]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Fri, 20 Aug 2010 17:41:34 +0000 (19:41 +0200)]
prevent a memory leak in the unique_id functions.
Brad Hards [Fri, 20 Aug 2010 17:36:34 +0000 (19:36 +0200)]
As identified in a previous mail, I've added support for accessing / displaying
the subjectUniqueID and issuerUniqueID fields within an X.509 certificate. This
is provided (along with a test case) in the attached patch.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 20 Aug 2010 17:05:53 +0000 (19:05 +0200)]
By default lowat is set to zero.
Nikos Mavrogiannopoulos [Thu, 19 Aug 2010 13:55:16 +0000 (15:55 +0200)]
Revert "When scanning for terminator character for PKCS #11 URLs ignore escaped \;."
This reverts commit
583fad076506421c9007a3349784496e2927dcd1 .
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 17:40:02 +0000 (19:40 +0200)]
Added Sjoerd.
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 17:35:58 +0000 (19:35 +0200)]
libnettle is the default crypto library.
Nikos Mavrogiannopoulos [Wed, 18 Aug 2010 16:35:21 +0000 (18:35 +0200)]
oldstate var removed.
Nikos Mavrogiannopoulos [Tue, 17 Aug 2010 17:54:06 +0000 (19:54 +0200)]
mini-eagain will fail with EAGAIN error one every two attempts. That is to remove probabilities.
Sjoerd Simons [Wed, 11 Aug 2010 12:49:46 +0000 (13:49 +0100)]
Remember the amount of user data we're sending out
Partially reverts
3ef62950845f551ebc629e50d5ddf75f71b84294 . gnutls_record_send
needs to return the amount of user-data we sent, so we need to keep this
information somewhere to return it when we succeed in sending that data.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sjoerd Simons [Wed, 11 Aug 2010 12:48:26 +0000 (13:48 +0100)]
Check whether the error is fatal in more cases
When stressing the async API of gnutls a lot of internal errors are hit as
IMED_RET clears the handshake hash buffers as a result of -EAGAIN even though
it would never be re-initialized at that point, but is still needed in later
stages.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sjoerd Simons [Wed, 11 Aug 2010 10:06:43 +0000 (11:06 +0100)]
Add state for flushing the handshake buffer
A seperate state is needed between flushing the handshake buffers and sending
the chipher spec change otherwise it's impossible to determine whether
_gnutls_send_change_cipher_spec is called for the first time or again.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Simon Josefsson [Sun, 1 Aug 2010 21:22:26 +0000 (23:22 +0200)]
Fix warning.
Nikos Mavrogiannopoulos [Thu, 29 Jul 2010 08:33:47 +0000 (10:33 +0200)]
Define HAVE_GCRYPT when using gcrypt. nettle is no longer marked as unsupported.
Nikos Mavrogiannopoulos [Thu, 29 Jul 2010 08:26:33 +0000 (10:26 +0200)]
Added Camellia-128/256, SHA-224/384/512 and support for DSA2 when using nettle.
Nikos Mavrogiannopoulos [Wed, 28 Jul 2010 15:48:40 +0000 (17:48 +0200)]
When scanning for terminator character for PKCS #11 URLs ignore escaped \;.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:21:46 +0000 (17:21 +0200)]
Modified the example to work in TLS 1.2.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:13:56 +0000 (17:13 +0200)]
Added RSA_NULL_SHA1 and SHA256 ciphersuites.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 15:12:19 +0000 (17:12 +0200)]
When signature algorithms extension is not received allow SHA1 and SHA256.
Nikos Mavrogiannopoulos [Mon, 26 Jul 2010 14:40:31 +0000 (16:40 +0200)]
NULL MAC renamed to MAC-NULL
Simon Josefsson [Sun, 25 Jul 2010 16:27:04 +0000 (18:27 +0200)]
Avoid fixed size buffers (now handles the big >100 SAN cert).
Simon Josefsson [Sun, 25 Jul 2010 16:12:54 +0000 (18:12 +0200)]
Generated.
Simon Josefsson [Sun, 25 Jul 2010 16:12:07 +0000 (18:12 +0200)]
Re-add old NEWS entries.
Simon Josefsson [Sun, 25 Jul 2010 16:07:57 +0000 (18:07 +0200)]
Doc fix.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 14:25:28 +0000 (16:25 +0200)]
Do not trust fbase64_decode to return 0 on success.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 14:18:20 +0000 (16:18 +0200)]
gnutls_x509_privkey_import() will fallback to gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to decode the key.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 09:28:39 +0000 (11:28 +0200)]
Added GNUTLS_PK_DH to differentiate in the generation of parameters with PK_DSA
that requires special treatment.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 09:10:21 +0000 (11:10 +0200)]
Corrected wrong descriptions of security levels.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 08:53:11 +0000 (10:53 +0200)]
use RSA-SHA1 as an indicator of RSA certificates.
Nikos Mavrogiannopoulos [Sat, 24 Jul 2010 08:54:06 +0000 (10:54 +0200)]
Fix DSA key values to avoid generating normal and reporting them as low.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 21:48:45 +0000 (23:48 +0200)]
Better handling of security parameters to key sizes matching (via a single table). Added
functions to return the security parameter of a private key.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:38:31 +0000 (20:38 +0200)]
Simplified documentation.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:16:19 +0000 (20:16 +0200)]
Follow ECRYPT II recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 18:06:35 +0000 (20:06 +0200)]
Updated documentation and gnutls_pk_params_t mappings to ECRYPT II recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 17:36:48 +0000 (19:36 +0200)]
HMAC-MD5 deprecated according to ECRYPT II yearly report (2009-2010) recommendations.
Nikos Mavrogiannopoulos [Fri, 23 Jul 2010 06:24:28 +0000 (08:24 +0200)]
added missing file key-subca-dsa.pem
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 17:43:43 +0000 (19:43 +0200)]
ignore html errors otherwise make dist doesn't work.
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 17:43:30 +0000 (19:43 +0200)]
updated NEWS
Nikos Mavrogiannopoulos [Thu, 22 Jul 2010 15:20:15 +0000 (17:20 +0200)]
Added option for certtool to print certificate public key.
Nikos Mavrogiannopoulos [Wed, 21 Jul 2010 07:17:34 +0000 (09:17 +0200)]
Added SIG_RSA_MD5_OID as an indicator of RSA. Some microsoft products were using it. Reported by Mads Kiilerich.
Nikos Mavrogiannopoulos [Mon, 19 Jul 2010 11:37:34 +0000 (13:37 +0200)]
Added RSA with SHA224.
Nikos Mavrogiannopoulos [Sat, 17 Jul 2010 15:51:52 +0000 (17:51 +0200)]
Added blinding to RSA decryption AND signing. Will stay there until it is moved to nettle itself.
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 09:57:06 +0000 (11:57 +0200)]
fixed
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 09:52:13 +0000 (11:52 +0200)]
Added support for EGD daemon in nettle's RNG. It is used if /dev/urandom
is not present.
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 07:50:44 +0000 (09:50 +0200)]
Corrected the lowat behavior. Documented that it will be deprecated in
later versions.
Nikos Mavrogiannopoulos [Sun, 11 Jul 2010 07:50:24 +0000 (09:50 +0200)]
gnutls-serv: Do not print CR/LF if received, but instead print LF only.
Nikos Mavrogiannopoulos [Sat, 10 Jul 2010 21:25:31 +0000 (23:25 +0200)]
system specific functions were moved to system.c
Nikos Mavrogiannopoulos [Sat, 10 Jul 2010 21:10:45 +0000 (23:10 +0200)]
Support scattered write using writev(). This takes
advantage of the new buffering layer and allows queuing of packets
and flushing them. This is currently used for handshake messages
only. Performance-wise the difference of packing several TLS records
in a single write doesn't seem to offer anything over ethernet (that
my tests were on). Probably on links with higher latency there would
be a benefit.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 16:04:08 +0000 (18:04 +0200)]
Removed old reference.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:55:54 +0000 (17:55 +0200)]
ex-rfc2818 is now a functional program demonstrating the verification procedure.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:35:34 +0000 (17:35 +0200)]
Example with export ciphersuites was removed.
Nikos Mavrogiannopoulos [Thu, 8 Jul 2010 15:33:16 +0000 (17:33 +0200)]
corrected typo
Nikos Mavrogiannopoulos [Wed, 7 Jul 2010 11:31:28 +0000 (13:31 +0200)]
Use the same "e" for RSA as libgcrypt. It's the fastest choice.
Nikos Mavrogiannopoulos [Mon, 5 Jul 2010 06:32:00 +0000 (08:32 +0200)]
Do not crash if input is redirected from /dev/null.
Nikos Mavrogiannopoulos [Mon, 5 Jul 2010 06:21:07 +0000 (08:21 +0200)]
Changed the default pkcs-cipher to AES-128. Allowed specifying the 3des-pkcs12
cipher with the --pkcs-cipher option.
Nikos Mavrogiannopoulos [Sun, 4 Jul 2010 08:48:11 +0000 (10:48 +0200)]
Use double to count bytes.
Nikos Mavrogiannopoulos [Sun, 4 Jul 2010 07:45:34 +0000 (09:45 +0200)]
Added a windows version of the RNG.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 23:03:47 +0000 (01:03 +0200)]
Corrected locking usage in nettle's random subsystem.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 17:44:37 +0000 (19:44 +0200)]
Fixed to compile under mingw32.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 17:20:52 +0000 (19:20 +0200)]
only warn if dlopen or pthreads are not found.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 16:37:19 +0000 (18:37 +0200)]
Locks were converted to be in align with posix locks to easier wrap around them.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 16:21:44 +0000 (18:21 +0200)]
The included pakchois will use gnutls locks and will use a portable
dlopen() to allow compilation in win32 (untested).
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 10:49:20 +0000 (12:49 +0200)]
Read from /dev/urandom every 20 minutes.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 10:35:00 +0000 (12:35 +0200)]
Added missing files
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 08:37:45 +0000 (10:37 +0200)]
Allow encryption and decryption that are not in-place only.
Nikos Mavrogiannopoulos [Sat, 3 Jul 2010 08:29:23 +0000 (10:29 +0200)]
Print values in a human-readable format and do the calculations in fixed
time to prevent stalling in slow systems.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 21:26:20 +0000 (23:26 +0200)]
corrected library version
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:52:52 +0000 (19:52 +0200)]
PIN callback supplies the token URL. The callback function in common.c
will cache PIN if requested for second time.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:24:39 +0000 (19:24 +0200)]
Reverted the SAVE_PIN approach in PIN callback. The new approach will be to provide
enough information for the callback to save the PIN itself.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:19:18 +0000 (19:19 +0200)]
removed unneeded function.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:17:43 +0000 (19:17 +0200)]
More uses of gnutls_certificate_free_ca_names
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:16:10 +0000 (19:16 +0200)]
Do not allow setting NULL lock functions
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:14:57 +0000 (19:14 +0200)]
corrected lock usage.
Nikos Mavrogiannopoulos [Fri, 2 Jul 2010 17:14:09 +0000 (19:14 +0200)]
bumped library version
Nikos Mavrogiannopoulos [Thu, 1 Jul 2010 15:05:50 +0000 (17:05 +0200)]
Include abstract.h in releases.
Nikos Mavrogiannopoulos [Wed, 30 Jun 2010 14:33:42 +0000 (16:33 +0200)]
Correctly deinitialize crypto API handles.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 17:16:27 +0000 (19:16 +0200)]
commented obscure HANDSHAKE_MAC_TYPE_10 and HANDSHAKE_MAC_TYPE_12.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 16:12:44 +0000 (18:12 +0200)]
simplified locking code. Locking functions always exist but are dummies if no
locks have been set.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 16:05:18 +0000 (18:05 +0200)]
Initialization of crypto libraries moved outside main gnutls code.
Nikos Mavrogiannopoulos [Tue, 29 Jun 2010 15:42:47 +0000 (17:42 +0200)]
Moved locking code to special file.
Simon Josefsson [Tue, 29 Jun 2010 09:22:14 +0000 (11:22 +0200)]
Add pkcs11-vision rules.
Simon Josefsson [Tue, 29 Jun 2010 09:10:28 +0000 (11:10 +0200)]
Generated.
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 19:02:02 +0000 (21:02 +0200)]
When copying a private key the sensitive flag can be set or not. This allows
copying private keys that can be exported.
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 17:01:20 +0000 (19:01 +0200)]
Combined object flags. No implicit login any more. Login has to be specified with a flag
on every call that could use it.
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 16:51:29 +0000 (18:51 +0200)]
Indented code.
Nikos Mavrogiannopoulos [Mon, 28 Jun 2010 16:07:01 +0000 (18:07 +0200)]
Allow flags when importing objects from PKCS11 URLs. The only flag supported
now is the PKCS11_OBJ_FLAG_LOGIN, which forces login before accessing object on
a token. The reason is that some tokens do not allow access of any data without login.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 19:21:37 +0000 (21:21 +0200)]
Added AES-128 to block ciphers.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 19:04:34 +0000 (21:04 +0200)]
Corrected writing and reading order of security parameters.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:52:07 +0000 (19:52 +0200)]
use 2.11.0 everywhere
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:22:07 +0000 (19:22 +0200)]
Added gnutls_global_set_mutex() to allow setting
alternative locking procedures. By default the system available
locking is used. In *NIX pthreads are used and in windows the
critical section API.
As a side effect this change avoids any API dependance on libgcrypt
even if threads are used.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 17:05:56 +0000 (19:05 +0200)]
Modified the cacertrsamd5 short-cut. The test was checking whether
verification using a trusted insecurely signed self signed certificate
will fail against a chain that has this as intermediate. However this
test should have succeeded since the insecure certificate is trusted.
This isn't the purpose of this test however. It should have checked whether
using the same certificate as trusted and to be verified and the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
flag should return an error.
Nikos Mavrogiannopoulos [Sun, 27 Jun 2010 16:37:25 +0000 (18:37 +0200)]
Fail on error.
Nikos Mavrogiannopoulos [Sat, 26 Jun 2010 19:51:03 +0000 (21:51 +0200)]
When generating private key allow usage of --pkcs-cipher flag.
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 16:36:22 +0000 (18:36 +0200)]
MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
Simon Josefsson [Thu, 24 Jun 2010 07:47:53 +0000 (09:47 +0200)]
We also require GNU make.
Simon Josefsson [Thu, 24 Jun 2010 07:27:45 +0000 (09:27 +0200)]
Use silent build rules.
Suggested by Vincent Torri <vincent.torri@gmail.com>
in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 16:03:47 +0000 (18:03 +0200)]
removed OPRFI extension functions.
Nikos Mavrogiannopoulos [Tue, 22 Jun 2010 15:56:57 +0000 (17:56 +0200)]
removed OPRFI from makefile.
Nikos Mavrogiannopoulos [Mon, 21 Jun 2010 16:42:09 +0000 (18:42 +0200)]
When verifying certificates use the same algorithm whether the DO_NOT_ALLOW_SAME
flag is set or not. Before we were shortening certificate list if the flag was not
set by the size of the first certificate found in the trusted list, and keep the
list intact otherwise. Now we shorten the list in the latter case as well, except
for the first certificate.
Nikos Mavrogiannopoulos [Sat, 19 Jun 2010 16:35:30 +0000 (18:35 +0200)]
Added news entry for EV-certificates.
Nikos Mavrogiannopoulos [Sat, 19 Jun 2010 16:15:39 +0000 (18:15 +0200)]
Corrected some tests. Added test to check whether the %COMPAT option is
required for this server.