]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 20:42:42 +0000 (22:42 +0200)]
safe renegotiation: simulate receiving the extension on receival of SCSV
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 20:00:53 +0000 (22:00 +0200)]
made data2hex() safer, and eliminated mem leak
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 20:17:17 +0000 (22:17 +0200)]
tests: added check for proper handling of very long CNs
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 19:26:25 +0000 (21:26 +0200)]
updated the required gettext version to match the macros from gnulib
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 14:03:25 +0000 (16:03 +0200)]
safe renegotiation: handle case where client didn't send any extension
That was affected by the "don't try to send extensions we didn't receive".
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 13:02:01 +0000 (15:02 +0200)]
tpm: avoid warning
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 12:57:33 +0000 (14:57 +0200)]
As server don't try to send extensions we didn't receive.
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 12:33:00 +0000 (14:33 +0200)]
tests: added check for server sending (or not) status request messages
Nikos Mavrogiannopoulos [Fri, 31 Jul 2015 12:30:00 +0000 (14:30 +0200)]
fips140: corrected hex decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 09:48:51 +0000 (11:48 +0200)]
bumped version
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 09:45:51 +0000 (11:45 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 08:30:20 +0000 (10:30 +0200)]
verify-tofu: use nettle's base64 functions
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 08:24:39 +0000 (10:24 +0200)]
gnulib: removed base64 implementation
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 08:20:40 +0000 (10:20 +0200)]
openpgp: use nettle's base64 functions
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 08:11:48 +0000 (10:11 +0200)]
x509_b64: switch to nettle's base64 functions
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:57:52 +0000 (08:57 +0200)]
tests: added check for PSK file parsing
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:37:34 +0000 (08:37 +0200)]
fips: use gnutls_hex_decode for MAC decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:36:32 +0000 (08:36 +0200)]
tpm: use gnutls_hex_decode for uuid decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:36:14 +0000 (08:36 +0200)]
psk: use gnutls_hex_decode2 for key decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:35:47 +0000 (08:35 +0200)]
system-keys-win: use gnutls_hex_decode for ID decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:35:11 +0000 (08:35 +0200)]
openpgp: use gnutls_hex_decode for keyid decoding
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:34:52 +0000 (08:34 +0200)]
DN decoding: use gnutls_hex_encode
Nikos Mavrogiannopoulos [Tue, 21 Jul 2015 06:19:17 +0000 (08:19 +0200)]
Introduced gnutls_hex_encode2() and gnutls_hex_decode2()
These also use safer hex decoding functions which don't skip
invalid input.
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 20:37:40 +0000 (22:37 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 20:09:28 +0000 (22:09 +0200)]
x509: simplified data to hex conversion in unknown DN names
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 19:26:36 +0000 (21:26 +0200)]
gnutls_prf_rfc5705: Allow for non-null context and zero context length
Nikos Mavrogiannopoulos [Mon, 13 Jul 2015 18:19:28 +0000 (20:19 +0200)]
bumped version
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 13:42:21 +0000 (15:42 +0200)]
tests: added cross-check between gnutls_prf_rfc5705() and gnutls_prf()
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 13:07:05 +0000 (15:07 +0200)]
removed legacy libgcrypt flags
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 12:59:37 +0000 (14:59 +0200)]
gnutls_prf_rfc5705: optimize in the common use case, by avoiding malloc
Also don't handle specially the case of non-NULL context and context_size of zero.
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 12:03:34 +0000 (14:03 +0200)]
ignore more files
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 12:03:22 +0000 (14:03 +0200)]
p11tool: fix documentation for --generate-ecc and generate-dsa
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 08:49:48 +0000 (10:49 +0200)]
gnutls_prf_rfc5705: mention the version it was introduced at
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 08:39:37 +0000 (10:39 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 08:35:08 +0000 (10:35 +0200)]
tests: added check for gnutls_prf() and gnutls_prf_rfc5705
Nikos Mavrogiannopoulos [Mon, 20 Jul 2015 08:03:37 +0000 (10:03 +0200)]
gnutls_prf_rfc5705: added
That includes support for RFC5705 when the context field is used.
Initial patch by Rick van Rein.
Nikos Mavrogiannopoulos [Fri, 17 Jul 2015 09:38:17 +0000 (11:38 +0200)]
doc update: explain more about PKCS #11 and fork
Nikos Mavrogiannopoulos [Tue, 14 Jul 2015 07:55:50 +0000 (09:55 +0200)]
configure: print the trousers lib only when set
Nikos Mavrogiannopoulos [Tue, 14 Jul 2015 07:44:30 +0000 (09:44 +0200)]
tpmtool: Added --test-sign parameter
Nikos Mavrogiannopoulos [Mon, 13 Jul 2015 18:04:41 +0000 (20:04 +0200)]
Deinitialize the TPM subsystem only when trousers support is enabled
Nikos Mavrogiannopoulos [Mon, 13 Jul 2015 14:25:16 +0000 (16:25 +0200)]
TPM: don't link to trousers, use dlopen()
That introduces --with-trousers-lib which can be used to specify the
library to dlopen().
Resolves #18
Nikos Mavrogiannopoulos [Sun, 12 Jul 2015 13:21:13 +0000 (15:21 +0200)]
updated auto-generated files
Nikos Mavrogiannopoulos [Sun, 12 Jul 2015 13:15:00 +0000 (15:15 +0200)]
bumped version
Nikos Mavrogiannopoulos [Sat, 11 Jul 2015 10:05:56 +0000 (12:05 +0200)]
pkcs11: mention the version GNUTLS_PKCS11_TOKEN_MODNAME is available from
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 19:20:23 +0000 (21:20 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 19:17:48 +0000 (21:17 +0200)]
PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 17:17:23 +0000 (19:17 +0200)]
tests: updated pskself to check the hint in all PSK ciphersuites
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:57:19 +0000 (16:57 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:55:48 +0000 (16:55 +0200)]
p11tool: be more compact in token URL printing
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:52:57 +0000 (16:52 +0200)]
p11tool: group the provided options for readability
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:31:02 +0000 (16:31 +0200)]
p11tool: keep backwards compatibility by introducing --list-token-urls
That is, the output of --list-tokens remains the same.
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:25:48 +0000 (16:25 +0200)]
p11tool: print the module name of a token in verbose mode
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 14:24:11 +0000 (16:24 +0200)]
Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info
That allows to obtain the shared module name of a token URL.
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 11:36:51 +0000 (13:36 +0200)]
pkcs11.h: doc update
Nikos Mavrogiannopoulos [Fri, 10 Jul 2015 11:12:00 +0000 (13:12 +0200)]
p11tool: less verbose output in --list-tokens unless --verbose is specified
Nikos Mavrogiannopoulos [Thu, 9 Jul 2015 12:10:23 +0000 (14:10 +0200)]
tests: added suppression for bash mem leak
Nikos Mavrogiannopoulos [Thu, 9 Jul 2015 20:50:11 +0000 (22:50 +0200)]
tests: don't run certtool-utf8 when libidn is 1.30 or less
This avoids test suite failures due to libidn.
Nikos Mavrogiannopoulos [Thu, 9 Jul 2015 11:45:58 +0000 (13:45 +0200)]
gnutls-cli: doc update
Nikos Mavrogiannopoulos [Thu, 9 Jul 2015 11:26:14 +0000 (13:26 +0200)]
dumbfw: don't append a size prefix in the pad
Reported by Hannes Mehnert.
Nikos Mavrogiannopoulos [Wed, 8 Jul 2015 07:47:52 +0000 (09:47 +0200)]
gl: use /bin/true to run valgrind during configure
Bash has memory leaks, which prevents the valgrind check to
operate using the SHELL variable.
Nikos Mavrogiannopoulos [Wed, 8 Jul 2015 07:38:37 +0000 (09:38 +0200)]
tests: added check for invalid UTF8 encoded string
Nikos Mavrogiannopoulos [Wed, 8 Jul 2015 07:19:00 +0000 (09:19 +0200)]
Revert "libidn support is disabled by default"
This reverts commit
5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.
Nikos Mavrogiannopoulos [Mon, 6 Jul 2015 09:48:03 +0000 (09:48 +0000)]
Merge branch 'master' into 'master'
certtool --outder should not emit signature verification status
When emitting binary-formatted output, send signature verification
status to stderr, since it is not binary-formatted output.
A simpler version of this patch would be to always send signature
verification to stderr, but that would change the text-formatted
output.
See merge request !1
Daniel Kahn Gillmor [Thu, 2 Jul 2015 18:28:32 +0000 (14:28 -0400)]
certtool --outder should not emit signature verification status
When emitting binary-formatted output, send signature verification
status to stderr, since it is not binary-formatted output.
A simpler version of this patch would be to always send signature
verification to stderr, but that would change the text-formatted
output.
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 19:13:23 +0000 (21:13 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 13:25:30 +0000 (15:25 +0200)]
DSA: the numeric number of bits returned from public key should depend on P not Y
That allows to do the proper evaluation to check certificate strength.
Reported by Hubert Kario.
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 13:36:20 +0000 (15:36 +0200)]
tests: check whether we print the prime size in DSA keys
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 09:15:38 +0000 (11:15 +0200)]
name constraints: simplified gnutls_x509_name_constraints_check_crt()
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 09:08:11 +0000 (11:08 +0200)]
tests: verify that unsupported name constraints are properly handled
Nikos Mavrogiannopoulos [Wed, 1 Jul 2015 09:01:20 +0000 (11:01 +0200)]
name constraints: don't reject certificates if a CA has the URI or IPADDRESS constraints
Don't reject certificates if a CA has the URI or IPADDRESS constraints, and
the end certificate doesn't have an IPaddress name or a URI set.
Nikos Mavrogiannopoulos [Mon, 29 Jun 2015 17:52:15 +0000 (19:52 +0200)]
Sync with TP.
Nikos Mavrogiannopoulos [Sun, 28 Jun 2015 11:09:42 +0000 (13:09 +0200)]
libidn support is disabled by default
That is until the issues with libidn get resolves.
Relates #10
Nikos Mavrogiannopoulos [Sat, 27 Jun 2015 06:05:10 +0000 (08:05 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 27 Jun 2015 05:57:21 +0000 (07:57 +0200)]
tests: added a test for the fork detection interface
Nikos Mavrogiannopoulos [Sat, 27 Jun 2015 05:51:05 +0000 (07:51 +0200)]
tests: resume-dtls: increased timeouts
Nikos Mavrogiannopoulos [Fri, 26 Jun 2015 14:31:21 +0000 (16:31 +0200)]
Don't use pthread_atfork(), it is not safe to use with dlopen()
http://austingroupbugs.net/view.php?id=851
Nikos Mavrogiannopoulos [Fri, 26 Jun 2015 12:47:39 +0000 (14:47 +0200)]
atfork: added underscore to gnutls_forkid
Nikos Mavrogiannopoulos [Fri, 26 Jun 2015 07:08:20 +0000 (09:08 +0200)]
simplified fork detection
Nikos Mavrogiannopoulos [Fri, 26 Jun 2015 06:07:01 +0000 (08:07 +0200)]
enhanced header matching code for private keys to skip unrelated data
Nikos Mavrogiannopoulos [Fri, 26 Jun 2015 06:00:24 +0000 (08:00 +0200)]
tests: added private key import checks
Nikos Mavrogiannopoulos [Thu, 25 Jun 2015 13:08:54 +0000 (15:08 +0200)]
gnutls_x509_privkey_import: optimized private key loading
Nikos Mavrogiannopoulos [Thu, 25 Jun 2015 13:01:17 +0000 (15:01 +0200)]
gnutls_x509_privkey_import2: better behavior when provided with an unencrypted file
That is, it will attempt to decode it first as plain file prior to
trying all encrypted options.
Nikos Mavrogiannopoulos [Thu, 25 Jun 2015 12:47:52 +0000 (14:47 +0200)]
tests: added check to verify that gnutls_x509_privkey_import2 works for plain keys
That is, when a password is provided and the key is non encrypted.
Nikos Mavrogiannopoulos [Thu, 25 Jun 2015 09:08:19 +0000 (11:08 +0200)]
_gnutls_get_asn_mpis() will release any data on failure
Resolves #15
Alon Bar-Lev [Sun, 21 Jun 2015 17:42:12 +0000 (20:42 +0300)]
tests: tab indent + minor style changes
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Nikos Mavrogiannopoulos [Tue, 23 Jun 2015 09:53:23 +0000 (11:53 +0200)]
tests: modified test-ciphersuite-names to work with cpp 5.1.1
Nikos Mavrogiannopoulos [Mon, 22 Jun 2015 21:49:32 +0000 (23:49 +0200)]
tests: test-ciphersuite-names: create any needed dirs
Nikos Mavrogiannopoulos [Mon, 22 Jun 2015 19:24:55 +0000 (21:24 +0200)]
tests: moved test-ciphersuites.sh one level up
That simplifies running the script outside make check.
Alon Bar-Lev [Sun, 21 Jun 2015 17:43:34 +0000 (20:43 +0300)]
tests: suite: ciphersuite: fixups
fix separate builddir issue, without modifying locations, quite ugly.
re-indent using tab.
fix shebang.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Alon Bar-Lev [Sun, 21 Jun 2015 00:00:05 +0000 (03:00 +0300)]
tests: enforce UTC timezone in datefudge tests
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Alon Bar-Lev [Sun, 21 Jun 2015 00:00:04 +0000 (03:00 +0300)]
tests: misc: shell cleanup
leftovers minor sync.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Alon Bar-Lev [Sun, 21 Jun 2015 00:00:03 +0000 (03:00 +0300)]
tests: suite: cleanup shell usage
Add quotes for most usages of variables.
Added ${} for variables.
Cleanup indentation to be consistent with other tests.
Fix separate builddir issues.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Alon Bar-Lev [Sun, 21 Jun 2015 00:00:02 +0000 (03:00 +0300)]
tests: misc: cleanup shell usage
Add quotes for most usages of variables.
Added ${} for variables.
Cleanup indentation to be consistent with other tests.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 16:38:24 +0000 (18:38 +0200)]
tests: fixed includes
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 10:27:54 +0000 (12:27 +0200)]
move all gettext definitions in gnutls_str.h
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 10:23:40 +0000 (12:23 +0200)]
cross.mk: updated for 3.4.2
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 10:18:26 +0000 (12:18 +0200)]
gnutls_str: include gettext.h when dgettext is available
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 10:09:14 +0000 (12:09 +0200)]
tests: don't depend on gnulib
That dependency unfortunately causes many portability problems
on platforms where it should have worked out of the box.
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 08:43:12 +0000 (10:43 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 20 Jun 2015 08:31:27 +0000 (10:31 +0200)]
use the same shebang for perl