]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
11 years agotests: added check for the legacy gnutls_privkey_sign_raw_data
Nikos Mavrogiannopoulos [Wed, 1 Apr 2015 08:00:31 +0000 (10:00 +0200)] 
tests: added check for the legacy gnutls_privkey_sign_raw_data

11 years agoavoid compilation warnings in self checks (take 2)
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 09:16:45 +0000 (11:16 +0200)] 
avoid compilation warnings in self checks (take 2)

11 years agoRevert "selftests: avoid compilatio warnings"
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 09:15:04 +0000 (11:15 +0200)] 
Revert "selftests: avoid compilatio warnings"

This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:50:45 +0000 (08:50 +0200)] 
doc update

11 years agotests: check whether PKCS #11 ID set on copy/generation is correct
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:48:37 +0000 (08:48 +0200)] 
tests: check whether PKCS #11 ID set on copy/generation is correct

11 years agop11tool: allow setting the CKA_ID on object initialization/generation
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:29:33 +0000 (08:29 +0200)] 
p11tool: allow setting the CKA_ID on object initialization/generation

11 years agoexported new functions
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:22:58 +0000 (08:22 +0200)] 
exported new functions

11 years agopkcs11: enhanced key generation functions to allow specifying a CKA_ID
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:19:18 +0000 (08:19 +0200)] 
pkcs11: enhanced key generation functions to allow specifying a CKA_ID

11 years agoselftests: avoid compilatio warnings
Nikos Mavrogiannopoulos [Tue, 31 Mar 2015 06:14:27 +0000 (08:14 +0200)] 
selftests: avoid compilatio warnings

11 years agoenhanced copy functions to allow specifying a CKA_ID
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 14:12:27 +0000 (16:12 +0200)] 
enhanced copy functions to allow specifying a CKA_ID

11 years agotests: mini-server-name: ignore sigpipe
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 07:57:41 +0000 (09:57 +0200)] 
tests: mini-server-name: ignore sigpipe

11 years agotests: added more libidn-related valgrind suppressions
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 05:48:15 +0000 (07:48 +0200)] 
tests: added more libidn-related valgrind suppressions

11 years agodoc: increase border spacing in HTML tables
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 05:05:27 +0000 (07:05 +0200)] 
doc: increase border spacing in HTML tables

11 years agodoc: list chacha20-poly1305 to the list of ciphers
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:59:19 +0000 (06:59 +0200)] 
doc: list chacha20-poly1305 to the list of ciphers

11 years agodoc update
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:47:51 +0000 (06:47 +0200)] 
doc update

11 years agomanpages: automatically adjust the copyright year on generated pages
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:37:52 +0000 (06:37 +0200)] 
manpages: automatically adjust the copyright year on generated pages

11 years agotests: added check for gnutls_server_name_get and gnutls_server_name_set
Nikos Mavrogiannopoulos [Mon, 30 Mar 2015 04:34:37 +0000 (06:34 +0200)] 
tests: added check for gnutls_server_name_get and gnutls_server_name_set

11 years agotest-ciphers.js: improved ciphersuite checks
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:54:11 +0000 (10:54 +0200)] 
test-ciphers.js: improved ciphersuite checks

11 years agocorrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:49:23 +0000 (10:49 +0200)] 
corrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305

11 years agoupdated test-ciphersuite.sh for new types
Nikos Mavrogiannopoulos [Sun, 29 Mar 2015 08:27:57 +0000 (10:27 +0200)] 
updated test-ciphersuite.sh for new types

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 22:18:06 +0000 (23:18 +0100)] 
doc update

11 years agoBetter fix for the double free in dist point parsing
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 21:41:03 +0000 (22:41 +0100)] 
Better fix for the double free in dist point parsing

11 years agoupdated minitasn1
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 21:31:09 +0000 (22:31 +0100)] 
updated minitasn1

11 years agognutls_pkcs11_copy_x509_privkey: increase size for attributes
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 18:34:29 +0000 (19:34 +0100)] 
gnutls_pkcs11_copy_x509_privkey: increase size for attributes

11 years agomoved chacha20-poly1305 ciphersuites to the 0xCD space
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 18:21:48 +0000 (19:21 +0100)] 
moved chacha20-poly1305 ciphersuites to the 0xCD space

11 years agodoc update: replace cryptographic algorithm by encryption algorithm
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 12:45:23 +0000 (13:45 +0100)] 
doc update: replace cryptographic algorithm by encryption algorithm

11 years agognutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-termin...
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 11:43:58 +0000 (12:43 +0100)] 
gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings

11 years agodoc: be consistent in the function descriptions
Jiří Klimeš [Fri, 27 Mar 2015 18:55:40 +0000 (19:55 +0100)] 
doc: be consistent in the function descriptions

Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
11 years agodoc: correct the description of crypto API functions
Jiří Klimeš [Fri, 27 Mar 2015 19:00:45 +0000 (20:00 +0100)] 
doc: correct the description of crypto API functions

Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
11 years agoFix a few compiler warnings about unused variables
Jiří Klimeš [Fri, 27 Mar 2015 11:58:34 +0000 (12:58 +0100)] 
Fix a few compiler warnings about unused variables

[-Wunused-variable]

Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
11 years agofixed CHACHA20-POLY1305 in DTLS
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 11:00:36 +0000 (12:00 +0100)] 
fixed CHACHA20-POLY1305 in DTLS

11 years agognutls-cli: added chacha-poly1305 into benchmarks
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 10:08:28 +0000 (11:08 +0100)] 
gnutls-cli: added chacha-poly1305 into benchmarks

11 years agowhen calculating record overhead account for chacha20 which doesn't send the nonce...
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:57:54 +0000 (10:57 +0100)] 
when calculating record overhead account for chacha20 which doesn't send the nonce on the wire

11 years agotests: include chacha20 into transfer tests
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:54:02 +0000 (10:54 +0100)] 
tests: include chacha20 into transfer tests

11 years agoAdded the CHACHA20-POLY1305 ciphersuites (with random IDs)
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 09:40:47 +0000 (10:40 +0100)] 
Added the CHACHA20-POLY1305 ciphersuites (with random IDs)

11 years agoadded chacha20-poly1305 as cipher
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:59:38 +0000 (09:59 +0100)] 
added chacha20-poly1305 as cipher

11 years agotests: check retvals in block ciphers
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:09:02 +0000 (09:09 +0100)] 
tests: check retvals in block ciphers

11 years agodo not penalize CBC ciphers with the maximum send data size
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 08:06:16 +0000 (09:06 +0100)] 
do not penalize CBC ciphers with the maximum send data size

That reduced the maximum send size for CBC ciphers from 16384
to 16384-(block size), which was unnecessary and was causing issues:
https://bugs.winehq.org/show_bug.cgi?id=37500

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 07:18:32 +0000 (08:18 +0100)] 
doc update

11 years agognutls_record_set_max_empty_records: removed
Nikos Mavrogiannopoulos [Sat, 28 Mar 2015 07:18:17 +0000 (08:18 +0100)] 
gnutls_record_set_max_empty_records: removed

11 years agoeliminated double-free in the parsing of dist points
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 21:55:29 +0000 (22:55 +0100)] 
eliminated double-free in the parsing of dist points

Reported by Robert Święcki.

11 years agoAdded a tight loop around the legacy push function
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 21:29:23 +0000 (22:29 +0100)] 
Added a tight loop around the legacy push function

That reduces the need for more expensive outer loops.
Originally suggested by Anton Lavrentiev.

11 years agoupdated gnulib
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 18:19:49 +0000 (19:19 +0100)] 
updated gnulib

11 years agop11tool: more precise documentation of --set-id parameter
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 13:01:20 +0000 (14:01 +0100)] 
p11tool: more precise documentation of --set-id parameter

11 years agodepend on nettle 3.1 or later
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 10:05:08 +0000 (11:05 +0100)] 
depend on nettle 3.1 or later

11 years agotests: updated email check for renamed --verify-email option
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:42:48 +0000 (10:42 +0100)] 
tests: updated email check for renamed --verify-email option

11 years agognutls_pkcs11_privkey_generate2: increased the size of ck_attributes
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:32:29 +0000 (10:32 +0100)] 
gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes

11 years agopkcs11: check gnutls_rnd() for error condition
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:31:03 +0000 (10:31 +0100)] 
pkcs11: check gnutls_rnd() for error condition

11 years agognutls_pkcs11_privkey_generate2: set a CKA_ID on key generation
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:27:10 +0000 (10:27 +0100)] 
gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation

11 years agop11tool: reduced debugging output
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 09:25:59 +0000 (10:25 +0100)] 
p11tool: reduced debugging output

11 years agodoc update
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 08:47:40 +0000 (09:47 +0100)] 
doc update

11 years agocerttool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname
Nikos Mavrogiannopoulos [Fri, 27 Mar 2015 08:47:12 +0000 (09:47 +0100)] 
certtool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname

11 years agop11tool: added --mark-no-sign and --mark-no-decrypt options
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:46:43 +0000 (16:46 +0100)] 
p11tool: added --mark-no-sign and --mark-no-decrypt options

11 years agopkcs11: added flags to mark keys as not-being signable or decryptable
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:34:46 +0000 (16:34 +0100)] 
pkcs11: added flags to mark keys as not-being signable or decryptable

That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN
which can be set during generation or write of keys.

11 years agopkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)] 
pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key

11 years agotests: cleanups in resume-dtls
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 12:16:52 +0000 (13:16 +0100)] 
tests: cleanups in resume-dtls

11 years agoext: server_name: move name length check prior to IDN convertion
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 10:26:14 +0000 (11:26 +0100)] 
ext: server_name: move name length check prior to IDN convertion

11 years agoWhen an application calls gnutls_server_name_set() with a name of zero size disable...
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 10:04:37 +0000 (11:04 +0100)] 
When an application calls gnutls_server_name_set() with a name of zero size disable the extension

Resolves #2

11 years agognutls_x509_crt_check_hostname2: check CN for match only if certificate would have...
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 08:25:10 +0000 (09:25 +0100)] 
gnutls_x509_crt_check_hostname2: check CN for match only if certificate would have been acceptable for GNUTLS_KP_TLS_WWW_SERVER

11 years agoApply DNS name constraints on CN field only on certificates acceptable for TLS WWW...
Nikos Mavrogiannopoulos [Thu, 26 Mar 2015 08:20:34 +0000 (09:20 +0100)] 
Apply DNS name constraints on CN field only on certificates acceptable for TLS WWW SERVER purpose

Suggested by Fotis Loukos.

11 years agotests: mini-loss-time is less prone to timeouts
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 16:10:06 +0000 (17:10 +0100)] 
tests: mini-loss-time is less prone to timeouts

11 years agotests: added valgrind suppressions in cert-tests for libidn
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 14:56:32 +0000 (15:56 +0100)] 
tests: added valgrind suppressions in cert-tests for libidn

11 years agocerttool: eliminated memory leaks on verification
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 14:52:15 +0000 (15:52 +0100)] 
certtool: eliminated memory leaks on verification

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:39:35 +0000 (10:39 +0100)] 
doc update

11 years agotests: Added email verification tests with certtool
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:21:31 +0000 (10:21 +0100)] 
tests: Added email verification tests with certtool

11 years agocerttool: added the --email option, to use in verification
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:05:33 +0000 (10:05 +0100)] 
certtool: added the --email option, to use in verification

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 09:04:56 +0000 (10:04 +0100)] 
doc update

11 years agoAdded gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_R...
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 08:42:16 +0000 (09:42 +0100)] 
Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME

11 years agotests: verify that we accept a certificate with no name even if its CA has nameconstr...
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 08:02:53 +0000 (09:02 +0100)] 
tests: verify that we accept a certificate with no name even if its CA has nameconstraints

11 years agoname constraints: when no name of the type is found, accept the certificate
Nikos Mavrogiannopoulos [Wed, 25 Mar 2015 07:38:47 +0000 (08:38 +0100)] 
name constraints: when no name of the type is found, accept the certificate

This follows RFC5280 advice closely. Reported by Fotis Loukos.

11 years agotests: increase the timeout in resume-dtls
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 09:49:32 +0000 (10:49 +0100)] 
tests: increase the timeout in resume-dtls

11 years agognutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 09:09:43 +0000 (10:09 +0100)] 
gnutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key

11 years agopkcs11: simplified export of objects
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 08:58:17 +0000 (09:58 +0100)] 
pkcs11: simplified export of objects

That also allows to export public keys, even when a CKA_VALUE
with the public key is not present. For that we use the key
parameters, which we encode into a key. Issue reported by
Frank Leavis.

11 years agognulib: removed u64 module
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 07:37:35 +0000 (08:37 +0100)] 
gnulib: removed u64 module

11 years agodrop support for gnulib's u64
Nikos Mavrogiannopoulos [Tue, 24 Mar 2015 07:36:33 +0000 (08:36 +0100)] 
drop support for gnulib's u64

11 years agotests: check legacy RC4 in testcompat
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 12:09:08 +0000 (13:09 +0100)] 
tests: check legacy RC4 in testcompat

That would prevent losing compatibility without detecting it.
That is currently the case since it is no longer enabled by default.

11 years agotests: added check to verify the correctness of the record function return values
Nikos Mavrogiannopoulos [Mon, 23 Mar 2015 09:28:28 +0000 (10:28 +0100)] 
tests: added check to verify the correctness of the record function return values

11 years agotools: enable compilation with all options disabled
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 10:14:15 +0000 (11:14 +0100)] 
tools: enable compilation with all options disabled

11 years agoenable compilation with several options disabled
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 10:13:58 +0000 (11:13 +0100)] 
enable compilation with several options disabled

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 21 Mar 2015 09:38:28 +0000 (10:38 +0100)] 
doc update

11 years agodoc: avoid mentioning pointers when not needed
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 13:04:26 +0000 (14:04 +0100)] 
doc: avoid mentioning pointers when not needed

11 years agoincrease the maximum stack frame the compiler will warn for
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 12:46:24 +0000 (13:46 +0100)] 
increase the maximum stack frame the compiler will warn for

11 years agodoc: avoid using structure for opaque types
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 12:22:43 +0000 (13:22 +0100)] 
doc: avoid using structure for opaque types

11 years agotests: include gnutls_ext_s/get_data into tests of mini-extension
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:42:28 +0000 (09:42 +0100)] 
tests: include gnutls_ext_s/get_data into tests of mini-extension

11 years agoupdated documentation on non-return value of gnutls_ext_set_data
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:41:59 +0000 (09:41 +0100)] 
updated documentation on non-return value of gnutls_ext_set_data

11 years agotests: fixed buffers in mini-dtls0-9
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:35:51 +0000 (09:35 +0100)] 
tests: fixed buffers in mini-dtls0-9

11 years agoavoid overflow when receiving DTLS 0.9 CCS
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 08:32:19 +0000 (09:32 +0100)] 
avoid overflow when receiving DTLS 0.9 CCS

11 years agoadded gnutls_ext_set_data() and gnutls_ext_get_data()
Nikos Mavrogiannopoulos [Fri, 20 Mar 2015 07:35:48 +0000 (08:35 +0100)] 
added gnutls_ext_set_data() and gnutls_ext_get_data()

As a side effect the type which holds private data was reduced
from union to void * pointer. That simplifies the exported API
without reducing the options in the internal API.

11 years agomore files to ignore
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 21:04:48 +0000 (22:04 +0100)] 
more files to ignore

11 years agoset GNUTLS_DTLS_VERSION_MIN to be DTLS0.9
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 21:03:22 +0000 (22:03 +0100)] 
set GNUTLS_DTLS_VERSION_MIN to be DTLS0.9

That allows standard DTLS ciphersuites to be used with DTLS0.9

11 years agotests: added test for DTLS 0.9
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:59:06 +0000 (21:59 +0100)] 
tests: added test for DTLS 0.9

11 years agotests: updated mini-extension
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:30:42 +0000 (21:30 +0100)] 
tests: updated mini-extension

11 years agodoc update
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:29:34 +0000 (21:29 +0100)] 
doc update

11 years agomention the new functionality briefly in documentation
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:27:35 +0000 (21:27 +0100)] 
mention the new functionality briefly in documentation

11 years agomention that the registration functions are not thread safe
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:23:29 +0000 (21:23 +0100)] 
mention that the registration functions are not thread safe

11 years agostore a copy of the extensions name
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:22:29 +0000 (21:22 +0100)] 
store a copy of the extensions name

11 years agodeinitialize supplemental data on deinit
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:21:00 +0000 (21:21 +0100)] 
deinitialize supplemental data on deinit

11 years agoremoved unused epoch change callback
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:15:24 +0000 (21:15 +0100)] 
removed unused epoch change callback

11 years agodeinitialize supplemental data on deinit
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:12:27 +0000 (21:12 +0100)] 
deinitialize supplemental data on deinit

11 years agoreduce warnings
Nikos Mavrogiannopoulos [Thu, 19 Mar 2015 20:06:14 +0000 (21:06 +0100)] 
reduce warnings