void benchmark_cipher(int debug_level)
{
int size = 16;
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(debug_level);
gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof(data));
printf("Checking cipher-MAC combinations, payload size: %u\n", size * 1024);
cipher_mac_bench(GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_SHA1, size);
cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size);
cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256,
size);
cipher_bench(GNUTLS_CIPHER_AES_128_GCM, size, 1);
printf("\nChecking MAC algorithms, payload size: %u\n", size * 1024);
mac_bench(GNUTLS_MAC_SHA1, size);
mac_bench(GNUTLS_MAC_SHA256, size);
mac_bench(GNUTLS_MAC_SHA512, size);
printf("\nChecking ciphers, payload size: %u\n", size * 1024);
cipher_bench(GNUTLS_CIPHER_3DES_CBC, size, 0);
cipher_bench(GNUTLS_CIPHER_AES_128_CBC, size, 0);
cipher_bench(GNUTLS_CIPHER_ARCFOUR, size, 0);
cipher_bench(GNUTLS_CIPHER_SALSA20_256, size, 0);
gnutls_global_deinit();
}
int
main()
{
Ecore_Con_Server *svr;
eina_init();
ecore_init();
ecore_con_init();
/* comment if not using gnutls */
gnutls_global_set_log_level(9);
gnutls_global_set_log_function(tls_log_func);
/* to use a PEM certificate with TLS and SSL3, uncomment the lines below */
if (!(svr = ecore_con_server_add(ECORE_CON_REMOTE_TCP | ECORE_CON_USE_TLS | ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT, "127.0.0.1", 8080, NULL)))
/* to use simple tcp with ssl/tls, use this line */
// if (!ecore_con_server_add(ECORE_CON_REMOTE_TCP | ECORE_CON_USE_SSL3, "127.0.0.1", 8080, NULL))
exit(1);
ecore_con_ssl_server_cert_add(svr, "server.pem");
ecore_con_ssl_server_privkey_add(svr, "server.pem");
/* set event handler for client connect */
ecore_event_handler_add(ECORE_CON_EVENT_CLIENT_ADD, (Ecore_Event_Handler_Cb)_add, NULL);
/* set event handler for client disconnect */
ecore_event_handler_add(ECORE_CON_EVENT_CLIENT_DEL, (Ecore_Event_Handler_Cb)_del, NULL);
/* set event handler for receiving client data */
ecore_event_handler_add(ECORE_CON_EVENT_CLIENT_DATA, (Ecore_Event_Handler_Cb)_data, NULL);
/* start server */
ecore_main_loop_begin();
}
int qcrypto_init(Error **errp)
{
#ifdef CONFIG_GNUTLS
int ret;
ret = gnutls_global_init();
if (ret < 0) {
error_setg(errp,
"Unable to initialize GNUTLS library: %s",
gnutls_strerror(ret));
return -1;
}
#ifdef DEBUG_GNUTLS
gnutls_global_set_log_level(10);
gnutls_global_set_log_function(qcrypto_gnutls_log);
#endif
#endif
#ifdef CONFIG_GCRYPT
if (!gcry_check_version(GCRYPT_VERSION)) {
error_setg(errp, "Unable to initialize gcrypt");
return -1;
}
#ifdef QCRYPTO_INIT_GCRYPT_THREADS
gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
return 0;
}
void doit(void)
{
int exit_code = EXIT_SUCCESS;
/* Server stuff. */
gnutls_certificate_credentials_t serverx509cred;
gnutls_session_t server;
int sret = GNUTLS_E_AGAIN;
/* Client stuff. */
gnutls_certificate_credentials_t clientx509cred;
gnutls_session_t client;
int cret = GNUTLS_E_AGAIN;
/* General init. */
global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (2);
/* Init server */
gnutls_certificate_allocate_credentials (&serverx509cred);
gnutls_certificate_set_x509_key_mem (serverx509cred,
&server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
gnutls_priority_set_direct (server, "NORMAL:-CIPHER-ALL:+ARCFOUR-128", NULL);
gnutls_transport_set_push_function (server, server_push);
gnutls_transport_set_pull_function (server, server_pull);
gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
/* Init client */
gnutls_certificate_allocate_credentials (&clientx509cred);
gnutls_init (&client, GNUTLS_CLIENT);
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
gnutls_priority_set_direct (client, "NORMAL", NULL);
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
HANDSHAKE(client, server);
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_bye (server, GNUTLS_SHUT_RDWR);
gnutls_deinit (client);
gnutls_deinit (server);
gnutls_certificate_free_credentials (serverx509cred);
gnutls_certificate_free_credentials (clientx509cred);
gnutls_global_deinit ();
if (debug > 0)
{
if (exit_code == 0)
puts ("Self-test successful");
else
puts ("Self-test failed");
}
}
struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert)
{
int ret = GNUTLS_E_SUCCESS;
struct rfbssl_ctx *ctx = NULL;
if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) {
ret = GNUTLS_E_MEMORY_ERROR;
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_global_init())) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) {
/* */
} else if ((ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM)) < 0) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) {
/* */
} else if (!GNUTLS_E_SUCCESS == (ret = generate_dh_params(ctx))) {
/* */
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
} else if (!GNUTLS_E_SUCCESS == (ret = generate_rsa_params(ctx))) {
/* */
#endif
} else {
gnutls_global_set_log_function(rfbssl_log_func);
gnutls_global_set_log_level(1);
gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params);
/* newly allocated memory should be initialized, at least where it is important */
ctx->peekstart = ctx->peeklen = 0;
return ctx;
}
free(ctx);
return NULL;
}
static void server(int fd, int packet)
{
int ret;
/* this must be called once in the program
*/
global_init();
if (debug) {
gnutls_global_set_log_function(server_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_server_credentials(&anoncred);
session = initialize_tls_session();
counter = 0;
packet_to_lose = packet;
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit(session);
gnutls_global_deinit();
if (ret < 0) {
return;
}
}
bool CTlsSocket::Init()
{
// This function initializes GnuTLS
m_initialized = true;
int res = gnutls_global_init();
if (res) {
LogError(res, _T("gnutls_global_init"));
Uninit();
return false;
}
#if TLSDEBUG
if (!pLoggingControlSocket) {
pLoggingControlSocket = m_pOwner;
gnutls_global_set_log_function(log_func);
gnutls_global_set_log_level(99);
}
#endif
res = gnutls_certificate_allocate_credentials(&m_certCredentials);
if (res < 0) {
LogError(res, _T("gnutls_certificate_allocate_credentials"));
Uninit();
return false;
}
if (!InitSession())
return false;
m_shutdown_requested = false;
// At this point, we can start shaking hands.
return true;
}
static void
server (int fd, int wait)
{
int ret;
gnutls_session_t session;
gnutls_anon_server_credentials_t anoncred;
/* this must be called once in the program
*/
global_init ();
if (debug)
{
gnutls_global_set_log_function (server_log_func);
gnutls_global_set_log_level (4711);
}
gnutls_anon_allocate_server_credentials (&anoncred);
initialize_tls_session (&session);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
if (wait) sleep(25);
else do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit (session);
gnutls_anon_free_server_credentials(anoncred);
gnutls_global_deinit();
}
static void run(const char *env, const char *filename)
{
gnutls_certificate_credentials_t x509_cred;
gnutls_certificate_credentials_t clicred;
int ret;
remove(filename);
#ifdef _WIN32
{
char buf[512];
snprintf(buf, sizeof(buf), "%s=%s", env, filename);
_putenv(buf);
}
#else
setenv(env, filename, 1);
#endif
global_init();
if (debug) {
gnutls_global_set_log_level(6);
gnutls_global_set_log_function(tls_log_func);
}
/* test gnutls_certificate_flags() */
assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0);
assert(gnutls_certificate_allocate_credentials(&clicred) >= 0);
ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain,
&server_ca3_key,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("error in error code\n");
exit(1);
}
ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL);
if (access(filename, R_OK) != 0) {
fail("keylog file was not created\n");
exit(1);
}
search_for_str(filename);
gnutls_certificate_free_credentials(x509_cred);
gnutls_certificate_free_credentials(clicred);
gnutls_global_deinit();
remove(filename);
if (debug)
success("success");
}
void benchmark_cipher(int debug_level)
{
int size = 16;
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(debug_level);
#ifdef _SC_PAGESIZE
page_size = sysconf(_SC_PAGESIZE);
#endif
printf("Checking cipher-MAC combinations, payload size: %u\n", size * 1024);
cipher_bench(GNUTLS_CIPHER_AES_128_GCM, size, 1);
cipher_bench(GNUTLS_CIPHER_AES_128_CCM, size, 1);
cipher_bench(GNUTLS_CIPHER_CHACHA20_POLY1305, size, 1);
cipher_bench(GNUTLS_CIPHER_NULL, size, 1);
cipher_mac_bench(GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_SHA1, size);
cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size);
cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256,
size);
printf("\nChecking MAC algorithms, payload size: %u\n", size * 1024);
mac_bench(GNUTLS_MAC_SHA1, size);
mac_bench(GNUTLS_MAC_SHA256, size);
mac_bench(GNUTLS_MAC_SHA512, size);
printf("\nChecking ciphers, payload size: %u\n", size * 1024);
cipher_bench(GNUTLS_CIPHER_3DES_CBC, size, 0);
cipher_bench(GNUTLS_CIPHER_AES_128_CBC, size, 0);
cipher_bench(GNUTLS_CIPHER_ARCFOUR, size, 0);
cipher_bench(GNUTLS_CIPHER_SALSA20_256, size, 0);
gnutls_global_deinit();
}
void * tls_init(const struct tls_config *conf)
{
struct tls_global *global;
if (tls_gnutls_ref_count == 0) {
wpa_printf(MSG_DEBUG,
"GnuTLS: Library version %s (runtime) - %s (build)",
gnutls_check_version(NULL), GNUTLS_VERSION);
}
global = os_zalloc(sizeof(*global));
if (global == NULL)
return NULL;
if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
os_free(global);
return NULL;
}
tls_gnutls_ref_count++;
gnutls_global_set_log_function(tls_log_func);
if (wpa_debug_show_keys)
gnutls_global_set_log_level(11);
if (conf) {
global->event_cb = conf->event_cb;
global->cb_ctx = conf->cb_ctx;
global->cert_in_cb = conf->cert_in_cb;
}
return global;
}
int main(int argc, char **argv)
{
gnutls_global_set_log_function(tls_log_func);
if (argc > 1)
gnutls_global_set_log_level(4711);
global_init();
signal(SIGILL, handle_sigill);
/* ciphers */
if (gnutls_cipher_self_test(1, 0) < 0)
return 1;
/* message digests */
if (gnutls_digest_self_test(1, 0) < 0)
return 1;
/* MAC */
if (gnutls_mac_self_test(1, 0) < 0)
return 1;
/* PK */
if (gnutls_pk_self_test(1, 0) < 0)
return 1;
gnutls_global_deinit();
return 0;
}
void doit(void)
{
unsigned rsa_size1, rsa_size2;
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
if (gnutls_fips140_mode_enabled()) {
rsa_size1 = 2048; /* minimum allowed */
rsa_size2 = 2048; /* minimum allowed */
} else {
rsa_size1 = 512;
rsa_size2 = 1024;
}
test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, rsa_size1);
test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA256, rsa_size2);
test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA1, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1));
test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1));
test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1));
test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1));
gnutls_global_deinit();
}
static int vnc_tls_initialize(void)
{
static int tlsinitialized = 0;
if (tlsinitialized)
return 1;
if (gnutls_global_init () < 0)
return 0;
/* XXX ought to re-generate diffie-hellman params periodically */
if (gnutls_dh_params_init (&dh_params) < 0)
return 0;
if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
return 0;
#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
gnutls_global_set_log_level(10);
gnutls_global_set_log_function(vnc_debug_gnutls_log);
#endif
tlsinitialized = 1;
return 1;
}
void * tls_init(const struct tls_config *conf)
{
/* Because of the horrible hack to get master_secret and client/server
* random, we need to make sure that the gnutls version is something
* that is expected to have same structure definition for the session
* data.. */
const char *ver;
const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", NULL };
int i;
if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0)
return NULL;
tls_gnutls_ref_count++;
ver = gnutls_check_version(NULL);
if (ver == NULL)
return NULL;
wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
for (i = 0; ok_ver[i]; i++) {
if (strcmp(ok_ver[i], ver) == 0)
break;
}
if (ok_ver[i] == NULL) {
wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
"to be tested and enabled in tls_gnutls.c", ver);
return NULL;
}
gnutls_global_set_log_function(tls_log_func);
if (wpa_debug_show_keys)
gnutls_global_set_log_level(11);
return (void *) 1;
}
void ekg_tls_init(void) {
#ifdef HAVE_LIBGNUTLS
g_assert(!gnutls_global_init()); /* XXX: error handling */
gnutls_global_set_log_function(ekg_gnutls_log);
gnutls_global_set_log_level(3);
#endif
}
void setLogLevel(int value)
{
value = std::max(-10, std::min(10, value));
TRACE("setLogLevel: %d", value);
gnutls_global_set_log_level(value);
gnutls_global_set_log_function(&ssl_plugin::gnutls_logger);
}
////////////////////////////////////////////////////////////////////////////////
// Calling this method results in all subsequent socket traffic being sent to
// std::cout, labelled with 's: ...'.
void TLSServer::debug (int level)
{
if (level)
_debug = true;
gnutls_global_set_log_function (gnutls_log_function);
gnutls_global_set_log_level (level);
}
static void server(int sd)
{
gnutls_certificate_credentials_t x509_cred;
gnutls_session_t session;
int ret;
unsigned loops;
/* this must be called once in the program
*/
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
gnutls_certificate_allocate_credentials(&x509_cred);
gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert,
&server_ca3_key,
GNUTLS_X509_FMT_PEM);
if (debug)
success("Launched, generating DH parameters...\n");
gnutls_init(&session, GNUTLS_SERVER);
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
gnutls_priority_set_direct(session, "NORMAL", NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, sd);
loops = 0;
do {
ret = gnutls_handshake(session);
loops++;
if (loops > 64)
fail("Too many loops in the handshake!\n");
} while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
if (ret >= 0) {
fail("server: Handshake succeeded unexpectedly\n");
}
close(sd);
gnutls_deinit(session);
gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
if (debug)
success("server: finished\n");
}
static void client(int fd, int packet)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
counter = 0;
packet_to_lose = packet;
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit(session);
gnutls_global_deinit();
if (ret < 0) {
if (ret == GNUTLS_E_TIMEDOUT)
return;
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
exit(1);
}
static void
server (int fd, const char* prio)
{
int ret;
char buffer[MAX_BUF + 1];
gnutls_session_t session;
/* this must be called once in the program
*/
gnutls_global_init ();
memset(buffer, 0, sizeof(buffer));
if (debug)
{
gnutls_global_set_log_function (server_log_func);
gnutls_global_set_log_level (4711);
}
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
gnutls_anon_allocate_server_credentials (&anoncred);
session = initialize_tls_session (prio);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0)
{
close (fd);
gnutls_deinit (session);
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
terminate();
}
if (debug)
success ("server: Handshake was completed\n");
if (debug)
success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
close(fd);
gnutls_deinit (session);
gnutls_anon_free_server_credentials (anoncred);
gnutls_certificate_free_credentials (x509_cred);
gnutls_global_deinit ();
if (debug)
success ("server: finished\n");
}
void
server_start (void)
{
/* this must be called once in the program
*/
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (4711);
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
success ("Launched, generating DH parameters...\n");
generate_dh_params ();
gnutls_certificate_set_dh_params (x509_cred, dh_params);
/* Socket operations
*/
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
if (err == -1)
{
perror ("socket");
fail ("server: socket failed\n");
return;
}
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
if (err == -1)
{
perror ("bind");
fail ("server: bind failed\n");
return;
}
err = listen (listen_sd, 1024);
if (err == -1)
{
perror ("listen");
fail ("server: listen failed\n");
return;
}
success ("server: ready. Listening to port '%d'.\n", PORT);
}
/* Global GnuTLS init, called from Curl_ssl_init() */
int Curl_gtls_init(void)
{
gnutls_global_init();
#ifdef GTLSDEBUG
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(2);
#endif
return 1;
}
static void client(int fd)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
gnutls_handshake_set_timeout(session, 20 * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
success("client: Handshake failed as expected\n");
gnutls_perror(ret);
goto exit;
} else {
fail("client: Handshake completed unexpectedly\n");
goto exit;
}
exit:
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
void log_reset_gnutls_level(void) {
int i;
for (i = ELEMENTSOF(gnutls_log_map) - 1; i >= 0; i--)
if (gnutls_log_map[i].enabled) {
log_debug("Setting gnutls log level to %d", i);
gnutls_global_set_log_level(i);
break;
}
}
void doit(void)
{
gnutls_certificate_credentials_t serv_cred;
gnutls_certificate_credentials_t cli_cred;
int ret;
/* this must be called once in the program
*/
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
assert(gnutls_certificate_allocate_credentials(&cli_cred) >= 0);
ret = gnutls_certificate_set_x509_trust_mem(cli_cred, &ca3_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
ret = gnutls_certificate_set_x509_key_mem(cli_cred, &clidsa_ca3_cert,
&clidsa_ca3_key,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("error in error code: %s\n", gnutls_strerror(ret));
exit(1);
}
/* test gnutls_certificate_flags() */
gnutls_certificate_allocate_credentials(&serv_cred);
gnutls_certificate_set_flags(serv_cred, GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH);
ret = gnutls_certificate_set_x509_trust_mem(serv_cred, &ca3_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
ret = gnutls_certificate_set_x509_key_mem(serv_cred, &server_ca3_localhost_cert_chain,
&server_ca3_key,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("error in error code\n");
exit(1);
}
test_cli_serv_cert(serv_cred, cli_cred, "NORMAL:+DHE-DSS:+SIGN-DSA-SHA1", "NORMAL:-DHE-DSS:-SIGN-DSA-SHA1", "localhost");
gnutls_certificate_free_credentials(serv_cred);
gnutls_certificate_free_credentials(cli_cred);
gnutls_global_deinit();
if (debug)
success("success");
}
void
_mail_imap_check_mail (void *data)
{
Ecore_Con_Type type;
Eina_List *l;
printf("check mail!!!!\n");
for (l = iservers; l; l = l->next)
{
ImapServer *is;
printf("1\n");
is = l->data;
is->data = data;
if (!is->server)
{
printf("2\n");
if (!is->add_handler)
is->add_handler =
ecore_event_handler_add (ECORE_CON_EVENT_SERVER_ADD,
_mail_imap_server_add, NULL);
if (!is->del_handler)
is->del_handler =
ecore_event_handler_add (ECORE_CON_EVENT_SERVER_DEL,
_mail_imap_server_del, NULL);
if (!is->data_handler)
is->data_handler =
ecore_event_handler_add (ECORE_CON_EVENT_SERVER_DATA,
_mail_imap_server_data, NULL);
if (is->local)
type = ECORE_CON_LOCAL_SYSTEM;
else
type = ECORE_CON_REMOTE_SYSTEM;
if (ecore_con_ssl_available_get () && (is->ssl))
{
type |= ECORE_CON_USE_SSL;
#ifdef PRINT_LOTS_OF_DEBUG
if (ecore_con_ssl_available_get() == 1)
{
gnutls_global_set_log_level(9);
gnutls_global_set_log_function(tls_log_func);
}
}
#endif
}
is->state = IMAP_STATE_DISCONNECTED;
is->server =
ecore_con_server_connect (type, is->host,
is->port, NULL);
is->cmd = 0;
is->current = is->clients;
}
}
/* freeDiameter starting point */
int main(int argc, char * argv[])
{
int ret;
sigset_t sig_all;
/* Block all signals from the current thread and all its future children -- we will catch everything in catch_signals */
sigfillset(&sig_all);
ret = pthread_sigmask(SIG_BLOCK, &sig_all, NULL);
ASSERT(ret == 0);
/* Parse the command-line */
ret = main_cmdline(argc, argv);
if (ret != 0) {
return ret;
}
/* Initialize the core library */
ret = fd_core_initialize();
if (ret != 0) {
fprintf(stderr, "An error occurred during freeDiameter core library initialization.\n");
return ret;
}
/* Set gnutls debug level ? */
if (gnutls_debug) {
gnutls_global_set_log_function((gnutls_log_func)fd_gnutls_debug);
gnutls_global_set_log_level (gnutls_debug);
TRACE_DEBUG(INFO, "Enabled GNUTLS debug at level %d", gnutls_debug);
}
/* Parse the configuration file */
CHECK_FCT_DO( fd_core_parseconf(conffile), goto error );
/* Start the servers */
CHECK_FCT_DO( fd_core_start(), goto error );
/* Allow SIGINT and SIGTERM from this point to terminate the application */
CHECK_POSIX_DO( pthread_create(&signals_thr, NULL, catch_signals, NULL), goto error );
TRACE_DEBUG(INFO, FD_PROJECT_BINARY " daemon initialized.");
/* Now, just wait for termination */
CHECK_FCT( fd_core_wait_shutdown_complete() );
/* Just in case it was not the result of a signal, we cancel signals_thr */
fd_thr_term(&signals_thr);
return 0;
error:
CHECK_FCT_DO( fd_core_shutdown(), );
CHECK_FCT( fd_core_wait_shutdown_complete() );
fd_thr_term(&signals_thr);
return -1;
}
void doit(void)
{
gnutls_certificate_credentials_t x509cred;
const char *path;
unsigned int i;
char file[512];
int ret;
if (gnutls_fips140_mode_enabled()) {
exit(77);
}
ret = global_init();
if (ret < 0)
fail("global_init failed %d\n", ret);
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
for (i = 0; files[i].file != NULL; i++) {
ret = gnutls_certificate_allocate_credentials(&x509cred);
if (ret < 0)
fail("gnutls_certificate_allocate_credentials failed %d\n", ret);
path = getenv("PKCS12PATH");
if (!path)
path = "cert-tests/data/";
snprintf(file, sizeof(file), "%s/%s", path, files[i].file);
if (debug)
success
("Reading PKCS#12 blob from `%s' using password `%s'.\n",
file, files[i].pass);
ret =
gnutls_certificate_set_x509_simple_pkcs12_file(x509cred,
file,
GNUTLS_X509_FMT_DER,
files[i].
pass);
if (ret < 0)
fail("x509_pkcs12 failed %d: %s\n", ret,
gnutls_strerror(ret));
if (debug)
success("Read file OK\n");
gnutls_certificate_free_credentials(x509cred);
}
gnutls_global_deinit();
}
int main(int argc, char **argv)
{
int ret;
if ((ret = gnutls_global_init()) < 0) {
fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
exit(1);
}
optionProcess(&ocsptoolOptions, argc, argv);
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
if (HAVE_OPT(OUTFILE)) {
outfile = fopen(OPT_ARG(OUTFILE), "wb");
if (outfile == NULL) {
fprintf(stderr, "%s\n", OPT_ARG(OUTFILE));
exit(1);
}
} else
outfile = stdout;
if (HAVE_OPT(INFILE)) {
infile = fopen(OPT_ARG(INFILE), "rb");
if (infile == NULL) {
fprintf(stderr, "%s\n", OPT_ARG(INFILE));
exit(1);
}
} else
infile = stdin;
if (ENABLED_OPT(INDER))
encoding = GNUTLS_X509_FMT_DER;
else
encoding = GNUTLS_X509_FMT_PEM;
if (HAVE_OPT(REQUEST_INFO))
request_info();
else if (HAVE_OPT(RESPONSE_INFO))
response_info();
else if (HAVE_OPT(GENERATE_REQUEST))
generate_request(NULL);
else if (HAVE_OPT(VERIFY_RESPONSE))
verify_response(NULL);
else if (HAVE_OPT(ASK))
ask_server(OPT_ARG(ASK));
else {
USAGE(1);
}
return 0;
}
