]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 08:00:31 +0000 (10:00 +0200)]
tests: added check for the legacy gnutls_privkey_sign_raw_data
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 09:16:45 +0000 (11:16 +0200)]
avoid compilation warnings in self checks (take 2)
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 09:15:04 +0000 (11:15 +0200)]
Revert "selftests: avoid compilatio warnings"
This reverts commit
196477d68f32b30d0de8e203a5c1c405af429603 .
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:50:45 +0000 (08:50 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:48:37 +0000 (08:48 +0200)]
tests: check whether PKCS #11 ID set on copy/generation is correct
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:29:33 +0000 (08:29 +0200)]
p11tool: allow setting the CKA_ID on object initialization/generation
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:22:58 +0000 (08:22 +0200)]
exported new functions
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:19:18 +0000 (08:19 +0200)]
pkcs11: enhanced key generation functions to allow specifying a CKA_ID
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:14:27 +0000 (08:14 +0200)]
selftests: avoid compilatio warnings
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 14:12:27 +0000 (16:12 +0200)]
enhanced copy functions to allow specifying a CKA_ID
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 07:57:41 +0000 (09:57 +0200)]
tests: mini-server-name: ignore sigpipe
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 05:48:15 +0000 (07:48 +0200)]
tests: added more libidn-related valgrind suppressions
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 05:05:27 +0000 (07:05 +0200)]
doc: increase border spacing in HTML tables
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:59:19 +0000 (06:59 +0200)]
doc: list chacha20-poly1305 to the list of ciphers
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:47:51 +0000 (06:47 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:37:52 +0000 (06:37 +0200)]
manpages: automatically adjust the copyright year on generated pages
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:34:37 +0000 (06:34 +0200)]
tests: added check for gnutls_server_name_get and gnutls_server_name_set
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:54:11 +0000 (10:54 +0200)]
test-ciphers.js: improved ciphersuite checks
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:49:23 +0000 (10:49 +0200)]
corrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:27:57 +0000 (10:27 +0200)]
updated test-ciphersuite.sh for new types
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 22:18:06 +0000 (23:18 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 21:41:03 +0000 (22:41 +0100)]
Better fix for the double free in dist point parsing
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 21:31:09 +0000 (22:31 +0100)]
updated minitasn1
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 18:34:29 +0000 (19:34 +0100)]
gnutls_pkcs11_copy_x509_privkey: increase size for attributes
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 18:21:48 +0000 (19:21 +0100)]
moved chacha20-poly1305 ciphersuites to the 0xCD space
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 12:45:23 +0000 (13:45 +0100)]
doc update: replace cryptographic algorithm by encryption algorithm
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 11:43:58 +0000 (12:43 +0100)]
gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings
Jiří Klimeš [Fri, 27 Mar 2015 18:55:40 +0000 (19:55 +0100)]
doc: be consistent in the function descriptions
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
Jiří Klimeš [Fri, 27 Mar 2015 19:00:45 +0000 (20:00 +0100)]
doc: correct the description of crypto API functions
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
Jiří Klimeš [Fri, 27 Mar 2015 11:58:34 +0000 (12:58 +0100)]
Fix a few compiler warnings about unused variables
[-Wunused-variable]
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 11:00:36 +0000 (12:00 +0100)]
fixed CHACHA20-POLY1305 in DTLS
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 10:08:28 +0000 (11:08 +0100)]
gnutls-cli: added chacha-poly1305 into benchmarks
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:57:54 +0000 (10:57 +0100)]
when calculating record overhead account for chacha20 which doesn't send the nonce on the wire
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:54:02 +0000 (10:54 +0100)]
tests: include chacha20 into transfer tests
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:40:47 +0000 (10:40 +0100)]
Added the CHACHA20-POLY1305 ciphersuites (with random IDs)
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:59:38 +0000 (09:59 +0100)]
added chacha20-poly1305 as cipher
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:09:02 +0000 (09:09 +0100)]
tests: check retvals in block ciphers
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:06:16 +0000 (09:06 +0100)]
do not penalize CBC ciphers with the maximum send data size
That reduced the maximum send size for CBC ciphers from 16384
to 16384-(block size), which was unnecessary and was causing issues:
https://bugs.winehq.org/show_bug.cgi?id=37500
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 07:18:32 +0000 (08:18 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 07:18:17 +0000 (08:18 +0100)]
gnutls_record_set_max_empty_records: removed
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 21:55:29 +0000 (22:55 +0100)]
eliminated double-free in the parsing of dist points
Reported by Robert Święcki.
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 21:29:23 +0000 (22:29 +0100)]
Added a tight loop around the legacy push function
That reduces the need for more expensive outer loops.
Originally suggested by Anton Lavrentiev.
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 18:19:49 +0000 (19:19 +0100)]
updated gnulib
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 13:01:20 +0000 (14:01 +0100)]
p11tool: more precise documentation of --set-id parameter
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 10:05:08 +0000 (11:05 +0100)]
depend on nettle 3.1 or later
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:42:48 +0000 (10:42 +0100)]
tests: updated email check for renamed --verify-email option
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:32:29 +0000 (10:32 +0100)]
gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:31:03 +0000 (10:31 +0100)]
pkcs11: check gnutls_rnd() for error condition
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:27:10 +0000 (10:27 +0100)]
gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:25:59 +0000 (10:25 +0100)]
p11tool: reduced debugging output
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 08:47:40 +0000 (09:47 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 08:47:12 +0000 (09:47 +0100)]
certtool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:46:43 +0000 (16:46 +0100)]
p11tool: added --mark-no-sign and --mark-no-decrypt options
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:34:46 +0000 (16:34 +0100)]
pkcs11: added flags to mark keys as not-being signable or decryptable
That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN
which can be set during generation or write of keys.
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)]
pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 12:16:52 +0000 (13:16 +0100)]
tests: cleanups in resume-dtls
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 10:26:14 +0000 (11:26 +0100)]
ext: server_name: move name length check prior to IDN convertion
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 10:04:37 +0000 (11:04 +0100)]
When an application calls gnutls_server_name_set() with a name of zero size disable the extension
Resolves #2
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 08:25:10 +0000 (09:25 +0100)]
gnutls_x509_crt_check_hostname2: check CN for match only if certificate would have been acceptable for GNUTLS_KP_TLS_WWW_SERVER
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 08:20:34 +0000 (09:20 +0100)]
Apply DNS name constraints on CN field only on certificates acceptable for TLS WWW SERVER purpose
Suggested by Fotis Loukos.
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 16:10:06 +0000 (17:10 +0100)]
tests: mini-loss-time is less prone to timeouts
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 14:56:32 +0000 (15:56 +0100)]
tests: added valgrind suppressions in cert-tests for libidn
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 14:52:15 +0000 (15:52 +0100)]
certtool: eliminated memory leaks on verification
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:39:35 +0000 (10:39 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:21:31 +0000 (10:21 +0100)]
tests: Added email verification tests with certtool
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:05:33 +0000 (10:05 +0100)]
certtool: added the --email option, to use in verification
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:04:56 +0000 (10:04 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 08:42:16 +0000 (09:42 +0100)]
Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 08:02:53 +0000 (09:02 +0100)]
tests: verify that we accept a certificate with no name even if its CA has nameconstraints
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 07:38:47 +0000 (08:38 +0100)]
name constraints: when no name of the type is found, accept the certificate
This follows RFC5280 advice closely. Reported by Fotis Loukos.
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 09:49:32 +0000 (10:49 +0100)]
tests: increase the timeout in resume-dtls
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 09:09:43 +0000 (10:09 +0100)]
gnutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 08:58:17 +0000 (09:58 +0100)]
pkcs11: simplified export of objects
That also allows to export public keys, even when a CKA_VALUE
with the public key is not present. For that we use the key
parameters, which we encode into a key. Issue reported by
Frank Leavis.
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 07:37:35 +0000 (08:37 +0100)]
gnulib: removed u64 module
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 07:36:33 +0000 (08:36 +0100)]
drop support for gnulib's u64
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 12:09:08 +0000 (13:09 +0100)]
tests: check legacy RC4 in testcompat
That would prevent losing compatibility without detecting it.
That is currently the case since it is no longer enabled by default.
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 09:28:28 +0000 (10:28 +0100)]
tests: added check to verify the correctness of the record function return values
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 10:14:15 +0000 (11:14 +0100)]
tools: enable compilation with all options disabled
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 10:13:58 +0000 (11:13 +0100)]
enable compilation with several options disabled
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 09:38:28 +0000 (10:38 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 13:04:26 +0000 (14:04 +0100)]
doc: avoid mentioning pointers when not needed
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 12:46:24 +0000 (13:46 +0100)]
increase the maximum stack frame the compiler will warn for
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 12:22:43 +0000 (13:22 +0100)]
doc: avoid using structure for opaque types
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:42:28 +0000 (09:42 +0100)]
tests: include gnutls_ext_s/get_data into tests of mini-extension
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:41:59 +0000 (09:41 +0100)]
updated documentation on non-return value of gnutls_ext_set_data
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:35:51 +0000 (09:35 +0100)]
tests: fixed buffers in mini-dtls0-9
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:32:19 +0000 (09:32 +0100)]
avoid overflow when receiving DTLS 0.9 CCS
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 07:35:48 +0000 (08:35 +0100)]
added gnutls_ext_set_data() and gnutls_ext_get_data()
As a side effect the type which holds private data was reduced
from union to void * pointer. That simplifies the exported API
without reducing the options in the internal API.
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 21:04:48 +0000 (22:04 +0100)]
more files to ignore
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 21:03:22 +0000 (22:03 +0100)]
set GNUTLS_DTLS_VERSION_MIN to be DTLS0.9
That allows standard DTLS ciphersuites to be used with DTLS0.9
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:59:06 +0000 (21:59 +0100)]
tests: added test for DTLS 0.9
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:30:42 +0000 (21:30 +0100)]
tests: updated mini-extension
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:29:34 +0000 (21:29 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:27:35 +0000 (21:27 +0100)]
mention the new functionality briefly in documentation
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:23:29 +0000 (21:23 +0100)]
mention that the registration functions are not thread safe
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:22:29 +0000 (21:22 +0100)]
store a copy of the extensions name
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:21:00 +0000 (21:21 +0100)]
deinitialize supplemental data on deinit
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:15:24 +0000 (21:15 +0100)]
removed unused epoch change callback
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:12:27 +0000 (21:12 +0100)]
deinitialize supplemental data on deinit
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:06:14 +0000 (21:06 +0100)]
reduce warnings