void utils::initialize_ssl_implementation(void) { #if HAVE_OPENSSL openssl_mutexes_size = CRYPTO_num_locks(); openssl_mutexes = new mutex[openssl_mutexes_size]; CRYPTO_set_id_callback(openssl_mth_id_function); CRYPTO_set_locking_callback(openssl_mth_locking_function); #endif #if HAVE_GCRYPT gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); gnutls_global_init(); #endif }
/* Curl_gtls_init() * * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that * are not thread-safe and thus this function itself is not thread-safe and * must only be called from within curl_global_init() to keep the thread * situation under control! */ int Curl_gtls_init(void) { int ret = 1; if(!gtls_inited) { ret = gnutls_global_init()?0:1; #ifdef GTLSDEBUG gnutls_global_set_log_function(tls_log_func); gnutls_global_set_log_level(2); #endif gtls_inited = TRUE; } return ret; }
int main() { gnutls_global_init(); gnutls_global_set_log_function(logfn); gnutls_global_set_audit_log_function(auditfn); gnutls_global_set_log_level(-99); nonblock = 0; debug = 0; run_tests(1000); gnutls_global_deinit(); }
static int handshake (struct stream_data *data) { const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; const int kx_priority[] = { GNUTLS_KX_RSA, 0 }; const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; int ret; #ifndef WIN32 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif if (gnutls_global_init () != 0) return IKS_NOMEM; if (gnutls_certificate_allocate_credentials (&data->cred) < 0) return IKS_NOMEM; if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) { gnutls_certificate_free_credentials (data->cred); return IKS_NOMEM; } gnutls_protocol_set_priority (data->sess, protocol_priority); gnutls_cipher_set_priority(data->sess, cipher_priority); gnutls_compression_set_priority(data->sess, comp_priority); gnutls_kx_set_priority(data->sess, kx_priority); gnutls_mac_set_priority(data->sess, mac_priority); gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred); gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push); gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull); gnutls_transport_set_ptr (data->sess, data->prs); ret = gnutls_handshake (data->sess); if (ret != 0) { gnutls_deinit (data->sess); gnutls_certificate_free_credentials (data->cred); return IKS_NET_TLSFAIL; } data->flags &= (~SF_TRY_SECURE); data->flags |= SF_SECURE; iks_send_header (data->prs, data->server); return IKS_OK; } // HAVE_GNUTLS
G_GNUC_COLD void tls_global_init(void) { static const struct { const char * const name; const int major; const int minor; } f = { "tls", 1, 0 }; char *cert_file, *key_file; #if !defined(REMAP_ZALLOC) && !defined(TRACK_MALLOC) && !defined(TRACK_ZALLOC) gnutls_global_set_mem_functions(halloc, halloc, NULL, hrealloc, hfree); #endif if (gnutls_global_init()) { g_error("gnutls_global_init() failed"); } #ifdef USE_TLS_CUSTOM_IO gnutls_global_set_log_level(9); gnutls_global_set_log_function(tls_log_function); #endif /* USE_TLS_CUSTOM_IO */ get_dh_params(); gnutls_certificate_allocate_credentials(&cert_cred); key_file = make_pathname(settings_config_dir(), "key.pem"); cert_file = make_pathname(settings_config_dir(), "cert.pem"); if (file_exists(key_file) && file_exists(cert_file)) { int ret; ret = gnutls_certificate_set_x509_key_file(cert_cred, cert_file, key_file, GNUTLS_X509_FMT_PEM); if (ret < 0) { g_warning("gnutls_certificate_set_x509_key_file() failed: %s", gnutls_strerror(ret)); } else { gnutls_certificate_set_dh_params(cert_cred, get_dh_params()); } } HFREE_NULL(key_file); HFREE_NULL(cert_file); header_features_add(FEATURES_CONNECTIONS, f.name, f.major, f.minor); header_features_add(FEATURES_G2_CONNECTIONS, f.name, f.major, f.minor); header_features_add(FEATURES_DOWNLOADS, f.name, f.major, f.minor); header_features_add(FEATURES_UPLOADS, f.name, f.major, f.minor); }
void doit (void) { gnutls_certificate_credentials_t x509_cred; int ret, i; gnutls_x509_crt_t issuer; gnutls_x509_crt_t list[LIST_SIZE]; char dn[128]; size_t dn_size; unsigned int list_size; /* this must be called once in the program */ gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (6); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); /* test for gnutls_certificate_get_issuer() */ list_size = LIST_SIZE; ret = gnutls_x509_crt_list_import(list, &list_size, &cert, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); if (ret < 0) fail("gnutls_x509_crt_list_import"); ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0); if (ret < 0) fail("gnutls_certificate_get_isser"); dn_size = sizeof(dn); ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size); if (ret < 0) fail("gnutls_certificate_get_isser"); if (debug) fprintf(stderr, "Issuer's DN: %s\n", dn); for (i=0;i<list_size;i++) gnutls_x509_crt_deinit(list[i]); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); if (debug) success("success"); }
int main(int argc, char **argv) { int port = 5556; char address[INET6_ADDRSTRLEN+1]; int client = 0; memset(address, 0, INET6_ADDRSTRLEN+1); char message[MAX_MESSAGE_SIZE+1]; // message for client to send // parse command line args with getopt static struct option long_options[] = { {"client", no_argument, 0, 'c'}, {"address", required_argument, 0, 'a'}, {"port", required_argument, 0, 'p'}, {"message", required_argument, 0, 'm'}, {NULL, 0, NULL, 0} }; int c; int option_index = 0; while ((c = getopt_long(argc, argv, "ca:p:m:", long_options, &option_index)) != -1) { switch (c) { case 'c': client = 1; break; case 'a': client = 1; strncpy(address, optarg, INET6_ADDRSTRLEN); break; case 'p': port = atoi(optarg); break; case 'm': strncpy(message, optarg, MAX_MESSAGE_SIZE); break; default: printf ("?? getopt returned character code 0%o ??\n", c); } } gnutls_global_init (); // init that shit! if (client) { printf("Starting in client mode\n"); dtls_client (address, port, message); } else { printf("Starting in server mode %s:%i\n", address, port); dtls_server (port); } return 0; }
int main (void) { /* credentials */ gnutls_anon_client_credentials_t c_anoncred; gnutls_certificate_credentials_t c_certcred; gnutls_session_t client; int sd; /* General init. */ gnutls_global_init (); ecore_init(); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (6); /* Init client */ gnutls_anon_allocate_client_credentials (&c_anoncred); gnutls_certificate_allocate_credentials (&c_certcred); gnutls_init (&client, GNUTLS_CLIENT); /* set very specific priorities */ gnutls_priority_set_direct(client, "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0", NULL); gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred); gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred); gnutls_server_name_set(client, GNUTLS_NAME_DNS, "www.verisign.com", strlen("www.verisign.com")); /* connect to the peer */ sd = tcp_connect (); /* associate gnutls with socket */ gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd); /* add a callback for data being available for send/receive on socket */ if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL)) { print("could not create fd handler!"); exit(1); } /* begin main loop */ ecore_main_loop_begin(); gnutls_bye (client, GNUTLS_SHUT_RDWR); gnutls_deinit (client); tcp_close (sd); return 0; }
void * tls_init(const struct tls_config *conf) { struct tls_global *global; #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK /* Because of the horrible hack to get master_secret and client/server * random, we need to make sure that the gnutls version is something * that is expected to have same structure definition for the session * data.. */ const char *ver; const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9", "1.3.2", NULL }; int i; #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ global = os_zalloc(sizeof(*global)); if (global == NULL) return NULL; if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) { os_free(global); return NULL; } tls_gnutls_ref_count++; #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK ver = gnutls_check_version(NULL); if (ver == NULL) { tls_deinit(global); return NULL; } wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver); for (i = 0; ok_ver[i]; i++) { if (strcmp(ok_ver[i], ver) == 0) break; } if (ok_ver[i] == NULL) { wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs " "to be tested and enabled in tls_gnutls.c", ver); tls_deinit(global); return NULL; } #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ gnutls_global_set_log_function(tls_log_func); if (wpa_debug_show_keys) gnutls_global_set_log_level(11); return global; }
static int __pkcs11h_crypto_gnutls_initialize ( IN void * const global_data ) { (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ if (gnutls_global_init () != GNUTLS_E_SUCCESS) { return FALSE; } else { return TRUE; } }
int iks_init(void) { int ok = 0; #ifndef WIN32 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif if (gnutls_global_init () != 0) return IKS_NOMEM; return ok; }
PrivateKey PrivateKey::generate(unsigned key_length) { if (gnutls_global_init() != GNUTLS_E_SUCCESS) throw CryptoException("Can't initialize GnuTLS."); gnutls_x509_privkey_t key; if (gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS) throw CryptoException("Can't initialize private key."); int err = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, key_length, 0); if (err != GNUTLS_E_SUCCESS) { gnutls_x509_privkey_deinit(key); throw CryptoException(std::string("Can't generate RSA key pair: ") + gnutls_strerror(err)); } return PrivateKey{key}; }
bool secure::init(void) { static bool initialized = false; if(!initialized) { Thread::init(); Socket::init(); gnutls_global_init(); gnutls_priority_init (&context::priority_cache, "NORMAL", NULL); atexit(secure_shutdown); initialized = true; } return true; }
/* * Copyright (C) 2007-2012 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos, Simon Josefsson * * This file is part of GnuTLS. * * GnuTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include "utils.h" #include "../lib/gnutls_int.h" #include "../lib/gnutls_mpi.h" #include "../lib/gnutls_errors.h" #include "../lib/debug.h" static void tls_log_func (int level, const char *str) { fprintf (stderr, "|<%d>| %s", level, str); } #define RND_BITS 510 /* not multiple of 8 */ void doit (void) { int rc; bigint_t n1, n2, n3, n4; gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (99); n1 = _gnutls_mpi_new (1000); if (n1 == NULL) fail ("mpi_new failed\n"); n2 = _gnutls_mpi_set_ui (NULL, 2); if (n2 == NULL) fail ("mpi_set_ui failed\n"); n3 = _gnutls_mpi_set_ui (NULL, 5); if (n3 == NULL) fail ("mpi_set_ui failed\n"); _gnutls_mpi_randomize (n1, RND_BITS, GNUTLS_RND_NONCE); _gnutls_mpi_log ("rand:", n1); rc = _gnutls_mpi_get_nbits (n1); if (rc > RND_BITS) fail ("mpi_get_nbits failed... returned %d\n", rc); n4 = _gnutls_mpi_addm (NULL, n1, n3, n2); if (n4 == NULL) fail ("mpi_set_ui failed\n"); if (_gnutls_mpi_cmp_ui (n4, 0) != 0 && _gnutls_mpi_cmp_ui (n4, 1) != 0) fail ("mpi_cmp_ui failed\n"); _gnutls_mpi_release (&n1); _gnutls_mpi_release (&n2); _gnutls_mpi_release (&n3); _gnutls_mpi_release (&n4); gnutls_global_deinit (); if (debug) success ("mpi ops ok\n"); }
int main(int argc, char **argv) { #ifdef TEST_KEEP_FILES u_int flags; #endif /* TEST_KEEP_FILES */ DKIM_STAT status; DKIM *dkim; DKIM_LIB *lib; dkim_query_t qtype = DKIM_QUERY_FILE; unsigned char hdr[MAXHEADER + 1]; printf("*** relaxed/relaxed rsa-sha1 verifying with empty \"t=\"\n"); #ifdef USE_GNUTLS (void) gnutls_global_init(); #endif /* USE_GNUTLS */ /* instantiate the library */ lib = dkim_init(NULL, NULL); assert(lib != NULL); #ifdef TEST_KEEP_FILES /* set flags */ flags = (DKIM_LIBFLAGS_TMPFILES|DKIM_LIBFLAGS_KEEPFILES); (void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_FLAGS, &flags, sizeof flags); #endif /* TEST_KEEP_FILES */ (void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_QUERYMETHOD, &qtype, sizeof qtype); (void) dkim_options(lib, DKIM_OP_SETOPT, DKIM_OPTS_QUERYINFO, KEYFILE, strlen(KEYFILE)); dkim = dkim_verify(lib, JOBID, NULL, &status); assert(dkim != NULL); snprintf(hdr, sizeof hdr, "%s: %s", DKIM_SIGNHEADER, SIG2); status = dkim_header(dkim, hdr, strlen(hdr)); assert(status == DKIM_STAT_SYNTAX); status = dkim_free(dkim); assert(status == DKIM_STAT_OK); dkim_close(lib); return 0; }
void doit (void) { gnutls_openpgp_keyring_t keyring; gnutls_datum_t data; int ret; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (2); ret = gnutls_global_init_extra (); if (ret < 0) fail ("extra-init %d\n", ret); ret = gnutls_openpgp_keyring_init (&keyring); if (ret < 0) fail ("keyring-init %d\n", ret); data.data = raw_keyring; data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]); ret = gnutls_openpgp_keyring_import (keyring, &data, GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) fail ("keyring-import %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0); if (ret == 0) fail ("keyring-check-id (not-in-keyring) %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0); if (ret != 0) fail ("keyring-check-id first key %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0); if (ret != 0) fail ("keyring-check-id second key %d\n", ret); if (debug) success ("done\n"); gnutls_openpgp_keyring_deinit (keyring); gnutls_global_deinit (); }
/** * xmlSecGnuTLSAppInit: * @config: the path to GnuTLS configuration (unused). * * General crypto engine initialization. This function is used * by XMLSec command line utility and called before * @xmlSecInit function. * * Returns: 0 on success or a negative value otherwise. */ int xmlSecGnuTLSAppInit(const char* config) { int err; err = gnutls_global_init(); if(err != GNUTLS_E_SUCCESS) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gnutls_global_init", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GNUTLS_REPORT_ERROR(err)); return(-1); } return(xmlSecGCryptAppInit(config)); }
static Ecore_Con_Ssl_Error _ecore_con_ssl_init_gnutls(void) { #ifdef EFL_HAVE_PTHREAD if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)) WRN("YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!"); #endif if (gnutls_global_init()) return ECORE_CON_SSL_ERROR_INIT_FAILED; #ifdef ISCOMFITOR gnutls_global_set_log_level(9); gnutls_global_set_log_function(_gnutls_log_func); #endif return ECORE_CON_SSL_ERROR_NONE; }
void initialize_tls_global(void) { gnutls_global_init (); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CACERT, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CACRL, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (x509_cred, SERVERCERT, SERVERKEY, GNUTLS_X509_FMT_PEM); gnutls_dh_params_init (&dh_params); gnutls_dh_params_generate2 (dh_params, DH_BITS); gnutls_certificate_set_dh_params (x509_cred, dh_params); }
void TLSServer::init ( const std::string& ca, const std::string& crl, const std::string& cert, const std::string& key) { _ca = ca; _crl = crl; _cert = cert; _key = key; gnutls_global_init (); gnutls_certificate_allocate_credentials (&_credentials); if (_ca != "" && gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0) throw std::string ("Missing CA file."); if ( _crl != "" && gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM) < 0) throw std::string ("Missing CRL file."); if (_cert != "" && _key != "" && gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM) < 0) throw std::string ("Missing CERT file."); #if GNUTLS_VERSION_NUMBER >= 0x020b00 #if GNUTLS_VERSION_NUMBER >= 0x03000d unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY); #else unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL); #endif #else unsigned int bits = DH_BITS; #endif gnutls_dh_params_init (&_params); gnutls_dh_params_generate2 (_params, bits); if (_ciphers == "") _ciphers = "NORMAL"; gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL); gnutls_certificate_set_dh_params (_credentials, _params); #if GNUTLS_VERSION_NUMBER >= 0x02090a gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback); #endif }
int main (int argc, char *const *argv) { int errorCount = 0;; struct MHD_Daemon *d; gnutls_session_t session; gnutls_datum_t key; gnutls_datum_t cert; gnutls_certificate_credentials_t xcred; gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif gnutls_global_init (); gnutls_global_set_log_level (11); d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, DEAMON_TEST_PORT, NULL, NULL, &http_dummy_ahc, NULL, MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); if (d == NULL) { fprintf (stderr, MHD_E_SERVER_INIT); return -1; } if (0 != setup_session (&session, &key, &cert, &xcred)) { fprintf (stderr, "failed to setup session\n"); return 1; } errorCount += test_tls_session_time_out (session); teardown_session (session, &key, &cert, xcred); print_test_result (errorCount, argv[0]); MHD_stop_daemon (d); gnutls_global_deinit (); return errorCount != 0; }
/// Enables TLS on the given server. static void onion_enable_tls(onion *o){ #ifdef HAVE_PTHREADS gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif if (!(o->flags&O_USE_DEV_RANDOM)){ gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); } gnutls_global_init (); gnutls_certificate_allocate_credentials (&o->x509_cred); gnutls_dh_params_init (&o->dh_params); gnutls_dh_params_generate2 (o->dh_params, 1024); gnutls_certificate_set_dh_params (o->x509_cred, o->dh_params); gnutls_priority_init (&o->priority_cache, "NORMAL", NULL); o->flags|=O_SSL_ENABLED; }
bool ssl_init () { const char *ca_directory; DIR *dir; gnutls_global_init (); gnutls_certificate_allocate_credentials (&credentials); gnutls_certificate_set_verify_flags(credentials, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs"; dir = opendir (ca_directory); if (dir == NULL) { if (opt.ca_directory) logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"), opt.ca_directory); } else { struct dirent *dent; while ((dent = readdir (dir)) != NULL) { struct stat st; char *ca_file; asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name); stat (ca_file, &st); if (S_ISREG (st.st_mode)) gnutls_certificate_set_x509_trust_file (credentials, ca_file, GNUTLS_X509_FMT_PEM); free (ca_file); } closedir (dir); } if (opt.ca_cert) gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert, GNUTLS_X509_FMT_PEM); return true; }
/* * Initialize TLS subsystem. Should be called only once. */ static int tlsg_init( void ) { #ifdef HAVE_GCRYPT_RAND struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT(); if ( lo->ldo_tls_randfile && gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) { Debug( LDAP_DEBUG_ANY, "TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n", 0, 0, 0); return -1; } #endif gnutls_global_init(); #ifndef HAVE_CIPHERSUITES /* GNUtls cipher suite handling: The library ought to parse suite * names for us, but it doesn't. It will return a list of suite names * that it supports, so we can do parsing ourselves. It ought to tell * us how long the list is, but it doesn't do that either, so we just * have to count it manually... */ { int i = 0; tls_cipher_suite *ptr, tmp; char cs_id[2]; while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher, &tmp.mac, &tmp.version )) i++; tlsg_n_ciphers = i; /* Store a copy */ tlsg_ciphers = LDAP_MALLOC(tlsg_n_ciphers * sizeof(tls_cipher_suite)); if ( !tlsg_ciphers ) return -1; for ( i=0; i<tlsg_n_ciphers; i++ ) { tlsg_ciphers[i].name = gnutls_cipher_suite_info( i, cs_id, &tlsg_ciphers[i].kx, &tlsg_ciphers[i].cipher, &tlsg_ciphers[i].mac, &tlsg_ciphers[i].version ); } } #endif return 0; }
static rfbBool InitializeTLS(void) { int ret; if (rfbTLSInitialized) return TRUE; if ((ret = gnutls_global_init()) < 0 || (ret = gnutls_dh_params_init(&rfbDHParams)) < 0 || (ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0) { rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret)); return FALSE; } rfbClientLog("GnuTLS initialized.\n"); rfbTLSInitialized = TRUE; return TRUE; }
void doit (void) { int ret; gnutls_datum_t pem_cert = { (unsigned char*)pem, sizeof (pem) }; gnutls_x509_crt_t cert; gnutls_x509_dn_t xdn; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); ret = gnutls_x509_crt_init (&cert); if (ret < 0) fail ("crt_init %d\n", ret); ret = gnutls_x509_crt_import (cert, &pem_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) fail ("crt_import %d\n", ret); ret = gnutls_x509_crt_get_issuer (cert, &xdn); if (ret < 0) fail ("get_issuer %d\n", ret); if (debug) { printf ("Issuer:\n"); print_dn (xdn); } ret = gnutls_x509_crt_get_subject (cert, &xdn); if (ret < 0) fail ("get_subject %d\n", ret); if (debug) { printf ("Subject:\n"); print_dn (xdn); } if (debug) success ("done\n"); gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); }
gboolean crypto_init (GError **error) { if (initialized) return TRUE; if (gnutls_global_init() != 0) { gnutls_global_deinit(); g_set_error_literal (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Failed to initialize the crypto engine.")); return FALSE; } initialized = TRUE; return TRUE; }
int MythPianoService::Login() { m_Piano = (PianoHandle_t*) malloc(sizeof(PianoHandle_t)); gnutls_global_init(); PianoInit (m_Piano); WaitressInit (&m_Waith); m_Waith.url.host = strdup (PIANO_RPC_HOST); m_Waith.url.tls = true; m_Waith.tlsFingerprint = tlsFingerprint; memset (&m_Player, 0, sizeof (m_Player)); QString username = gCoreContext->GetSetting("pandora-username"); QString password = gCoreContext->GetSetting("pandora-password"); //wtf really? char* usernameBuff = strndup(username.toUtf8().data(), 1024); char* passwordBuff = strndup(password.toUtf8().data(), 1024); PianoRequestDataLogin_t reqData; reqData.user = usernameBuff; reqData.password = passwordBuff; reqData.step = 0; PianoReturn_t pRet; WaitressReturn_t wRet; BroadcastMessage("Login... "); if (! PianoCall (PIANO_REQUEST_LOGIN, &reqData, &pRet, &wRet)) { return -1; } // wtf free(usernameBuff); free(passwordBuff); if (! PianoCall (PIANO_REQUEST_GET_STATIONS, &reqData, &pRet, &wRet)) { return -1; } m_CurrentStation = m_Piano->stations; return 0; }
bool GnuTLSClientAnon::init( const std::string&, const std::string&, const StringList& ) { if( m_initLib && gnutls_global_init() != 0 ) return false; if( gnutls_anon_allocate_client_credentials( &m_anoncred ) < 0 ) return false; if( gnutls_init( m_session, GNUTLS_CLIENT ) != 0 ) return false; #if GNUTLS_VERSION_NUMBER >= 0x020600 int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 ); if( ret != GNUTLS_E_SUCCESS ) return false; #else const int protocolPriority[] = { #ifdef GNUTLS_TLS1_2 GNUTLS_TLS1_2, #endif GNUTLS_TLS1_1, GNUTLS_TLS1, 0 }; const int protocolPriority[] = { GNUTLS_TLS1, 0 }; const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 }; const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 }; const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_protocol_set_priority( *m_session, protocolPriority ); gnutls_cipher_set_priority( *m_session, cipherPriority ); gnutls_compression_set_priority( *m_session, compPriority ); gnutls_kx_set_priority( *m_session, kxPriority ); gnutls_mac_set_priority( *m_session, macPriority ); #endif gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred ); gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this ); gnutls_transport_set_push_function( *m_session, pushFunc ); gnutls_transport_set_pull_function( *m_session, pullFunc ); m_valid = true; return true; }
void epan_init(void (*register_all_protocols_func)(register_cb cb, gpointer client_data), void (*register_all_handoffs_func)(register_cb cb, gpointer client_data), register_cb cb, gpointer client_data, void (*report_failure)(const char *, va_list), void (*report_open_failure)(const char *, int, gboolean), void (*report_read_failure)(const char *, int), void (*report_write_failure)(const char *, int)) { init_report_err(report_failure, report_open_failure, report_read_failure, report_write_failure); /* initialize memory allocation subsystem */ ep_init_chunk(); se_init_chunk(); /* initialize the GUID to name mapping table */ guids_init(); except_init(); #ifdef HAVE_LIBGNUTLS gnutls_global_init(); #elif defined(HAVE_LIBGCRYPT) gcry_check_version(NULL); #endif tvbuff_init(); tap_init(); prefs_init(); proto_init(register_all_protocols_func, register_all_handoffs_func, cb, client_data); packet_init(); dfilter_init(); final_registration_all_protocols(); host_name_lookup_init(); expert_init(); oids_init(); #ifdef HAVE_LUA_5_1 wslua_init(NULL); #endif #ifdef HAVE_GEOIP geoip_db_init(); #endif }