int manos_tls_regenerate_dhparams (int bits) { gnutls_dh_params_t params, oldparams; int err; err = gnutls_dh_params_init (¶ms); if (err != 0) { return err; } err = gnutls_dh_params_generate2 (params, bits); if (err != 0) { gnutls_dh_params_deinit (params); return err; } oldparams = dh_params; dh_params = params; if (oldparams != NULL) { gnutls_dh_params_deinit (oldparams); } return 0; }
void manos_tls_global_end () { gnutls_priority_deinit (priority_cache); gnutls_dh_params_deinit (dh_params); gnutls_global_deinit (); }
bool generate_dh_params(gnutls_dh_params_t *const dh_params) { /* int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW); */ int bits = 1248; /* Equivalent, gnutls_sec_param_to_pk_bits is available since 2.12 */ int ret; assert(dh_params != NULL); /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. When short bit length is used, it might * be wise to regenerate parameters often. */ ret = gnutls_dh_params_init(dh_params); if(ret != GNUTLS_E_SUCCESS) { trace(LOG_ERR, "failed to initialize Diffie-Hellman parameters"); goto error; } ret = gnutls_dh_params_generate2(*dh_params, bits); if(ret != GNUTLS_E_SUCCESS) { trace(LOG_ERR, "failed to generate Diffie-Hellman parameters"); goto free_dh; } return true; free_dh: gnutls_dh_params_deinit(*dh_params); error: return false; }
void tls_server_destroy(tls_server_t *server) { lock_destroy(&server->lock); gnutls_dh_params_deinit(server->dh_params); gnutls_certificate_free_credentials(server->cred); tls_server_cache_destroy(&server->cache); memset(server, 0, sizeof(tls_server_t)); }
void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) { gnutls_datum_t params; size_t size; int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; unsigned int q_bits = 0; if (gnutls_dh_params_init(&dh_params) < 0) { fprintf(stderr, "Error in dh parameter initialization\n"); exit(1); } params.data = (void *) fread_file(infile, &size); params.size = size; ret = gnutls_dh_params_import_pkcs3(dh_params, ¶ms, ci->incert_format); if (ret < 0) { fprintf(stderr, "Error parsing dh params: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } if (ci->outcert_format == GNUTLS_X509_FMT_PEM) print_dh_info(outfile, &p, &g, q_bits, ci->cprint); if (!ci->cprint) { /* generate a PKCS#3 structure */ size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3(dh_params, ci->outcert_format, buffer, &len); if (ret == 0) { if (ci->outcert_format == GNUTLS_X509_FMT_PEM) { fprintf(outfile, "\n%s", buffer); } else { fwrite(buffer, 1, len, outfile); } } else { fprintf(stderr, "Error: %s\n", gnutls_strerror(ret)); } } gnutls_dh_params_deinit(dh_params); }
static void global_stop(void) { if (debug) success("global stop\n"); gnutls_dh_params_deinit(dh_params); gnutls_global_deinit(); }
void doit(void) { generate_dh_params(); run_test("NORMAL:-KX-ALL:+PSK"); run_test("NORMAL:-KX-ALL:+ECDHE-PSK"); run_test("NORMAL:-KX-ALL:+DHE-PSK"); gnutls_dh_params_deinit(dh_params); }
/* this function deinitializes all the internal parameters stored * in a session struct. */ inline static void deinit_internal_params (gnutls_session_t session) { if (session->internals.params.free_dh_params) gnutls_dh_params_deinit (session->internals.params.dh_params); if (session->internals.params.free_rsa_params) gnutls_rsa_params_deinit (session->internals.params.rsa_params); memset (&session->internals.params, 0, sizeof (session->internals.params)); }
/** * @short Frees the user data * @memberof onion_https_t * * @param op */ static void onion_https_free_user_data(onion_listen_point *op){ ONION_DEBUG("Free HTTPS %s:%s", op->hostname, op->port); onion_https *https=(onion_https*)op->user_data; gnutls_certificate_free_credentials (https->x509_cred); gnutls_dh_params_deinit(https->dh_params); gnutls_priority_deinit (https->priority_cache); //if (op->server->flags&O_SSL_NO_DEINIT) gnutls_global_deinit(); // This may cause problems if several characters use the gnutls on the same binary. onion_low_free(https); }
gtlsGlobalServerData::~gtlsGlobalServerData() { // Free the structures used to keep certificates in. gnutls_certificate_free_credentials(cert_cred); // Free the dh params used. gnutls_dh_params_deinit(dh_params); // Shutdown Gnu TLS. gnutls_global_deinit(); }
void global_stop (void) { success ("global stop\n"); gnutls_anon_free_server_credentials (anoncred); gnutls_dh_params_deinit (dh_params); gnutls_global_deinit (); }
static void qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds) { if (creds->data) { gnutls_certificate_free_credentials(creds->data); creds->data = NULL; } if (creds->parent_obj.dh_params) { gnutls_dh_params_deinit(creds->parent_obj.dh_params); creds->parent_obj.dh_params = NULL; } }
/* this function deinitializes all the internal parameters stored * in a session struct. */ inline static void deinit_internal_params (gnutls_session_t session) { if (session->internals.params.free_dh_params) gnutls_dh_params_deinit (session->internals.params.dh_params); if (session->internals.params.free_rsa_params) gnutls_rsa_params_deinit (session->internals.params.rsa_params); _gnutls_handshake_hash_buffers_clear (session); memset (&session->internals.params, 0, sizeof (session->internals.params)); }
Gobby::CertificateManager::~CertificateManager() { if(m_credentials != NULL) inf_certificate_credentials_unref(m_credentials); for(unsigned int i = 0; i < m_trust.size(); ++i) gnutls_x509_crt_deinit(m_trust[i]); if(m_certificates != NULL) inf_certificate_chain_unref(m_certificates); if(m_key != NULL) gnutls_x509_privkey_deinit(m_key); if(m_dh_params != NULL) gnutls_dh_params_deinit(m_dh_params); }
/* this function deinitializes all the internal parameters stored * in a session struct. */ inline static void deinit_internal_params(gnutls_session_t session) { #if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (session->internals.params.free_dh_params) gnutls_dh_params_deinit(session->internals.params. dh_params); #endif _gnutls_handshake_hash_buffers_clear(session); memset(&session->internals.params, 0, sizeof(session->internals.params)); }
void tls_client_destroy(tls_client_t *client) { lock_destroy(&client->lock); tls_client_cache_destroy(&client->cache); #ifdef TLS_CLIENT_AUTH if (client->dh_params != NULL) { gnutls_dh_params_deinit(client->dh_params); } #endif gnutls_certificate_free_credentials(client->cred); memset(client, 0, sizeof(tls_client_t)); }
static void global_stop (void) { if (debug) success ("global stop\n"); gnutls_anon_free_server_credentials (anoncred); gnutls_dh_params_deinit (dh_params); gnutls_global_deinit (); shutdown (listen_sd, SHUT_RDWR); }
void ufwissl_ssl_context_destroy(ufwissl_ssl_context * ctx) { gnutls_certificate_free_credentials(ctx->cred); gnutls_dh_params_deinit(ctx->dh); if (ctx->cache.client.data) { ufwissl_free(ctx->cache.client.data); } else if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); } if (ctx->ciphers) ufwissl_free(ctx->ciphers); ufwissl_free(ctx); }
void Plugin::_deinit() { if (this->init.contains("priority")) gnutls_priority_deinit(this->priority); if (this->init.contains("credentials")) gnutls_certificate_free_credentials(this->x509_cred); if (this->init.contains("dh_params")) gnutls_dh_params_deinit(this->dhParams); if (this->init.contains("crt")) gnutls_x509_crt_deinit(this->crt); if (this->init.contains("privkey")) gnutls_x509_privkey_deinit(this->key); if (this->init.contains("global")) gnutls_global_deinit(); this->init.clear(); }
void doit(void) { gnutls_dh_params_t dh_params; gnutls_x509_privkey_t privkey; gnutls_datum_t p1, g1, p2, g2, q; unsigned bits = 0; int ret; /* import DH parameters from DSA key and verify they are the same */ gnutls_dh_params_init(&dh_params); gnutls_x509_privkey_init(&privkey); ret = gnutls_x509_privkey_import(privkey, &dsa_key, GNUTLS_X509_FMT_PEM); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_dh_params_import_dsa(dh_params, privkey); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_dh_params_export_raw(dh_params, &p1, &g1, &bits); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_x509_privkey_export_dsa_raw(privkey, &p2, &q, &g2, NULL, NULL); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); if (bits > q.size*8 || bits < q.size*8-8) fail("error in %s: %d\n", __FILE__, __LINE__); if (compare(&p1, &p2) != 0) fail("error in %s: %d\n", __FILE__, __LINE__); if (compare(&g1, &g2) != 0) fail("error in %s: %d\n", __FILE__, __LINE__); gnutls_free(p1.data); gnutls_free(g1.data); gnutls_free(p2.data); gnutls_free(g2.data); gnutls_free(q.data); gnutls_dh_params_deinit(dh_params); gnutls_x509_privkey_deinit(privkey); success("all ok\n"); }
static Ecore_Con_Ssl_Error _ecore_con_ssl_server_shutdown_gnutls(Ecore_Con_Server *svr) { if (svr->session) { gnutls_bye(svr->session, GNUTLS_SHUT_RDWR); gnutls_deinit(svr->session); } if (svr->cert_file) free(svr->cert_file); svr->cert_file = NULL; if (svr->cert) gnutls_certificate_free_credentials(svr->cert); svr->cert = NULL; if ((svr->type & ECORE_CON_SSL) && svr->created) { if (svr->dh_params) { gnutls_dh_params_deinit(svr->dh_params); svr->dh_params = NULL; } if (svr->anoncred_s) gnutls_anon_free_server_credentials(svr->anoncred_s); // if (svr->pskcred_s) // gnutls_psk_free_server_credentials(svr->pskcred_s); svr->anoncred_s = NULL; svr->pskcred_s = NULL; } else if (svr->type & ECORE_CON_SSL) { if (svr->anoncred_c) gnutls_anon_free_client_credentials(svr->anoncred_c); // if (svr->pskcred_c) // gnutls_psk_free_client_credentials(svr->pskcred_c); svr->anoncred_c = NULL; svr->pskcred_c = NULL; } svr->session = NULL; return ECORE_CON_SSL_ERROR_NONE; }
static void mod_gnutls_context_release(mod_context *ctx) { if (!ctx) return; LI_FORCE_ASSERT(g_atomic_int_get(&ctx->refcount) > 0); if (g_atomic_int_dec_and_test(&ctx->refcount)) { gnutls_priority_deinit(ctx->server_priority_beast); gnutls_priority_deinit(ctx->server_priority); gnutls_certificate_free_credentials(ctx->server_cert); #ifdef HAVE_SESSION_TICKET /* wtf. why is there no function in gnutls for this... */ if (NULL != ctx->ticket_key.data) { gnutls_free(ctx->ticket_key.data); ctx->ticket_key.data = NULL; ctx->ticket_key.size = 0; } #endif li_ssl_session_db_free(ctx->session_db); ctx->session_db = NULL; #ifdef USE_SNI if (NULL != ctx->sni_db) { li_fetch_database_release(ctx->sni_db); ctx->sni_db = NULL; } if (NULL != ctx->sni_backend_db) { li_fetch_database_release(ctx->sni_backend_db); ctx->sni_backend_db = NULL; } if (NULL != ctx->sni_fallback_cert) { gnutls_certificate_free_credentials(ctx->sni_fallback_cert); ctx->sni_fallback_cert = NULL; } #endif gnutls_dh_params_deinit(ctx->dh_params); if (NULL != ctx->pin) { g_string_free(ctx->pin, TRUE); ctx->pin = NULL; } li_gnutls_ocsp_free(ctx->ocsp); g_slice_free(mod_context, ctx); } }
static void qcrypto_tls_creds_anon_unload(QCryptoTLSCredsAnon *creds) { if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { if (creds->data.client) { gnutls_anon_free_client_credentials(creds->data.client); creds->data.client = NULL; } } else { if (creds->data.server) { gnutls_anon_free_server_credentials(creds->data.server); creds->data.server = NULL; } } if (creds->parent_obj.dh_params) { gnutls_dh_params_deinit(creds->parent_obj.dh_params); creds->parent_obj.dh_params = NULL; } }
static void tlsg_ctx_free ( tls_ctx *ctx ) { tlsg_ctx *c = (tlsg_ctx *)ctx; int refcount; if ( !c ) return; LDAP_MUTEX_LOCK( &c->ref_mutex ); refcount = --c->refcount; LDAP_MUTEX_UNLOCK( &c->ref_mutex ); if ( refcount ) return; gnutls_priority_deinit( c->prios ); gnutls_certificate_free_credentials( c->cred ); if ( c->dh_params ) gnutls_dh_params_deinit( c->dh_params ); ber_memfree ( c ); }
context::~context() { if(dh) gnutls_dh_params_deinit(dh); if(!xcred) return; switch(xtype) { case GNUTLS_CRD_ANON: gnutls_anon_free_client_credentials((gnutls_anon_client_credentials_t)xcred); break; case GNUTLS_CRD_CERTIFICATE: gnutls_certificate_free_credentials(xcred); break; default: break; } }
/** * @short Removes the allocated data * @memberof onion_t */ void onion_free(onion *onion){ ONION_DEBUG("Onion free"); #ifdef HAVE_PTHREADS if (onion->flags&O_THREADS_ENABLED){ int ntries=5; int c; for(;ntries--;){ sem_getvalue(&onion->thread_count,&c); if (c==onion->max_threads){ break; } ONION_INFO("Still some petitions on process (%d). Wait a little bit (%d).",c,ntries); sleep(1); } } #endif close(onion->listenfd); if (onion->poller) onion_poller_free(onion->poller); if (onion->username) free(onion->username); #ifdef HAVE_GNUTLS if (onion->flags&O_SSL_ENABLED){ gnutls_certificate_free_credentials (onion->x509_cred); gnutls_dh_params_deinit(onion->dh_params); gnutls_priority_deinit (onion->priority_cache); if (!(onion->flags&O_SSL_NO_DEINIT)) gnutls_global_deinit(); // This may cause problems if several characters use the gnutls on the same binary. } #endif if (onion->port) free(onion->port); if (onion->hostname) free(onion->hostname); onion_server_free(onion->server); free(onion); }
void doit(void) { gnutls_dh_params_t dh_params = NULL; int rc; rc = global_init(); if (rc) fail("global_init\n"); if (gnutls_dh_params_init(&dh_params) < 0) fail("Error in dh parameter initialization\n"); if (gnutls_dh_params_generate2(dh_params, 1024) < 0) fail("Error in prime generation\n"); gnutls_dh_params_deinit(dh_params); gnutls_global_deinit(); if (debug) success("generated DH params OK\n"); }
static void tlsg_ctx_free ( tls_ctx *ctx ) { tlsg_ctx *c = (tlsg_ctx *)ctx; int refcount; if ( !c ) return; LDAP_MUTEX_LOCK( &c->ref_mutex ); refcount = --c->refcount; LDAP_MUTEX_UNLOCK( &c->ref_mutex ); if ( refcount ) return; #ifdef HAVE_CIPHERSUITES gnutls_priority_deinit( c->prios ); #else LDAP_FREE( c->kx_list ); #endif gnutls_certificate_free_credentials( c->cred ); if ( c->dh_params ) gnutls_dh_params_deinit( c->dh_params ); ber_memfree ( c ); }
void relay_network_end () { if (relay_network_init_ok) { #ifdef HAVE_GNUTLS if (relay_gnutls_priority_cache) { gnutls_priority_deinit (*relay_gnutls_priority_cache); free (relay_gnutls_priority_cache); relay_gnutls_priority_cache = NULL; } if (relay_gnutls_dh_params) { gnutls_dh_params_deinit (*relay_gnutls_dh_params); free (relay_gnutls_dh_params); relay_gnutls_dh_params = NULL; } gnutls_certificate_free_credentials (relay_gnutls_x509_cred); #endif relay_network_init_ok = 0; } }
/* If how is zero then the included parameters are used. */ int generate_prime(FILE * outfile, int how, common_info_st * info) { int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; int bits = get_bits(GNUTLS_PK_DH, info->bits, info->sec_param, 1); unsigned int q_bits = 0; gnutls_dh_params_init(&dh_params); if (how != 0) { fprintf(stderr, "Generating DH parameters (%d bits)...\n", bits); fprintf(stderr, "(might take long time)\n"); } else fprintf(stderr, "Retrieving DH parameters...\n"); if (how != 0) { ret = gnutls_dh_params_generate2(dh_params, bits); if (ret < 0) { fprintf(stderr, "Error generating parameters: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } } else { #ifdef ENABLE_SRP if (bits <= 1024) { p = gnutls_srp_1024_group_prime; g = gnutls_srp_1024_group_generator; bits = 1024; } else if (bits <= 1536) { p = gnutls_srp_1536_group_prime; g = gnutls_srp_1536_group_generator; bits = 1536; } else if (bits <= 2048) { p = gnutls_srp_2048_group_prime; g = gnutls_srp_2048_group_generator; bits = 2048; } else if (bits <= 3072) { p = gnutls_srp_3072_group_prime; g = gnutls_srp_3072_group_generator; bits = 3072; } else { p = gnutls_srp_4096_group_prime; g = gnutls_srp_4096_group_generator; bits = 4096; } ret = gnutls_dh_params_import_raw(dh_params, &p, &g); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } #else fprintf(stderr, "Parameters unavailable as SRP is disabled.\n"); exit(1); #endif } print_dh_info(outfile, &p, &g, q_bits, info->cprint); if (!info->cprint) { /* generate a PKCS#3 structure */ size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3(dh_params, GNUTLS_X509_FMT_PEM, buffer, &len); if (ret == 0) { fprintf(outfile, "\n%s", buffer); } else { fprintf(stderr, "Error: %s\n", gnutls_strerror(ret)); } } gnutls_dh_params_deinit(dh_params); return 0; }