C++ (Cpp) gnutls_x509_privkey_deinit Beispiele

Beispiel #1

Datei: idevice.c Projekt: HSHtime/libiphone

/**
 * Internally used function for cleaning up SSL stuff.
 */
static void internal_ssl_cleanup(ssl_data_t ssl_data)
{
	if (!ssl_data)
		return;

#ifdef HAVE_OPENSSL
	if (ssl_data->session) {
		SSL_free(ssl_data->session);
	}
	if (ssl_data->ctx) {
		SSL_CTX_free(ssl_data->ctx);
	}
#else
	if (ssl_data->session) {
		gnutls_deinit(ssl_data->session);
	}
	if (ssl_data->certificate) {
		gnutls_certificate_free_credentials(ssl_data->certificate);
	}
	if (ssl_data->root_cert) {
		gnutls_x509_crt_deinit(ssl_data->root_cert);
	}
	if (ssl_data->host_cert) {
		gnutls_x509_crt_deinit(ssl_data->host_cert);
	}
	if (ssl_data->root_privkey) {
		gnutls_x509_privkey_deinit(ssl_data->root_privkey);
	}
	if (ssl_data->host_privkey) {
		gnutls_x509_privkey_deinit(ssl_data->host_privkey);
	}
#endif
}

Beispiel #2

Datei: certificatebuilder.cpp Projekt: AidedPolecat6/tomahawk

/*!
  Creates a self-signed certificate by signing the certificate with the specified
  key.
 */
QSslCertificate CertificateBuilder::signedCertificate(const QSslKey &qkey)
{
    gnutls_x509_privkey_t key = qsslkey_to_key(qkey, &d->errnumber);
    if (GNUTLS_E_SUCCESS != d->errnumber) {
        gnutls_x509_privkey_deinit(key);
        return QSslCertificate();
    };

    gnutls_privkey_t abstractKey;
    d->errnumber = gnutls_privkey_init(&abstractKey);
    if (GNUTLS_E_SUCCESS != d->errnumber) {
        gnutls_x509_privkey_deinit(key);
        return QSslCertificate();
    }

    gnutls_privkey_import_x509(abstractKey, key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);

    d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, d->crt, abstractKey, GNUTLS_DIG_SHA1, 0);

    gnutls_x509_privkey_deinit(key);

    if (GNUTLS_E_SUCCESS != d->errnumber)
        return QSslCertificate();

    return crt_to_qsslcert(d->crt, &d->errnumber);    
}

Beispiel #3

Datei: mailstream_ssl.c Projekt: SEA2GH/libetpan

int mailstream_ssl_set_client_private_key_data(struct mailstream_ssl_context * ssl_context,
    unsigned char *pkey_der, size_t len)
{
#ifdef USE_SSL
#ifndef USE_GNUTLS
  EVP_PKEY *pkey = NULL;
  if (pkey_der != NULL && len > 0)
    pkey = d2i_AutoPrivateKey(NULL, (const unsigned char **)&pkey_der, len);
  ssl_context->client_pkey = (EVP_PKEY *)pkey;
  return 0;
#else
  gnutls_datum tmp;
  int r;
  ssl_context->client_pkey = NULL;
  if (len == 0)
    return 0;
  gnutls_x509_privkey_init(&(ssl_context->client_pkey));
  tmp.data = pkey_der;
  tmp.size = len;
  if ((r = gnutls_x509_privkey_import(ssl_context->client_pkey, &tmp, GNUTLS_X509_FMT_DER)) < 0) {
    gnutls_x509_privkey_deinit(ssl_context->client_pkey);
    ssl_context->client_pkey = NULL;
    return -1;
  }
  return 0;
#endif
#endif
  return -1;
}

Beispiel #4

Datei: infinoted-startup.c Projekt: JoseRobertoR/libinfinity

/**
 * infinoted_startup_free:
 * @startup: A #InfinotedStartup.
 *
 * Frees all ressources allocated by @startup.
 */
void
infinoted_startup_free(InfinotedStartup* startup)
{
  guint i;

  if(startup->credentials != NULL)
    inf_certificate_credentials_unref(startup->credentials);

  if(startup->certificates != NULL)
    inf_certificate_chain_unref(startup->certificates);

  if(startup->private_key != NULL)
    gnutls_x509_privkey_deinit(startup->private_key);

  if(startup->log != NULL)
    g_object_unref(startup->log);

  if(startup->options != NULL)
    infinoted_options_free(startup->options);

  if(startup->sasl_context != NULL)
    inf_sasl_context_unref(startup->sasl_context);

  g_slice_free(InfinotedStartup, startup);
  inf_deinit();
}

Beispiel #5

Datei: privkey.c Projekt: attilamolnar/gnutls

/**
 * gnutls_privkey_import_x509:
 * @pkey: The private key
 * @key: The private key to be imported
 * @flags: Flags for the import
 *
 * This function will import the given private key to the abstract
 * #gnutls_privkey_t type.
 *
 * The #gnutls_x509_privkey_t object must not be deallocated
 * during the lifetime of this structure.
 *
 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 2.12.0
 **/
int
gnutls_privkey_import_x509(gnutls_privkey_t pkey,
			   gnutls_x509_privkey_t key, unsigned int flags)
{
	int ret;

	ret = check_if_clean(pkey);
	if (ret < 0) {
		gnutls_assert();
		return ret;
	}

	if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
		ret = gnutls_x509_privkey_init(&pkey->key.x509);
		if (ret < 0)
			return gnutls_assert_val(ret);

		ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
		if (ret < 0) {
			gnutls_x509_privkey_deinit(pkey->key.x509);
			return gnutls_assert_val(ret);
		}
	} else
		pkey->key.x509 = key;

	pkey->type = GNUTLS_PRIVKEY_X509;
	pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
	pkey->flags = flags;

	return 0;
}

Beispiel #6

Datei: privkey.c Projekt: attilamolnar/gnutls

/**
 * gnutls_privkey_deinit:
 * @key: The key to be deinitialized
 *
 * This function will deinitialize a private key structure.
 *
 * Since: 2.12.0
 **/
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
	if (key == NULL)
		return;

	if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
	    || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
		switch (key->type) {
#ifdef ENABLE_OPENPGP
		case GNUTLS_PRIVKEY_OPENPGP:
			gnutls_openpgp_privkey_deinit(key->key.openpgp);
			break;
#endif
#ifdef ENABLE_PKCS11
		case GNUTLS_PRIVKEY_PKCS11:
			gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
			break;
#endif
		case GNUTLS_PRIVKEY_X509:
			gnutls_x509_privkey_deinit(key->key.x509);
			break;
		case GNUTLS_PRIVKEY_EXT:
			if (key->key.ext.deinit_func != NULL)
				key->key.ext.deinit_func(key,
							 key->key.ext.userdata);
			break;
		default:
			break;
		}
	gnutls_free(key);
}

Beispiel #7

Datei: ne_gnutls.c Projekt: Nymphetaminer/dsl-n55u

/* Duplicate a client certificate, which must be in the decrypted state. */
static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc)
{
    int ret;
    ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc);

    newcc->decrypted = 1;
    
    if (cc->keyless) {
        newcc->keyless = 1;
    }
    else {
        ret = gnutls_x509_privkey_init(&newcc->pkey);
        if (ret != 0) goto dup_error;
        
        ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey);
        if (ret != 0) goto dup_error;
    }    

    newcc->cert.subject = x509_crt_copy(cc->cert.subject);
    if (!newcc->cert.subject) goto dup_error;

    if (cc->friendly_name) newcc->friendly_name = ne_strdup(cc->friendly_name);

    populate_cert(&newcc->cert, newcc->cert.subject);
    return newcc;

dup_error:
    if (newcc->pkey) gnutls_x509_privkey_deinit(newcc->pkey);
    if (newcc->cert.subject) gnutls_x509_crt_deinit(newcc->cert.subject);
    ne_free(newcc);
    return NULL;
}    

Beispiel #8

Datei: openssl_compat.c Projekt: uvbs/SupportCenter

/*-
  * gnutls_x509_extract_key_pk_algorithm - This function returns the keys's PublicKey algorithm
  * @cert: is a DER encoded private key
  *
  * This function will return the public key algorithm of a DER encoded private
  * key.
  *
  * Returns a member of the gnutls_pk_algorithm_t enumeration on success,
  * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error.
  *
  -*/
int
gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key)
{
  gnutls_x509_privkey_t pkey;
  int ret, pk;

  ret = gnutls_x509_privkey_init (&pkey);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  ret = gnutls_x509_privkey_import (pkey, key, GNUTLS_X509_FMT_DER);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  pk = gnutls_x509_privkey_get_pk_algorithm (pkey);

  gnutls_x509_privkey_deinit (pkey);
  return pk;
}

Beispiel #9

Datei: gnutls_privkey_raw.c Projekt: komh/gnutls-os2

/**
 * gnutls_privkey_import_ecc_raw:
 * @key: The key
 * @curve: holds the curve
 * @x: holds the x
 * @y: holds the y
 * @k: holds the k
 *
 * This function will convert the given elliptic curve parameters to the
 * native #gnutls_privkey_t format.  The output will be stored
 * in @key.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.0
 **/
int
gnutls_privkey_import_ecc_raw(gnutls_privkey_t key,
				   gnutls_ecc_curve_t curve,
				   const gnutls_datum_t * x,
				   const gnutls_datum_t * y,
				   const gnutls_datum_t * k)
{
int ret;
gnutls_x509_privkey_t xkey;

	ret = gnutls_x509_privkey_init(&xkey);
	if (ret < 0)
		return gnutls_assert_val(ret);

	ret = gnutls_x509_privkey_import_ecc_raw(xkey, curve, x, y, k);
	if (ret < 0) {
		gnutls_assert();
		goto error;
	}
	
	ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
	if (ret < 0) {
		gnutls_assert();
		goto error;
	}
	
	return 0;

error:
	gnutls_x509_privkey_deinit(xkey);
	return ret;
}

Beispiel #10

Datei: ne_gnutls.c Projekt: Nymphetaminer/dsl-n55u

int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password)
{
    int ret;
    gnutls_x509_crt cert = NULL;
    gnutls_x509_privkey pkey = NULL;

    if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) {
        return -1;
    }        

    ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password);
    if (ret < 0)
        return ret;
    
    if (!cert || (!pkey && !cc->keyless)) {
        if (cert) gnutls_x509_crt_deinit(cert);
        if (pkey) gnutls_x509_privkey_deinit(pkey);
        return -1;
    }

    gnutls_pkcs12_deinit(cc->p12);
    populate_cert(&cc->cert, cert);
    cc->pkey = pkey;
    cc->decrypted = 1;
    cc->p12 = NULL;
    return 0;
}

Beispiel #11

Datei: infinoted-startup.c Projekt: JoseRobertoR/libinfinity

static gnutls_x509_privkey_t
infinoted_startup_load_key(InfinotedLog* log,
                           gboolean create_key,
                           const gchar* key_file,
                           GError** error)
{
  gnutls_x509_privkey_t key;

  if(create_key == TRUE)
  {
    if(infinoted_util_create_dirname(key_file, error) == FALSE)
      return NULL;

    /* TODO: Open the key file beforehand */

    infinoted_log_info(log, _("Generating 4096 bit RSA private key..."));
    key = inf_cert_util_create_private_key(GNUTLS_PK_RSA, 4096, error);

    if(key == NULL)
      return NULL;

    if(inf_cert_util_write_private_key(key, key_file, error) == FALSE)
    {
      gnutls_x509_privkey_deinit(key);
      return NULL;
    }
  }
  else
  {
    key = inf_cert_util_read_private_key(key_file, error);
  }

  return key;
}

Beispiel #12

Datei: gnutls_privkey_raw.c Projekt: komh/gnutls-os2

/**
 * gnutls_privkey_import_dsa_raw:
 * @key: The structure to store the parsed key
 * @p: holds the p
 * @q: holds the q
 * @g: holds the g
 * @y: holds the y
 * @x: holds the x
 *
 * This function will convert the given DSA raw parameters to the
 * native #gnutls_privkey_t format.  The output will be stored
 * in @key.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 **/
int
gnutls_privkey_import_dsa_raw(gnutls_privkey_t key,
				   const gnutls_datum_t * p,
				   const gnutls_datum_t * q,
				   const gnutls_datum_t * g,
				   const gnutls_datum_t * y,
				   const gnutls_datum_t * x)
{
int ret;
gnutls_x509_privkey_t xkey;

	ret = gnutls_x509_privkey_init(&xkey);
	if (ret < 0)
		return gnutls_assert_val(ret);

	ret = gnutls_x509_privkey_import_dsa_raw(xkey, p, q, g, y, x);
	if (ret < 0) {
		gnutls_assert();
		goto error;
	}
	
	ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
	if (ret < 0) {
		gnutls_assert();
		goto error;
	}
	
	return 0;

error:
	gnutls_x509_privkey_deinit(xkey);
	return ret;
}

Beispiel #13

Datei: privkey.c Projekt: attilamolnar/gnutls

/**
 * gnutls_privkey_export_x509:
 * @pkey: The private key
 * @key: Location for the key to be exported.
 *
 * Converts the given abstract private key to a #gnutls_x509_privkey_t
 * type. The key must be of type %GNUTLS_PRIVKEY_X509. The key returned
 * in @key must be deinitialized with gnutls_x509_privkey_deinit().
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.4.0
 */
int
gnutls_privkey_export_x509(gnutls_privkey_t pkey,
                           gnutls_x509_privkey_t *key)
{
	int ret;

	if (pkey->type != GNUTLS_PRIVKEY_X509) {
		gnutls_assert();
		return GNUTLS_E_INVALID_REQUEST;
	}

	ret = gnutls_x509_privkey_init(key);
	if (ret < 0)
		return gnutls_assert_val(ret);

	ret = gnutls_x509_privkey_cpy(*key, pkey->key.x509);
	if (ret < 0) {
		gnutls_x509_privkey_deinit(*key);
		*key = NULL;

		return gnutls_assert_val(ret);
	}

	return 0;
}

Beispiel #14

Datei: tls-register.c Projekt: requiem-forasiem/librequiem

static gnutls_x509_privkey generate_private_key(void)
{
        int ret;
        gnutls_x509_privkey key;

        ret = gnutls_x509_privkey_init(&key);
        if ( ret < 0 ) {
                fprintf(stderr, "error initializing private key: %s.\n", gnutls_strerror(ret));
                return NULL;
        }

        gcry_set_progress_handler(entropy_progress_cb, NULL);

        fprintf(stderr, "Generating %d bits RSA private key... This might take a very long time.\n", generated_key_size);
        fprintf(stderr, "[Increasing system activity will speed-up the process].\n");
        fprintf(stderr, "Generation in progress... ");
        fflush(stderr);

        ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, generated_key_size, 0);
        if ( ret < 0 ) {
                fprintf(stderr, "error generating private RSA key: %s\n", gnutls_strerror(ret));
                gnutls_x509_privkey_deinit(key);
                return NULL;
        }


        fprintf(stderr, "\n\n");

        return key;
}

Beispiel #15

Datei: tls-register.c Projekt: requiem-forasiem/librequiem

static gnutls_x509_privkey gen_crypto(requiem_client_profile_t *cp,
                                      const char *filename, requiem_uid_t uid, requiem_gid_t gid)
{
        int ret;
        char buf[65535];
        gnutls_x509_privkey key;
        size_t size = sizeof(buf);

        key = generate_private_key();
        if ( ! key ) {
                fprintf(stderr, "error while generating RSA private key.\n");
                return NULL;
        }

        ret = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &size);
        if ( ret < 0 ) {
                fprintf(stderr, "error exporting private key: %s\n", gnutls_strerror(ret));
                gnutls_x509_privkey_deinit(key);
                return NULL;
        }

        ret = save_buf(filename, uid, gid, (unsigned char *) buf, size);
        if ( ret < 0 ) {
                fprintf(stderr, "error saving private key.\n");
                return NULL;
        }

        return key;
}

Beispiel #16

Datei: key.cpp Projekt: openconnect/openconnect-gui

void Key::clear()
{
    if (this->privkey) {
        gnutls_x509_privkey_deinit(this->privkey);
        privkey = nullptr;
        imported = false;
    }
}

Beispiel #17

Datei: x509sign-verify.c Projekt: ystk/debian-gnutls26

void
doit (void)
{
  gnutls_x509_privkey_t key;
  gnutls_x509_crt_t crt;
  gnutls_digest_algorithm_t hash_algo;
  unsigned char _signature[128];
  size_t _signature_size = sizeof (_signature);
  gnutls_datum signature;
  int ret;
  size_t i;

  gnutls_global_init ();

  for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
    {
      success ("loop %d\n", i);

      ret = gnutls_x509_privkey_init (&key);
      if (ret < 0)
	fail ("gnutls_x509_privkey_init\n");

      ret = gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM);
      if (ret < 0)
	fail ("gnutls_x509_privkey_import\n");

      ret = gnutls_x509_privkey_sign_data (key, GNUTLS_DIG_SHA1, 0, &raw_data,
					   _signature, &_signature_size);
      if (ret < 0)
	fail ("gnutls_x509_privkey_sign_hash\n");

      ret = gnutls_x509_crt_init (&crt);
      if (ret < 0)
	fail ("gnutls_x509_crt_init\n");

      ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM);
      if (ret < 0)
	fail ("gnutls_x509_crt_import\n");

      signature.data = _signature;
      signature.size = _signature_size;

      ret = gnutls_x509_crt_get_verify_algorithm (crt, &signature, &hash_algo);
      if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
	fail ("gnutls_x509_crt_get_verify_algorithm\n");

      ret = gnutls_x509_crt_verify_hash (crt, 0, &hash_data, &signature);
      if (ret < 0)
	fail ("gnutls_x509_privkey_verify_hash\n");

      gnutls_x509_privkey_deinit (key);
      gnutls_x509_crt_deinit (crt);
    }

  gnutls_global_deinit ();
}

Beispiel #18

Datei: gnutls_x509.c Projekt: nikolatesla/BitchXMPP

int
_gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey,
				  const gnutls_datum_t * raw_key,
				  gnutls_x509_crt_fmt_t type)
{
  gnutls_x509_privkey_t tmpkey;
  int ret;

  ret = gnutls_x509_privkey_init (&tmpkey);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);

#ifdef ENABLE_PKI
  /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */
  if (ret < 0)
    ret = gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type,
					    NULL, GNUTLS_PKCS_PLAIN);
#endif

  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_x509_privkey_deinit (tmpkey);
      return ret;
    }

  ret = _gnutls_x509_privkey_to_gkey (privkey, tmpkey);
  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_x509_privkey_deinit (tmpkey);
      return ret;
    }

  gnutls_x509_privkey_deinit (tmpkey);

  return 0;
}

Beispiel #19

Datei: mailstream_ssl.c Projekt: SEA2GH/libetpan

static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx)
{
  if (ssl_ctx) {
    if (ssl_ctx->client_x509)
      gnutls_x509_crt_deinit(ssl_ctx->client_x509);
    if (ssl_ctx->client_pkey)
      gnutls_x509_privkey_deinit(ssl_ctx->client_pkey);
    free(ssl_ctx);
  }
}

Beispiel #20

Datei: certificatebuilder.cpp Projekt: AidedPolecat6/tomahawk

/*!
  Creates a certificate signed by the specified CA certificate using the
  CA key.
 */
QSslCertificate CertificateBuilder::signedCertificate(const QSslCertificate &qcacert, const QSslKey &qcakey)
{
    //
    // Extract the CA key
    //
    gnutls_x509_privkey_t key = qsslkey_to_key(qcakey, &d->errnumber);
    if (GNUTLS_E_SUCCESS != d->errnumber) {
        gnutls_x509_privkey_deinit(key);
        return QSslCertificate();
    };

    gnutls_privkey_t abstractKey;
    d->errnumber = gnutls_privkey_init(&abstractKey);
    if (GNUTLS_E_SUCCESS != d->errnumber) {
        gnutls_x509_privkey_deinit(key);
        return QSslCertificate();
    }

    gnutls_privkey_import_x509(abstractKey, key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);

    //
    // Extract the CA cert
    //
    gnutls_x509_crt_t cacrt = qsslcert_to_crt(qcacert, &d->errnumber);
    if (GNUTLS_E_SUCCESS != d->errnumber) {
        gnutls_x509_privkey_deinit(key);
        return QSslCertificate();
    }

    //
    // Sign the cert
    //
    d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA1, 0);

    gnutls_x509_crt_deinit(cacrt);
    gnutls_x509_privkey_deinit(key);

    if (GNUTLS_E_SUCCESS != d->errnumber)
        return QSslCertificate();

    return crt_to_qsslcert(d->crt, &d->errnumber);
}

Beispiel #21

Datei: pem.c Projekt: gitter-badger/knot

/*!
 * Create GnuTLS private key from unencrypted PEM data.
 */
int pem_to_privkey(const dnssec_binary_t *data, gnutls_privkey_t *key, char **id_ptr)
{
	assert(data);
	assert(key);
	assert(id_ptr);

	// create abstract private key

	gnutls_x509_privkey_t key_x509 = NULL;
	int r = pem_to_x509(data, &key_x509);
	if (r != DNSSEC_EOK) {
		return r;
	}

	gnutls_privkey_t key_abs = NULL;
	r = gnutls_privkey_init(&key_abs);
	if (r != GNUTLS_E_SUCCESS) {
		gnutls_x509_privkey_deinit(key_x509);
		return DNSSEC_ENOMEM;
	}

	int flags = GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
	r = gnutls_privkey_import_x509(key_abs, key_x509, flags);
	if (r != GNUTLS_E_SUCCESS) {
		gnutls_x509_privkey_deinit(key_x509);
		gnutls_privkey_deinit(key_abs);
		return DNSSEC_ENOMEM;
	}

	// extract keytag

	char *id = gnutls_x509_privkey_hex_key_id(key_x509);
	if (id == NULL) {
		gnutls_privkey_deinit(key_abs);
		return DNSSEC_ENOMEM;
	}

	*key = key_abs;
	*id_ptr = id;

	return DNSSEC_EOK;
}

Beispiel #22

Datei: crypto_gnutls.c Projekt: benquach16/NetworkManager

gboolean
crypto_verify_pkcs8 (const guint8 *data,
                     gsize data_len,
                     gboolean is_encrypted,
                     const char *password,
                     GError **error)
{
    gnutls_x509_privkey_t p8;
    gnutls_datum_t dt;
    int err;

    g_return_val_if_fail (data != NULL, FALSE);

    if (!crypto_init (error))
        return FALSE;

    dt.data = (unsigned char *) data;
    dt.size = data_len;

    err = gnutls_x509_privkey_init (&p8);
    if (err < 0) {
        g_set_error (error, NM_CRYPTO_ERROR,
                     NM_CRYPTO_ERROR_FAILED,
                     _("Couldn't initialize PKCS#8 decoder: %s"),
                     gnutls_strerror (err));
        return FALSE;
    }

    err = gnutls_x509_privkey_import_pkcs8 (p8,
                                            &dt,
                                            GNUTLS_X509_FMT_DER,
                                            is_encrypted ? password : NULL,
                                            is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
    gnutls_x509_privkey_deinit (p8);

    if (err < 0) {
        if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
            /* HACK: gnutls doesn't support all the cipher types that openssl
             * can use with PKCS#8, so if we encounter one, we have to assume
             * the given password works.  gnutls needs to unsuckify, apparently.
             * Specifically, by default openssl uses pbeWithMD5AndDES-CBC
             * which gnutls does not support.
             */
        } else {
            g_set_error (error, NM_CRYPTO_ERROR,
                         NM_CRYPTO_ERROR_INVALID_DATA,
                         _("Couldn't decode PKCS#8 file: %s"),
                         gnutls_strerror (err));
            return FALSE;
        }
    }

    return TRUE;
}

Beispiel #23

Datei: crypto.cpp Projekt: mrobado/opendht

PrivateKey::~PrivateKey()
{
    if (key) {
        gnutls_privkey_deinit(key);
        key = nullptr;
    }
    if (x509_key) {
        gnutls_x509_privkey_deinit(x509_key);
        x509_key = nullptr;
    }
    gnutls_global_deinit();
}

Beispiel #24

Datei: ne_gnutls.c Projekt: Nymphetaminer/dsl-n55u

void ne_ssl_clicert_free(ne_ssl_client_cert *cc)
{
    if (cc->p12)
        gnutls_pkcs12_deinit(cc->p12);
    if (cc->decrypted) {
        if (cc->cert.identity) ne_free(cc->cert.identity);
        if (cc->pkey) gnutls_x509_privkey_deinit(cc->pkey);
        if (cc->cert.subject) gnutls_x509_crt_deinit(cc->cert.subject);
    }
    if (cc->friendly_name) ne_free(cc->friendly_name);
    ne_free(cc);
}

Beispiel #25

Datei: certificatemanager.cpp Projekt: Kaligule/gobby

Gobby::CertificateManager::~CertificateManager()
{
	if(m_credentials != NULL)
		inf_certificate_credentials_unref(m_credentials);
	for(unsigned int i = 0; i < m_trust.size(); ++i)
		gnutls_x509_crt_deinit(m_trust[i]);
	if(m_certificates != NULL)
		inf_certificate_chain_unref(m_certificates);
	if(m_key != NULL)
		gnutls_x509_privkey_deinit(m_key);
	if(m_dh_params != NULL)
		gnutls_dh_params_deinit(m_dh_params);
}

Beispiel #26

Datei: set_x509_key_utf8.c Projekt: gnutls/gnutls

static int import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert)
{
	gnutls_x509_privkey_t key;
	gnutls_x509_crt_t *crt_list;
	unsigned crt_list_size, idx, i;
	gnutls_datum_t tcert;
	int ret;

	assert(gnutls_x509_privkey_init(&key)>=0);

	ret = gnutls_x509_crt_list_import2(&crt_list, &crt_list_size, cert, GNUTLS_X509_FMT_PEM, 0);
	if (ret < 0) {
		fail("error in gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret));
	}

	ret = gnutls_x509_privkey_import(key, skey, GNUTLS_X509_FMT_PEM);
	if (ret < 0) {
		fail("error in key import: %s\n", gnutls_strerror(ret));
	}

	ret = gnutls_certificate_set_x509_key(xcred, crt_list,
				crt_list_size, key);
	if (ret < 0) {
		success("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret));
		idx = ret;
		goto cleanup;
	}

	/* return index */
	idx = ret;

	/* verify whether the stored certificate match the ones we have */
	for (i=0;i<MIN(2, crt_list_size);i++) {
		ret = gnutls_certificate_get_crt_raw(xcred, idx, i, &tcert);
		if (ret < 0) {
			fail("error in %d: cert: %d: %s\n", __LINE__, i, gnutls_strerror(ret));
			exit(1);
		}

		compare(&tcert, cert->data+i);
	}

 cleanup:
	gnutls_x509_privkey_deinit(key);
	for (i=0;i<crt_list_size;i++) {
		gnutls_x509_crt_deinit(crt_list[i]);
	}
	gnutls_free(crt_list);

	return idx;
}

Beispiel #27

Datei: gsignond-oauth-plugin-oauth1.c Projekt: tizenorg/platform.upstream.gsignond-plugin-oauth

static gchar* _make_rsasha1_base64_signature(const gchar* base_string, 
                                             const gchar* key)
{
    gnutls_privkey_t pkey;
    gnutls_x509_privkey_t x509_pkey;
    gnutls_datum_t pkey_data;
    gnutls_datum_t signature;
    
    gchar* out = NULL;

    pkey_data.data = (guchar*)key;
    pkey_data.size = strlen(key);

    gnutls_privkey_init(&pkey);
    gnutls_x509_privkey_init(&x509_pkey);
    
    int res = gnutls_x509_privkey_import(x509_pkey, &pkey_data, GNUTLS_X509_FMT_PEM);
    if (res != GNUTLS_E_SUCCESS) {
        goto out;
    }
    
    res = gnutls_privkey_import_x509(pkey, x509_pkey, 0);
    
    if (res != GNUTLS_E_SUCCESS) {
        goto out;
    }

    res = gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &pkey_data,
                                   &signature);
    if (res != GNUTLS_E_SUCCESS) {
        goto out;
    }

    out = g_malloc0((signature.size / 3 + 1) * 4 + 4);
    gint state = 0;
    gint save = 0;
    gchar* p = out;
    
    p += g_base64_encode_step(signature.data, signature.size,
                             FALSE, p, &state, &save);
    g_base64_encode_close(FALSE, p, &state, &save);
    
    gnutls_free(signature.data);
out:
    gnutls_x509_privkey_deinit(x509_pkey);
    gnutls_privkey_deinit(pkey);
    
    return out;
    
}

Beispiel #28

Datei: crypto.cpp Projekt: mrobado/opendht

PrivateKey&
PrivateKey::operator=(PrivateKey&& o) noexcept
{
    if (key) {
        gnutls_privkey_deinit(key);
        key = nullptr;
    }
    if (x509_key) {
        gnutls_x509_privkey_deinit(x509_key);
        x509_key = nullptr;
    }
    key = o.key; x509_key = o.x509_key;
    o.key = nullptr; o.x509_key = nullptr;
    return *this;
}

Beispiel #29

Datei: crypto.cpp Projekt: mrobado/opendht

PrivateKey
PrivateKey::generate(unsigned key_length)
{
    if (gnutls_global_init() != GNUTLS_E_SUCCESS)
        throw CryptoException("Can't initialize GnuTLS.");
    gnutls_x509_privkey_t key;
    if (gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS)
        throw CryptoException("Can't initialize private key.");
    int err = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, key_length, 0);
    if (err != GNUTLS_E_SUCCESS) {
        gnutls_x509_privkey_deinit(key);
        throw CryptoException(std::string("Can't generate RSA key pair: ") + gnutls_strerror(err));
    }
    return PrivateKey{key};
}

Beispiel #30

Datei: idevice.c Projekt: awadaolqi/irestore

/**
 * Internally used function for cleaning up SSL stuff.
 */
static void internal_ssl_cleanup(ssl_data_t ssl_data)
{
	if (!ssl_data)
		return;

	if (ssl_data->session) {
		gnutls_deinit(ssl_data->session);
	}
	if (ssl_data->certificate) {
		gnutls_certificate_free_credentials(ssl_data->certificate);
	}
	if (ssl_data->root_cert) {
		gnutls_x509_crt_deinit(ssl_data->root_cert);
	}
	if (ssl_data->host_cert) {
		gnutls_x509_crt_deinit(ssl_data->host_cert);
	}
	if (ssl_data->root_privkey) {
		gnutls_x509_privkey_deinit(ssl_data->root_privkey);
	}
	if (ssl_data->host_privkey) {
		gnutls_x509_privkey_deinit(ssl_data->host_privkey);
	}
}