/** * Internally used function for cleaning up SSL stuff. */ static void internal_ssl_cleanup(ssl_data_t ssl_data) { if (!ssl_data) return; #ifdef HAVE_OPENSSL if (ssl_data->session) { SSL_free(ssl_data->session); } if (ssl_data->ctx) { SSL_CTX_free(ssl_data->ctx); } #else if (ssl_data->session) { gnutls_deinit(ssl_data->session); } if (ssl_data->certificate) { gnutls_certificate_free_credentials(ssl_data->certificate); } if (ssl_data->root_cert) { gnutls_x509_crt_deinit(ssl_data->root_cert); } if (ssl_data->host_cert) { gnutls_x509_crt_deinit(ssl_data->host_cert); } if (ssl_data->root_privkey) { gnutls_x509_privkey_deinit(ssl_data->root_privkey); } if (ssl_data->host_privkey) { gnutls_x509_privkey_deinit(ssl_data->host_privkey); } #endif }
/*! Creates a self-signed certificate by signing the certificate with the specified key. */ QSslCertificate CertificateBuilder::signedCertificate(const QSslKey &qkey) { gnutls_x509_privkey_t key = qsslkey_to_key(qkey, &d->errnumber); if (GNUTLS_E_SUCCESS != d->errnumber) { gnutls_x509_privkey_deinit(key); return QSslCertificate(); }; gnutls_privkey_t abstractKey; d->errnumber = gnutls_privkey_init(&abstractKey); if (GNUTLS_E_SUCCESS != d->errnumber) { gnutls_x509_privkey_deinit(key); return QSslCertificate(); } gnutls_privkey_import_x509(abstractKey, key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, d->crt, abstractKey, GNUTLS_DIG_SHA1, 0); gnutls_x509_privkey_deinit(key); if (GNUTLS_E_SUCCESS != d->errnumber) return QSslCertificate(); return crt_to_qsslcert(d->crt, &d->errnumber); }
int mailstream_ssl_set_client_private_key_data(struct mailstream_ssl_context * ssl_context, unsigned char *pkey_der, size_t len) { #ifdef USE_SSL #ifndef USE_GNUTLS EVP_PKEY *pkey = NULL; if (pkey_der != NULL && len > 0) pkey = d2i_AutoPrivateKey(NULL, (const unsigned char **)&pkey_der, len); ssl_context->client_pkey = (EVP_PKEY *)pkey; return 0; #else gnutls_datum tmp; int r; ssl_context->client_pkey = NULL; if (len == 0) return 0; gnutls_x509_privkey_init(&(ssl_context->client_pkey)); tmp.data = pkey_der; tmp.size = len; if ((r = gnutls_x509_privkey_import(ssl_context->client_pkey, &tmp, GNUTLS_X509_FMT_DER)) < 0) { gnutls_x509_privkey_deinit(ssl_context->client_pkey); ssl_context->client_pkey = NULL; return -1; } return 0; #endif #endif return -1; }
/** * infinoted_startup_free: * @startup: A #InfinotedStartup. * * Frees all ressources allocated by @startup. */ void infinoted_startup_free(InfinotedStartup* startup) { guint i; if(startup->credentials != NULL) inf_certificate_credentials_unref(startup->credentials); if(startup->certificates != NULL) inf_certificate_chain_unref(startup->certificates); if(startup->private_key != NULL) gnutls_x509_privkey_deinit(startup->private_key); if(startup->log != NULL) g_object_unref(startup->log); if(startup->options != NULL) infinoted_options_free(startup->options); if(startup->sasl_context != NULL) inf_sasl_context_unref(startup->sasl_context); g_slice_free(InfinotedStartup, startup); inf_deinit(); }
/** * gnutls_privkey_import_x509: * @pkey: The private key * @key: The private key to be imported * @flags: Flags for the import * * This function will import the given private key to the abstract * #gnutls_privkey_t type. * * The #gnutls_x509_privkey_t object must not be deallocated * during the lifetime of this structure. * * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE * and %GNUTLS_PRIVKEY_IMPORT_COPY. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 2.12.0 **/ int gnutls_privkey_import_x509(gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags) { int ret; ret = check_if_clean(pkey); if (ret < 0) { gnutls_assert(); return ret; } if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) { ret = gnutls_x509_privkey_init(&pkey->key.x509); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_privkey_cpy(pkey->key.x509, key); if (ret < 0) { gnutls_x509_privkey_deinit(pkey->key.x509); return gnutls_assert_val(ret); } } else pkey->key.x509 = key; pkey->type = GNUTLS_PRIVKEY_X509; pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key); pkey->flags = flags; return 0; }
/** * gnutls_privkey_deinit: * @key: The key to be deinitialized * * This function will deinitialize a private key structure. * * Since: 2.12.0 **/ void gnutls_privkey_deinit(gnutls_privkey_t key) { if (key == NULL) return; if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY) switch (key->type) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: gnutls_openpgp_privkey_deinit(key->key.openpgp); break; #endif #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: gnutls_pkcs11_privkey_deinit(key->key.pkcs11); break; #endif case GNUTLS_PRIVKEY_X509: gnutls_x509_privkey_deinit(key->key.x509); break; case GNUTLS_PRIVKEY_EXT: if (key->key.ext.deinit_func != NULL) key->key.ext.deinit_func(key, key->key.ext.userdata); break; default: break; } gnutls_free(key); }
/* Duplicate a client certificate, which must be in the decrypted state. */ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc) { int ret; ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc); newcc->decrypted = 1; if (cc->keyless) { newcc->keyless = 1; } else { ret = gnutls_x509_privkey_init(&newcc->pkey); if (ret != 0) goto dup_error; ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); if (ret != 0) goto dup_error; } newcc->cert.subject = x509_crt_copy(cc->cert.subject); if (!newcc->cert.subject) goto dup_error; if (cc->friendly_name) newcc->friendly_name = ne_strdup(cc->friendly_name); populate_cert(&newcc->cert, newcc->cert.subject); return newcc; dup_error: if (newcc->pkey) gnutls_x509_privkey_deinit(newcc->pkey); if (newcc->cert.subject) gnutls_x509_crt_deinit(newcc->cert.subject); ne_free(newcc); return NULL; }
/*- * gnutls_x509_extract_key_pk_algorithm - This function returns the keys's PublicKey algorithm * @cert: is a DER encoded private key * * This function will return the public key algorithm of a DER encoded private * key. * * Returns a member of the gnutls_pk_algorithm_t enumeration on success, * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error. * -*/ int gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key) { gnutls_x509_privkey_t pkey; int ret, pk; ret = gnutls_x509_privkey_init (&pkey); if (ret < 0) { gnutls_assert (); return ret; } ret = gnutls_x509_privkey_import (pkey, key, GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert (); return ret; } pk = gnutls_x509_privkey_get_pk_algorithm (pkey); gnutls_x509_privkey_deinit (pkey); return pk; }
/** * gnutls_privkey_import_ecc_raw: * @key: The key * @curve: holds the curve * @x: holds the x * @y: holds the y * @k: holds the k * * This function will convert the given elliptic curve parameters to the * native #gnutls_privkey_t format. The output will be stored * in @key. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.0 **/ int gnutls_privkey_import_ecc_raw(gnutls_privkey_t key, gnutls_ecc_curve_t curve, const gnutls_datum_t * x, const gnutls_datum_t * y, const gnutls_datum_t * k) { int ret; gnutls_x509_privkey_t xkey; ret = gnutls_x509_privkey_init(&xkey); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_privkey_import_ecc_raw(xkey, curve, x, y, k); if (ret < 0) { gnutls_assert(); goto error; } ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert(); goto error; } return 0; error: gnutls_x509_privkey_deinit(xkey); return ret; }
int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) { int ret; gnutls_x509_crt cert = NULL; gnutls_x509_privkey pkey = NULL; if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) { return -1; } ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password); if (ret < 0) return ret; if (!cert || (!pkey && !cc->keyless)) { if (cert) gnutls_x509_crt_deinit(cert); if (pkey) gnutls_x509_privkey_deinit(pkey); return -1; } gnutls_pkcs12_deinit(cc->p12); populate_cert(&cc->cert, cert); cc->pkey = pkey; cc->decrypted = 1; cc->p12 = NULL; return 0; }
static gnutls_x509_privkey_t infinoted_startup_load_key(InfinotedLog* log, gboolean create_key, const gchar* key_file, GError** error) { gnutls_x509_privkey_t key; if(create_key == TRUE) { if(infinoted_util_create_dirname(key_file, error) == FALSE) return NULL; /* TODO: Open the key file beforehand */ infinoted_log_info(log, _("Generating 4096 bit RSA private key...")); key = inf_cert_util_create_private_key(GNUTLS_PK_RSA, 4096, error); if(key == NULL) return NULL; if(inf_cert_util_write_private_key(key, key_file, error) == FALSE) { gnutls_x509_privkey_deinit(key); return NULL; } } else { key = inf_cert_util_read_private_key(key_file, error); } return key; }
/** * gnutls_privkey_import_dsa_raw: * @key: The structure to store the parsed key * @p: holds the p * @q: holds the q * @g: holds the g * @y: holds the y * @x: holds the x * * This function will convert the given DSA raw parameters to the * native #gnutls_privkey_t format. The output will be stored * in @key. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key, const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * g, const gnutls_datum_t * y, const gnutls_datum_t * x) { int ret; gnutls_x509_privkey_t xkey; ret = gnutls_x509_privkey_init(&xkey); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_privkey_import_dsa_raw(xkey, p, q, g, y, x); if (ret < 0) { gnutls_assert(); goto error; } ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert(); goto error; } return 0; error: gnutls_x509_privkey_deinit(xkey); return ret; }
/** * gnutls_privkey_export_x509: * @pkey: The private key * @key: Location for the key to be exported. * * Converts the given abstract private key to a #gnutls_x509_privkey_t * type. The key must be of type %GNUTLS_PRIVKEY_X509. The key returned * in @key must be deinitialized with gnutls_x509_privkey_deinit(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.4.0 */ int gnutls_privkey_export_x509(gnutls_privkey_t pkey, gnutls_x509_privkey_t *key) { int ret; if (pkey->type != GNUTLS_PRIVKEY_X509) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } ret = gnutls_x509_privkey_init(key); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_privkey_cpy(*key, pkey->key.x509); if (ret < 0) { gnutls_x509_privkey_deinit(*key); *key = NULL; return gnutls_assert_val(ret); } return 0; }
static gnutls_x509_privkey generate_private_key(void) { int ret; gnutls_x509_privkey key; ret = gnutls_x509_privkey_init(&key); if ( ret < 0 ) { fprintf(stderr, "error initializing private key: %s.\n", gnutls_strerror(ret)); return NULL; } gcry_set_progress_handler(entropy_progress_cb, NULL); fprintf(stderr, "Generating %d bits RSA private key... This might take a very long time.\n", generated_key_size); fprintf(stderr, "[Increasing system activity will speed-up the process].\n"); fprintf(stderr, "Generation in progress... "); fflush(stderr); ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, generated_key_size, 0); if ( ret < 0 ) { fprintf(stderr, "error generating private RSA key: %s\n", gnutls_strerror(ret)); gnutls_x509_privkey_deinit(key); return NULL; } fprintf(stderr, "\n\n"); return key; }
static gnutls_x509_privkey gen_crypto(requiem_client_profile_t *cp, const char *filename, requiem_uid_t uid, requiem_gid_t gid) { int ret; char buf[65535]; gnutls_x509_privkey key; size_t size = sizeof(buf); key = generate_private_key(); if ( ! key ) { fprintf(stderr, "error while generating RSA private key.\n"); return NULL; } ret = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &size); if ( ret < 0 ) { fprintf(stderr, "error exporting private key: %s\n", gnutls_strerror(ret)); gnutls_x509_privkey_deinit(key); return NULL; } ret = save_buf(filename, uid, gid, (unsigned char *) buf, size); if ( ret < 0 ) { fprintf(stderr, "error saving private key.\n"); return NULL; } return key; }
void Key::clear() { if (this->privkey) { gnutls_x509_privkey_deinit(this->privkey); privkey = nullptr; imported = false; } }
void doit (void) { gnutls_x509_privkey_t key; gnutls_x509_crt_t crt; gnutls_digest_algorithm_t hash_algo; unsigned char _signature[128]; size_t _signature_size = sizeof (_signature); gnutls_datum signature; int ret; size_t i; gnutls_global_init (); for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++) { success ("loop %d\n", i); ret = gnutls_x509_privkey_init (&key); if (ret < 0) fail ("gnutls_x509_privkey_init\n"); ret = gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM); if (ret < 0) fail ("gnutls_x509_privkey_import\n"); ret = gnutls_x509_privkey_sign_data (key, GNUTLS_DIG_SHA1, 0, &raw_data, _signature, &_signature_size); if (ret < 0) fail ("gnutls_x509_privkey_sign_hash\n"); ret = gnutls_x509_crt_init (&crt); if (ret < 0) fail ("gnutls_x509_crt_init\n"); ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM); if (ret < 0) fail ("gnutls_x509_crt_import\n"); signature.data = _signature; signature.size = _signature_size; ret = gnutls_x509_crt_get_verify_algorithm (crt, &signature, &hash_algo); if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1) fail ("gnutls_x509_crt_get_verify_algorithm\n"); ret = gnutls_x509_crt_verify_hash (crt, 0, &hash_data, &signature); if (ret < 0) fail ("gnutls_x509_privkey_verify_hash\n"); gnutls_x509_privkey_deinit (key); gnutls_x509_crt_deinit (crt); } gnutls_global_deinit (); }
int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey, const gnutls_datum_t * raw_key, gnutls_x509_crt_fmt_t type) { gnutls_x509_privkey_t tmpkey; int ret; ret = gnutls_x509_privkey_init (&tmpkey); if (ret < 0) { gnutls_assert (); return ret; } ret = gnutls_x509_privkey_import (tmpkey, raw_key, type); #ifdef ENABLE_PKI /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */ if (ret < 0) ret = gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, GNUTLS_PKCS_PLAIN); #endif if (ret < 0) { gnutls_assert (); gnutls_x509_privkey_deinit (tmpkey); return ret; } ret = _gnutls_x509_privkey_to_gkey (privkey, tmpkey); if (ret < 0) { gnutls_assert (); gnutls_x509_privkey_deinit (tmpkey); return ret; } gnutls_x509_privkey_deinit (tmpkey); return 0; }
static void mailstream_ssl_context_free(struct mailstream_ssl_context * ssl_ctx) { if (ssl_ctx) { if (ssl_ctx->client_x509) gnutls_x509_crt_deinit(ssl_ctx->client_x509); if (ssl_ctx->client_pkey) gnutls_x509_privkey_deinit(ssl_ctx->client_pkey); free(ssl_ctx); } }
/*! Creates a certificate signed by the specified CA certificate using the CA key. */ QSslCertificate CertificateBuilder::signedCertificate(const QSslCertificate &qcacert, const QSslKey &qcakey) { // // Extract the CA key // gnutls_x509_privkey_t key = qsslkey_to_key(qcakey, &d->errnumber); if (GNUTLS_E_SUCCESS != d->errnumber) { gnutls_x509_privkey_deinit(key); return QSslCertificate(); }; gnutls_privkey_t abstractKey; d->errnumber = gnutls_privkey_init(&abstractKey); if (GNUTLS_E_SUCCESS != d->errnumber) { gnutls_x509_privkey_deinit(key); return QSslCertificate(); } gnutls_privkey_import_x509(abstractKey, key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); // // Extract the CA cert // gnutls_x509_crt_t cacrt = qsslcert_to_crt(qcacert, &d->errnumber); if (GNUTLS_E_SUCCESS != d->errnumber) { gnutls_x509_privkey_deinit(key); return QSslCertificate(); } // // Sign the cert // d->errnumber = gnutls_x509_crt_privkey_sign(d->crt, cacrt, abstractKey, GNUTLS_DIG_SHA1, 0); gnutls_x509_crt_deinit(cacrt); gnutls_x509_privkey_deinit(key); if (GNUTLS_E_SUCCESS != d->errnumber) return QSslCertificate(); return crt_to_qsslcert(d->crt, &d->errnumber); }
/*! * Create GnuTLS private key from unencrypted PEM data. */ int pem_to_privkey(const dnssec_binary_t *data, gnutls_privkey_t *key, char **id_ptr) { assert(data); assert(key); assert(id_ptr); // create abstract private key gnutls_x509_privkey_t key_x509 = NULL; int r = pem_to_x509(data, &key_x509); if (r != DNSSEC_EOK) { return r; } gnutls_privkey_t key_abs = NULL; r = gnutls_privkey_init(&key_abs); if (r != GNUTLS_E_SUCCESS) { gnutls_x509_privkey_deinit(key_x509); return DNSSEC_ENOMEM; } int flags = GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE; r = gnutls_privkey_import_x509(key_abs, key_x509, flags); if (r != GNUTLS_E_SUCCESS) { gnutls_x509_privkey_deinit(key_x509); gnutls_privkey_deinit(key_abs); return DNSSEC_ENOMEM; } // extract keytag char *id = gnutls_x509_privkey_hex_key_id(key_x509); if (id == NULL) { gnutls_privkey_deinit(key_abs); return DNSSEC_ENOMEM; } *key = key_abs; *id_ptr = id; return DNSSEC_EOK; }
gboolean crypto_verify_pkcs8 (const guint8 *data, gsize data_len, gboolean is_encrypted, const char *password, GError **error) { gnutls_x509_privkey_t p8; gnutls_datum_t dt; int err; g_return_val_if_fail (data != NULL, FALSE); if (!crypto_init (error)) return FALSE; dt.data = (unsigned char *) data; dt.size = data_len; err = gnutls_x509_privkey_init (&p8); if (err < 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Couldn't initialize PKCS#8 decoder: %s"), gnutls_strerror (err)); return FALSE; } err = gnutls_x509_privkey_import_pkcs8 (p8, &dt, GNUTLS_X509_FMT_DER, is_encrypted ? password : NULL, is_encrypted ? 0 : GNUTLS_PKCS_PLAIN); gnutls_x509_privkey_deinit (p8); if (err < 0) { if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) { /* HACK: gnutls doesn't support all the cipher types that openssl * can use with PKCS#8, so if we encounter one, we have to assume * the given password works. gnutls needs to unsuckify, apparently. * Specifically, by default openssl uses pbeWithMD5AndDES-CBC * which gnutls does not support. */ } else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Couldn't decode PKCS#8 file: %s"), gnutls_strerror (err)); return FALSE; } } return TRUE; }
PrivateKey::~PrivateKey() { if (key) { gnutls_privkey_deinit(key); key = nullptr; } if (x509_key) { gnutls_x509_privkey_deinit(x509_key); x509_key = nullptr; } gnutls_global_deinit(); }
void ne_ssl_clicert_free(ne_ssl_client_cert *cc) { if (cc->p12) gnutls_pkcs12_deinit(cc->p12); if (cc->decrypted) { if (cc->cert.identity) ne_free(cc->cert.identity); if (cc->pkey) gnutls_x509_privkey_deinit(cc->pkey); if (cc->cert.subject) gnutls_x509_crt_deinit(cc->cert.subject); } if (cc->friendly_name) ne_free(cc->friendly_name); ne_free(cc); }
Gobby::CertificateManager::~CertificateManager() { if(m_credentials != NULL) inf_certificate_credentials_unref(m_credentials); for(unsigned int i = 0; i < m_trust.size(); ++i) gnutls_x509_crt_deinit(m_trust[i]); if(m_certificates != NULL) inf_certificate_chain_unref(m_certificates); if(m_key != NULL) gnutls_x509_privkey_deinit(m_key); if(m_dh_params != NULL) gnutls_dh_params_deinit(m_dh_params); }
static int import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) { gnutls_x509_privkey_t key; gnutls_x509_crt_t *crt_list; unsigned crt_list_size, idx, i; gnutls_datum_t tcert; int ret; assert(gnutls_x509_privkey_init(&key)>=0); ret = gnutls_x509_crt_list_import2(&crt_list, &crt_list_size, cert, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fail("error in gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret)); } ret = gnutls_x509_privkey_import(key, skey, GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("error in key import: %s\n", gnutls_strerror(ret)); } ret = gnutls_certificate_set_x509_key(xcred, crt_list, crt_list_size, key); if (ret < 0) { success("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret)); idx = ret; goto cleanup; } /* return index */ idx = ret; /* verify whether the stored certificate match the ones we have */ for (i=0;i<MIN(2, crt_list_size);i++) { ret = gnutls_certificate_get_crt_raw(xcred, idx, i, &tcert); if (ret < 0) { fail("error in %d: cert: %d: %s\n", __LINE__, i, gnutls_strerror(ret)); exit(1); } compare(&tcert, cert->data+i); } cleanup: gnutls_x509_privkey_deinit(key); for (i=0;i<crt_list_size;i++) { gnutls_x509_crt_deinit(crt_list[i]); } gnutls_free(crt_list); return idx; }
static gchar* _make_rsasha1_base64_signature(const gchar* base_string, const gchar* key) { gnutls_privkey_t pkey; gnutls_x509_privkey_t x509_pkey; gnutls_datum_t pkey_data; gnutls_datum_t signature; gchar* out = NULL; pkey_data.data = (guchar*)key; pkey_data.size = strlen(key); gnutls_privkey_init(&pkey); gnutls_x509_privkey_init(&x509_pkey); int res = gnutls_x509_privkey_import(x509_pkey, &pkey_data, GNUTLS_X509_FMT_PEM); if (res != GNUTLS_E_SUCCESS) { goto out; } res = gnutls_privkey_import_x509(pkey, x509_pkey, 0); if (res != GNUTLS_E_SUCCESS) { goto out; } res = gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &pkey_data, &signature); if (res != GNUTLS_E_SUCCESS) { goto out; } out = g_malloc0((signature.size / 3 + 1) * 4 + 4); gint state = 0; gint save = 0; gchar* p = out; p += g_base64_encode_step(signature.data, signature.size, FALSE, p, &state, &save); g_base64_encode_close(FALSE, p, &state, &save); gnutls_free(signature.data); out: gnutls_x509_privkey_deinit(x509_pkey); gnutls_privkey_deinit(pkey); return out; }
PrivateKey& PrivateKey::operator=(PrivateKey&& o) noexcept { if (key) { gnutls_privkey_deinit(key); key = nullptr; } if (x509_key) { gnutls_x509_privkey_deinit(x509_key); x509_key = nullptr; } key = o.key; x509_key = o.x509_key; o.key = nullptr; o.x509_key = nullptr; return *this; }
PrivateKey PrivateKey::generate(unsigned key_length) { if (gnutls_global_init() != GNUTLS_E_SUCCESS) throw CryptoException("Can't initialize GnuTLS."); gnutls_x509_privkey_t key; if (gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS) throw CryptoException("Can't initialize private key."); int err = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, key_length, 0); if (err != GNUTLS_E_SUCCESS) { gnutls_x509_privkey_deinit(key); throw CryptoException(std::string("Can't generate RSA key pair: ") + gnutls_strerror(err)); } return PrivateKey{key}; }
/** * Internally used function for cleaning up SSL stuff. */ static void internal_ssl_cleanup(ssl_data_t ssl_data) { if (!ssl_data) return; if (ssl_data->session) { gnutls_deinit(ssl_data->session); } if (ssl_data->certificate) { gnutls_certificate_free_credentials(ssl_data->certificate); } if (ssl_data->root_cert) { gnutls_x509_crt_deinit(ssl_data->root_cert); } if (ssl_data->host_cert) { gnutls_x509_crt_deinit(ssl_data->host_cert); } if (ssl_data->root_privkey) { gnutls_x509_privkey_deinit(ssl_data->root_privkey); } if (ssl_data->host_privkey) { gnutls_x509_privkey_deinit(ssl_data->host_privkey); } }