate_set_dh_params (_credentials, _params);

#if GNUTLS_VERSION_NUMBER >= 0x02090a
  gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
#endif
}
int
main (int argc, char *const *argv)
{
  int errorCount = 0;;
  struct MHD_Daemon *d;
  gnutls_session_t session;
  gnutls_datum_t key;
  gnutls_datum_t cert;
  gnutls_certificate_credentials_t xcred;


  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
  gnutls_global_init ();
  gnutls_global_set_log_level (11);

  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
                        MHD_USE_DEBUG, DEAMON_TEST_PORT,
                        NULL, NULL, &http_dummy_ahc, NULL,
                        MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                        MHD_OPTION_END);

  if (d == NULL)
    {
      fprintf (stderr, MHD_E_SERVER_INIT);
      return -1;
    }

  if (0 != setup_session (&session, &key, &cert, &xcred))
    {
      fprintf (stderr, "failed to setup session\n");
      return 1;
    }
  errorCount += test_tls_session_time_out (session);
  teardown_session (session, &key, &cert, xcred);

  print_test_result (errorCount, argv[0]);

  MHD_stop_daemon (d);
  gnutls_global_deinit ();

  return errorCount != 0;
}
Beispiel #22
0
/// Enables TLS on the given server.
static void onion_enable_tls(onion *o){
#ifdef HAVE_PTHREADS
	gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
	if (!(o->flags&O_USE_DEV_RANDOM)){
		gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
	}
	gnutls_global_init ();
  gnutls_certificate_allocate_credentials (&o->x509_cred);

	gnutls_dh_params_init (&o->dh_params);
  gnutls_dh_params_generate2 (o->dh_params, 1024);
  gnutls_certificate_set_dh_params (o->x509_cred, o->dh_params);
  gnutls_priority_init (&o->priority_cache, "NORMAL", NULL);
	
	o->flags|=O_SSL_ENABLED;
}
Beispiel #23
0
bool
ssl_init ()
{
  const char *ca_directory;
  DIR *dir;

  gnutls_global_init ();
  gnutls_certificate_allocate_credentials (&credentials);
  gnutls_certificate_set_verify_flags(credentials,
                                      GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);

  ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs";

  dir = opendir (ca_directory);
  if (dir == NULL)
    {
      if (opt.ca_directory)
        logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"),
                   opt.ca_directory);
    }
  else
    {
      struct dirent *dent;
      while ((dent = readdir (dir)) != NULL)
        {
          struct stat st;
          char *ca_file;
          asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name);

          stat (ca_file, &st);

          if (S_ISREG (st.st_mode))
            gnutls_certificate_set_x509_trust_file (credentials, ca_file,
                                                    GNUTLS_X509_FMT_PEM);

          free (ca_file);
        }

      closedir (dir);
    }

  if (opt.ca_cert)
    gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
                                            GNUTLS_X509_FMT_PEM);
  return true;
}
Beispiel #24
0
/*
 * Initialize TLS subsystem. Should be called only once.
 */
static int
tlsg_init( void )
{
#ifdef HAVE_GCRYPT_RAND
	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
	if ( lo->ldo_tls_randfile &&
		gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
		Debug( LDAP_DEBUG_ANY,
		"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
		0, 0, 0);
		return -1;
	}
#endif

	gnutls_global_init();

#ifndef HAVE_CIPHERSUITES
	/* GNUtls cipher suite handling: The library ought to parse suite
	 * names for us, but it doesn't. It will return a list of suite names
	 * that it supports, so we can do parsing ourselves. It ought to tell
	 * us how long the list is, but it doesn't do that either, so we just
	 * have to count it manually...
	 */
	{
		int i = 0;
		tls_cipher_suite *ptr, tmp;
		char cs_id[2];

		while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher,
			&tmp.mac, &tmp.version ))
			i++;
		tlsg_n_ciphers = i;

		/* Store a copy */
		tlsg_ciphers = LDAP_MALLOC(tlsg_n_ciphers * sizeof(tls_cipher_suite));
		if ( !tlsg_ciphers )
			return -1;
		for ( i=0; i<tlsg_n_ciphers; i++ ) {
			tlsg_ciphers[i].name = gnutls_cipher_suite_info( i, cs_id,
				&tlsg_ciphers[i].kx, &tlsg_ciphers[i].cipher, &tlsg_ciphers[i].mac,
				&tlsg_ciphers[i].version );
		}
	}
#endif
	return 0;
}
Beispiel #25
0
static rfbBool
InitializeTLS(void)
{
  int ret;

  if (rfbTLSInitialized) return TRUE;
  if ((ret = gnutls_global_init()) < 0 ||
      (ret = gnutls_dh_params_init(&rfbDHParams)) < 0 ||
      (ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0)
  {
    rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret));
    return FALSE;
  }
  rfbClientLog("GnuTLS initialized.\n");
  rfbTLSInitialized = TRUE;
  return TRUE;
}
Beispiel #26
0
Datei: dn.c Projekt: intgr/gnutls
void
doit (void)
{
  int ret;
  gnutls_datum_t pem_cert = { (unsigned char*)pem, sizeof (pem) };
  gnutls_x509_crt_t cert;
  gnutls_x509_dn_t xdn;

  ret = gnutls_global_init ();
  if (ret < 0)
    fail ("init %d\n", ret);

  ret = gnutls_x509_crt_init (&cert);
  if (ret < 0)
    fail ("crt_init %d\n", ret);

  ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM);
  if (ret < 0)
    fail ("crt_import %d\n", ret);

  ret = gnutls_x509_crt_get_issuer (cert, &xdn);
  if (ret < 0)
    fail ("get_issuer %d\n", ret);

  if (debug)
    {
      printf ("Issuer:\n");
      print_dn (xdn);
    }

  ret = gnutls_x509_crt_get_subject (cert, &xdn);
  if (ret < 0)
    fail ("get_subject %d\n", ret);

  if (debug)
    {
      printf ("Subject:\n");
      print_dn (xdn);
    }

  if (debug)
    success ("done\n");

  gnutls_x509_crt_deinit (cert);
  gnutls_global_deinit ();
}
gboolean
crypto_init (GError **error)
{
    if (initialized)
        return TRUE;

    if (gnutls_global_init() != 0) {
        gnutls_global_deinit();
        g_set_error_literal (error, NM_CRYPTO_ERROR,
                             NM_CRYPTO_ERROR_FAILED,
                             _("Failed to initialize the crypto engine."));
        return FALSE;
    }

    initialized = TRUE;
    return TRUE;
}
Beispiel #28
0
int MythPianoService::Login()
{
  m_Piano = (PianoHandle_t*) malloc(sizeof(PianoHandle_t));

  gnutls_global_init();
  PianoInit (m_Piano);

  WaitressInit (&m_Waith);
  m_Waith.url.host = strdup (PIANO_RPC_HOST);
  m_Waith.url.tls = true;
  m_Waith.tlsFingerprint = tlsFingerprint;

  memset (&m_Player, 0, sizeof (m_Player));


  QString username = gCoreContext->GetSetting("pandora-username");
  QString password = gCoreContext->GetSetting("pandora-password");

  //wtf really?
  char* usernameBuff = strndup(username.toUtf8().data(), 1024);
  char* passwordBuff = strndup(password.toUtf8().data(), 1024);

  PianoRequestDataLogin_t reqData;
  reqData.user = usernameBuff;
  reqData.password = passwordBuff;
  reqData.step = 0;

  PianoReturn_t pRet;
  WaitressReturn_t wRet;
  BroadcastMessage("Login... ");
  if (! PianoCall (PIANO_REQUEST_LOGIN, &reqData, &pRet, &wRet)) {
    return -1;
  }

  // wtf
  free(usernameBuff);
  free(passwordBuff);

  if (! PianoCall (PIANO_REQUEST_GET_STATIONS, &reqData, &pRet, &wRet)) {
    return -1;
  }

  m_CurrentStation = m_Piano->stations;
  return 0;
}
  bool GnuTLSClientAnon::init( const std::string&,
                               const std::string&,
                               const StringList& )
  {
    if( m_initLib && gnutls_global_init() != 0 )
      return false;

    if( gnutls_anon_allocate_client_credentials( &m_anoncred ) < 0 )
      return false;

    if( gnutls_init( m_session, GNUTLS_CLIENT ) != 0 )
      return false;

#if GNUTLS_VERSION_NUMBER >= 0x020600
    int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
    if( ret != GNUTLS_E_SUCCESS )
      return false;
#else
    const int protocolPriority[] = {
#ifdef GNUTLS_TLS1_2
      GNUTLS_TLS1_2,
#endif
      GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
    const int protocolPriority[] = { GNUTLS_TLS1, 0 };
    const int kxPriority[]       = { GNUTLS_KX_ANON_DH, 0 };
    const int cipherPriority[]   = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
                                     GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
    const int compPriority[]     = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
    const int macPriority[]      = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
    gnutls_protocol_set_priority( *m_session, protocolPriority );
    gnutls_cipher_set_priority( *m_session, cipherPriority );
    gnutls_compression_set_priority( *m_session, compPriority );
    gnutls_kx_set_priority( *m_session, kxPriority );
    gnutls_mac_set_priority( *m_session, macPriority );
#endif

    gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );

    gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
    gnutls_transport_set_push_function( *m_session, pushFunc );
    gnutls_transport_set_pull_function( *m_session, pullFunc );

    m_valid = true;
    return true;
  }
Beispiel #30
0
void
epan_init(void (*register_all_protocols_func)(register_cb cb, gpointer client_data),
	  void (*register_all_handoffs_func)(register_cb cb, gpointer client_data),
	  register_cb cb,
	  gpointer client_data,
	  void (*report_failure)(const char *, va_list),
	  void (*report_open_failure)(const char *, int, gboolean),
	  void (*report_read_failure)(const char *, int),
	  void (*report_write_failure)(const char *, int))
{
	init_report_err(report_failure, report_open_failure,
	    report_read_failure, report_write_failure);

	/* initialize memory allocation subsystem */
	ep_init_chunk();
	se_init_chunk();

	/* initialize the GUID to name mapping table */
	guids_init();

	except_init();
#ifdef HAVE_LIBGNUTLS
	gnutls_global_init();
#elif defined(HAVE_LIBGCRYPT)
	gcry_check_version(NULL);
#endif
	tvbuff_init();
	tap_init();
	prefs_init();
	proto_init(register_all_protocols_func, register_all_handoffs_func,
	    cb, client_data);
	packet_init();
	dfilter_init();
	final_registration_all_protocols();
	host_name_lookup_init();
	expert_init();
	oids_init();
#ifdef HAVE_LUA_5_1
	wslua_init(NULL);
#endif
#ifdef HAVE_GEOIP
	geoip_db_init();
#endif

}