/* Curl_gtls_init() * * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that * are not thread-safe and thus this function itself is not thread-safe and * must only be called from within curl_global_init() to keep the thread * situation under control! */ int Curl_gtls_init(void) { int ret = 1; if(!gtls_inited) { ret = gnutls_global_init()?0:1; #ifdef GTLSDEBUG gnutls_global_set_log_function(tls_log_func); gnutls_global_set_log_level(2); #endif gtls_inited = TRUE; } return ret; }
int main() { gnutls_global_init(); gnutls_global_set_log_function(logfn); gnutls_global_set_audit_log_function(auditfn); gnutls_global_set_log_level(-99); nonblock = 0; debug = 0; run_tests(1000); gnutls_global_deinit(); }
void doit(void) { global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(99); test_failure_client(); test_failure_server(); test_success(); gnutls_global_deinit(); }
G_GNUC_COLD void tls_global_init(void) { static const struct { const char * const name; const int major; const int minor; } f = { "tls", 1, 0 }; char *cert_file, *key_file; #if !defined(REMAP_ZALLOC) && !defined(TRACK_MALLOC) && !defined(TRACK_ZALLOC) gnutls_global_set_mem_functions(halloc, halloc, NULL, hrealloc, hfree); #endif if (gnutls_global_init()) { g_error("gnutls_global_init() failed"); } #ifdef USE_TLS_CUSTOM_IO gnutls_global_set_log_level(9); gnutls_global_set_log_function(tls_log_function); #endif /* USE_TLS_CUSTOM_IO */ get_dh_params(); gnutls_certificate_allocate_credentials(&cert_cred); key_file = make_pathname(settings_config_dir(), "key.pem"); cert_file = make_pathname(settings_config_dir(), "cert.pem"); if (file_exists(key_file) && file_exists(cert_file)) { int ret; ret = gnutls_certificate_set_x509_key_file(cert_cred, cert_file, key_file, GNUTLS_X509_FMT_PEM); if (ret < 0) { g_warning("gnutls_certificate_set_x509_key_file() failed: %s", gnutls_strerror(ret)); } else { gnutls_certificate_set_dh_params(cert_cred, get_dh_params()); } } HFREE_NULL(key_file); HFREE_NULL(cert_file); header_features_add(FEATURES_CONNECTIONS, f.name, f.major, f.minor); header_features_add(FEATURES_G2_CONNECTIONS, f.name, f.major, f.minor); header_features_add(FEATURES_DOWNLOADS, f.name, f.major, f.minor); header_features_add(FEATURES_UPLOADS, f.name, f.major, f.minor); }
void doit(void) { gnutls_certificate_credentials_t x509_cred; gnutls_certificate_credentials_t clicred; int ret; unsigned idx; #if !defined(HAVE_LIBIDN2) exit(77); #endif /* this must be called once in the program */ global_init(); gnutls_global_set_time_function(mytime); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2); ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_cert_chain); assert(idx == 0); idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_utf8_cert); assert(idx == 1); test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */ test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτρα.com", GNUTLS_E_RECEIVED_DISALLOWED_NAME, GNUTLS_E_AGAIN); gnutls_certificate_free_credentials(x509_cred); gnutls_certificate_free_credentials(clicred); gnutls_global_deinit(); if (debug) success("success"); }
static void client(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(7); } gnutls_certificate_allocate_credentials(&x509_cred); assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); terminate(); } else { if (debug) success("client: Handshake was completed\n"); } if (debug) success("client: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); gnutls_bye(session, GNUTLS_SHUT_WR); close(fd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); }
void doit (void) { gnutls_certificate_credentials_t x509_cred; int ret, i; gnutls_x509_crt_t issuer; gnutls_x509_crt_t list[LIST_SIZE]; char dn[128]; size_t dn_size; unsigned int list_size; /* this must be called once in the program */ gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (6); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); /* test for gnutls_certificate_get_issuer() */ list_size = LIST_SIZE; ret = gnutls_x509_crt_list_import(list, &list_size, &cert, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); if (ret < 0) fail("gnutls_x509_crt_list_import"); ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0); if (ret < 0) fail("gnutls_certificate_get_isser"); dn_size = sizeof(dn); ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size); if (ret < 0) fail("gnutls_certificate_get_isser"); if (debug) fprintf(stderr, "Issuer's DN: %s\n", dn); for (i=0;i<list_size;i++) gnutls_x509_crt_deinit(list[i]); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); if (debug) success("success"); }
int main (void) { /* credentials */ gnutls_anon_client_credentials_t c_anoncred; gnutls_certificate_credentials_t c_certcred; gnutls_session_t client; int sd; /* General init. */ gnutls_global_init (); ecore_init(); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (6); /* Init client */ gnutls_anon_allocate_client_credentials (&c_anoncred); gnutls_certificate_allocate_credentials (&c_certcred); gnutls_init (&client, GNUTLS_CLIENT); /* set very specific priorities */ gnutls_priority_set_direct(client, "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0", NULL); gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred); gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred); gnutls_server_name_set(client, GNUTLS_NAME_DNS, "www.verisign.com", strlen("www.verisign.com")); /* connect to the peer */ sd = tcp_connect (); /* associate gnutls with socket */ gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd); /* add a callback for data being available for send/receive on socket */ if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL)) { print("could not create fd handler!"); exit(1); } /* begin main loop */ ecore_main_loop_begin(); gnutls_bye (client, GNUTLS_SHUT_RDWR); gnutls_deinit (client); tcp_close (sd); return 0; }
void * tls_init(const struct tls_config *conf) { struct tls_global *global; #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK /* Because of the horrible hack to get master_secret and client/server * random, we need to make sure that the gnutls version is something * that is expected to have same structure definition for the session * data.. */ const char *ver; const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9", "1.3.2", NULL }; int i; #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ global = os_zalloc(sizeof(*global)); if (global == NULL) return NULL; if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) { os_free(global); return NULL; } tls_gnutls_ref_count++; #ifdef GNUTLS_INTERNAL_STRUCTURE_HACK ver = gnutls_check_version(NULL); if (ver == NULL) { tls_deinit(global); return NULL; } wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver); for (i = 0; ok_ver[i]; i++) { if (strcmp(ok_ver[i], ver) == 0) break; } if (ok_ver[i] == NULL) { wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs " "to be tested and enabled in tls_gnutls.c", ver); tls_deinit(global); return NULL; } #endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ gnutls_global_set_log_function(tls_log_func); if (wpa_debug_show_keys) gnutls_global_set_log_level(11); return global; }
static void client(int fd) { int ret; gnutls_certificate_credentials_t xcred; gnutls_session_t session; global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(4711); } gnutls_certificate_allocate_credentials(&xcred); /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT); gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:%COMPAT", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, odd_push); /* Perform the TLS handshake */ do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret >= 0) { fail("client: Handshake succeeded!\n"); exit(1); } close(fd); gnutls_deinit(session); gnutls_certificate_free_credentials(xcred); gnutls_global_deinit(); }
int main(int argc, char **argv) { int ret; gnutls_global_set_log_function(tls_log_func); if (argc > 1) gnutls_global_set_log_level(4711); ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, myaes_init, myaes_setkey, myaes_setiv, myaes_encrypt, myaes_decrypt, myaes_deinit); if (ret < 0) { fprintf(stderr, "%d: cannot register cipher\n", __LINE__); exit(1); } ret = gnutls_crypto_register_aead_cipher(GNUTLS_CIPHER_AES_128_GCM, 1, myaes_gcm_init, myaes_gcm_setkey, myaes_gcm_encrypt, myaes_gcm_decrypt, myaes_gcm_deinit); if (ret < 0) { fprintf(stderr, "%d: cannot register cipher\n", __LINE__); exit(1); } global_init(); if (gnutls_cipher_self_test(1, 0) < 0) return 1; if (used == 0) { fprintf(stderr, "The CBC cipher was not used\n"); exit(1); } if (aead_used == 0) { fprintf(stderr, "The AEAD cipher was not used\n"); exit(1); } gnutls_global_deinit(); return 0; }
gtlsClientData::gtlsClientData(std::string const& _caFile, std::string const& _certFile, std::string const& _keyFile) { int ret = 0; gnutls_global_set_log_level(loglevel); gnutls_global_set_log_function(gtlsGeneric::logCallback); gnutls_certificate_allocate_credentials(&cred_); // GNUTLS_NOTICE("Allocted credentials"); // Add the certificate authority used. // GNUTLS_NOTICE("Setting CA, file='" << _caFile << "'"); ret = gnutls_certificate_set_x509_trust_file(cred_, _caFile.c_str(), GNUTLS_X509_FMT_PEM); // printerror("gnutls_certificate_set_x509_trust_file", ret); // GNUTLS_NOTICE("Processed " << ret << " certificates."); // Set the cert and private key. // Set the certificate and priate key pair. // GNUTLS_NOTICE("Setting certificate, file='" << _certFile << "'"); // GNUTLS_NOTICE("Setting private key, file='" << _keyFile << "'"); ret = gnutls_certificate_set_x509_key_file(cred_, _certFile.c_str(), _keyFile.c_str(), GNUTLS_X509_FMT_PEM); // printerror("gnutls_certificate_set_x509_key_file", ret); // GNUTLS_NOTICE("Processed " << ret << " certificate/key pair(s)."); ret = gnutls_init(&session_, GNUTLS_CLIENT); // printerror("gnutls_init", ret); ret = gnutls_set_default_priority(session_); // printerror("gnutls_set_default_priority", ret); gnutls_dh_set_prime_bits(session_, gtlsGeneric::GNUTLSIF_DH_BITS); const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; ret = gnutls_certificate_type_set_priority(session_, cert_type_priority); // printerror("gnutls_certificate_type_set_priority", ret); ret = gnutls_credentials_set(session_, GNUTLS_CRD_CERTIFICATE, cred_); // printerror("gnutls_credentials_set", ret); }
void doit (void) { gnutls_openpgp_keyring_t keyring; gnutls_datum_t data; int ret; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (2); ret = gnutls_global_init_extra (); if (ret < 0) fail ("extra-init %d\n", ret); ret = gnutls_openpgp_keyring_init (&keyring); if (ret < 0) fail ("keyring-init %d\n", ret); data.data = raw_keyring; data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]); ret = gnutls_openpgp_keyring_import (keyring, &data, GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) fail ("keyring-import %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0); if (ret == 0) fail ("keyring-check-id (not-in-keyring) %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0); if (ret != 0) fail ("keyring-check-id first key %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0); if (ret != 0) fail ("keyring-check-id second key %d\n", ret); if (debug) success ("done\n"); gnutls_openpgp_keyring_deinit (keyring); gnutls_global_deinit (); }
/* * Copyright (C) 2007-2012 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos, Simon Josefsson * * This file is part of GnuTLS. * * GnuTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include "utils.h" #include "../lib/gnutls_int.h" #include "../lib/gnutls_mpi.h" #include "../lib/gnutls_errors.h" #include "../lib/debug.h" static void tls_log_func (int level, const char *str) { fprintf (stderr, "|<%d>| %s", level, str); } #define RND_BITS 510 /* not multiple of 8 */ void doit (void) { int rc; bigint_t n1, n2, n3, n4; gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (99); n1 = _gnutls_mpi_new (1000); if (n1 == NULL) fail ("mpi_new failed\n"); n2 = _gnutls_mpi_set_ui (NULL, 2); if (n2 == NULL) fail ("mpi_set_ui failed\n"); n3 = _gnutls_mpi_set_ui (NULL, 5); if (n3 == NULL) fail ("mpi_set_ui failed\n"); _gnutls_mpi_randomize (n1, RND_BITS, GNUTLS_RND_NONCE); _gnutls_mpi_log ("rand:", n1); rc = _gnutls_mpi_get_nbits (n1); if (rc > RND_BITS) fail ("mpi_get_nbits failed... returned %d\n", rc); n4 = _gnutls_mpi_addm (NULL, n1, n3, n2); if (n4 == NULL) fail ("mpi_set_ui failed\n"); if (_gnutls_mpi_cmp_ui (n4, 0) != 0 && _gnutls_mpi_cmp_ui (n4, 1) != 0) fail ("mpi_cmp_ui failed\n"); _gnutls_mpi_release (&n1); _gnutls_mpi_release (&n2); _gnutls_mpi_release (&n3); _gnutls_mpi_release (&n4); gnutls_global_deinit (); if (debug) success ("mpi ops ok\n"); }
void doit(void) { gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); global_init(); OpenSSL_add_all_algorithms(); /* ciphers */ cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16); cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16); gnutls_global_deinit(); return; }
static Ecore_Con_Ssl_Error _ecore_con_ssl_init_gnutls(void) { #ifdef EFL_HAVE_PTHREAD if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)) WRN("YOU ARE USING PTHREADS, BUT I CANNOT INITIALIZE THREADSAFE GCRYPT OPERATIONS!"); #endif if (gnutls_global_init()) return ECORE_CON_SSL_ERROR_INIT_FAILED; #ifdef ISCOMFITOR gnutls_global_set_log_level(9); gnutls_global_set_log_function(_gnutls_log_func); #endif return ECORE_CON_SSL_ERROR_NONE; }
void doit(void) { gnutls_pkcs7_t pkcs7; const char *oid; gnutls_datum_t data; int ret; gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); /* generate a PKCS #7 structure */ ret = gnutls_pkcs7_init(&pkcs7); if (ret < 0) { fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs7_import(pkcs7, &pkcs7_pem, GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); exit(1); } oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7); if (oid == NULL) { fail("error in gnutls_pkcs7_get_embedded_data_oid\n"); exit(1); } assert(strcmp(oid, "1.3.6.1.4.1.311.10.1") == 0); ret = gnutls_pkcs7_get_embedded_data(pkcs7, GNUTLS_PKCS7_EDATA_GET_RAW, &data); if (ret < 0) { fail("error in gnutls_pkcs7_get_embedded_data: %s\n", gnutls_strerror(ret)); exit(1); } assert(data.size == der_content_size); assert(memcmp(data.data, der_content, data.size) == 0); gnutls_pkcs7_deinit(pkcs7); gnutls_free(data.data); }
Tls_globals::Tls_globals() { int result = gnutls_global_init(); if (result != GNUTLS_E_SUCCESS) { std::string msg("Unable to initialize the TLS Library: ["); msg.append(gnutls_strerror(result)); msg.append("]"); throw LJ__Exception(msg); } gnutls_global_set_log_level(10); gnutls_global_set_log_function(&tls_debug_logger); gnutls_global_set_audit_log_function(&tls_audit_logger); if (nullptr == gnutls_check_version("3.0.23")) { throw logjam::Tls_exception("gnutls version 3.0.23 or higher is required.", 0); } }
void doit(void) { global_init(); /* General init. */ gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(2); test_failure("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); test_failure("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); test_success1("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); test_success1("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); test_success2("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); test_success2("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); gnutls_global_deinit(); }
TLSGlobal() { #if VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL) #if VMIME_GNUTLS_NEEDS_GCRYPT gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif // VMIME_GNUTLS_NEEDS_GCRYPT #endif // VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL gnutls_global_init(); //gnutls_global_init_extra(); #if VMIME_DEBUG && GNUTLS_DEBUG gnutls_global_set_log_function(TLSLogFunc); gnutls_global_set_log_level(10); #endif // VMIME_DEBUG && GNUTLS_DEBUG gnutls_anon_allocate_client_credentials(&anonCred); gnutls_certificate_allocate_credentials(&certCred); }
gtlsGlobalServerData::gtlsGlobalServerData(std::string const& _CAfile, /*std::string const& _CRLFile,*/ std::string const& _CertFile, std::string const& _keyFile) : cert_cred(0), initialized_(true) { int ret = 0; // Logging. gnutls_global_set_log_level(loglevel); gnutls_global_set_log_function(gtlsGeneric::logCallback); // Allocate the structures used to keep certificates in. ret = gnutls_certificate_allocate_credentials(&cert_cred); // printerror("gnutls_certificate_allocate_credentials", ret); if (ret < 0) { initialized_ = false; } // Set the CA certificate. // GNUTLS_NOTICE("Setting CA, file='" << _CAfile << "'"); ret = gnutls_certificate_set_x509_trust_file(cert_cred, _CAfile.c_str(), GNUTLS_X509_FMT_PEM); // printerror("gnutls_certificate_set_x509_trust_file", ret); if (ret < 0) { initialized_ = false; } // GNUTLS_NOTICE("Processed " << ret << " certificates."); // Set the certificate and priate key pair. //GNUTLS_NOTICE("Setting certificate, file='" << _CertFile << "'"); //GNUTLS_NOTICE("Setting private key, file='" << _keyFile << "'"); ret = gnutls_certificate_set_x509_key_file(cert_cred, _CertFile.c_str(), _keyFile.c_str(), GNUTLS_X509_FMT_PEM); // printerror("gnutls_certificate_set_x509_key_file", ret); if (ret < 0) { initialized_ = false; } // GNUTLS_NOTICE("Processed " << ret << " certificate/key pair(s)."); // Generate and set DH params. generate_dh_params(); gnutls_certificate_set_dh_params(cert_cred, dh_params); }
static void start(void) { int fd[2]; int ret; global_init(); if (debug) { gnutls_global_set_log_function(server_log_func); gnutls_global_set_log_level(3); } ret = gnutls_register_custom_url(&custom_url_st); if (ret < 0) { fail("error registering: %s\n", gnutls_strerror(ret)); exit(1); } ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); exit(1); } child = fork(); if (child < 0) { perror("fork"); fail("fork"); exit(1); } if (child) { /* parent */ close(fd[0]); client(fd[1]); kill(child, SIGTERM); } else { close(fd[1]); server(fd[0]); exit(0); } }
void doit(void) { unsigned rsa_size1, rsa_size2; global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); if (gnutls_fips140_mode_enabled()) { rsa_size1 = 2048; /* minimum allowed */ rsa_size2 = 2048; /* minimum allowed */ } else { rsa_size1 = 512; rsa_size2 = 1024; } test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, rsa_size1); test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA256, rsa_size2); test_sig(GNUTLS_PK_RSA_PSS, GNUTLS_DIG_SHA256, rsa_size2); gnutls_global_deinit(); }
void ssl_init( void ) { if( initialized ) return; gnutls_global_init(); gnutls_certificate_allocate_credentials( &xcred ); if( global.conf->cafile ) { gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM ); /* Not needed in GnuTLS 2.11+ but we support older versions for now. */ gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); } initialized = TRUE; gnutls_global_set_log_function( ssl_log ); /* gnutls_global_set_log_level( 3 ); */ atexit( ssl_deinit ); }
bool CTlsSocket::Init() { // This function initializes GnuTLS m_initialized = true; int res = gnutls_global_init(); if (res) { LogError(res, _T("gnutls_global_init")); Uninit(); return false; } #if TLSDEBUG if (!pLoggingControlSocket) { pLoggingControlSocket = m_pOwner; gnutls_global_set_log_function(log_func); gnutls_global_set_log_level(99); } #endif res = gnutls_certificate_allocate_credentials(&m_certCredentials); if (res < 0) { LogError(res, _T("gnutls_certificate_allocate_credentials")); Uninit(); return false; } if (!InitSession()) return false; m_shutdown_requested = false; // At this point, we can start shaking hands. return true; }
static void client(int fd, unsigned tickets) { int ret; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; char buf[64]; unsigned try = 0; gnutls_datum_t session_data = {NULL, 0}; global_init(); tickets_seen = 0; if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(7); } assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); retry: /* Initialize TLS session */ assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH)>=0); gnutls_handshake_set_timeout(session, 20 * 1000); ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); if (ret < 0) fail("cannot set TLS 1.3 priorities\n"); if (try == 0) { gnutls_session_set_ptr(session, &session_data); gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_BOTH, ticket_callback); } else {
int main (int argc, char **argv) { int debug_level = 0; if (argc > 1) debug_level = 2; signal (SIGALRM, alarm_handler); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug_level); gnutls_global_init (); mac_bench (GNUTLS_MAC_SHA1, 4); mac_bench (GNUTLS_MAC_SHA1, 8); mac_bench (GNUTLS_MAC_SHA1, 16); mac_bench (GNUTLS_MAC_SHA256, 4); mac_bench (GNUTLS_MAC_SHA256, 8); mac_bench (GNUTLS_MAC_SHA256, 16); cipher_bench (GNUTLS_CIPHER_3DES_CBC, 4); cipher_bench (GNUTLS_CIPHER_3DES_CBC, 8); cipher_bench (GNUTLS_CIPHER_3DES_CBC, 16); cipher_bench (GNUTLS_CIPHER_AES_128_CBC, 4); cipher_bench (GNUTLS_CIPHER_AES_128_CBC, 8); cipher_bench (GNUTLS_CIPHER_AES_128_CBC, 16); cipher_bench (GNUTLS_CIPHER_ARCFOUR, 4); cipher_bench (GNUTLS_CIPHER_ARCFOUR, 8); cipher_bench (GNUTLS_CIPHER_ARCFOUR, 16); return 0; }
void benchmark_tls(int debug_level) { gnutls_global_set_log_function(tls_log_func); gnutls_global_set_log_level(debug_level); gnutls_global_init(); printf("Testing throughput in cipher/MAC combinations:\n"); test_ciphersuite(PRIO_ARCFOUR_128_MD5, 1024); test_ciphersuite(PRIO_ARCFOUR_128_MD5, 4096); test_ciphersuite(PRIO_ARCFOUR_128_MD5, 8 * 1024); test_ciphersuite(PRIO_ARCFOUR_128_MD5, 15 * 1024); test_ciphersuite(PRIO_AES_GCM, 1024); test_ciphersuite(PRIO_AES_GCM, 4096); test_ciphersuite(PRIO_AES_GCM, 8 * 1024); test_ciphersuite(PRIO_AES_GCM, 15 * 1024); test_ciphersuite(PRIO_AES_CBC_SHA1, 1024); test_ciphersuite(PRIO_AES_CBC_SHA1, 4096); test_ciphersuite(PRIO_AES_CBC_SHA1, 8 * 1024); test_ciphersuite(PRIO_AES_CBC_SHA1, 15 * 1024); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 1024); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 4096); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 8 * 1024); test_ciphersuite(PRIO_CAMELLIA_CBC_SHA1, 15 * 1024); printf("\n"); printf("Testing key exchanges:\n"); test_ciphersuite_kx(PRIO_DH); test_ciphersuite_kx(PRIO_ECDH); gnutls_global_deinit(); }
void client (void) { int ret, sd, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t xcred; gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (4711); gnutls_certificate_allocate_credentials (&xcred); /* sets the trusted cas file */ gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (xcred, &cert, &key, GNUTLS_X509_FMT_PEM); /* Initialize TLS session */ gnutls_init (&session, GNUTLS_CLIENT); /* Use default priorities */ gnutls_set_default_priority (session); /* put the x509 credentials to the current session */ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); /* connect to the peer */ sd = tcp_connect (); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); /* Perform the TLS handshake */ ret = gnutls_handshake (session); if (ret < 0) { fail ("client: Handshake failed\n"); gnutls_perror (ret); goto end; } else { success ("client: Handshake was completed\n"); } success ("client: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); /* see the Getting peer's information example */ print_info(session); gnutls_record_send (session, MSG, strlen (MSG)); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) { fail ("client: Error: %s\n", gnutls_strerror (ret)); goto end; } printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) { fputc (buffer[ii], stdout); } fputs ("\n", stdout); gnutls_bye (session, GNUTLS_SHUT_RDWR); end: tcp_close (sd); gnutls_deinit (session); gnutls_certificate_free_credentials (xcred); gnutls_global_deinit (); }
int main (int argc, char **argv) { int last_argc = -1; gpg_error_t err; int rc; parsed_uri_t uri; uri_tuple_t r; http_t hd; int c; unsigned int my_http_flags = 0; int no_out = 0; int tls_dbg = 0; const char *cafile = NULL; http_session_t session = NULL; gpgrt_init (); log_set_prefix (PGM, 1 | 4); if (argc) { argc--; argv++; } while (argc && last_argc != argc ) { last_argc = argc; if (!strcmp (*argv, "--")) { argc--; argv++; break; } else if (!strcmp (*argv, "--help")) { fputs ("usage: " PGM " URL\n" "Options:\n" " --verbose print timings etc.\n" " --debug flyswatter\n" " --gnutls-debug N use GNUTLS debug level N\n" " --cacert FNAME expect CA certificate in file FNAME\n" " --no-verify do not verify the certificate\n" " --force-tls use HTTP_FLAG_FORCE_TLS\n" " --no-out do not print the content\n", stdout); exit (0); } else if (!strcmp (*argv, "--verbose")) { verbose++; argc--; argv++; } else if (!strcmp (*argv, "--debug")) { verbose += 2; debug++; argc--; argv++; } else if (!strcmp (*argv, "--gnutls-debug")) { argc--; argv++; if (argc) { tls_dbg = atoi (*argv); argc--; argv++; } } else if (!strcmp (*argv, "--cacert")) { argc--; argv++; if (argc) { cafile = *argv; argc--; argv++; } } else if (!strcmp (*argv, "--no-verify")) { no_verify = 1; argc--; argv++; } else if (!strcmp (*argv, "--force-tls")) { my_http_flags |= HTTP_FLAG_FORCE_TLS; argc--; argv++; } else if (!strcmp (*argv, "--no-out")) { no_out = 1; argc--; argv++; } else if (!strncmp (*argv, "--", 2)) { fprintf (stderr, PGM ": unknown option '%s'\n", *argv); exit (1); } } if (argc != 1) { fprintf (stderr, PGM ": no or too many URLS given\n"); exit (1); } if (!cafile) cafile = prepend_srcdir ("tls-ca.pem"); #if HTTP_USE_NTBTLS (void)err; ntbtls_set_debug (tls_dbg, NULL, NULL); #elif HTTP_USE_GNUTLS rc = gnutls_global_init (); if (rc) log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc)); http_register_tls_callback (verify_callback); http_register_tls_ca (cafile); err = http_session_new (&session, NULL); if (err) log_error ("http_session_new failed: %s\n", gpg_strerror (err)); /* rc = gnutls_dh_params_init(&dh_params); */ /* if (rc) */ /* log_error ("gnutls_dh_params_init failed: %s\n", gnutls_strerror (rc)); */ /* read_dh_params ("dh_param.pem"); */ /* rc = gnutls_certificate_set_x509_trust_file */ /* (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */ /* if (rc) */ /* log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */ /* gnutls_strerror (rc)); */ /* gnutls_certificate_set_dh_params (certcred, dh_params); */ gnutls_global_set_log_function (my_gnutls_log); if (tls_dbg) gnutls_global_set_log_level (tls_dbg); #endif /*HTTP_USE_GNUTLS*/ rc = http_parse_uri (&uri, *argv, 1); if (rc) { log_error ("'%s': %s\n", *argv, gpg_strerror (rc)); return 1; } printf ("Scheme: %s\n", uri->scheme); if (uri->opaque) printf ("Value : %s\n", uri->path); else { printf ("Auth : %s\n", uri->auth? uri->auth:"[none]"); printf ("Host : %s\n", uri->host); printf ("Port : %u\n", uri->port); printf ("Path : %s\n", uri->path); for (r = uri->params; r; r = r->next) { printf ("Params: %s", r->name); if (!r->no_value) { printf ("=%s", r->value); if (strlen (r->value) != r->valuelen) printf (" [real length=%d]", (int) r->valuelen); } putchar ('\n'); } for (r = uri->query; r; r = r->next) { printf ("Query : %s", r->name); if (!r->no_value) { printf ("=%s", r->value); if (strlen (r->value) != r->valuelen) printf (" [real length=%d]", (int) r->valuelen); } putchar ('\n'); } printf ("TLS : %s\n", uri->use_tls? "yes": (my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no"); } fflush (stdout); http_release_parsed_uri (uri); uri = NULL; rc = http_open_document (&hd, *argv, NULL, my_http_flags, NULL, session, NULL, NULL); if (rc) { log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc)); return 1; } log_info ("open_http_document succeeded; status=%u\n", http_get_status_code (hd)); { const char **names; int i; names = http_get_header_names (hd); if (!names) log_fatal ("http_get_header_names failed: %s\n", gpg_strerror (gpg_error_from_syserror ())); for (i = 0; names[i]; i++) printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i])); xfree (names); } fflush (stdout); switch (http_get_status_code (hd)) { case 200: case 400: case 401: case 403: case 404: { unsigned long count = 0; while ((c = es_getc (http_get_read_ptr (hd))) != EOF) { count++; if (!no_out) putchar (c); } log_info ("Received bytes: %lu\n", count); } break; case 301: case 302: case 307: log_info ("Redirected to: %s\n", http_get_header (hd, "Location")); break; } http_close (hd, 0); http_session_release (session); #ifdef HTTP_USE_GNUTLS gnutls_global_deinit (); #endif /*HTTP_USE_GNUTLS*/ return 0; }