2015-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2015-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h: pkcs11: mention the version
GNUTLS_PKCS11_TOKEN_MODNAME is available from
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
ciphersuites
2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pskself.c: tests: updated pskself to check the hint in all
PSK ciphersuites
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: be more compact in token URL printing
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: group the provided options for
readability
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c: p11tool: keep backwards
compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same.
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: print the module name of a token in verbose
mode
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
lib/pkcs11_write.c, lib/pkcs11x.c: Added GNUTLS_PKCS11_TOKEN_MODNAME
for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL.
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h: pkcs11.h: doc update
2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c: p11tool: less verbose output
in --list-tokens unless --verbose is specified
2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suppressions.valgrind: tests: added suppression for bash mem
leak
2015-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am:
tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn.
2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: doc update
2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.
2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/m4/valgrind-tests.m4: gl: use /bin/true to run valgrind during
configure Bash has memory leaks, which prevents the valgrind check to operate
using the SHELL variable.
2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/certtool-utf8:
tests: added check for invalid UTF8 encoded string
2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.
2015-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* : commit d63c088edd15f20318b396f2298744cbf9e1a392 Author: Daniel
Kahn Gillmor <dkg@fifthhorseman.net> Date: Thu Jul 2 14:28:32 2015
-0400
2015-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
public key should depend on P not Y That allows to do the proper evaluation to check certificate
strength. Reported by Hubert Kario.
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dsa/Makefile.am, tests/dsa/dsa-pubkey-1018.pem,
tests/dsa/testdsa: tests: check whether we print the prime size in
DSA keys
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: simplified
gnutls_x509_name_constraints_check_crt()
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
tests/cert-tests/name-constraints-ip.pem: tests: verify that
unsupported name constraints are properly handled
2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: don't reject
certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
constraints, and the end certificate doesn't have an IPaddress name
or a URI set.
2015-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/ms.po.in: Sync with TP.
2015-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: libidn support is disabled by default That is until the issues with libidn get resolves. Relates #10
2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/atfork.c: tests: added a test for the
fork detection interface
2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume-dtls.c: tests: resume-dtls: increased timeouts
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/atfork.c, lib/atfork.h: Don't use
pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/atfork.c, lib/atfork.h: atfork: added underscore to
gnutls_forkid
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/atfork.c, lib/atfork.h, lib/nettle/rnd-fips.c,
lib/nettle/rnd.c, lib/pkcs11.c: simplified fork detection
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: enhanced header matching code for private keys
to skip unrelated data
2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/privkey-import,
tests/cert-tests/privkey1.pem, tests/cert-tests/privkey2.pem,
tests/cert-tests/privkey3.pem: tests: added private key import
checks
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: gnutls_x509_privkey_import: optimized private
key loading
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
trying all encrypted options.
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/key-openssl.c: tests: added check to verify that
gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted.
2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
release any data on failure Resolves #15
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/cert-tests/aki, tests/cert-tests/certtool,
tests/cert-tests/crq, tests/cert-tests/dane,
tests/cert-tests/email, tests/cert-tests/invalid-sig,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/cert-tests/pkcs7, tests/cert-tests/template-test,
tests/dsa/testdsa, tests/dtls/dtls, tests/dtls/dtls-nb,
tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
tests/nist-pkits/gnutls_test_entry, tests/nist-pkits/pkits_crl,
tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test,
tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
tests/sha2/sha2-dsa, tests/slow/override-ciphers,
tests/slow/test-ciphers, tests/suite/certs/create-chain.sh,
tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
tests/suite/invalid-cert, tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl,
tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
tests/suite/testdane, tests/suite/testpkcs11,
tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
tests/suite/testrng, tests/suite/testsrn, tests/userid/userid:
tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/ciphersuite/scan-gnutls.sh: tests: modified
test-ciphersuite-names to work with cpp 5.1.1
2015-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/test-ciphersuite-names: tests: test-ciphersuite-names:
create any needed dirs
2015-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphersuites.sh,
tests/suite/test-ciphersuite-names: tests: moved
test-ciphersuites.sh one level up That simplifies running the script outside make check.
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh: tests: suite:
ciphersuite: fixups fix separate builddir issue, without modifying locations, quite
ugly. re-indent using tab. fix shebang. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat-openssl,
tests/suite/testcompat-polarssl: tests: enforce UTC timezone in
datefudge tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/cert-tests/aki, tests/cert-tests/certtool,
tests/cert-tests/crq, tests/cert-tests/dane,
tests/cert-tests/email, tests/cert-tests/invalid-sig,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/cert-tests/pkcs7, tests/cert-tests/template-test,
tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
tests/openpgp-certs/testselfsigs: tests: misc: shell cleanup leftovers minor sync. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* configure.ac, tests/suite/certs/create-chain.sh,
tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
tests/suite/invalid-cert, tests/suite/testcompat-common,
tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl,
tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
tests/suite/testdane, tests/suite/testpkcs11,
tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
tests/suite/testrng, tests/suite/testsrn: tests: suite: cleanup
shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Fix separate builddir issues. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
tests/sha2/sha2-dsa, tests/slow/override-ciphers,
tests/slow/test-ciphers, tests/userid/userid: tests: misc: cleanup
shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: tests: fixed includes
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
lib/gnutls_global.c, lib/gnutls_str.h, lib/x509/ocsp_output.c: move
all gettext definitions in gnutls_str.h
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross.mk: updated for 3.4.2
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.h: gnutls_str: include gettext.h when dgettext is
available
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-fork.c, tests/mini-dtls-mtu.c,
tests/mini-dtls-pthread.c, tests/mini-dtls-record-asym.c,
tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/pkcs12_simple.c,
tests/rsa-encrypt-decrypt.c, tests/utils.c, tests/utils.h,
tests/x509sign-verify.c, tests/x509sign-verify2.c: tests: don't
depend on gnulib That dependency unfortunately causes many portability problems on
platforms where it should have worked out of the box.
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/cpuid-x86.pl, doc/scripts/cleanup-autogen.pl,
doc/scripts/gdoc, doc/scripts/getfuncs-map.pl,
doc/scripts/getfuncs.pl, doc/scripts/sort1.pl,
doc/scripts/sort2.pl, doc/scripts/split-texi.pl,
doc/scripts/split.pl, tests/nist-pkits/build-chain: use the same
shebang for perl
2015-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/certtool: tests: added a verify-chain test case
2015-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/scripts/common.sh: tests: don't quote provider in common.sh That caused testpkcs11 to fail.
2015-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-alignment.c: tests: don't enforce alignment rules for
caller buffers
2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/cert-tests/aki, tests/cert-tests/certtool,
tests/cert-tests/crq, tests/cert-tests/dane,
tests/cert-tests/email, tests/cert-tests/invalid-sig,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/cert-tests/pkcs7, tests/cert-tests/template-test: tests:
cert-tests: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: Added gitlab-ci.yml
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: reduced the exported functions to the minimum
needed
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_extensions.c: _gnutls_ext_register was made static
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: libgnutls.map: use a 3.4 related name for
private functions This eliminates any collisions with functions from 3.3.x
2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test: tests:
nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables. Added ${} for variables. Consistent indent. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am: tests: force link with nettle of mini-alignment
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/oids.c: tests: Check the OID functions
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/ecc.c, lib/algorithms/mac.c,
lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/gnutls_pk.c,
lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/x509/common.c, lib/x509/crl.c,
lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
lib/x509/ocsp.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c: Exported functions to convert from and to
OIDs
2015-06-18 Saurav Babu <saurav.babu@samsung.com>
* src/cli.c: gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function,
rawkey is allocated memory by gnutls_malloc() and is not freed when
gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7.c: pkcs7: corrected write_signer_id() when
GNUTLS_PKCS7_WRITE_SPKI was used
2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs:
tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests:
cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/ecdsa/ecdsa: tests: ecdsa: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/dsa/testdsa, tests/scripts/common.sh: tests: dsa: cleanup
shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Removal of unneeded ';'. Minor fix in tests/scripts/common.sh at trap to pass message and
avoid killing. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mbuffers.c: indentation fix
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Always align in 16-byte boundary our input to
crypto That allows faster operations in almost all instruction sets.
2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-alignment.c: tests: added check for
memory alignment
2015-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: tests: only run test with long
dates in 64-bit systems
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/template-date.pem,
tests/cert-tests/template-dn.pem,
tests/cert-tests/template-generalized.pem,
tests/cert-tests/template-nc.pem,
tests/cert-tests/template-overflow.pem,
tests/cert-tests/template-overflow2.pem,
tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
tests/cert-tests/template-utf8.pem: tests: regenerate the results in
template-test using UTC times
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: ensure that gnutls_pubkey_verify_data2
returns 0 on success
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c:
Added gnutls_pkcs7_get_signature_count
2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/suite/Makefile.am: tests: suite: run testpkcs11 if PKCS#11
is enabled Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/nist-pkits/gnutls_test_entry,
tests/suite/certs/create-chain.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
tests/cert-tests/template-dn.pem,
tests/cert-tests/template-generalized.pem,
tests/cert-tests/template-generalized.tmpl,
tests/cert-tests/template-nc.pem,
tests/cert-tests/template-overflow.pem,
tests/cert-tests/template-overflow2.pem,
tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
tests/cert-tests/template-utf8.pem: tests: verify that we generate
dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050.
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1
structure follow the RFC5280 recommendations
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: Set time in PKCS #7 structures properly (in
UTCTime format).
2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-16 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/cert-tests/pkcs7: tests: cert-tests: pkcs7: support separate
builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* symbols.last: account new symbols
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated
makefiles for the new functions
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/Makefile.am, lib/x509/pkcs7-output.c,
lib/x509/pkcs7_output.c: use common base for pkcs7 files
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/libgnutls.map: added missing symbol
2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.4.2
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7:
certtool: made explicit the inclusion of time in PKCS #7 signatures
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7:
write the DER encoded time
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: include the signature time in PKCS #7
signatures
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7.c: pkcs7: corrected usage of
GNUTLS_PKCS7_INCLUDE_TIME flag
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out:
tests: minor updates in pkcs7 output checks to match new certtool
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in
FULL mode
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: use gnutls_pkcs7_print() - partially
2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c:
Added gnutls_pkcs7_print()
2015-06-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, m4/hooks.m4: bumped version
2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/x509sign-verify2.c: tests: added
signature/verification stress test
2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl: tests: check also individual
ciphers for interoperability
2015-06-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140: better debug messages when verifying MAC
2015-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tpmtool.c: tpmtool: added newline in error messages
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
reseed detection
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: tests: check random generator for long outputs
as well
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is
setup do not perform integrity tests
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
on reseed
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the
required context not all
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
the reseed and generate function
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
enforce the max_number_of_bits_per_request
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7,
tests/cert-tests/single-ca.p7b.out: tests: do not include times in
the PKCS #7 checks as they depend on local timezone
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7.c: pkcs7: addressed memory leaks
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7-attrs.c: doc update
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7
attribute generation check
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out:
tests: updated for new certtool output
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: print signed and unsigned PKCS #7
attributes
2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c,
lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set
PKCS #7 attributes
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pkcs7: tests: added PKCS #7 verification check
with MD5
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use
the same flags in all verification functions
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h:
Initialization of gnutls_x509_dn_t was modified to allow
deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and
gnutls_x509_crt_get_issuer() return a constant value and avoid
leaks.
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc:
Separated the PKCS #7 in manual
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature
generation
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out,
tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: certtool: added
--p7-generate, --p7-sign and --p7-detached-sign
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign()
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c:
Added gnutls_pkcs7_get_crl_raw2
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: print the signing time when available
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c:
pkcs7 verification: parse the signing time
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs7.c: on PKCS #7 verification check the the content
type matches the signed data
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: print more info about the PKCS #7 struct
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-common.c, src/certtool.c:
certtool: allow verification against a direct PKCS #7 signer
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS
#7 detached data
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs7.c: pkcs7 verification: return
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data
exist
2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-common.h, src/certtool.c:
certtool: allow verifying PKCS #7 with detached data
2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7
verification output
2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7
verification
2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out,
tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1
certs
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.h, src/certtool.c:
certtool: allow verification of PKCS #7 structures
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to
allow deinitialization after failure
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7
signature(s) verification
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/x509/verify-high.c: Added
gnutls_pkcs11_get_raw_issuer_by_subject_key_id and
gnutls_x509_trust_list_get_issuer_by_subject_key_id
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dn.c: tests: added check for gnutls_x509_dn_get_str
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: doc update
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
lib/x509/privkey.c, lib/x509/x509.c: Added
gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()
2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS
#7 signed data
2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to
cache signed_data
2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: When manual PKCS #11 configuration is requested
don't initialize other providers
2015-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: deinitialize PKCS #7 resources
2015-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7
cert extraction
2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert
"updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.
2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: silence format-signness warnings in gcc5
2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated
gnulib
2015-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp_output.c: Check the OID size for match when
comparing for the OCSP nonce extension Reported by Hanno Böck.
2015-05-23 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
used Before, the number of bits of a zero-length number was attempted to
be extracted, resulting in an error. The changed behaviour is
consistent with the documentation which explicitly states that 0
should be returned if no DH key exchange was performed.
2015-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
include a leading zero
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
the DH max prime size with 1007 bits or less
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c: cleanup unused variable
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c: corrected allocation check
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: removed useless check
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: document intentional fallthrough in switch
2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/ecc.c: ecc ext: check return code of
_gnutls_buffer_append_data
2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/no-signal.c: tests: enhance the no-signal check to include
proper data sending
2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/no-signal.c: tests: check the operation
of GNUTLS_NO_SIGNAL
2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send
functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which
is available in systems that support the MSG_NOSIGNAL flag to
send(). That eases the usage of the library within other libraries.
Resolves #11
2015-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when
needed
2015-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv.c: gnutls-serv: send alert when wrong data have been
received from client
2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard.
2015-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib:
doc: added section about subject alternative names
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
lib/gnutls_int.h: handshake_start_time was moved out of the
DTLS-specific variables
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: apply default timeout for DTLS in
gnutls_handshake_set_timeout
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/hostname-check.c: tests: do not perform internationalized
name checks without libidn
2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
failures
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: eliminate mem leaks in
mini-loss-time
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: tests: testdane: remove dane.nox.su from the
list of known to be good hosts
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: mini-loss-time enhanced to check
proper timeouts in both client and server
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and
TLS handshake That also makes the waits for packets more robust against blocking.
2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/compat.h: define
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
2015-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc: updated text to account for pkcs11-url
standardization
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows
2015-05-04 Jaak Ristioja <jaak.ristioja@cyber.ee>
* doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat
documentation.
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross.mk: updated for 3.4.1
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/abi3.4.xml: updated abi base for 3.4
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: NEWS: updated
2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: released 3.4.1
2015-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
timeouts
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use
macro for DTLS default timeout
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
work with DTLS
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for
gnutls_transport_set_pull_timeout_function
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc: updated async operation text
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_state.c: disable default
handshake timeout It caused issues with non-blocking TLS clients and servers which may
not want to block while the pull timeout function waits.
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check
to verify that pull timeout is not called on non-blocking sessions
2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/system_override.c:
GNUTLS_NONBLOCK can be used for non-DTLS sessions as well
2015-04-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system_override.c: doc update
2015-04-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: doc update
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/keygen.c, tests/slow/Makefile.am,
tests/slow/keygen.c: tests: key generation test was moved to main
checks This will allow to catch memory leaks with valgrind.
2015-04-28 Jan Vcelak <jan.vcelak@nic.cz>
* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
minitasn1
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: doc update
2015-04-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: updated text for gnutls_pkcs11_init
2015-04-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi: updated pkcs11 loading documentation
2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer
2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/sign-md5-rep.c: tests: added comment for sign-md5-rep
2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/fr.po.in: Sync with TP.
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.
http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c: before falling back to SHA1 as signature
algorithm in TLS 1.2 check if it is enabled
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
consider any values from the extension data to decide acceptable
algorithms
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509-cert-callback.c: tests: added unit tests for
gnutls_certificate_client_get_request_status
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: set the value used by
gnutls_certificate_client_get_request_status prior to selecting
certificate That allows gnutls_certificate_client_get_request_status() to be
properly operating from the callback. Reported by Anton Lavrentiev.
2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: updated doc for retrieve function
2015-04-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL
references to rfc7512
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: doc update
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509self.c: tests: added check for gnutls_credentials_get
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_auth.c, lib/gnutls_cert.c: doc update
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev
2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: doc: corrected typo
2015-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume-dtls.c: tests: resume-dtls: remove global variables
2015-04-21 Andreas Metzler <ametzler@bebt.de>
* doc/cha-gtls-app.texi: List all certificate type priority strings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA
decryption Suggested by Nimrod Aviram.
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c,
tests/mini-key-material.c, tests/mini-loss-time.c,
tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests:
initialize status where needed
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/openpgp-auth2.c: tests: cleanup openpgp-auth2
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-rehandshake.c: tests: cleanup
mini-dtls-rehandshake
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume-dtls.c, tests/resume.c: tests: resume: check for
signals
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/certificate_set_x509_crl.c, tests/mini-record-range.c,
tests/mini-x509-callbacks.c, tests/openpgp-auth2.c,
tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler
warnings
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-x509.c: tests: verify the return value of
gnutls_certificate_get_ours when no cert is sent
2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume-dtls.c, tests/resume.c: tests: close unused file
descriptors in resume checks
2015-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, src/Makefile.am: libopts: fixed the reading of the
--enable-local-libopts flag
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/common.c, src/common.h: gnutls-cli: when no
certificate is sent, notify the user
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added
check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/openpgp-callback.c: tests: added check for
gnutls_certificate_get_ours() when used in combination with
callbacks
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509dn.c: tests: improved x509dn check
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
certificate even if a callback was used This corrects a bug where this function would not work, when
gnutls_certificate_set_retrieve_function2() was used.
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: when a certificate is specified
require the corresponding private key
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: ensure that the X.509 version number is one byte
only
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: Check for invalid length in the X.509 version
field If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: ocsp: initialize certs to NULL
2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv.c: gnutls-serv: print when the peer's certificate is not
verified
2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* po/fr.po.in: Sync with TP.
2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/system-keys-win.c: ncrypt.h lacks some defines with some
versions of MinGW. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
auto-generated files
2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/system-keys-win.c: Fix a preprocessor warning about mismatched
quotes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with
some MinGW versions ncrypt.h checks this define to be at least
0x600. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
* lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h
before gnutls.h, otherwise undefined external references to
gnutls_free and gnutls_strdup are the result when statically linking
against GnuTLS built by MinGW. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers
tested with the old API That prevents a crash of the benchmark. Reported by James Cloos.
2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher_int.c: refuse to use the old cipher API with
AEAD-only ciphers
2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c:
tests: ignore sigpipe in resume and termination tests
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: doc: added error check in example
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: doc update
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: doc: removed stray @end
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: doc update
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/x509/x509.c: doc update
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: x509: when printing the keyid of a certificate
use the curve name for randomart
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on
gnutls_pubkey_export_*
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null
input
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/x509/x509.c: Added
gnutls_x509_crt_get_pk_ecc_raw()
2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/extras/randomart.c: randomart: corrected usage of snprintf
2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: when generating an ECDSA key use the
curve name in random art
2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/extras/randomart.c: randomart: only print key size if it is
non-zero
2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross.mk: updated for 3.4.0
2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.c: Remove SOCK_CLOEXEC from socket() call. That allows compilation in systems where this flag doesn't exist.
Resolves #7
2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: document the recommended re-handshake
process
2015-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: remove duplicate entries from manpages
Makefile
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/certtool: tests: enhanced cert tests with SHA256
key IDs
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: modified to allow different key ID
algorithms
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
lib/x509/x509.c: Added flags which modify the algorithm used for key
ID calculation
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: doc update
2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: gnutls_record_discard_queued() is both for
TLS and DTLS
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: document the new crypto register functions
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: doc update
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc: avoid spaces in showfunc
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/Makefile.am: tests: added files into dist
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: configure: ask for nettle 3.1
2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.4.0
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: gnutls-cli: document the method to override the
detected ciphers
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM
encryption
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-polarssl: tests: test CCM-8 against
polarssl
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test
for AES-CCM
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README.md: doc: added 'git submodule update' to clone steps
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/announce.txt: doc update
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/announce.txt: doc update
2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-backend.c: removed unused functions
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback
to setkey in addition to init
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c: doc update
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/Makefile.am, tests/slow/cipher-override2.c,
tests/slow/override-ciphers: tests: verify the behavior of
GNUTLS_E_NEED_FALLBACK
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c, lib/gnutls_cipher_int.c,
lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK
to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls
should proceed with the default algorithms.
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: ciphersuites: moved CCM
ciphersuites in the appropriate ifdefs
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test
will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different
than the expected.
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-intro-tls.texi: document CCM and CCM-8
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c, tests/mini-record-failure.c,
tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite
tests
2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-ccm-x86-aesni.c,
lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c,
lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/cipher.c: Added CCM-8 ciphersuites
2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/announce.txt: updated announce text
2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* symbols.last: symbols: added the new supplemental functions
2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc update
2015-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: tests: delay tests that depend on
timing when they fail That often prevents failures on busy systems.
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no
longer true for all ciphers
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: simplified calc_enc_length_stream
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-supplementaldata.c: tests: updated supplemental API
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c: gnutls_ext_register will fail on double
registration
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
gnutls_supplemental_register will fail on double registration
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, symbols.last: symbols: added new exported functions
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am,
doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new
functions
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: libgnutls.map: remove
gnutls_record_set_max_empty_records
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: account for the renamed
gnutls_supplemental_recv/send
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: document the export supplemental data API
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types.
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added
documentation for gnutls_do_send/recv_supplemental
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-shared-key.texi, lib/auth/srp_sb64.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were
renamed to xxx2 That brings them in par with the rest of the allocation functions.
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11
properties
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h,
lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to
set the appropriate flags
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
cleanups in supplemental data support
2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c: DH: do not warn on zero q_bits
2015-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: NEWS: rearrange entries
2015-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c: certtool: certtool --generate-dh-params
will account for --outder Resolves #5
2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite
numbers correspond to the latest draft
2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: improved output message
2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: removed unecessary warning
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi, lib/includes/gnutls/abstract.h,
lib/includes/gnutls/compat.h: doc update: account for new functions
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: better output text
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added
GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL.
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification.
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map:
gnutls_priv/pubkey_import_url replace:
gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: corrected import of pubkey in DER format
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM
negotiation
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c,
lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if
we have CBC ciphersuites
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in
upgrade section
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro
over gnutls_privkey_sign_hash
2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509sign-verify.c: tests: added check for the legacy
gnutls_privkey_sign_raw_data
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: avoid compilation warnings in self checks
(take 2)
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: Revert "selftests: avoid compilatio
warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
copy/generation is correct
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: allow setting the CKA_ID on object
initialization/generation
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: exported new functions
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
enhanced key generation functions to allow specifying a CKA_ID
2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: selftests: avoid compilatio warnings
2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
functions to allow specifying a CKA_ID
2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: tests: added more libidn-related
valgrind suppressions
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/texinfo.css: doc: increase border spacing in HTML tables
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of
ciphers
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: manpages: automatically adjust the
copyright year on generated pages
2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-server-name.c: tests: added check
for gnutls_server_name_get and gnutls_server_name_set
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved
ciphersuite checks
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected
GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305
2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/scan-gnutls.sh: updated
test-ciphersuite.sh for new types
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: Better fix for the double free in dist point
parsing
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
minitasn1
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size
for attributes
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: moved chacha20-poly1305
ciphersuites to the 0xCD space
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: doc update: replace cryptographic algorithm by
encryption algorithm
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
gnutls_x509_aki_set_cert_issuer will set null-terminated strings
2015-03-27 Jiří Klimeš <jklimes@redhat.com>
* lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
2015-03-27 Jiří Klimeš <jklimes@redhat.com>
* lib/crypto-api.c: doc: correct the description of crypto API
functions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
2015-03-27 Jiří Klimeš <jklimes@redhat.com>
* doc/examples/ex-client-x509.c, lib/ext/server_name.c,
lib/x509/output.c: Fix a few compiler warnings about unused
variables [-Wunused-variable] Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added
chacha-poly1305 into benchmarks
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_dtls.c: when calculating record overhead account for
chacha20 which doesn't send the nonce on the wire
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-2.c, tests/mini-record.c: tests: include
chacha20 into transfer tests
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added
the CHACHA20-POLY1305 ciphersuites (with random IDs)
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c, lib/crypto-selftests.c,
lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added
chacha20-poly1305 as cipher
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-record-retvals.c: tests: check retvals in block ciphers
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
send data size That reduced the maximum send size for CBC ciphers from 16384 to
16384-(block size), which was unnecessary and was causing issues:
https://bugs.winehq.org/show_bug.cgi?id=37500
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in:
gnutls_record_set_max_empty_records: removed
2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
points Reported by Robert Święcki.
2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: Added a tight loop around the legacy push
function That reduces the need for more expensive outer loops. Originally
suggested by Anton Lavrentiev.
2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4,
src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4,
src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated
gnulib
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: more precise documentation of
--set-id parameter
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: depend on nettle 3.1 or later
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/email: tests: updated email check for renamed
--verify-email option
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
the size of ck_attributes
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
condition
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
CKA_ID on key generation
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c: p11tool: reduced debugging output
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c: certtool: --purpose,
--hostname were renamed to --verify-purpose, --verify-hostname
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign
and --mark-no-decrypt options
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being
signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and
GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during
generation or write of keys.
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
when writing a private key
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume-dtls.c: tests: cleanups in resume-dtls
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/server_name.c: ext: server_name: move name length check
prior to IDN convertion
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/server_name.c: When an application calls
gnutls_server_name_set() with a name of zero size disable the
extension Resolves #2
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check
CN for match only if certificate would have been acceptable for
GNUTLS_KP_TLS_WWW_SERVER
2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: Apply DNS name constraints on CN
field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos.
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-loss-time.c: tests: mini-loss-time is less prone to
timeouts
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/suppressions.valgrind: tests: added valgrind
suppressions in cert-tests for libidn
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: eliminated memory leaks on verification
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/email,
tests/cert-tests/email-certs/chain.exclude.test.example.com,
tests/cert-tests/email-certs/chain.invalid.example.com,
tests/cert-tests/email-certs/chain.test.example.com,
tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added
email verification tests with certtool
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c: certtool: added the --email
option, to use in verification
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/openpgp/compat.c,
lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
lib/x509/Makefile.am, lib/x509/email-verify.c,
lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(),
gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: verify that we accept a certificate
with no name even if its CA has nameconstraints
2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: when no name of the
type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.
2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume-dtls.c: tests: increase the timeout in resume-dtls
2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when
raw.data is NULL and we have a public key
2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with
the public key is not present. For that we use the key parameters,
which we encode into a key. Issue reported by Frank Leavis.
2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
build-aux/useless-if-before-free, build-aux/vc-list-files,
doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4,
gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4,
gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am,
gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c,
gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module
2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop
support for gnulib's u64
2015-03-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main-openssl: tests: check legacy RC4 in
testcompat That would prevent losing compatibility without detecting it. That
is currently the case since it is no longer enabled by default.
2015-03-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-record-retvals.c: tests: added check
to verify the correctness of the record function return values
2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable
compilation with all options disabled
2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with
several options disabled
2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c,
lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid
mentioning pointers when not needed
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: increase the maximum stack frame the compiler will
warn for
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c,
lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
lib/ext/server_name.c, lib/ext/session_ticket.c,
lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c,
lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c,
lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c,
lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c,
lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c,
lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c,
lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c,
lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
lib/x509/hostname-verify.c, lib/x509/name_constraints.c,
lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c,
lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
lib/x509/privkey.c, lib/x509/privkey_openssl.c,
lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c,
lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c,
lib/x509/x509_write.c: doc: avoid using structure for opaque types
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-extension.c: tests: include gnutls_ext_s/get_data into
tests of mini-extension
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_extensions.c: updated documentation on non-return value
of gnutls_ext_set_data
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS
2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c,
lib/ext/heartbeat.c, lib/ext/max_record.c,
lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c,
lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c,
lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added
gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from
union to void * pointer. That simplifies the exported API without
reducing the options in the internal API.
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be
DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for
DTLS 0.9
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-extension.c: tests: updated mini-extension
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: mention the new functionality briefly in
documentation
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that
the registration functions are not thread safe
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of
the extensions name
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: deinitialize supplemental data on deinit
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed
unused epoch change callback
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/gnutls_supplemental.c,
lib/gnutls_supplemental.h: deinitialize supplemental data on deinit
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h,
lib/gnutls_supplemental.c: added documentation for the new functions
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-supplementaldata.c: tests: remove warnings in
mini-supplementaldata.c
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c:
updated types
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2015-03-19 Thierry Quemerais <tquemerais@awox.com>
* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c:
Added a way to add custom supplemental data from public API. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
2015-03-19 Thierry Quemerais <tquemerais@awox.com>
* tests/mini-extension.c: Fixed extension test. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in,
tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st
-> gnutls_buffer_t
2015-03-19 Thierry Quemerais <tquemerais@awox.com>
* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/mini-extension.c: Added a way to add custom extensions from
public API. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h:
gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always
defined there
2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h
2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not
depend on socklen_t
2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/Makefile.am: tests: link cipher tests directly with
nettle when needed
2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: tests: mini-dtls-record: increase
timeouts to avoid failure of test due to slow system
2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: tests: mini-dtls-record: removed the
need for 64-bit number
2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: tests: increase verbosity of
mini-dtls-record
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-crypto.texi: document the cipher override API
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/Makefile.am, tests/slow/mac-override.c,
tests/slow/override-ciphers: added test suite for overriden digests
and MACs
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c,
lib/crypto-backend.c, lib/crypto-backend.h,
lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to
register MAC and digest algorithms.
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/Makefile.am, tests/slow/cipher-override.c,
tests/slow/override-ciphers: added test suite for overriden ciphers
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
lib/accelerated/x86/x86-common.c, lib/crypto-backend.c,
lib/crypto-backend.h, lib/includes/gnutls/crypto.h,
lib/libgnutls.map: Added API to register AEAD and legacy ciphers.
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD
API
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: Added environment variable which can override
automatic global initialization
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c, lib/crypto-backend.h: removed unused
functions
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: configure: fail compilation if the minimum required
libtasn1 is not present
2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/long-session-id.c: tests: long-session-id uses the test
framework
2015-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to
draft-pechanec-pkcs11uri-21
2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-record.c: tests: fixed shadowed variable in
mini-dtls-record
2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/long-session-id.c, tests/mini-dtls-fork.c,
tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c,
tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests:
use nanosleep for sleeping
2015-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README.md: README-alpha: move valgrind to testing tools
2015-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README.md: updated README-alpha
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_supplemental.c: Fixed handling of supplemental data
with types > 255. Patch by Thierry Quemerais.
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: doc update
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: gnutls_priority_init: document that
priorities can be NULL
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm
2.0.0b1 from being used to test PKCS #11
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/mini-eagain2.c: tests: mini-eagain2: call
gnutls_handshake_set_timeout() at the proper time
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README.md: added libasan as dependency
2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: corrected self test for 3DES
2015-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: correctly set the size of type
2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: combined the fill for object attributes set
2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: only set ID and label when both size and
data are set
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: exit with non-zero reason if no objects are
found
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: tests: added checks for p11tool --set-id
and --set-label
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: added --set-id and --set-label options
2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_int.h: added
gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
CKA_LABEL of an object. Resolves #1
2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/test-chains.h: tests: removed test with invalid DER encoding
in chainverify These certificates are now rejected earlier.
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/strict-der.c: tests: added a check for
certificates with invalid DER encodings
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c:
x509: use libtasn1's strict DER decoding rules in network obtained
structures
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3
2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-internals.texi: rearranged internal documentation
2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
src/socket.c: tools: added ftp as a starttls protocol
2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
mix
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
SECURE192
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-polarssl: tests: do not run polarssl
interop test on VIA
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-common: use common license in all
testcompat scripts
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: removed unused function
2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2015-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, README-alpha, README.md: README-alpha is README.md on
repository It contains information for developers.
2015-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, README, README.md: Revert "auto-generate README from
README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README.md: cleaned up licensing
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* Makefile.am, README, README.md: auto-generate README from
README.md
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README.md: added README.md as link to README
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README, README-alpha, README-alpha.md, README.md: Revert "renamed
README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README, README-alpha, README-alpha.md, README.md: renamed README
files
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README, README-alpha: README: converted to mark-down
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: corrected check of certificate
chain order
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509cert.c: tests: added small test to verify that
GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
unsupported TLS protocols as soon
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/socket.c: cli sockets: check for a digit prior using atoi
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
sorted
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/socket.c: gnutls-cli-debug: do not warn multiple times about
unknown protocols
2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-support.texi: updated documentation on FIPS140-2
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl: tests: speed up testcompat
check by remove less important options
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/softhsm.h: tests: updated paths for softhsm detection
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: README: mention nodejs
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: configure: check for /usr/share/dns/root.key as well
for dns root key
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: README: mention dependency on dns-root-data
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: tests: don't perform the overflow
check in 32-bit systems
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-date.pem,
tests/cert-tests/template-date.tmpl: tests: date parsing test was
modified to work in 32-bit systems
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to
print 64-bit values
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: exit when there is an overflow in
parsing days
2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-alpha: README: mention that openssl and polarssl will be
used for interop testing
2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/template-test: Revert "tests: increased the
retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.
2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-basic.pem,
tests/cert-tests/template-basic.tmpl,
tests/cert-tests/template-test: Revert "tests: template-test: added
a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.
2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-basic.pem,
tests/cert-tests/template-basic.tmpl,
tests/cert-tests/template-test: tests: template-test: added a
baseline check to detect slow systems
2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: tests: increased the retries with
datefudge cert generation There are slow systems that are not always capable of generating the
certificate within a single second.
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: add bison as a dependency
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: list unbound dependency for DANE
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: tests: removed dane hosts which don't behave
well
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: updated instructions for installed packages
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/cover.tex: latex doc: updated copyright dates
2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/gnutls.texi: updated copyright date
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
m4/hooks.m4: use asn1_decode_simple_ber if available
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-library.texi: corrected typo
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-library.texi: mention libidn
2015-03-04 Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
* tests/suite/asn1random.pl: asn1random.pl: generate simple tags
only Do not emit tags with numbers greater than or equal 31 as they must
be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: doc update
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
tests/cert-tests/invalid-sig2.pem,
tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
X.509 certificate signatures
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: added the change of priority string NORMAL
in documentation
2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-library.texi: document the usage of a PKCS #11 trust
module for verification
2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-openssl: tests: updated the suite to
account for the removal of DSA by default
2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c,
tests/priorities.c: tests: updated the suite to account for the
removal of DSA by default
2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl,
tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl:
cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses.
2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by
default DSA was an algorithm that was never deployed on the Internet and
had, until very recently, several limitations such as restriction of
its keys to 1024 bits, SHA1-only etc. Given that there are literally
0 internet (HTTPS) certificates using DSA, there is no point to
enable it by default and increase our attack surface.
2015-03-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in
benchmark-ciphers
2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_session.c: doc update
2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: doc update
2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h,
lib/x509/output.c: bundle inet_ntop in systems that don't have it
2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
auto-generated files
2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/abstract.h: removed
gnutls_pubkey_get_verify_algorithm from abstract.h
2015-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
spotted by Andris Mednis
2015-02-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_session.c: doc update: document that session_get_data()
must be used in non-resumed sessions
2015-02-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi: doc update
2015-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added
comments
2015-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
available in p11-kit
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: removed unnecessary check and
optimized function
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected check which prevented
client to sent an unacceptable for the version ciphersuite
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-key-material.c: tests: mini-key-material: avoid memory
leak
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-lowmtu.c, tests/mini-overhead.c,
tests/mini-record.c: tests: require DTLS 1.2 when using GCM
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphersuites.c,
lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior
to offering a ciphersuite a server
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: remove unnecessary assert
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc update
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified
tests with obsolete APIs with their replacement API
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc: added deprecated functions into upgrade
plan
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: tests: added checks for
gnutls_x509_crt_get_signature_algorithm and
gnutls_x509_crt_get_preferred_hash_algorithm
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c,
lib/x509/verify.c, lib/x509/x509.c: removed
gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c:
removed gnutls_x509_crt_get_verify_algorithm()
2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and
gnutls_pubkey_verify_data()
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.h: certtool: use unsigned for bits
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to
function call
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c: certtool: allow specifying
a purpose and a hostname for chain verification
2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/x509cert-invalid.c: tests: added check
for invalid X.509 certificate
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-key-material.c: tests: added check
for gnutls_record_get_state()
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_constate.c: removed unused constants
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: memcpy fix in gnutls_record_get_state
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* ltmain.sh: removed ltmain.sh from root
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_record_get_state() and
gnutls_record_set_state() These functions allow to export the key material and sequence
numbers. That allows offloading the sending and receiving of
individual records.
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: fixed sequence number copy
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in:
gnutls_handshake_set_hook_function: will provide the raw handshake
data
2015-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned
int in the CURVE_TO_BITS et al
2015-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast
2015-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: when importing a certificate ensure that the
signature parameters match
2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
x86
2015-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option
2015-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: added missing prototypes
2015-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: handle differently OCSP responses that are revoked and
of unknown status
2015-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: compilation fix with return on void function;
reported by David Marx
2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: doc update
2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: set the appropriate direction when
_gnutls_io_write_flush() is called
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check
for operation under different threads and DTLS
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for
operation under different processes and DTLS
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.
2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: documented using a session with fork or
multiple threads
2015-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2015-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and
gnutls_record_send() can be used independently and in parallel.
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: print errno in a more uniform way
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/system.c: doc update
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
lib/system.h, lib/system_override.c: exported
gnutls_system_recv_timeout()
2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
total length
2015-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small
fixed to reduce warnings
2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: doc update
2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
so verbose about the OCSP nonce; it is universally unsupported
2015-01-17 Tim Ruehsen <tim.ruehsen@gmx.de>
* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: on certificate import check whether the two
signature algorithms match
2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross.mk: use 3.3.12
2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/key_decode.c: doc update
2015-01-12 Luke Dashjr <luke-jr+git@utopios.org>
* Makefile.am, configure.ac, doc/manpages/Makefile.am: Added
configure option --disable-tools
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/errors.c: corrected typos Reported by Guido Kroon.
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
obsolete versions That prevents using these versions as record version numbers, unless
they are the only protocol supported. This avoids the issues with
servers that have banned SSL 3.0 record versions.
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: follow the documented process for
gnutls_x509_crt_get_authority_info_access
2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
update
2015-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
items prior to decidig the OCSP server
2015-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: use a FIPS key that agree's with fedora's fipshmac
2015-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/DCO/people-dco.txt: DCO: Added Luke Dashjr
2015-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: simplified text for inline-commands-prefix
2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
--starttls-proto option
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: cleanup the name of types
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/softhsm.h: tests: updates in softhsm detection
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: when importing a public key, import it's
data as well (version 2 fix)
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: doc update
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
write a trusted CA
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the
exported function list
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/key-import-export.c: tests: key-import-export: enhanced to
test gnutls_pubkey_*_ecc_x962
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another
parameter set without a leak
2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: removed ABI-compatibility functions
2015-01-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11.softhsm: testpkcs11: modified to support
both softhsmv1 and v2
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: when importing a public key, import it's
data as well
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/key-import-export.c: tests: enhanced key-import-export to
check output of pubkeys
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-callback.c: tests: eliminated leaks
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c: doc update
2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/key-import-export.c: tests: added checks
for private key import/export functions
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/openpgp-callback.c: tests: Added test
case for openpgp keys loaded by callback
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
from a client, the server verifies if it supports the extension’s
contents in _gnutls_session_cert_type_supported(). This function
checks for cred->get_cert_callback but not cred->get_cert_callback2.
As a result, servers setup for OpenPGP certificate credential
callback with gnutls_certificate_set_retrieve_function2() are unable
to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside
cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein.
2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
release the cached value
2015-01-08 Ludovic Courtès <ludo@gnu.org>
* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
during expansion and at run time. Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'.
2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712
2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-record-asym.c: tests: updated
mini-dtls-record-asym
2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record-asym.c: tests: better documentation of
mini-dtls-record-asym purpose
2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved
udp_socketpair to utils
2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU
test for DTLS and added caching
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case
for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: simplified _gnutls_dgram_read()
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: danetool: only compile when dane is enabled
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
exceed MTU Resolves: https://savannah.gnu.org/support/?108715
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: Added more precise check of push functions
availability
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
lib/system.h: Revert "in DTLS don't use writev() when multiple
packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.
2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: Revert "Give precedence to vector push
function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: Give precedence to vector push function
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
lib/system.h: in DTLS don't use writev() when multiple packets which
exceed MTU are queued That change requires the system_write() to be registered
unconditionally, even when writev() is available. Resolves:
https://savannah.gnu.org/support/?108715
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to
ensure that DTLS handshake packets will not exceed MTU
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: warn when setting a certificate's
expiration longer than the CA's expiration
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: detect softhsm2
2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
tests/record-sizes.c: tests: account for disabling of ARCFOUR where
needed
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
number
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: check for overflows when reading
serial numbers
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
type for integers read
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
protocol Patch by Andreas Metzler.
2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
gl/tests/signature.h, gl/tests/test-alloca-opt.c,
gl/tests/test-base64.c, gl/tests/test-binary-io.c,
gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
gl/tests/test-float.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-func.c,
gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
gl/tests/test-iconv.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-memchr.c, gl/tests/test-netdb.c,
gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-string.c,
gl/tests/test-strings.c, gl/tests/test-strnlen.c,
gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
gl/tests/test-sys_wait.h, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
src/gl/parse-datetime.y, src/gl/printf-args.c,
src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
src/gl/xsize.h: updated gnulib
2015-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
checks
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: use explicit casts in the dummy ip conversion
functions
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
lib/gnutls_priority.c: ARCFOUR-128 is disabled by default
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load
ncrypt.dll
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for
3.4 API
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, symbols.last: updated export symbols list (due to ABI
breakage)
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: doc: updated auto-generated files
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h
and system-keys.h
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-get-issuer.c: tests: added check for
gnutls_x509_trust_list_get_issuer_by_dn()
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: updated libgnutls.map for new functions
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
updated auto-generated files and added urls.h
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
added checks for the new --key-id and --fingerprint certtool options
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c: certtool: Added
--fingerprint and --key-id options
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: --pubkey-info will load a public key
from stdin
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: include netinet/in.h if present to access ipv6
related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: VERS-ALL adds all protocols if used with
'+'
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings
VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding
protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.
2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol
version numbering distinct
2014-12-30 Matthias-Christian Ott <ott@mirix.org>
* lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
this case and thus does not need to be called.
2014-12-30 Matthias-Christian Ott <ott@mirix.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
the plaintext length (last parameter) is greater than zero and
segfault otherwise. The assembler code for both functions is
automatically generated and imported from OpenSSL, so to ease
maintenance the length should be validated in the functions that
call padlock_ecb_encrypt or padlock_cbc_encrypt.
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: use backslashes in windows path
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: openpgp: properly print names in oneline
output as well
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: updates in openpgp DSA key printing
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: properly print openpgp names
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/Makefile.am: opencdk: print all warnings on
compilation
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: opencdk: eliminated warning from armor.c
2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy.
2014-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated guile comments
2014-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
functions only when OCSP is enabled
2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
gnutls_pubkey_import_ecc_x962().
2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def: tools: document the
available curves
2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with
softhsmv2 and CKA_TRUSTED.
https://bugzilla.redhat.com/show_bug.cgi?id=1177086
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/safe-memfuncs.c: updated documentation of gnutls_memcmp()
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name
of gnutls_x509_crt_import_pkcs11_url
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_privkey.c: better cleanup in
gnutls_pkcs11_privkey_import_url and allow reuse
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
separated the two gnulibs to avoid conflicts
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
src/gl/Makefile.am, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c,
lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c:
Instead of sanitizing URLs, use hints to support incomplete PKCS#11
URIs
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c:
gnutls_x509_crt_import_url replaces
gnutls_x509_crt_import_pkcs11_url
2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of
p11_kit_uri_get_pinfile
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new
API
2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/x509/verify-high.c, lib/x509/verify-high2.c: combined
gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces
gnutls_pkcs11_obj_list_import_url3() and
gnutls_pkcs11_obj_list_import_url4().
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
lib/x509/verify-high2.c: first attempt to unify obj_attrs with
obj_flags
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks
whether the import of PKCS #11 objects as trusted certs works
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in
softhsm detection
2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
#11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
token URL, but rather a direct reference to specific objects.
2014-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_psk.c: PSK: added sanity check on PSK key size set
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers
to use It is no longer supported.
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on
success
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
for the cork/uncork functions Reported by Jaak Ristioja.
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: doc update
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/protocols.c: Added more precise version check in
_gnutls_version_lowest
2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: corrected documentation of gnutls_cork()
2014-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: Added 32-bit overflow protection in
_gnutls_buffer_append_data()
2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/gnutls_str.c: Remove redundant condition in
align_allocd_with_data(). At all call-sites of align_allocd_with_data() dest->data is
non-NULL. Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/gnutls_str.c: Deduplicated some code in
_gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/gnutls_str.c: Explicitly marked some variables const in
_gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
2014-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/DCO/people-dco.txt: DCO: added Jaak Ristioja
2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/cipher-test.c: test-ciphers: do not fail on processor
which don't have the AES-NI instructions
2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to
function
2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code
outside the if-clause
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0
checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl.
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: testdane: removed www.vulcano.cl from good
hosts
2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with
gnutls_x509_trust_list_add_named_crt().
2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: use
gnutls_x509_trust_list_verify_named_crt in
gnutls_x509_trust_list_verify_crt2
2014-12-12 Ludovic Courtès <ludo@gnu.org>
* NEWS: Update 'NEWS'.
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/random.c: gnutls_rnd: doc update
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update
2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: improved documentation on dane
2014-12-11 Ludovic Courtès <ludo@gnu.org>
* guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
mode, for the sake of MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
of 'open-input-file'.
2014-12-11 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined.
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: p11tool: use Sleep() in windows
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: certtool: ensure that default_serial_int is
64-bits or more
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: cross.mk: updated for 3.3.11
2014-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.c: Allow a random generator with the same
priority to re-register That corrects an issue where the library is deinitialized, and
reinitialization wouldn't register the same rnd module. Reported by
Stanislav Zidek.
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert.c: tests: x509cert: verify that length returned
from gnutls_x509_crt_get_dn matches strlen
2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-openssl: testcompat: corrected usage
of null cipher
2014-12-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code
2014-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: corrected typo
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: configure: added option --without-idn
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required
casts
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string
EXPORT is no more
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused
struct entries
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-ccm-x86-aesni.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c:
added AESNI accelerated CCM
2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related
changes
2014-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: use the new _gnutls_buffer_to_datum
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: tests: corrected the expected lengths in ocsp
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c,
lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c,
lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c:
_gnutls_buffer_to_datum: includes code for exporting strings
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: when the trusted list contains a non-CA
certificate warn via the audit log
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name
to match the one in the IANA registry
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/ciphersuite/scan-gnutls.sh,
tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced
check for correct ciphersuites
2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add
missing includes
2014-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define
HAVE_CONFIG_H
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter.
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* guile/modules/Makefile.am, guile/modules/gnutls.in,
guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
guile/src/core.c, guile/src/make-session-priorities.scm,
guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use
'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise.
2014-12-04 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi, guile/modules/gnutls.in,
guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x):
Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise.
2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: updated TODO list
2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: removed several of the unneeded exported
internal symbols
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: doc: corrected typo
2014-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/cipher.c: use unsigned long in gcm_cast_st
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: corrected issue in AES-256-GCM
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced
cipher check to include all ciphers.
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: simplified abstractions over nettle based on
Niels' comments.
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: API doc update
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: Added test vectors for CCM mode
2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: CCM: corrected AEAD decryption
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: CCM mode moved to the lowest priority
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: gnutls-cli: added benchmark for CCM
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/priorities.c, tests/suite/testcompat-main-polarssl: tests:
updated for AES-128-CCM ciphersuites
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/cipher.c: Added definitions for CCM ciphersuites
2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-aead.h,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c,
lib/crypto-backend.h, lib/crypto-selftests.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/includes/gnutls/crypto.h, lib/libgnutls.map,
lib/nettle/cipher.c: Modified crypto backend to accomodate for the
CCM ciphersuites
2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates
(in FIPS140-2 mode)
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c,
lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4,
tests/dsa/testdsa: ported to nettle 3.0
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: reduced current soversion
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the
removal of deprecated functions
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: corrected comparison
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
lib/gnutls_priority.c, lib/gnutls_state.c,
lib/includes/gnutls/compat.h: removed the old gnutls_retr_st
compatibility functions
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c,
lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed
binary compatibility with RSA-EXPORT using applications
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the
old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority
gnutls_compression_set_priority gnutls_kx_set_priority
gnutls_protocol_set_priority gnutls_certificate_type_set_priority
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/compat.h, lib/x509/x509.c: removed
gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c,
lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and
gnutls_sign_callback_get() were removed
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h
2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion
2014-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/random.h: if the rnd structure doesn't provide check,
_gnutls_rnd_check() will succeed
2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added
check for verification using CRLs
2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: Reorganized, and eliminated memory leak in
_gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.
2014-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/systemkey.c: systemkey: updated for new
gnutls_system_key_iter_get_info
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c,
lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows
restricting results to a specific certificate type
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: removed unneeded variable
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
update
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc: added recommendation to use the higher
level functions to load keys
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: avoid gcc warnings
2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
check for whether %NO_EXTENSIONS is required
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
the NULL KX
2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if
initial negotiation is not complete
2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-chain-unsorted.c: tests: small fix in
mini-chain-unsorted
2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/x509.c:
GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from
gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT
is specified.
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the
lists it can sort
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system-keys-win.c: simplified windows URLs
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system-keys-win.c: system-keys-win: include urls.h
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-cert-status.c,
tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted
2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pcert.c, lib/gnutls_x509.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h,
lib/x509/verify-high.c, lib/x509/x509.c: Added flag
GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the
gnutls_certificate_credentials_t structure.
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check
for memory leaks when a file cannot be loaded.
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
memory leak when certificate could not be parsed Reported by Georg Richter.
2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: libdane: undef gnutls_assert() before redefining
it
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: gnutls-cli-debug: do not print error on unknown
protocols
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak
check for gnutls_set_x509_key_mem2()
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: documented the limitations of the loading
functions
2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.
2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
check for sorted certificate chain
2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c: do not allow the resumption of a session which
switches the state of ext_master_secret
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rfc2253-escape-test: tests: run rfc2253-escape-test under
valgrind
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/custom-urls.c: tests: enhanced custom-url check
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the
proper place
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected freeing of custom URL
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/suppressions.valgrind, tests/suppressions.valgrind:
Added memxor_different_alignment into suppressions
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, lib/gnutls_x509.c,
lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the
construction of chains with custom URLs
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: updated ignored files
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/systemkey-tool.c, src/systemkey.c: renamed
systemkey-tool to systemkey, and don't install it by default
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/custom-urls.c: tests: added check for
registration of custom URLs
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export
gnutls_register_custom_url
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in
read_cert_url
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/Makefile.am, lib/includes/gnutls/urls.h,
lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c:
Added the ability to register application specific URLs for keys and
certs
2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system-keys-win.c: system-keys-win: use macros for the URL
2014-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake
2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c: treat
GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
complete This corrects a regression introduced in
b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
https://savannah.gnu.org/support/?108690
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: removed old news
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/protocols.c,
lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
record version in the client Hello will be set to the lowest
supported protocol There should have been no harm in keeping it SSL 3.0 but
unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
as MUST NOT do that. That will be fixed in a later revision but
since then there are servers not accepting SSL 3.0 as a valid record
version (note that this is about the record version, which describes
the format of the packet, nothing to do with the negotiated
version).
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Revert "The priority modifier
%LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
done when it is required only.
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_priority.c,
lib/includes/gnutls/gnutls.h.in, src/cli.c:
gnutls_priority_string_list: allow printing the special keywords as
well.
2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: simplified code involving getrandom() and
getentropy()
2014-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: configure: detect android system and define a
variable
2014-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/system-keys-dummy.c, lib/system-keys-win.c,
lib/system-keys.c: separated system-keys implementations
2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: removed redundant local
2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: tests: added check for the abbreviated
URLs which don't contain object information
2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c,
lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects
with URLs sanitize them That allows to use out of band information to complete missing parts
in URLs (e.g., object-type=cert, when there is a certificate).
2014-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system-keys.c: compilation fixes
2014-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c,
lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c,
lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h,
lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am,
src/systemkey-args.def, src/systemkey-tool.c: Added API to
read/write/delete key-cert pairs (limited to windows for now)
2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: NORMAL priority: prioritize the less than
256-bits curves at the lowest level
2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: certtool: Allow to set the nonRepudiation,
keyAgreement and dataEncipherment flags
2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def: list the OIDs in the certtool cfg file
documentation
2014-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
2014-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: partially reverted
999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as
OCSP anchors.
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: print message when the system trust is
used
2014-11-14 David Weber <dave@veryflatcat.com>
* src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am
unable to compile gnutls (./configure complains about gl_INIT and
ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/ocsp.c: tests: ocsp: added the signature in check
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/ocsp_output.c: only print about additional certificates
if they are present
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: ocsp: fix DN decoding in
gnutls_ocsp_resp_get_responder_raw_id
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: tests: ocsp: added check with a long response
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: use the original DER/BER data when verifying an
OCSP response
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: ocsp: eliminated duplicate code
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: clarified the multiple paths printing of
the verify options
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: allow printing the certificates in OCSP
responses when --print-cert is specified
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code
to better use the trust list, and the KeyHash
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp_output.c: OCSP printing: Add header in front of
certificates
2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
lib/pkcs11.c, lib/x509/verify-high.c: added
gnutls_pkcs11_get_raw_issuer_by_dn and
gnutls_x509_trust_list_get_issuer_by_dn
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
for OCSP status response
2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/crq: corrected crq test case; reported by Andreas
Metzler
2014-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
callback
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
lib/x509/ocsp_output.c, tests/ocsp.c: replaced
gnutls_ocsp_resp_get_responder_by_key with
gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old
buggy behavior of returning 0 if the element was missing.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set
when no password should be asked
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a
callback if GNUTLS_PKCS_PLAIN is specified
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: the FIPS140-2 testing mode is disabled after
self-checks
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: updated OCSP tests to account for the new key ID
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder()
will always initialized output data
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
valgrind complaints
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: print the OCSP response in verbose mode
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/ocsp.c: corrected documentation of OCSP response
verification
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
lib/x509/ocsp_output.c: Added
gnutls_ocsp_resp_get_responder_by_key()
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/dn.c: dn parsing: return
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added
option to save the OCSP response
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c,
lib/includes/gnutls/abstract.h: added the notion of preferred sign
algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3()
with the info callback. It is only considered for client side keys
in TLS sessions.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c,
lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf:
Added priority string %NO_SESSION_HASH to prevent advertising the
extended master secret extension
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/status_request.c: certificate status requestion response
is optional according to RFC6066
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c:
Added flag GNUTLS_OCSP_SR_IS_AVAIL for
gnutls_ocsp_status_request_is_checked
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.h: rnd: removed the packed attribute from
event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas
Thorberger.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: The priority modifier
%LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
number from the first packet of the record protocol.
2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
that disallow the SSL 3.0 record version
2014-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: gnutls-cli: print whether status request has been
checked
2014-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: doc update
2014-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c,
lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to
gnutls_x509_privkey_t
2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c, lib/system.h, lib/x509/common.c,
lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian
strings.
2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c,
lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/safe-memfuncs.c, lib/safe-memset.c: Added
gnutls_memcmp() and exported it.
2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/abstract.h: indentation fix
2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts: lib/libgnutls.map
2014-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/abstract_int.h, lib/gnutls_privkey.c,
lib/includes/gnutls/abstract.h: dropped unused copy_func
2014-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/gnutls-idna.h: silence warning
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq:
Added check with the invalid crq sent by Sean Burford
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input Reported by Sean Burford.
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: doc update
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported
gnutls_memset()
2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
on session tickets
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: tools: include arpa/inet.h in socket.c
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
client and server
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: pass the correct user type to protected
authentication login
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc: corrected values for INSECURE level
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c:
pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c:
pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate
state
2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
type on reauthentication
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
force login on tokens that require it
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: always set slot_info
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-openssl: testcompat-openssl: disable
SSL 3.0 as it is not supported on debian
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat-main-polarssl: fixed polarssl compatibility
checks on debian
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c:
pkcs11: eliminated the need for struct token_info
2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
support for PKCS #11 keys that require reauthentication and
simplified pkcs11_login
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c: gnutls-cli-debug: clarified text
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/testcompat,
tests/suite/testcompat-main, tests/suite/testcompat-main-openssl,
tests/suite/testcompat-main-polarssl,
tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl:
tests: separated the two testcompat tests (openssl/polarssl)
2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphers.c: added missing comma
2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: gnutls-cli-debug: corrected heartbeat check
2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
negatives
2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
negatives
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main: tests: added interoperability tests
with openssl's PSK
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for
max send data and other uses of _gnutls_cipher_type()
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphers.c: modernized cipher table
2014-11-05 Chen Hongzhi <hongzhi.chen@me.com>
* lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cipher.c: simplified checks for EtM
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/anonself.c: tests: enhanced test to check the return value
of gnutls_record_send()
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-x509-2.c: tests: Added unit tests for
gnutls_certificate_get_ours in mini-x509-2
2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
lib/includes/gnutls/gnutls.h.in: introduced
GNUTLS_MAX_SESSION_ID_SIZE
2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive
2014-11-04 Chris Barry <chris@barry.im>
* doc/cha-auth.texi, doc/cha-cert-auth.texi,
doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi:
Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests:
Added test for MAC verification checks
2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM
fixes: it only applies to block ciphers
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c: gnutls-cli-debug: reorganized output
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: moved the HTTPS server name outside
of verbose tests; only run when the HTTPS protocol is used
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced
gnutls-cli-debug verbose output (uses files for mass text)
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
tests for EtM and extended master secret support In addition reworked the output for existing tests.
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/socket.c: tools: only warn of an error if it is fatal
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-main, tests/suite/testcompat-polarssl:
testcompat: increased the number of test cases checked
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/alpn.c: updated text
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-polarssl: testcompat-polarssl: try to run
the test only if polarssl binaries are available
2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat-common, tests/suite/testcompat-polarssl:
testcompat: check the PSK ciphersuite interoperability against
polarssl
2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/testcompat,
tests/suite/testcompat-common, tests/suite/testcompat-main,
tests/suite/testcompat-polarssl: testcompat: added interop tests
with polarssl
2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/system_override.c: doc: Added missing reference for EMSGSIZE
to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
* lib/system_override.c: doc: Fixed typo in inline comment of
gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c,
lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h,
lib/gnutls_priority.c, lib/gnutls_session_pack.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/priority_options.gperf, src/common.c: Added support for RFC7366
(encrypt then authenticate) It implements a revised version of RFC7366, to avoid
interoperability issues:
http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This
is currently enabled by default, unless %NO_ETM, or %COMPAT is
specified.
2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative
to stream and block That way the terminology becomes closer to the TLS rfc.
2014-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: updated the text for
GNUTLS_E_UNSUPPORTED_VERSION_PACKET
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests:
Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11
+ PIN
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
set the id_size
2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: deinitialize the temporary spki data
2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/init_fds.c: tests: added test for
gnutls_global_init after all descriptors are closed
2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h:
corrected check for urandom fd
2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the
suite
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: Do not require a PIN callback in the
certificate credentials when a password is specified
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: doc update
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: corrected exit state from gnutls_global_init
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
account the new behavior
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
gnutls_fd_in_use, it is no longer necessary
2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_global.c,
lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
lib/random.h: When gnutls_global_init() is called manually from the
application check the urandom fd for validity That addresses the issue where a server closes all open file
descriptors and then calls gnutls_global_init().
2014-10-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for
getentropy() and reworked getrandom support
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which
allows to specify the number of bits for key size
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when
available
2014-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: use the random rnd context when refreshing the
nonce context That avoids frequent reads from /dev/urandom.
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: do not explicitly refresh rnd state on session
deinit It is already being refreshed during the session lifetime.
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: doc update
2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: increase the reseed time
2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-selftests.c: tests: enhance cipher test to include tag
verification error
2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: better documented the new API
2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: harmonise variable names
2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: disable hardware acceleration by default in solaris
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of
draft-ietf-tls-session-hash-02. Now the session hash is calculated correctly even when a client
certificate is sent. That is, the session hash now does not take
into account the CertificateVerify message.
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-api.c: doc update
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-crypto.texi: doc: list the AEAD API
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/crypto-api.c, lib/crypto-selftests.c,
lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
lib/libgnutls.map: Added a new simple to use AEAD API
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, m4/hooks.m4: the openssl compatibility library isn't built
by default
2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
directive in assembly files, as it isn't portable
2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cipher.c: eliminate IV size usage in TLS
encryption/decryption; it was a remnant of salsa20
2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard.
2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for
SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will
be used.
2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c,
lib/priority_options.gperf: Added priority string %NO_TICKETS that
disables session ticket support This is implied by the priority string PFS.
2014-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor
use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be
dropped from the draft.
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: compile 3.3.9 by default
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: always send the mandatory extensions (even
in SSL 3.0) The only way to force no extensions and usage of SCSVs is the
%NO_EXTENSIONS priority string.
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory
extensions
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am: check and use libnsl (used in
solaris)
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
sources
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/openssl: updated perl asm sources
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk: use the GNU-stack note in linux systems
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c:
updated gnulib
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
validity of gnutls_x509_trust_list_get_issuer
2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: corrected bug in
gnutls_x509_trust_list_get_issuer() when used without the
GNUTLS_TL_GET_COPY flag
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/slow/Makefile.am: tests: include minitasn1 when needed
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: use HAVE_DANE ifdef for unused functions
2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported gnutls_fd_in_use
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: document gnutls_fd_in_use()
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: gnutls_fd_in_use: mention version
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
func is used
2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
check whether a file descriptor is in use
2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.h: added prototype to avoid compiler warning
2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode
2014-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
FIPS140-2 mode
2014-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dtls/dtls-stress.c: dtls-stress: reindented code
2014-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when
send succeeds
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is
enabled by default
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
test that checks the fallback from TLS 1.6
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/libgnutls.map: added _gnutls_hello_set_default_version() which
allows to override the clienthello version
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: gnutls-cli: prevent the combination of the -p
and --list options As -p may be mistaken for --priority that would prevent wrong
outputs.
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: avoid d from getting out of scope
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/udp-serv.c: gnutls-serv: avoid possible buffer overrun
2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: avoid memory leak on
gnutls_x509_privkey_generate() failure
2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c: gnutls-cli: added option
--priority-list
2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: added gnutls_priority_string_list(), a function
to iterate all priority strings
2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: put all priority strings into a table
2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal
2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: SSL 3.0 is no longer on the default
priorities list
2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
1024-bit DSA parameters when generating
2014-10-14 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Remove trailing zero in
'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
'set-session-server-name!' would pass a trailing nul character on
the wire after the server name, which would thus be rejected by
servers.
2014-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA
verification
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
changes to account for seed starting with null byte
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
SHA224
2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: simplified getrusage code; the failure
check code wasn't needed
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
phi(n) for RSA key generation in FIPS-140-2 mode
2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: tests: added check for import failure of
v1 certificate with extensions
2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: do not allow importing X.509 certificates with
version < 3 and extensions present
2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: update the guile manual along the C one
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.h, src/libopts/autoopts/options.h,
src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
src/libopts/genshell.c, src/libopts/genshell.h,
src/libopts/intprops.h, src/libopts/m4/libopts.m4,
src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
src/libopts/version.c: updated to libopts 5.18.4
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: place all rusage variables into
HAVE_GETRUSAGE block
2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
RUSAGE_SELF
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: removed last remnants of
GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
file
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/heartbeat.c: forbid heartbeat messages during a handshake
2014-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
added internal variable to track handshake status
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: avoid shadowing a global variable
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag
GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-is-known.c: tests: updated time in
pkcs11-is-known
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
fatal
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
tests/test-chains.h: tests: allow running specific chainverify tests
on fixed dates
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: _gnutls_check_valid_key_id: corrected
activation/expiration check
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
simplified and optimized loop
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-crypto.texi: mention nettle as the recommended crypto
backend
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
check to ensure that trust list combination with extra certificates
works
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: when both a trust module and additional
CAs are present account the latter as well That solves an issue in openconnect which used the system trust
module, plus additional certificates.
2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
given
2014-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: tools: print the status of safe renegotiation and
extended master secret
2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-x509.c, tests/resume.c: tests: check whether the
extended master secret is negotiated by default
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/Makefile.am, lib/ext/ext_master_secret.c,
lib/ext/ext_master_secret.h, lib/gnutls_constate.c,
lib/gnutls_extensions.c, lib/gnutls_handshake.c,
lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
lib/gnutls_session_pack.c, lib/gnutls_state.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is
specified. The implementation follows
draft-ietf-tls-session-hash-02.
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected assignment
2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: corrected the name of exported function
2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check
for gnutls_record_discard_queued()
2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS.
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: corrected test for v1 cert signing
(removed bogus authorityIdentifier)
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: only set the authority key identifier,
if there is a corresponding subject key identifier
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: do not shortcut checks when
GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.
2014-10-06 Armin Burgmeier <armin@arbur.net>
* tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA
iteration Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-10-06 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify-high.c: Also iterate over the CA certificates in a
PKCS11 token Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-10-06 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
theold URL would be leaked. It is documented that only one URL can
be used, so it should be safe to reject any attempt to add another
one. Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
no CKA_ID can be relied on fallback on checking the
SubjectKeyIdentifier Patch by David Woodhouse.
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
verification functions
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: removed unused definition
2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
verification functions
2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-is-known.c: tests: corrected check with
gnutls_x509_trust_list_get_issuer
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: corrected remove_pkcs11_url()
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
check gnutls_pkcs11_crt_is_known() when multiple same DNs are
present
2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: pkcs11: when checking for presence do not give up on
the first mismatch
2014-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: doc update: clarifications in
gnutls_x509_trust_list_add_trust_file
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: corrected compilation for non-pkcs11;
reported by David Woodhouse.
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c: avoid calls in gnutls_init()
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
lib/gnutls_state.c: the handshake function has a timeout value by
default
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/session_ticket.c: use wait and retransmit when receiving
session tickets
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
to dtls-stress That allows it to replay messages in a kind of arbitrary way.
2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: report the FIPS140-2 mode
2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
check for GNUTLS_TL_GET_COPY
2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
flag and documented the limitations of
gnutls_x509_trust_list_get_issuer()
2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
actual function prototypes
2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated news entry
2014-09-30 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex.
2014-09-30 Ludovic Courtès <ludo@gnu.org>
* NEWS: Add NEWS entry for Guile changes.
2014-09-30 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings
are part of GnuTLS.
2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails,
return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current
GNUTLS_E_UNEXPECTED_PACKET_LENGTH
2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.c: use __hidden in solaris to
provide the hidden visibility attribute
2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.h: no need to define
_gnutls_x86_cpuid_s
2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cipher.c, lib/nettle/cipher.c: use
MAX_CIPHER_BLOCK_SIZE more consistently
2014-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
allow duplicate entries
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c, src/tpmtool.c: more compiler warning fixes
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: configure: enabled more warnings
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_dtls.h,
lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c,
lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c,
src/certtool.c, src/cli.c: fixed compilation warnings
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
d->d_type
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected type
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: configure: don't both with checks for padlock in
non-x86
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map,
symbols.last: updated auto-generated files
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run
abi-compliance-checker prior to release
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: indented symbols
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
infinite loop on handshake
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: removed unused error values
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h:
restrict the number of non-fatal errors gnutls_handshake() can
return
2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
splitting the errors to two tables
2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in
prototypes
2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: enable gcc warnings by default
2014-09-23 Armin Burgmeier <armin@arbur.net>
* tests/openpgp-auth.c, tests/x509cert.c: Check the credentials
getter functions as part of the unit tests
2014-09-18 Armin Burgmeier <armin@arbur.net>
* lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.c: Add an interface to iterate the trusted CA
certificates in a trust list Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-18 Armin Burgmeier <armin@arbur.net>
* lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys
and certificates Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Add functions to obtain X.509 keys and
certificates from certificate credentials Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Add functions to export X.509 and OpenPGP private
keys from the abstract type Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map:
Add a function to obtain the trust list of a
gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pubkey.c: doc update
2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed
gnutls_pcert_get_type()
2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: only enable crywrap if libidn is present
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/src/core.c: guile: Restore cross-reference in
'set-session-priorities!' docstring. This had been destroyed in 32d90395.
2014-09-22 Ludovic Courtès <ludo@gnu.org>
* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the
'server-name-type' enum type.
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c, tests/suite/certs/create-chain.sh,
tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added
checks for key purpose verification
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/x509.h, lib/x509/common.h,
lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
Verify key purpose on intermediate certificate if
GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag
GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification
result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
verification test must be explicitly enabled is because it is only
defined in CA Forum's Baseline requirements 1.1.9 but not any IETF
document.
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: certtool: updated the extended key usage
documentation
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: added missing prototype
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/abstract_int.h, lib/gnutls_privkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced
gnutls_privkey_import_ext3() That function allows copying an external specified private key, as
well as allow variability on the capabilities of an external key.
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: when printing a certificate request also print
its signature algorithm
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c:
added gnutls_x509_crq_get_signature_algorithm()
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h: Added missing prototype
2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy()
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP
certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-18 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify-high.c: Memory leak fix on certificate copy
failure Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Armin Burgmeier <armin@arbur.net>
* lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: do not require the CA to be a direct CA
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
test suite to pass more of the PKCS #11 API under valgrind
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
option
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: tools: corrected pin entry
2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: cleaned up memory deallocation in
read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported
by Joseph Peruski.
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/certtool.cfg: updated certtool.cfg
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
cancelled out while we parse it, would result to a good signature.
2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: require explicit disabling of PKCS #11 in configure
2014-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/DCO/people-dco.txt: Added Armin's DCO
2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify.c: updated details on
certificate verification
2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: depend on p11-kit 0.20.7
2014-09-16 Armin Burgmeier <armin@arbur.net>
* lib/x509/verify.c, tests/test-chains.h: Check for all error
conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain
with a single call to gnutls_x509_crt_list_verify and friends. Signed-off-by: Armin Burgmeier <armin@arbur.net>
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: removed unneeded set of status
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11
force the verification of the chain That allows obtaining any additional flags from the chain such as
insecure algorithms or expirations.
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/psk.c: psktool: corrected resource leak on failure
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: added sanity check on cleanup
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c: removed unused variable
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: corrected typo in printing error
2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
module verification
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
unified the key purpose checks functions
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/x509/common.h,
lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
will overwrite any previous one with the same name and key.
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: hostname and key purpose checks were moved
above CRL checks
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c, lib/x509/x509_ext.c: doc update
2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()
2014-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random.
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated libtasn1
2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: documented the environment variables
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
pkcs11x.h when it doesn't exist
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
invalid status Reported by Armin Burgmeier.
2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: doc update
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11x.c: added missing file
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: print Attached Extensions, instead of
extensions
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: when adding a duplicate certificate, keep
the last entry
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h,
lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added
gnutls_pkcs11_copy_attached_extension()
2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
hardcode the chain number, use its name
2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert
"corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96.
2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
src/pkcs11.c: fixes in the extension handling
2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: will print trust module extensions if
present
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
check the key purpose of the CA certificate when in pkcs11 cert
validation
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
in a trust module using
GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
and prefixed s/get_extension with _gnutls
2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: doc update
2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected
planned version number
2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
flexibility.
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509_ext.c: doc update
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
gnutls_x509_crq_get_extension_by_oid2()
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/verify-high.c: Added
gnutls_x509_trust_list_verify_purpose_crt()
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tpmtool.c: tpmtool: corrected key password read
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool.c: set umask prior to calling mkstemp
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: initialize verification output to zero
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: dtls: when discarding packet, discard the
correct number of bytes
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/hostname-verify.c: check_ip: initialize ret
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
null to prevent any issue
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
callback
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: corrected issue in fips RNG
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: added comment to clarify check
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/literal.c: opencdk: corrected unsigned comparison
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/tpm.c: fixes in loop for SRK password input
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: apps: corrected GNUTLS_PIN reading
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
corrected CRL loading error
2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: corrected copy+paste error
2014-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/suppressions.valgrind, tests/suppressions.valgrind:
tests: simply valgrind suppressions for libidn
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
tests/scripts/common.sh, tests/suite/testcompat-main,
tests/suite/testpkcs11, tests/suite/testsrn: use random ports in
tests, unless a port is provided
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: corrected usage of readdir_r()
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: better error message
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: reentrant fixes for
gnutls_x509_trust_list_add_trust_dir() handle unknown file types
2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: optimized escaped comma handling
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/crq_apis.c: tests: extended crq API checks
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
escaped commas
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: simplified _gnutls_x509_get_signed_data()
2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
lib/x509/x509.c: The get_raw_dn() functions were modified to work
even if the certificate is generated (not imported)
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
which have data. Reported by Manuel Pégourié-Gonnard.
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the
behavior of a DTLS server in a low-mtu scenario. http://permalink.gmane.org/gmane.network.gnutls.general/3582
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
implementation
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
Lee
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
libtasn1
2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/ocsp.c: tests: Added tests on the invalid OCSP response
2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140: check the integrity of GMP
2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify.c: when comparing an
end-certificate with the trusted list compare the entire certificate
2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/test-chains.h: tests: Added test for amazon.com chain with
new verisign CA.
2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
different one with the same name and the same key. That can happen
when an intermediate CA certificate is replaced by a self-signed
one.
2014-09-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h, lib/gnutls_global.c,
lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
rounds One round is before the AES acceleration is registered, and the
second is after. That is to allow testing of the AES implementation
used in the DRBG. That is a hack until nettle handles all cipher
acceleration.
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: name constraints: do not check CN
when a DNSname is available
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h:
drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: fips140: fail on encryption test failure
2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
put the library into error state
2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex:
small doc updates
2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
fixes in sectioning for p11tool and tpmtool invocation
2014-08-29 Tristan Matthews <le.businessman@gmail.com>
* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: p11tool: allow printing multiple types of tokens
2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/hostname-verify.c: remove text not applicable in that
version
2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/hostname-verify.c: refer to rfc6125
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: additional sanity check in RSA key generation
testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
prevent any issues with an accidental null encryption.
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
error state if key generation fails
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
allocations and keep a pointer to the DER data for DN
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
importing a CRL keep the DER data
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
importing a certificate, keep the DER data
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/session_ticket.c: doc update
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk, configure.ac, devel/openssl,
lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c:
added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
for padlock.
2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated
asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90.
2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: when listing tokens, list their type as
well
2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s
2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
sources
2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
data in a single pass
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/suppressions.valgrind: tests: added more idna valgrind
suppressions
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
objects at a time That improves the performance significantly when reading from tokens
with a significant number of objects. Reported by David Woodhouse.
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
object cannot be imported
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: allow objects without label or without ID
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/test-chains.h: tests: updated name constraints checks to not
include a CN
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am,
tests/cert-tests/name-constraints-err.pem,
tests/cert-tests/name-constraints-err.pem.out,
tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints
test based on the CN bypass" The bypass check was included in
chainverify. This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a.
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, lib/x509/x509.c: doc update
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: only check name constraints in non-CA
certificates
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: ignore constraints for different type
than the checked
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am,
tests/cert-tests/name-constraints-err.pem,
tests/cert-tests/name-constraints-err.pem.out,
tests/cert-tests/verify-test: tests: Added a nameconstraints test
based on the CN bypass That was discussed in:
http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660
2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: when verifying name constrains
enforce the single CN rule
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cross.mk: cross.mk: compile gnutls without p11-kit by default
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cross.mk: cross.mk: do not delete the pkgconfig directory
2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/DCO/people-dco.txt: Added Alon's DCO link
2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/autoopts.h: check for stdnoreturn.h presence
2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
* tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
* lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: tolerate a finished packet with
errors in DTLS
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_record.c: record: in DTLS discard only messages that
cause unexpected packet errors
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/suppressions.valgrind: tests: suppress more libidn
warnings
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: danetool: ensure the temporary file is always
removed
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the
server_name extension will convert input and output names to IDNA.
2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to
convert internationalized hostnames
2014-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c,
lib/x509/output.c: hostname-verify: use idn_free()
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c: doc update
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
parameter generation only when FIPS-mode is enabled.
2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.
2014-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: use the windows API in windows even if iconv is
available
2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: win32: updated Makefile and added the ability build
openconnect
2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: check for the correct version of libidn
2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/hostname-check.c: tests: Added case sensitive checks in
hostname verification
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/suppressions.valgrind: tests: copied valgrind
suppressions to suite
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated libtasn1
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suppressions.valgrind: tests: suppress valgrind warnings due
to libidn
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/Makefile.am, lib/x509/gnutls-idna.h,
lib/x509/hostname-verify.c, lib/x509/output.c:
gnutls_x509_crt_print() will print the IDNA A-label names as well.
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/hostname-check.c: tests: added UTF-8 hostname comparison
checks
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added
support for RFC6125 hostname comparison That adds the dependency on libidn.
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/Makefile.am, lib/x509/hostname-verify.c,
lib/x509/rfc2818_hostname.c: renamed rfc2818_hostname to
hostname-verify The file no longer follows RFC2818.
2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/decoding.c: updated minitasn1
2014-08-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed
to re-import.
2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h:
Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
previous import failed.
2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
command line option That option will report the status of the FIPS140-2 mode in the
library.
2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
used to force the FIPS-140-2 mode
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more
than a single hostname.
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c:
gnutls-cli/danetool: added a common check for hostname being an IP
2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
rfc6125 requirement that a single CN must be present for hostname
verification.
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/hostname-check.c: tests: check that
gnutls_x509_crt_check_hostname() will correctly use the last CN when
multiple
2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: when checking the hostname of a
certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-cipher.c: gnutls-cli: more organized printing of
cipher benchmark output
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
benchmarked ciphers
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: bumped current and age version to allow 3.3.x
releases with new symbols
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a
block size of 64-bytes
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map:
mac_to_entry -> _gnutls_mac_to_entry
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs12.c: pkcs12: added check for null OID in
gnutls_pkcs12_generate_mac2
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2()
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used.
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: --p12-info will provide information on
the MAC algorithm
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain
information on the MAC
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
keys tests for new internal API
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
tests: test the decoding of a PKCS #12 structure with SHA256 MAC
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
verification with structures that support other than HMAC-SHA1 MACs.
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested
in nettle
2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testdane: testdane: re-enabled DANE checks and added
checks on SMTP
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool.c: danetool: obtain certificate only once
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
modified prototype and doc to be recognized by doc parser
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug-args.def, src/danetool-args.def, src/socket.c:
danetool/gnutls-cli-debug: added support for imap starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
supports SMTP starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h:
danetool: supports SMTP starttls
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
improvements in information presentation
2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: libdane: disable debugging mode
2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: updated documentation for
gnutls_handshake()
2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/cli.c, src/danetool.c,
src/ocsptool-common.c, src/socket.c, src/socket.h,
tests/suite/testdane: danetool: if the certificate to verify against
is not provide it try to obtain it
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c,
lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal
implementation, use nettle's
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: corrected typo
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: added --info parameter That allows obtaining information on a specific object.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That
is, this performs an object URL comparison, rather than a token URL
usage.
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c: p11tool: only print the debugging message in
debuglevel > 4
2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: removed reference to UMAC
2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-intro-tls.texi: removed references to SALSA20
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: doc update
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid
wrong deletions
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
gnutls_pkcs11_obj_flags_get_str
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c:
tests: ensure that no environment variables confuse softhsm
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags
being set
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c:
pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
and gnutls_pkcs11_flags_get_str() allows printing them.
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
gnutls_pkcs11_obj_flags
2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: exit if
export_pubkey_of_privkey fails
2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: simplify the passing of flags and pass the key wrapping
flag
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README: README: removed gmplib 4.2.2 reference
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
updated
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
gnutls_pkcs11_privkey_get_pubkey; named
gnutls_pkcs11_privkey_export_pubkey
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
GNUTLS_E_INVALID_REQUEST on invalid params
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c: p11tool: activate the --batch option
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: Test the export of public key
2014-08-06 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
subsystem There are cases where we need to export the public key of private
key at a later time. Previously, the public key was only available
immediately after creation of a key pair. This patch allows to
retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: documented flags format
2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
CAMELLIA to the list of default ciphers
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: mention profile in security parameters
table
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/DCO/people-dco.txt: Added people who have sent a DCO for
gnutls
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null
password
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: free unused variables
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pkcs8-decode/Makefile.am,
tests/pkcs8-decode/suppressions.valgrind: added missing file
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: certtool: print more information on PKCS #12
structures. use gnutls_pkcs12_bag_enc_info to print more information on
encrypted PKCS #12 structures.
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
lib/x509/x509_int.h: added new function to obtain information on a
PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info()
2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: doc update
2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: certtool: default pkcs-cipher is now 3des as in
PKCS #12
2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c,
src/certtool.c: gnutls_pkcs8_info: will return OID value even on
unsupported structures
2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
non-zero
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, src/certtool-args.def: doc update
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize
parameters on decryption
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: further increase iteration count
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c, tests/pkcs8-decode/Makefile.am,
tests/pkcs8-decode/openssl-3des.p8.txt,
tests/pkcs8-decode/openssl-aes128.p8.txt,
tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8:
certtool: improved PKCS #8 information printing
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pkcs8-decode/Makefile.am,
tests/pkcs8-decode/openssl-3des.p8,
tests/pkcs8-decode/openssl-3des.p8.txt,
tests/pkcs8-decode/openssl-aes128.p8,
tests/pkcs8-decode/openssl-aes128.p8.txt,
tests/pkcs8-decode/openssl-aes256.p8,
tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8:
tests: added more PKCS #8 decoding tests
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and
optimizations in PKCS #8 information
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c: certtool: added --p8-info
option
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions
to obtain information on PKCS #8 structures. Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and
gnutls_pkcs_schema_get_oid().
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption
support was made more compact and manageable
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
MAC
2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/atfork.c: removed debugging info
2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h,
lib/x509/verify-high2.c: several windows compilation fixes
2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to
export other than function symbols
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
src/libopts/ao-strs.c, src/libopts/ao-strs.h,
src/libopts/autoopts.c, src/libopts/autoopts.h,
src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
src/libopts/check.c, src/libopts/compat/compat.h,
src/libopts/compat/windows-config.h, src/libopts/configfile.c,
src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
src/libopts/load.c, src/libopts/m4/libopts.m4,
src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
src/libopts/nested.c, src/libopts/numeric.c,
src/libopts/option-value-type.c, src/libopts/option-value-type.h,
src/libopts/option-xat-attribute.c,
src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
src/libopts/parse-duration.h, src/libopts/pgusage.c,
src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
src/libopts/stack.c, src/libopts/streqvcmp.c,
src/libopts/text_mmap.c, src/libopts/time.c,
src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
updated to libopts 5.18.3
2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/config.rpath, build-aux/gendocs.sh,
doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
src/gl/select.c, src/gl/xalloc.h: updated gnulib
2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/pkcs12.c: updated documentation for
gnutls_pkcs12_simple_parse
2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac: master now holds the 3.4.0 release
2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h,
lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
lib/pkcs11.c: Use pthread_atfork() and variants to detect fork
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
the library.
2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: Added text on PKCS #11 verification
2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
applications that use a header of gnutls. Report and patch Ryan
Schmidt.
2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac, doc/Makefile.am: check for sed in
configure.ac and use the output variable in Makefiles
2014-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2014-07-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
functionality is present.
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: doc update
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: tests: added libdane/includes to includes dir
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: released 3.3.6
2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
missing functions
2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped library version
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: simplified initialization of variables.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: bogus and secure values are always
initialized in dane_query_to_raw_tlsa
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/dane.c: tests: eliminated leak from dane check
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: libdane: use gnutls_malloc() and doc update
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/dane.c: Added self test for DANE raw
functions
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool-args.def, src/danetool.c: danetool: added option to
print the raw entries.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: doc update
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
IV set.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
_gnutls_prf_raw() which can calculate the TLS PRF without depending
on a session structure.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: fips140-2: do not check the libtasn1's integrity
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding
according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
and there can be ambiguities when using that over SSL 3.0. See:
http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
any action That allows a valid err_pos, even on a memory allocation error.
Reported by Dan Fandrich.
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: updated TODO
2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
returned on reinitialization
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c:
tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
lib/x509/verify-high2.c: Added
gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
with trusted certificates.
2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/system.c: Allow specifying a directory as trust
store
2014-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-07-10 Simon Arlott <sa.me.uk>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
dane_raw_tlsa() to make it easy to copy the results of the
(synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for
dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
is 0 (it is possible for malloc/calloc to return NULL when requested
to allocate 0 bytes). Signed-off-by: Simon Arlott
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: FIPS140-2 tests: no need for MD5 check
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
(and time-consuming) tests.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Allow specifying
GNUTLS_CPUID_OVERRIDE in either hex or decimal.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Added option to disable any cpu
optimizations
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c,
lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
registers
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/x86-common.c: Allow overriding the detected
CPUID using the GNUTLS_CPUID_OVERRIDE environment variable
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
check for RSA encryption
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
and DSA-3072 bit keys, as well as SHA256.
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
and RSA-3072 bit keys
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: tests: check RSA with SHA256
2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
encrypted data differ from plaintext
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
size required by SP800-38D (section 8.2)
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use
when generating a key.
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
CKA_EC_PARAMS when generating an ECDSA key
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: only print warning about key sizes in RSA
keys
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: make brief output more brief
2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
of memset()
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Skip DANE entries that may contain unknown
info That would allow skipping any future entries without failing.
Reported by Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by
Simon Arlott.
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c: examples: mention that
gnutls_global_init() is optional
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc: mention and link to trust storage module
2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-bib.texi, doc/cha-tokens.texi: doc update
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero
length.
2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Increased number of attributes
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: try to restart on session errors, to avoid
having a failed call.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: corrected pkcs11 reinitialization
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
invalidate the cached session.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: set the maximum value when printing
library_description
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
#11 privkey cached session
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
and private objects, and there is no one-size fits all policy. Thus
allow a proper failure and warn the user that so-login may be
required.
2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: testpkcs11: Try to write the trusted
object both by so-pin and normal pin
2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
deleted after generation
2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
GNUTLS_SO_PIN when setting the PINs of an initialized token.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/gendh.c: tests: gendh: increased the DH prime size to
allow usage under FIPS140-2 mode
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: tools: when in batch mode and no PIN, print a note
about using the environment variables
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: tests: improved error reporting in crq_key_id
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-upgrade.texi: doc: properly terminate table
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
from the acceptable bit sizes in FIPS140-2 DSA parameter generation.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c, src/common.c, src/common.h, src/danetool.c,
src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
mode and will not ask for PIN.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
specified. Added --batch parameter to disable interaction.
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
only a single token available, don't bother complaining about
specifying the correct URL
2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.h: updated comment
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: certtool: document that URLs are supported
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/testpkcs11,
tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
gnutls_pkcs11_privkey_generate2(): corrected public key extraction
(for ECDSA keys)
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
security officer's PIN
2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.
2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
and IPv6 address matching.
2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE
2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
3.2.x
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
doesn't fit into our buffer.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
as a hostname There are several misconfigured servers that placed their IP as a
DNS name. Pointed out by David Woodhouse.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: supress warnings
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
instead for AF_INET6
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
addresses. The old dumb code is used in systems that don't have that function.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/hostname-check.c: tests: Added test cases for IPv4/6
matching.
2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
checks text ip addresses as well. That aligns the documentation with the implementation. Reported by
David Woodhouse.
2014-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: initialize str to NULL
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/crl.c: fixed documentation
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/aki, tests/cert-tests/pathlen,
tests/cert-tests/pem-decoding, tests/suite/crl-test,
tests/suite/invalid-cert, tests/suite/testcompat-main,
tests/suite/testrandom: tests: better replacement of LIBTOOL
variable in scripts
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: tests: ship certs/
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
symbols
2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: gnutls-serv: removed the
--print-cert option; the cert was anyway being printed.
2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: doc update
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: corrected typo
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c: minitasn1: updated to version 4.0
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def: p11tool: updated documentation
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: Warn when no --outfile has been specified
on key generation
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
structure generation and decoding.
2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: certtool: allow specifying
the friendly name on the command line and use the
load-ca-certificate
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: warn in more operations if --login is not
specified
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/pkcs11.c: p11tool: No longer assume a default URL for
operations.
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/common.c: p11tool: Do not allow a newline as PIN.
2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
is zero.
2014-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* THANKS: updated thanks file
2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README: clarified license text
2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: Do not try to load the system CA trust if
--insecure is specified.
2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_srp.c: doc: more consistent use of pointer star.
2014-06-16 Attila Molnar <attilamolnar@hush.com>
* lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-06-16 Attila Molnar <attilamolnar@hush.com>
* doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet
in the future.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
the same on resumed sessions.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-chainverify.c: Test the return code of
gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
token. Check whether the return code of
gnutls_x509_trust_list_add_trust_file() is non-zero when
certificates are present.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
returns the number of certificates present when loading a PKCS #11
URL.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
p11tool: Allow marking a certificate as a CA.
2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA
(category==CA)
2014-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/README.CODING_STYLE: coding style: update the DCO text
2014-06-15 Attila Molnar <attilamolnar@hush.com>
* lib/gnutls_state.c: doc: Corrections for
gnutls_handshake_set_hook_function()
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-intro-tls.texi: doc: updated text for the ALPN
experimental protocols
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
are duplicated in the section index.
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/eagain-common.h,
tests/mini-x509-callbacks-intr.c: tests: Added check for the
interrupted post client hello.
2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
lib/gnutls_v2_compat.c: handshake: Allow the post client hello
callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
and can be resumed when needed.
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-tls.c: use the new API for receiving data
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/anonself.c: Adapted test to check
gnutls_record_recv_packet().
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
i.e., a variant that eliminates the data memcpy().
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/tests.c: gnutls-cli-debug: Use proper HTTP request
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: When decoding of a DN string fails, treat it as
unknown string and print its hex value.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: Print errors but avoid being verbose on
stderr
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: certtool: avoid sizeof() on lbuffer
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: certtool: ensure that allocated buffer has
a minimum size of 64kb.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool.c: certtool: Added option
--stdout-info
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: initialize iterator.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c: corrected the allocation size for CRL iterator.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/crl-test,
tests/suite/crl/long.pem: Added test for CRL decoding.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
thread-safe by making the iterator explicit.
2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/suite/Makefile.am, tests/suite/invalid-cert,
tests/suite/testcompat-main, tests/suite/testrandom: Pass the
LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an
issue on OS X systems that ship a different libtool. Reported by
Daniel E. Macks.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
gnutls_x509_crl_get_crt_serial2(), a faster variant of
gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL
structures with lots of entries (e.g., 50000+ entries).
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
src/danetool.c: certtool: When an external file is used increase out
maximum buffer accordingly.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Abort printing on error.
2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: tie the weak DH warning to the very weak security
parameter.
2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
http://savannah.gnu.org/support/?108592
2014-06-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
SSLv2 hello length.
2014-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
sources
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated windows makefile
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
files for gnutls_credentials_get()
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, m4/hooks.m4: bumped version
2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/long-session-id.c: Added test for memory
corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/gstr.h,
lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
lib/minitasn1/parser_aux.h: updated libtasn1
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: avoid cleanup when there are no allocations in
_gnutls_x509_der_encode().
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ecc.c: cleanup resources on
_gnutls_ecc_ansi_x963_export() failure.
2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: Added the --print-cert option to
gnutls-serv.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-extras.c: certtool: correct size calculation when
loading privkey
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: re-indented messy table.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/opencdk/armor.c: Removed unused function.
2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: document the symbol version bump needed in a .so
version bump.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: Prevent memory corruption due to server
hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: only try to copy session ID if there is a
session ID.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-29 Kurt Roeckx <kurt@roeckx.be>
* lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: increased the maximum certificate size buffer in the
PKCS #11 subsystem.
2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.c: re-enabled config path discovery code, and check the
return code of getpwuid_r(). Reported by Viktor Dukhovni.
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library.
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/accelerated.c: removed old check for nettle
2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/safe-memset.c: safe_memset: allow memset of zero bytes.
2014-05-27 Hani Benhabiles <kroosec@gmail.com>
* lib/x509/verify-high.c: Fix unused variable warning without
PKCS#11 support. Signed-off-by: Hani Benhabiles <hani@linux.com>
2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
reported by Matt McCutchen.
2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/protocols.c, lib/gnutls_handshake.c:
_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
instead of negative.
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: Allow wildcard comparison of options.
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: Warn when invalid configuration
options are set into a template.
2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: Do not allow null strings to be read from ASN.1
structures. This corrects a null pointer dereference when parsing some specially
crafted certificates. Issue discovered using the Codenomicon TLS
test suite.
2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: removed redundant null termination
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
prefix from static functions.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: Do not call the user_hello_func multiple
times when performing ticket resumption.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
zero if data is NULL and memory buffer size is not sufficient.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
When assigning the TLS version, double check that it is valid.
2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
2014-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: Added aliases for unit and organization.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: use a signed value for bits.
2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: certtool: allow multiple organizations and
organizational unit names to be specified in a template.
2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: increased the number of allowed elements in
a priority string.
2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: simplify break_comma_list().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509.c: more sanity checks on
signature size
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def:
tools: Replace normal sec-param with medium in documentation.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
print the bug reports line from autogen.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
lib/safe-memset.c: do not yet export gnutls_memset().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/slow/Makefile.am: tests/slow: add -I flags necessary for
out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-15 Michał Górny <mgorny@gentoo.org>
* tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
subdirectory of the current working directory. When an out-of-source
build is performed, the files reside in a subdirectory of source
directory instead. Set PKCS12PATH to that directory in order to fix
the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/dsa/testdsa: changed port of DSA test
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
correct signature size rather than the max.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/output.c: Print the openpgp DN only when
gnutls_openpgp_crt_get_name() failed appropriately.
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: initialize string in
gnutls_x509_ext_import_basic_constraints().
2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: corrected error checking in
gnutls_x509_crt_get_extension_data()
2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: Allow null list_size argument in
gnutls_certificate_get_peers()
2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: certificate verification is performed asynchronously.
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/danetool-args.def: enhanced the danetool usage instructions.
2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Do not use autogen's file option for input
parameters. Instead use a string. We check the file for validity and autogen's
check was imposing rules such as normal file (as opposed to a
device), that were not needed.
2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c: certtool: check for null prior to checking
for empty passwd
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/ecdhe.c: cleanup in the initialization of ECDH
parameters.
2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: Eliminated memory leak on failed curve
assignment. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: gnutls-cli: if dane verification is used but not PKIX
only check the end certificate.
2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: doc update
2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
gnutls_set_default_priority() in examples.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
prototypes for dane_verify_crt_raw2().
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
lib/safe-memset.c: export gnutls_memset().
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c, libdane/includes/gnutls/dane.h,
libdane/libdane.map: Added dane_verify_crt_raw2() which allows
verifying against the certificate name.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* libdane/dane.c: Improved dane_verify_session_crt(), which now
attempts to create a full chain. This addresses points from
https://savannah.gnu.org/support/index.php?108552
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
lib/gnutls_x509.c: removed legacy code.
2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_credentials_get().
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def, src/serv.c: Added gnutls-serv option
--verify-client-cert. That option allows forcing verification of the provided certificate
even if it is not required to present one. In that case the
connection will be closed with a fatal alert.
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/status_request.c: Addressed memory leak in status request
extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross compilation Makefile.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/safe_renegotiation.c: Avoid memory leak in safe
renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: updated documentation on library
initialization to reflex the changes in 3.3.0.
2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/locks.c: re-enabled gnutls_global_set_mutex().
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: Do not run autogen twice to generate the header
files.
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am: Ship suppressions.valgrind
2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, configure.ac, m4/hooks.m4: bumped version
2014-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default.
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: fixed typo
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
lib/includes/gnutls/x509.h, lib/priority_options.gperf,
lib/x509/verify.c: Added the 'very weak' certificate verification
profile. This profile corresponds to a 64-bit security level (e.g., RSA
parameters of 768 bits).
2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/credentials/x509/cert-ecc.pem,
doc/credentials/x509/clicert-ecdsa.pem,
doc/credentials/x509/clikey-ecdsa.pem,
doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
secp256r1
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
not widely supported.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/credentials/x509/clicert-ecdsa.pem,
doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/srp.c: initialize to null the SRP extension data on
allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testrng: Modified the testrng for Debian's dieharder.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite.
2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Added a timeout to close inactive sessions.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Send the appropriate alert when a certificate is
required but not present.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: use __sun definition to detect solaris.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client
disconnections.
2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: Added support for constructors and
destructors in solaris CC.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrng: Updated dieharder tests.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-alpha: doc update
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/cipher-test.c: include header for self-test functions
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrng: Allow testrng test to run with older versions
of dieharder.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
casting to mpz_t using __mpz_struct.
2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated included libtasn1.
2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: Do not return from void functions. Reported by
dev [at] cor0.com.
2014-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: removed return from void function.
2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/rng.c, tests/suite/testrng: updated prng test
2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
tests/suite/testrng: Test the random generators in gnutls using the
dieharder tool.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/pkcs11-get-issuer.c: use different db file for
pkcs11-get-issuer.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
test to verify whether gnutls_x509_trust_list_get_issuer() operates
correctly under PKCS #11 trust list.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/x509/verify-high.c:
gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
#11 trust list.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11_write.c: initialize the size value
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c:
Include the correct header for the self tests functions
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/safe_renegotiation.c: removed redundant code. Reported by
David Binderman.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: rearranged code
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: only fail DANE verification if status is non-zero
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
certificate using DANE if there is at least one entry that matches
the certificate. This corrects the previous behavior that was rejecting the
certificate if there were multiple entries and one couldn't be
validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
if the call to gnutls_global_init() failed.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
initialization of random generator. Reported by Martin Kletzander.
2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd.c: Revert "Avoid dual initialization of random
generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-x86-ssse3.c,
lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
avoid clashes with system headers.
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: Avoid dual initialization of random generator.
Reported by Martin Kletzander.
2014-04-19 Kurt Roeckx <kurt@roeckx.be>
* lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-19 Kurt Roeckx <kurt@roeckx.be>
* lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-19 Andreas Metzler <ametzler@bebt.de>
* lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
suggestion by Shawn (sth0r2046 [at] gmail.com).
2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
(sth0r2046 [at] gmail.com).
2014-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: Allow exporting a CRL in DER format.
2014-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* AUTHORS, THANKS: cleaned up authors and thanks file.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/invalid-cert,
tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
tests/suite/testrandom: More script tests run under valgrind
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509.c: Treat othername as printable (i.e., null
terminate it), as the XMPP printing code assumes that.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/output.c: cleanups in output
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
longer possible in 3.3.x.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: relased 3.3.1
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: changed port to allow parallelization
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
longer part of the API (though it remains in the ABI).
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any
public header.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: removed file from Makefile that doesn't exist
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: gnutls-cli will no longer allow the session to proceed
if DANE verification fails.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
tests/cert-tests/xmpp-othername.pem: Added test certificate with
multiple XMPP othername SAN fields.
2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid()
functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_ext.c: always initialize size values
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: copy_string() and copy_data() are more
resilient on null input
2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a
sign/verify request that may take longer in some systems. Based on
patch by Andreas Metzler.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a
certificate that contained an OtherName. Reported and investigated
by Kirill A. Shutemov.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
the already unused secure alloc functions.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
lib/safe-memset.c: Use a harder to optimize out memset().
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: fix typo
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/pskself.c: include hint into psk test.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_psk.c: eliminated the leak of hint when deallocating
the credentials.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def, src/cli.c: Both DANE and PKI verification are
advisory when --tofu is being used.
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: When checking for data to be received use
the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
Reported and investigated by JMRecio.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: doc update
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: documentation update.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
verification methods.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def: Updated TOFU documentation. Suggested by Jens
Lechtenboerger.
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool.c: added newlines to p11tool error messages
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: corrected uninitialized value
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am: removed conditionally exported functions.
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
lib/includes/gnutls/self-test.h: Added self check functions to
self-test.h.
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, m4/hooks.m4: bumped versions
2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
issues in the future
2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: increased the space available for
certificates. That avoids a crash in sparc64; reported by Andreas Metzler.
2014-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: doc update
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: use the same cflags for included programs as with
library.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
any input state.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
lib/verify-tofu.c: several bug fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
fixes due to coverity.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
reported from coverity in opencdk.
2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_buffers.c: correctly check for message upper limit.
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
only CRLs in gnutls_x509_trust_list_add_trust_file().
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli-args.def: Added the PFS priority string.
2014-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: corrected Peter's name!
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
#8 files with ECC parameters from openssl. These files do not contain the curve information with the private
key (ECPrivateKey), but they rather contain it in the
privateKeyAlgorithm.
2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c: More strict checking of heartbeat padding
size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest
by Peter Williams; initially investigated by Frank Li.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_mem.h: unconditionally zeroize temporal keys.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
dependency
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
the FIPS140-specific functions into the main documentation.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/key-tests/Makefile.am: Added missing file
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated documentation
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map, symbols.last: updated exported symbols table.
2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
lib/libgnutls.map: mark functions that are only available under
FIPS140 mode
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
auto-generated files.
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/rfc2818_hostname.c: doc update
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
public and private keys match.
2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: doc update
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cross.mk: update gmplib location
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am: removed double entry
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
updates
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignore
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
include this gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am: do not build ecore when cross-compiling
for windows.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4: Added bind gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4: Added connect gnulib module.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/tests/Makefile.am, gl/tests/test-getdelim.c,
gl/tests/test-getline.c: Added getline() in gnulib.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: corrected configure test for pthread_mutex_lock
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/certs/create-chain.sh: updated test cert generator.
2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
doc/examples/verify.c, lib/gnutls_cert.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the
need to add new functions.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
doc/examples/ex-client-x509.c, doc/examples/verify.c,
lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
verify in addition to hostname, the purpose of the end-certificate.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: bumped version
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
using gnutls_certificate_verify_peers3().
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: doc update
2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/heartbeat.c: doc update
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: modify to conform to the documentated
level.
2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated makefile
2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/Makefile.am: avoid checking or linking with
libpthread in windows
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testpkcs11: Corrected check for softhsm shared object.
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Allow multiple spaces into priorities file.
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
The "SYSTEM" initial keyword was replaced with the more generic
"@KEYWORD" The @KEYWORD string will open the pre-configured system priority
file and will expand the KEYWORD, to the priority string set in the
file. The file should have the following format:
KEYWORD=PRIORITY_STRING
2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: Use the IANA assigned padding extension number.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: skip the test if softhsm doesn't exist
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
and config in tests to allow parallel runs.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-alpha: added softhsm dependency for testsuite
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
softhsm That allows us running it in the normal test suite.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool.c, src/cli-args.def,
src/cli.c, src/p11tool.c: Allow using the --provider parameter in
gnutls-cli and certtool to specify a PKCS #11 module.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-chainverify.c: updated test to run in more
systems.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: set the same flags in the second search
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore the softhsm test suite files.
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testpkcs11: fixed bashisms
2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/certs/create-chain.sh: depend on bash for the
create-chain script
2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-x509.c: Enhanced test to check that the correct number
of certificates is received
2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: corrected check for sorted server certificate
chain.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
is specific to p11-kit trust modules.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
the certificate verification tests in PKCS #11-based verification
using softhsm.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Perform time check when removing a certificate
in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our pkcs11 trusted list,
make sure that we search for the non-self-signed as well. This
affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
#11 trust module.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Allow manually loading a 'trusted' module.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may
crash. If the deinitialization of the PKCS #11 subsystem is
required then, gnutls_pkcs11_deinit() must be explicitly called.
2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
test chains from chainverify program.
2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, tests/Makefile.am, tests/key-id/Makefile.am,
tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
tests/key-id/key-ca.pem, tests/key-id/key-id,
tests/key-id/key-user.pem, tests/key-tests/Makefile.am,
tests/key-tests/README, tests/key-tests/ca-gnutls-keyid.pem,
tests/key-tests/ca-no-keyid.pem,
tests/key-tests/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
tests/key-tests/key-ca.pem, tests/key-tests/key-id,
tests/key-tests/key-user.pem, tests/key-tests/pkcs8: Added self-test
for PKCS #8 key conversion and reading
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: the chainverify test ensures that there is no
diverge between different verification functions.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: When verifying check for the same
certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
certificate, and the self-signed isn't in our trusted list, make
sure that we search for the non-self-signed in our list as well.
This affects, gnutls_x509_trust_list_verify_crt() and makes its
results identical to gnutls_x509_crt_list_verify().
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-alpha: mention test on smart card support
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* README: Added make check to the make process in README
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c,
src/certtool-common.h, src/certtool.c: changed the behavior in
certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
output. The previous behavior of encrypting using an empty password
can be replicated using --empty-password.
2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: Updated documentation on null-password and
password options of certtool.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testrandom: Added test to check verification with
randomly generated certificates.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: Combined the code to set CRL next update with
certificate expiration date.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: corrected typo
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: improved error message
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c: When a CRL serial number is not specified, generate
a time-based one.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-shared-key.texi: doc update
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
lib/priority_options.gperf: Added priority string
%DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in
certificates.
2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Added verification flag to disable wildcard
checking This adds the verification flag
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
gnutls_x509_crt_check_hostname2(),
gnutls_openpgp_crt_check_hostname2().
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/complex-cert.pem,
tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
SHA256 fingerprint output in certtool
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: doc update
2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Print the SHA256 fingerprint of the certificate
in addition to SHA1.
2014-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/verify-tofu.c: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_ui.c: simplified
gnutls_certificate_client_get_request_status() - no error is
possible.
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: doc update
2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: cleaned up documentation of
gnutls_record_send()
2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: Added test for CVE-2014-0092
2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: removed reference to mini_xssl
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added self checks for various verification
profiles
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
uncork usage under DTLS.
2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
friendly.
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: using the SYSTEM priority string will fail
if there is no system file
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: reformatted NEWS entries
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
security. Introduced the LEGACY keyword which will enable the settings used in
GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
compatibility with weak or misconfigured servers is required.
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/manpages/Makefile.am: replaced wrong manpage generation
parameter
2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation
2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
GnuTLS can be redistributed. Update the README to reflect this change.
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Fix patch version calculation when it contains
non-numeric chars
2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: print RSA-EXPORT status
2014-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_str.c: use isascii instead of isprint for
internationalized name detection
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: bump so version
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
level
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c: add a check for invalid DH parameters.
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
DHE prime and exponent size.
2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509-extensions.c: fixed test to use the correct function
names.
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are
allowed (followed by at least two components), and are only taken
into account into ascii strings. Non-ascii strings are compared
byte-by-byte. That means that wildcards in the form
bar*foo.example.com are no longer accepted, as well as wildcards of
the form *.*.*.example.com.
2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
use commit suffix for functions that return a status code.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
RNG code.
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: the longer e-mail caused crash in autogen's
manpage generation
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
some of the newly introduced functions
2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: set the invalid flag when the owner is
unexpected.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
tests/hostname-check.c: Changed the behaviour in wildcard acceptance
in certificates. Wildcards are only accepted when there are more than two domain
components after the wildcard. This will prevent accepting
certificates from CAs that issued '*.com', or 'www.*'.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: Added more key usage flags in the test
for x509-extensions.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/x509-extensions.c: x509-extensions test will fail if an
unhandled extension is found.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am: ship the gperf file and the generated one.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-cert-auth.texi: documented the new X.509 extension API
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
can now write more than a single crl_dist_point.
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/cert-tests/template-test.pem,
tests/cert-tests/template-test.tmpl,
tests/cert-tests/template-utf8.pem,
tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
tests/x509-extensions.c: Added unit tests for new API
2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse
similarly formatted extensions stored in other structures. In
addition functions that simplify the extraction of extensions from
known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.
2014-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Corrected error checking in
_gnutls_x509_ext_gen_proxyCertInfo
2014-03-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/TODO: doc update
2014-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv.c: initialize pointer
2014-03-12 Luis G.F <luisgf@gmail.com>
* src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
reference is lost if an allocation error occured. Signed-off-by: Luis G.F <luisgf@luisgf.es>
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: use the number of seconds as serial in 32-bit
systems
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c: Only check PK compatibility in client side but
also when using openpgp certs.
2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/kx.c: corrected initializer
2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/cert.c: shortend static function names.
2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
that the algorithm of the received certificate matches the expected.
2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am, doc/cha-functions.texi,
doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
doc/manpages/Makefile.am, lib/Makefile.am,
lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no
resources to maintain an additional library.
2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
enable linking with nettle-mini
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: re-enabled certificate verification
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
under SSL 3.0, it will during MAC initialization.
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
lib/x509/x509.c: stricter type usage
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
when needed
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
clang
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: silence some warnings
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
lib/verify-tofu.c: clang warning fixes
2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-cfg.c: removed unused variables.
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
will not be able to find the input file if GnuTLS is built out of
tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by
`all'. Stop. make[2]: Leaving directory
`/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
instead of using a GNU '%' pattern rule:
https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* .gitignore, doc/Makefile.am: Fix build failures involving
doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
with no input file and it will hang forever waiting for content from
stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl
<../src/invoke-gnutls-cli.texi
>../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
rm -f ../src/invoke-gnutls-cli.texi <HANG> Since these documents are @include'd by other documents, it is
probably a good idea to make sure the targets are buildable in case
they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place
build, but incorrect for an out-of-tree build. They should use
something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname,
breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* README-alpha: README-alpha: Add gperf dependency for building from
git Without gperf, priority-options.h does not get built and this
results in a compile error. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Kevin Cernekee <cernekee@gmail.com>
* src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: more type separation
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: use psktool-args
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: more type separation
2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: separated types for easier verification
2014-03-06 Kevin Cernekee <cernekee@gmail.com>
* .gitignore, doc/manpages/Makefile.am, src/Makefile.am,
src/psk-args.def, src/psk.c, src/psktool-args.def: Rename
psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
currently invoke-psktool.texi is generated from psk-args.def. If we
make psktool conform to the same convention as the other utilities,
we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Kevin Cernekee <cernekee@gmail.com>
* doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
$(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/openpgp/extras.c: Ensure failure when no base64 data have been
read. Suggested by Ramkumar Chinchani.
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
* lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, symbols.last: Added symbol check prior to release
(after discussion with Andreas Metzler)
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated doc
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build-aux/test-driver, build-aux/ylwrap: updated build-aux files
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am: removed no-split as it causes issues in pdf
building
2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
gl/tests/test-bind.c, gl/tests/test-connect.c,
gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
libgl
2014-03-05 Nick Alcock <nick.alcock@oracle.com>
* configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts
unconditionally replaces the autogen-erated files with their
distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not
specified, autogen cannot be installed, and that the distributed
copies necessarily exist. Neither assumption is always correct.
e.g. someone building a 32-bit copy of GnuTLS from git with a copy
of autogen on their system will have a 64-bit copy of libopts, and a
working /usr/bin/autogen, but not a 32-bit libopts. Since building
autogen depends on Guile, this is a rather heavyweight pile of gear
to require. (You can force a successful build in this case, but it
requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
we do not substitute AUTOGEN, so as to let any copy of autogen that
configure found on the system do its job if necessary, while not
forcing the user to link against the copy of libopts which came with
that autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c:
session tickets can be disabled
2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/Makefile.am, lib/ext/cert_type.c,
lib/ext/status_request.c, lib/gnutls_extensions.c,
lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c:
increased code disabled from disable-ocsp and disable-openpgp
options
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, lib/ext/Makefile.am,
lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
lib/priority_options.gperf, src/cli-args.def,
tests/mini-record-2.c, tests/mini-record-range.c,
tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being
removed. The gnutls_range API is kept in case length hiding is
implemented in a different way at some point.
2014-03-05 Ludovic Courtès <ludo@gnu.org>
* doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
manual.
2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/Makefile.am: examples include both gnulibs
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
gl/tests/test-getline.c: removed getpass from gl/
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/Makefile.am: changes for new gnulib in src/
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c: corrent error print in win32
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/system.c: Changes to account for the reduced
included gnulib
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: added missing declaration
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: removed any dependencies to gnulib network
stuff
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
insistence to replace strerror
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
src/gl
2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
gl/tests/test-accept.c, gl/tests/test-close.c,
gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
gl/tests/test-listen.c, gl/tests/test-lstat.c,
gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
gl/tests/test-pathmax.c, gl/tests/test-perror.c,
gl/tests/test-perror.sh, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-recv.c,
gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
gl/tests/test-select-stdin.c, gl/tests/test-select.c,
gl/tests/test-select.h, gl/tests/test-send.c,
gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
gl/tests/test-stat.c, gl/tests/test-stat.h,
gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
gl/tests/test-symlink.c, gl/tests/test-symlink.h,
gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
unused gnulib crap
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: fixed more memory leaks in crywrap
2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/crywrap/crywrap.c: addressed memory leak in crywrap.c
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: check the blacklist for certificates
provided in gnutls_x509_trust_list_verify_named_crt().
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
configure option.
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: rsa-export is no more
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-library.texi: updated option for TPM
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: replace select() on windows
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: print message before failing when the pull
timeout function isn't replaced.
2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
SHA1; suggested by Manuel Pégourié-Gonnard.
2014-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
build-aux/useless-if-before-free, build-aux/vc-list-files,
doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
gl/tests/test-base64.c, gl/tests/test-binary-io.c,
gl/tests/test-bind.c, gl/tests/test-byteswap.c,
gl/tests/test-c-ctype.c, gl/tests/test-close.c,
gl/tests/test-connect.c, gl/tests/test-dup2.c,
gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
gl/tests/test-float.c, gl/tests/test-fputc.c,
gl/tests/test-fread.c, gl/tests/test-fseek.c,
gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
gl/tests/test-func.c, gl/tests/test-fwrite.c,
gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
gl/tests/test-getline.c, gl/tests/test-getpeername.c,
gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
gl/tests/test-ioctl.c, gl/tests/test-listen.c,
gl/tests/test-lstat.c, gl/tests/test-lstat.h,
gl/tests/test-memchr.c, gl/tests/test-netdb.c,
gl/tests/test-netinet_in.c, gl/tests/test-open.c,
gl/tests/test-open.h, gl/tests/test-pathmax.c,
gl/tests/test-perror.c, gl/tests/test-perror2.c,
gl/tests/test-pipe.c, gl/tests/test-read-file.c,
gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
gl/tests/test-select.c, gl/tests/test-select.h,
gl/tests/test-send.c, gl/tests/test-sendto.c,
gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
gl/tests/test-sockets.c, gl/tests/test-stat.c,
gl/tests/test-stat.h, gl/tests/test-stdalign.c,
gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
gl/tests/test-stdint.c, gl/tests/test-stdio.c,
gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
gl/tests/test-strerror_r.c, gl/tests/test-string.c,
gl/tests/test-strings.c, gl/tests/test-strnlen.c,
gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
gl/tests/test-sys_wait.h, gl/tests/test-time.c,
gl/tests/test-u64.c, gl/tests/test-unistd.c,
gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
gl/tests/test-vc-list-files-cvs.sh,
gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
src/gl/intprops.h, src/gl/m4/00gnulib.m4,
src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
src/gl/parse-datetime.h, src/gl/parse-datetime.y,
src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
updated gnulib
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
when they are available in TLS1.0
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: The default priority is reset to NORMAL
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: Revert "the default priorities are reset to
be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: mention SHA384 as MAC option
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-args.def, src/serv-args.def: documented the defaults
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: the default priorities are reset to be
NORMAL. Reported by Manuel Pégourié-Gonnard.
2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/serv-args.def: Add required priorities
2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Preinitialize values; suggested by Sebastian
Krahmer and Tomas Hoger.
2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: added doc on is_issuer() checks
2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_cert.c: removed not trusted message; reported by Michel
Briand.
2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: updated for verification updates
2014-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Updated verification function
2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
* src/cli-args.def, src/cli.c: New option --stricttofu for
gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
certificate changes. I added the option --stricttofu that omits the
question and fails instead. The contribution is in accordance to the "Developer's Certificate of
Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: moved priorities check to the first call
only.
2014-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: removed duplicate definition; reported by
Dennis Philipps.
2014-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/README.CODING_STYLE: updated coding style
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-nc.pem: added cert
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/template-test: corrected check
2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
values
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: updated
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: When appending a name, ensure that we
append to the end of the list.
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: use gnutls_free()
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: corrected email in texi
2014-02-20 Attila Molnar <attilamolnar@hush.com>
* lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
resistance against guessing usernames When a client tries to authenticate using an unknown username,
instead of generating a random salt every time, generate the salt
based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use
the same seed after a restart. A random seed is generated for each newly allocated SRP server
credentials structure, meaning that applications not using the new
API to set the seed continue to work and gain limited advantage
(because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: small artistic changes
2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: check against the success value
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
bool types when needed.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: ensure failure when parsing fails.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: allow ip address as constraint
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Added check for IPaddress
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added tests for name constraints addition.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: better error printing
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: corrected empty name check
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/template-nc.pem,
tests/cert-tests/template-nc.tmpl: Updated test for name constraints
to include empty constraints names.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: pretty print empty DNSnames
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c, lib/x509/name_constraints.c:
_gnutls_x509_read_value() can now read empty values.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Allow empty names.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c: removed debugging
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/extensions.c: Added check for null
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: If alternative names are found, don't
bother checking the DN.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/certs/create-chain.sh: Added tool to create a
certificate chain
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: properly indent name constraints
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c: _gnutls_parse_general_name2() will return the
expected data
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
src/certtool.c, tests/cert-tests/Makefile.am,
tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test:
certtool allows setting name constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
false warnings
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: simplify names
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
lib/x509/name_constraints.c: Added
gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
certificate.
2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c, tests/name-constraints.c,
tests/suppressions.valgrind: Added support for e-mail constraints.
2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/name-constraints.c: Added more constraints tests for
unsupported structures.
2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: Corrected check for present
constraints in unsupported types.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: fix small leak
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/ocsptool.c: When verifying a response and a signer isn't
provided assume that the signer is the issuer.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
check if it is available on the reply.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/name_constraints.c: properly deinitialize name
constraints structure.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-ocsp-client.c: Verify in example that the sent
nonce matches the received nonce. Reported by Benny Baumann.
2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/name-constraints.c: Added missing file
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/priority_options.gperf: priority string flag
VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
handshake timers when gnutls_handshake() is called.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
catch a timeout issue in handshake().
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: doc update
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
multiple flags in gnutls_x509_crt_get_name_constraints()
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: Do not deinitialize the constraints
structure when reading the constraints fails.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
lib/x509/output.c: Allow appending name constraints.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
setting a non-critical name-constraints extension.
2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/name_constraints.c: better checking of unsupported
constraints.
2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
lib/x509/x509_int.h, tests/Makefile.am: Added support for name
constraints X.509 extension. This allows to generate and read the name constraints extension, as
well as check against the DNSNAME value.
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: depend on p11-kit 0.20.0 or later
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/chainverify.c: changed names for clarity
2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_pcert.c: Corrected bug in
gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
gnutls_x509_crt_list_import() would fail with the provided data.
Reported by Dmitriy Anisimkov.
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: corrected suppressions file
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: do not mention
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation
2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
tests/chainverify.c: removed deprecated flag
2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/cover.tex: added Ted
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: set value to null after releasing
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/slow/keygen.c: generate keys in the acceptable sizes in
FIPS140 mode
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/crq_key_id.c: generate 2048 bit keys in RSA mode
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/x509.c, lib/x509/x509_int.h: Added
_gnutls_parse_general_name2()
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: ensure that _gnutls_x509_read_value works as
documented.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: ensure that the issuer in present in a trusted
module.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Use the
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
trusted modules are used.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
marked as trusted PKCS #11 module. The marking is done on p11-kit
configuration.
2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: mark trusted p11-kit modules as trusted.
2014-02-12 Marcus Meissner <meissner@suse.de>
* src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
for the ipv6 address fails, this loop would fail and abort the
socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added test for pathlen constraints.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/chainverify.c: Added check for v1 intermediate CA
certificate
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: Fix bug that prevented the rejection of v1
intermediate CA certificates. Reported by Suman Jana.
2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function
2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
timestamps for serial numbers.
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* maint.mk: updated indent cmd
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* cfg.mk: corrected indent parameters
2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
do not redefine the _gnutls_x86_cpuid_s symbol
2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
security levels of PFS, SECURE128 and SECURE192 keywords.
2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: reduced security levels of SECURE128 and
SECURE192 strings.
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: only test libz if it is available
2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: check errors from
gnutls_priority_set_direct().
2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: increased the interval between reading
/dev/urandom
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
certtool option to allow asking for passwords even when in batch
mode.
2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-common.c: use newlines in error printing
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: when using a PKCS #11 module for verification
ensure that it has been marked a trusted module in p11-kit.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
p11-kit's P11_KIT_MODULE_TRUSTED flag.
2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: use macros to set the level.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
reference manual to remove individual indexes that were not working.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphersuites.sh: corrected
test-ciphersuites.sh test
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: consider the initial keyword set even when
it's set to NONE.
2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: When two initial keywords are specified
then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
SECURE256:+SECURE128.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
multiple initial keywords in a priority string, the security level
set is the one of the lowest security.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify.c: better wording
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: corrected bug in DH exponent size calculation.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
extension. This is an extension that is defined to be sent by the client but
there are servers that include it as well. Most other
implementations tolerate this behavior so we do.
2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: corrected typo
2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
requirements for all ciphersuites that are not GCM.
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: return proper error on RSA key generation failure
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c:
allow a missing u
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_hash_int.c: Added sanity check in hash_init() and
mac_init().
2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd.c: use some kind of key continuity in the nonce
RNG.
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: when importing public keys set the correct
algorithm.
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
by one byte
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: corrected calculation
2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: corrected prototype
2014-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/Makefile.am,
lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
lib/nettle/pk.c: Added FIPS184-4 RSA key generation.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c, lib/libgnutls.map: rename function
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_db_get_cache_expiration()
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: removed unused variables
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
lib/x509/privkey.c: Allow verification of public and private
parameters.
2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
keys.
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/resume.c: Added check for gnutls_db_check_entry_time().
2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_db.c: correctly read the magic number and timestamp;
report and patch by Jonathan Roudiere
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/scripts/getfuncs-map.pl: updated for new functions
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: exported function needed for fips test
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
lib/gnutls_privkey_raw.c: compile missing file
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: indented
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: eliminated memory leak when generating a
privvate key using gnutls_privkey_generate().
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
gnutls_privkey_import_rsa_raw
2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected usage of privkey
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
number
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: optimized string search in _oid2str table.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/dn.c: copyright update
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c: fixed null pointer derefence when printing a
name and an LDAP description isn't present for the OID
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
to release verify that the exported functions in the .map file match
the headers.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported missing functions
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported function
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
FIPS140 mode.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-global-load.c: removed non-working test for static
linking.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rng-fork.c: increased the number of bytes requested by the
RNG
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
The AES-CTR-based nonce random number generator was replaced with
salsa20.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
function prototypes.
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
the prototype of _gnutls_mpi_div
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
_gnutls_mpi_mul_ui
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
prototype of _gnutls_mpi_powm
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
mpi_scan macros
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: reduced warnings
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
_gnutls_mpi_set_ui,, _gnutls_mpi_copy
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
_gnutls_mpi_modm
2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
added _gnutls_mpi_init_multi
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd.c: reduced the number of system calls made during
the random generator lock.
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
string by default in examples (not yet).
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
to avoid becoming a bottleneck on processes with many threads.
2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.h: corrected push/pull function setting
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: do not impose limits to index
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c:
Fixes in the Shawe-Taylor prime generation routine.
2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: cleanups
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: increased seed length
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: cleanups
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/provable-prime.c: indented code
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
_gnutls_pk_params_copy makes a full duplicate.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
lib/x509/privkey.c: Added macros to allow specifying a subgroup for
DSA.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
Added gnutls_privkey_get_pk_rsa_raw: Added
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map: exported more internal functions
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
keys.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: Split the generation of keypair from
the generation of parameters.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
_dsa_validate_dss_g, and other fixes in validation.
2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c,
lib/nettle/int/dsa-validate.c: indented files
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
_dsa_generate_dss_pq
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/dsa-keygen-fips186.c: fixed copyright
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
vectors for the fixed implementation.
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/random.c: register FIPS140 random generator prior to
initialization
2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
generator.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: no point to fail on 3DES weak keys.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: use a single context for all stream ciphers.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c: Added ARCFOUR-128 self test.
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_pubkey.c: always set subkey status
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-dtls-record.c: small updates in mini-dtls-record
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c: simplified client hello generation
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h: %COMPAT implies %DUMBFW
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization
2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: use a single buffer to generate the client
hello.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
lib/random.c: The FIPS140 random number generator is enabled
conditionally when required.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/gnutls.h.in: removed duplicate function
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.
2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: use newline
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: when freeing priority_cache make sure it is
set to NULL
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_x509.c: Clarified version
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h:
gnutls_global_set_mem_functions was deprecated
2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
warning; all systems we support set this function.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/Makefile.am: generate info documentation in a single file
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
certificates is now replaced by the verification profiles.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: no need to set profile to LOW as it is already
the default
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
macro
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: decreased certificate verification level to
allow SHA1 as hash.
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/x509/verify.c: When verifying a
certificate's security level ensure that the hash is within the
level
2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/complex-cert.pem: updated test for level rename
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suppressions.valgrind: updated memxor3 suppression to cope
with any usage of memxor3
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: The correct priority will be used if SYSTEM
is not specified.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: do not immediately fail on verification failure
due to insecure algorithm.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
gnutls_priority_set_direct() to set a fixed priority string
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c: avoid allocation.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
priorities based on version number in examples, and add dependency
on 3.1.0
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
lib/gnutls_priority.c: changes in SYSTEM semantics to allow
appending rules to the default policy.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used
to read the priorities. That can be used to impose system specific
policies.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: Weak sec-param was replaced with Low.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/sec-params.c: updated sec-params check
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, src/certtool-common.c, src/serv.c: more updates for the
security param rename
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
test to check the expected values of security parameters.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: security levels aligned to ENISA and
other common practice recommendations.
2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
lib/priority_options.gperf, lib/x509/verify.c:
GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
Also when setting a PROFILE explicitly as priority string the
session security level is adjusted accordingly.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi: doc update
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_priority.c,
lib/priority_options.gperf: Use gperf to find priority string
options.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: verification profiles can be set
individually as well.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
update
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_priority.c: increased the overall security level unless
%COMPAT is specified.
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
verification profiles when setting priority strings
2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c:
Added certificate verification profiles.
2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: simplified _gnutls_verify_certificate2().
2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c: consistency changes.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
description.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust
list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
RDN sequence. This flag is for now only useful internally in gnutls.
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509dn.c: simplified x509dn
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
set_pkcs12_cred test.
2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, lib/pkcs11.c: doc update
2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
servers Without this patch, a TLS 1.2-only server will not be properly
investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
--x509certfile=server/x509.pem --priority
'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
localhost Resolving 'localhost'... Connecting to '::1:5556'...
Checking for SSL 3.0 support... no Checking whether %COMPAT is
required... yes Checking for TLS 1.0 support... no Checking for TLS
1.1 support... no Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... yes Checking whether we need to
disable TLS 1.2... N/A Checking whether we need to disable TLS
1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014-01-06 Nils Maier <maierman@web.de>
* lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
full packet before setting priv->expect_cstatus = 0, or else
CERTIFCATE STATUS packets won't be processed in subsequent calls at
all, leaving them in the buffer and therefore causing later
connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
looking for a trusted certificate.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
gnutls_certificate_set_x509_crl_file/mem.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: simplified
gnutls_certificate_set_x509_trust_file/mem.
2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high2.c: use gnutls_strdup
2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: mini-record-2 movedto front.
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: removed debugging
2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
and distrust (blacklists).
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: more sensible names in find data private structures.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
GNUTLS_PKCS11_ISSUER_ANY is not specified.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
lib/pkcs11_write.c: unified PKCS#11 debug messages
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
Updated PKCS #11 support for
gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
importing all CAs. That way it allows verification on the spot
without requiring the gnutls to restart in case of a blacklisted CA.
2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added documentation for force autogen to
generate correct texinfo code.
2013-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/resume-dtls.c, tests/resume.c: resume tests will not block
if they fail
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: moved constructor definitions to macros to
allow easier extensions to other systems.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/rng-fork.c: perform the iteration check on both rngs.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suppressions.valgrind: Add suppression for nettle's memxor3
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-record.c: updated
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
the current size of the client hello.
2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: doc update
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c: do not pad when the client hello size is
sufficiently small.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
padding if the hello data are already too long.
2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: export only xssl symbols; small patch by Andreas
Metzler.
2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
* src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: limit the size of the DH exponent
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: unified constants
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/fips-test.c: Do not run the fips-test when not in fips mode
2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/ext/status_request.c,
lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h:
simplified gnutls_handshake_alloc
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: do not specify a default class when searching
for objects to delete This fixed issue when trying to delete all the keys in a token by
using the token URL.
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
flag to force security office login to the card
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: updated txt
2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/pkcs11.c: print warning when no token name is provided
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/common.c: Added userPrincipalName
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
parameter is ignored.
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/cli.c: corrected key ID size check
2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: Ported Alon's patch to correctly check for librt (et
al.) This also makes clock_gettime() check independent of the FIPS140
option.
2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def: Added aliases list-privkeys and list-keys
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: undefine select as well in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c, tests/mini-dtls-record.c,
tests/mini-handshake-timeout.c: corrected some tests to operate
silently under valgrind
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mpi.c, tests/x509cert-tl.c: corrected leaks
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: do not use the gnulib wrappers in win32
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
set the gnulib functions for recv and send.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/elf/cpuid-x86_64.s: updated
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
time.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/x509cert-tl.c: corrected check
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/verify-high.c: removed debugging
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/pkcs12_s2k.c: corrected paths
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
pkcs11_get_random was renamed
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
generated files
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: correctly generate asm sources
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: gnu note for stack only used in ELF
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
files
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/accelerated/Makefile.am,
lib/accelerated/accelerated.c: Improved nettle check for
registration of accelerated ciphers.
2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am: use the correct sources in win32
systems
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: simplified deps
2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testdane: updated danetool
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ecc.c: changed default to 256R1
2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am: the accelerated library is depending on nettle
being present
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool-args.def: doc update
2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-tokens.texi: updated to account the file format p11-kit
expects
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/openssl: restricted submodule to a specific version
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, cfg.mk: bootstrap will initialize the submodules
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
devel/perlasm/openssl-cpuid-x86.pl.license,
devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
devel/perlasm/sha1-ssse3-x86_64.pl,
devel/perlasm/sha256-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86_64.pl,
devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
using git submodule
2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/system.c: Added configure option
--with-default-blacklist-file This option allows to specify a file containing blacklisted
certificates.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high.c, lib/x509/verify-high2.c:
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
black list. When a CA or certificate is removed from the trusted list, it is
also added in a blacklist to ensure that it will not be accepted due
to interdependency (e.g., it is a subordinate CA), or because it is
not a CA.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/verify-high2.c: Corrected documentation for
gnutls_x509_trust_list_add_trust_*
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
in gnutls_pkcs11_reinit.
2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/mac.c: Avoid verbose logging
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h:
use better definitions
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-cert-status.c: doc update
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers
provided to crypto backend are ensured to be 16-byte aligned (except
the ones provided by the user). That increases performance in
several crypto accelerators.
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-dtls-large.c: updated to correspond to new fail()
2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
_mbuffer_alloc
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-cbc-x86-aesni.c,
lib/accelerated/x86/aes-cbc-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/sha-padlock.c,
lib/accelerated/x86/sha-padlock.h,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
lib/accelerated/x86/x86-common.c: reorganized source files.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-aesni.c,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
AESNI is available without PCLMUL, then use AES-NI in GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-x86.c: addressed warning
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
AESNI
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/hmac-x86-ssse3.c,
lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c:
use better names for files
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/hmac-padlock.c: zeroize keys
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/Makefile.am,
lib/accelerated/x86/aes-gcm-x86-pclmul.c,
lib/accelerated/x86/aes-gcm-x86-ssse3.c,
lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
PCLMUL isn't available use the SSSE3 implementation of AES to
optimize GCM.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: removed UMAC ciphersuites from benchmark
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/benchmark-tls.c: removed the estream ciphersuites from
benchmarks
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
devel/perlasm/aes-ssse3-x86.pl.license,
devel/perlasm/aes-ssse3-x86_64.pl,
devel/perlasm/aes-ssse3-x86_64.pl.license,
devel/perlasm/aesni-x86.pl.license,
devel/perlasm/aesni-x86_64.pl.license,
devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
devel/perlasm/cpuid-x86_64.pl.license,
devel/perlasm/e_padlock-x86.pl.license,
devel/perlasm/e_padlock-x86_64.pl.license,
devel/perlasm/ghash-x86.pl.license,
devel/perlasm/ghash-x86_64.pl.license,
devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
devel/perlasm/openssl-cpuid-x86.pl.license,
devel/perlasm/ppc-xlate.pl.license,
devel/perlasm/sha1-ssse3-x86.pl.license,
devel/perlasm/sha1-ssse3-x86_64.pl.license,
devel/perlasm/sha256-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86.pl.license,
devel/perlasm/sha512-ssse3-x86_64.pl.license,
lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
lib/accelerated/x86/coff/aes-ssse3-x86.s,
lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aes-ssse3-x86.s,
lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/cpuid-x86.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
lib/accelerated/x86/macosx/aes-ssse3-x86.s,
lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
Hamburg's SSSE3 AES implementation.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: doc update
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
devel/perlasm/sha1-ssse3-x86.pl,
devel/perlasm/sha1-ssse3-x86_64.pl,
devel/perlasm/sha256-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86.pl,
devel/perlasm/sha512-ssse3-x86_64.pl,
lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/coff/aesni-x86.s,
lib/accelerated/x86/coff/aesni-x86_64.s,
lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
lib/accelerated/x86/coff/cpuid-x86-coff.s,
lib/accelerated/x86/coff/cpuid-x86.s,
lib/accelerated/x86/coff/cpuid-x86_64.s,
lib/accelerated/x86/coff/e_padlock-x86.s,
lib/accelerated/x86/coff/e_padlock-x86_64.s,
lib/accelerated/x86/coff/ghash-x86_64.s,
lib/accelerated/x86/coff/openssl-cpuid-x86.s,
lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/coff/sha1-ssse3-x86.s,
lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
lib/accelerated/x86/coff/sha256-avx-x86_64.s,
lib/accelerated/x86/coff/sha256-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86.s,
lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
lib/accelerated/x86/elf/aesni-x86.s,
lib/accelerated/x86/elf/aesni-x86_64.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86.s,
lib/accelerated/x86/elf/cpuid-x86-64.s,
lib/accelerated/x86/elf/cpuid-x86_64.s,
lib/accelerated/x86/elf/e_padlock-x86.s,
lib/accelerated/x86/elf/e_padlock-x86_64.s,
lib/accelerated/x86/elf/ghash-x86_64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86.s,
lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
lib/accelerated/x86/elf/sha256-avx-x86_64.s,
lib/accelerated/x86/elf/sha256-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86.s,
lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
lib/accelerated/x86/macosx/aesni-x86.s,
lib/accelerated/x86/macosx/aesni-x86_64.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
lib/accelerated/x86/macosx/cpuid-x86.s,
lib/accelerated/x86/macosx/cpuid-x86_64.s,
lib/accelerated/x86/macosx/e_padlock-x86.s,
lib/accelerated/x86/macosx/e_padlock-x86_64.s,
lib/accelerated/x86/macosx/ghash-x86_64.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
implementations
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
Utilize the optimized SHA functions in Padlock HMAC.
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: use a single BUILT_SOURCES
2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
minor phrasing improvements in docs
2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: Added auto-generated files in BUILT_SOURCES
2013-12-13 Jared Wong <jaredlwong@gmail.com>
* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
line_size. All checks were being done where the line_size check was done last.
This allows data to be read from one past teh end of the line
buffer. In C, accessing data outside of an array is undefined
behavior and may cause yet known problems. Additionally, the
compiler may end up making some unreasonable assumptions under the
pretense that the programmer is never wrong and would not access
data outside of the array.
2013-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/libopts/m4/libopts.m4: Avoid conditional generation of
Makefile
2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
prime size as well.
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported function
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_record.c,
lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
gnu-ism in Makefiles
2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: simplified logic
2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Correctly detect the FIPS140-2 HMAC file.
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
exported pkcs11 functions initialize PKCS #11.
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: fixes in PKCS #11 initialization
2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: provide imprecise time as gmt time.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
auto-reinitialization.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
fully initialize the PKCS #11 subsystem only when it is needed to.
2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
check to verify that gnutls_global_init() is run on the library
constructor.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/global-init.c: converted to a simple check for
gnutls_global_init() as gnutls_global_init2() will not be added.
2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11.c: call p11_kit_modules_load() with null argument.
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: only use LT_INIT
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: disable static library build by default
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
gnutls_global_init2() is no longer exported.
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/pkcs11.c: Added automatic reinitialization on fork() on the
PKCS #11 subsystem.
2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
use.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
Use a DRBG-AES to generate nonces rather than the yarrow RNG.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: getpid() is conditionally used.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
auto-generated files
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
tests/fips-test.c: removed zombie mode, and no longer use fips140.h
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
to gnutls.h
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: simplified func
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/nettle/pk.c: corrected macros
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: Check whether the RNG can perform many
iterations without error.
2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
exceed a number of iterations.
2013-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
mutex to avoid any side-effects.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/locks.h: re-initialize a deleted staticly initialized mutex
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/pk.c: Added hack for nettle's checks.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: adjusted parameters in normal level
for DSA to match nettle's abilities.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool.c: added newlines in error reporting
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
tests when used from slow/cipher-test
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/global-init.c: updated test for the universal lib
constructor
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: removed deadlock from gnutls_global.c
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/gnutls_global.c: constructor and destructors were
moved outside the FIPS140 mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
when not in FIPS140 mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c:
fips140_simulate_error -> lib_simulate_error
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/secparams.c: adjusted subgroup bits to be
compatible with DSA requirements.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even
when not in FIPS mode.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c: removed usage of %zu.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-overhead.c: updated mini-overhead to account for the
removal of salsa20+umac
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.h: Detect the presence of posix locks even without
linked to libpthread.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
for camellia-gcm.
2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: remove bashism.
2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: updated links in reference.
Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/reference/gnutls-docs.sgml: updated links in reference.
Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
updated addresses and URLs. Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
updated addresses and URLs. Reported by Nico R.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
*structors to fips.c
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
by Ben de Graaff.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
by Ben de Graaff.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Added ECDH known answer test.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
Diffie-Hellman key exchange.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
1.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c:
compacted DH support files.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
they are not needed.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: When checking the generated DSA params make
sure that the data to be signed have the proper size.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
functions. This allows handling DH key generation in the crypto backend files.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
DRBG-AES generator by using a counter (with an arbitrary initial
value) as DT.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c: Added pairwise constistency test on key
generation.
2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero
2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/certtool.cfg: updated example certtool.cfg
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
a compiler optimizing out out calls.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
DH and DSA key q size.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: corrected params for ULTRA level
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: Re-run receiving tests on server side, to
allow any valgrind errors to propagate to exit code.
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Perform an integrity check on all supporting libraries
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/certtool.c: In FIPS mode the default cipher is AES.
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: Do not link gnutls against librt unlress it is
really necessary.
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: checks FIPS-140 lib requirements, moved after
clock_gettime() is checked for.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/armor.c: removed unused function
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/opencdk/pubkey.c: removed unused variable
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, tests/mini-xssl.c,
tests/pkcs12_simple.c: Skip tests that require the non-suiteb
curves.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h:
_gnutls_privkey_decode_ecc_key() returns integers as error code to
distinguish error conditions.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
curves).
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: updated
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
parameter generator.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed unneeded newlines
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files ignored
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/nettle/Makefile.am, lib/nettle/gcm-camellia.c,
lib/nettle/gcm-camellia.h, lib/nettle/int/drbg-aes-self-test.c,
lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
lib/nettle/int/gcm-camellia.c, lib/nettle/int/gcm-camellia.h,
lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-record-2.c: Added deflate compression tests with
AES-GCM in order to be tested in FIPS mode.
2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: corrected comparison
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: Allow MD5 hash in zombie mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.h: fixed bug
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/Makefile.am: don't run openssl (md5) when in fips mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, tests/fips-test.c: separate zombie mode from
operational fips mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/fips-test.c: modified to account for zombie mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
in openssl keys.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: beautified table
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: added new functions
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: eliminated memory leak on PK self
check.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.c, lib/gnutls_global.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c:
Added gnutls_global_init2(). This allows initializing gnutls in a
constructor in FIPS140 mode
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: Added an audit message in self test failure
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
messages.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c: binary integrity self test moved to end
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_errors.h: simplified debugging levels.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509_b64.c: silence some errors
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: updated
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c:
Better handling of FIPS140-2 initialization
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
determine which curves are available.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c:
gnutls_key_generate() is restricted by the size of the initial RNG
seed in FIPS140-2 mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
FIPS mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: when using the rng() with a void option use the
FIPS state to indicate errors.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c:
Restrict the number of tests run on FIPS140-2 mode.
2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
FIPS140-2 mode disable non-conformant ciphers, MAC and hash
algorithms.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c:
Use nettle for the generation of DH group parameters.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: no need to memset. It should have been
initialized.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
tests/cert-tests/ca-no-pathlen.pem,
tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
not involve the security level into the certificate comparisons.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and
DH keys.
2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/algorithms/secparams.c: restricted combinations of security
parameters in FIPS mode.
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed the initialized static variable.
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
lib/nettle/rnd-fips.c: Corrected _rnd_get_event().
2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c:
Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
_gnutls_mpi_mod().
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/rng-fork.c: In rng_fork test all random generators.
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: comments updated to conform to the modified
version.
2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/rnd-fips.c: removed external test functions
2013-11-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
libgcrypt's AES-based DRBG.
2013-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
of nettle's RNG.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
overwritten
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_pkcs8.c: corrected typo
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
keys.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/x509/privkey_openssl.c: more keys are zeroized
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* m4/hooks.m4: require libtasn1 3.4
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
lib/minitasn1/element.c, lib/minitasn1/element.h,
lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
lib/minitasn1/structure.c, lib/minitasn1/structure.h,
lib/minitasn1/version.c: updated libtasn1 version
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/nettle/pk.c: use the most appropriate nettle function
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
lib/x509/privkey_pkcs8.c: better naming for free_datum functions.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
buffers of private keys.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
ECC secret scalars and points.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
lib/nettle/mac.c: Added zeroization of keys in several parts within
gnutls.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_dh.c: doc update
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
primitives.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
_gnutls_mpi_release()
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
and added a self test for it.
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/fips.c, lib/fips.h: Added binary integrity test
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
for fips states. This implies that when in FIPS mode and the library is not in
operational state (i.e., all self checks succeeded), crypto
functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
tests/slow/cipher-test.c: indented code
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* NEWS: doc update
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
tests/slow/cipher-test.c: Self checks are conditionally included in
the library.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
RSA, DSA and ECDSA.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
specifying an explicit curve.
2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
lib/libgnutls.map: Added gnutls_privkey_generate().
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/crypto-selftests-pk.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
key usage.
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
tests/slow/cipher-test.c: Added option to run all available self
tests per category in a single run.
2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
self-tests by adding digest and MAC tests.
2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/Makefile.am, lib/crypto-selftests.c,
lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
tests/slow/cipher-test.c: Added self tests
2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: check for alternative unbound root key files.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/debug.c: increased buffers
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-64-coff.s,
lib/accelerated/x86/coff/padlock-x86-coff.s,
lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
lib/accelerated/x86/elf/appro-aes-x86-64.s,
lib/accelerated/x86/elf/padlock-x86-64.s,
lib/accelerated/x86/elf/padlock-x86.s,
lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
auto-generated asm files. This fixes a valgrind complaint when
AES-NI is in use.
2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
devel/perlasm/x86nasm.pl: updated perlasm files
2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac, lib/Makefile.am: Do not link gnutls against librt
unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignore
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: updated e-mail address
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/manpages/Makefile.am: use $shell()
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, src/args-std.def: handle centrally more variables
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
manpage generation (and information stored to it).
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
auto-generated doc files.
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c:
certtool's --verify option if not supplied with a CA list, will use
the system's CA list.
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h: cast the expiration time to time_t
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/x509_write.c: doc update
2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
for the 'no well defined' expiration time.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
gl/tests/Makefile.am, gl/tests/strerror-override.c,
gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
module.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/nettle/egd.c: better use of errno
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/latex/epub.tex, doc/latex/gnutls.tex,
doc/scripts/mytexi2latex: use eurosym package for euro symbol
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: Corrected check of usage of local libopts when
autogen isn't present
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am,
tests/cert-tests/template-dn-err.tmpl,
tests/cert-tests/template-test: Verify failure of DN parsing in a
wrong DN.
2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_compress.c: disallow any compression in DTLS
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
mini-deflate was combined with mini-record-2
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
lib/gnutls_record.h: Corrected bug which affected compressed
records. Less space was provided for decryption than the required causing
disconnection issues when compression was used. The issue was
pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
max_decrypted_size() and max_record_recv_size().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c: check return code of gnutls_rnd().
2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
session tickets.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated cross.mk
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system.c: fixed for win32
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_buffers.c: added assert to trace errors.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cross.mk: updated
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: link all programs with libgnu_gpl to avoid
conflicts from header files.
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
Added progname module which is used by error().
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/socket.c: safer usage of strerror
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
libopts
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/Makefile.am: corrected libopts patch
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/gl/error.c: removed unneed line
2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: ignore xssl manpages
2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
secure128 level.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: generate ChangeLog after doc/ is checked.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/scripts/getfuncs.pl: made more clever to ignore inline
function body.
2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
auto-generated files
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/libgnutls.map: exported gnutls_est_record_overhead_size
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: do not add newline (it's already in the
printed string)
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
function is not updated if it is already set.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/cha-gtls-app.texi: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: updated
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: bumped version
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: updated glimport
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
Added self checks for new date reading functionality
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, src/Makefile.am, src/certtool-args.def,
src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
activation_date and expiration_date options to certtool template
file.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
src/gl/m4/error.m4, src/gl/m4/extensions.m4,
src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
src/gl/strerror-override.c, src/gl/strerror-override.h,
src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
src/gl/xmalloc.c: Added a gnulib with GPL components for use by
applications.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
corrected bug reporting address.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
for overflows when setting time and allow a time of -1.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, tests/cert-tests/Makefile.am,
tests/cert-tests/template-overflow.pem,
tests/cert-tests/template-overflow.tmpl,
tests/cert-tests/template-overflow2.pem,
tests/cert-tests/template-overflow2.tmpl,
tests/cert-tests/template-test: Dates and time that would overflow
the GeneralTime are also truncated. We may need to revise that
around 9999 CE.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/invoke-certtool.texi,
doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
doc/invoke-psktool.texi, doc/invoke-srptool.texi,
doc/invoke-tpmtool.texi: force serialized generation of
invoke-*texi, to avoid autogen issue.
2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
(time_t)-1 will set to the no well-defined expiration date value.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_handshake.c: correctly set the ciphersuite when the
set_premaster interface is used.
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_state.c: check for a valid blocksize prior to entering
loop
2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
if set to a number will enable logging to stderr.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: corrected
issue with a not-yet-valid certificate
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
addresses.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* src/serv.c: simplified function
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
with fedora's openssl
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure.ac: print whether the local libopts or libtasn1 are
being used.
2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gl/Makefile.am, gl/base64.c, gl/intprops.h,
gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
maint.mk: Added intprops module (which is needed by newer libtasn1
versions)
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_int.h: use the bool expression instead of unsigned
int:1.
2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/gnutls_global.c: doc update
2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
* lib/system.h: define GNUTLS_PATH_MAX globally.
2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/testcompat: do not run on clippled versions of openssl
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/x509/common.c, lib/x509/extensions.c: simplified functions.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/ciphersuite/test-ciphers.js,
tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
test
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
several functions.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/utils.c: always exit when fail is called.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: reduced the stack size warning size.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
string option. This works around issues when connecting behind some firewalls.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
Andreas Metzler.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
of GNUTLS_PKCS11_PIN.
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-p11tool.texi: doc update
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests/suite/pkcs11-certs/ca-tmpl,
tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
tests/suite/pkcs11-certs/client-tmpl,
tests/suite/pkcs11-certs/client.crt,
tests/suite/pkcs11-certs/client.key,
tests/suite/pkcs11-certs/server-tmpl,
tests/suite/pkcs11-certs/server.crt,
tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
test suite for PKCS #11 cards (not executed automatically).
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
self-signed certificates present in the chain
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: simplified checks
2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/common.c, src/p11tool-args.def: Allow getting the PIN from the
GNUTLS_PKCS11_PIN environment variable.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/TODO: updated
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
Added export-chain option to p11tool
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/Makefile.am, lib/gnutls_pubkey.c,
lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
The latter function allows to obtain the issuer of a certificate
stored in a token. While traversing tokens, use the URL provided by the user, to avoid
looking for objects in unrelated tokens.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure.ac: test before copy
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
function prototypes to account for the new indentation.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
doc/manpages/tpmtool.1: doc update
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
indentation in headers.
2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am, configure.ac: stribute the autogen'erated files as
.bak and enable them only if local libopts is being used.
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc/alert-printlist.c, doc/common.c, doc/common.h,
doc/errcodes.c, doc/examples/ex-alert.c,
doc/examples/ex-cert-select-pkcs11.c,
doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
doc/examples/ex-x509-info.c, doc/examples/examples.h,
doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
lib/accelerated/x86/aes-gcm-padlock.c,
lib/accelerated/x86/aes-gcm-x86.c,
lib/accelerated/x86/aes-padlock.c,
lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
lib/accelerated/x86/aes-x86.h, lib
...