]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Wed, 17 Dec 2014 12:50:52 +0000 (14:50 +0200)]
Added 32-bit overflow protection in _gnutls_buffer_append_data()
Jaak Ristioja [Wed, 17 Dec 2014 11:55:10 +0000 (13:55 +0200)]
Remove redundant condition in align_allocd_with_data().
At all call-sites of align_allocd_with_data() dest->data is non-NULL.
Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
Jaak Ristioja [Wed, 17 Dec 2014 11:55:09 +0000 (13:55 +0200)]
Deduplicated some code in _gnutls_buffer_append_data().
Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
Jaak Ristioja [Wed, 17 Dec 2014 11:55:07 +0000 (13:55 +0200)]
Explicitly marked some variables const in _gnutls_buffer_append_data().
Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
Nikos Mavrogiannopoulos [Wed, 17 Dec 2014 12:37:31 +0000 (14:37 +0200)]
DCO: added Jaak Ristioja
Nikos Mavrogiannopoulos [Tue, 16 Dec 2014 20:36:17 +0000 (22:36 +0200)]
test-ciphers: do not fail on processor which don't have the AES-NI instructions
Nikos Mavrogiannopoulos [Tue, 16 Dec 2014 14:39:24 +0000 (15:39 +0100)]
_gnutls_buffer_*: moved common operations to function
Nikos Mavrogiannopoulos [Tue, 16 Dec 2014 14:35:10 +0000 (15:35 +0100)]
_gnutls_buffer_append_data: moved common code outside the if-clause
Nikos Mavrogiannopoulos [Fri, 12 Dec 2014 17:42:04 +0000 (18:42 +0100)]
tests: disable SSL 3.0 checks with polarssl
It seems that SSL 3.0 is disabled in Debian's polarssl.
Nikos Mavrogiannopoulos [Fri, 12 Dec 2014 17:41:50 +0000 (18:41 +0100)]
testdane: removed www.vulcano.cl from good hosts
Nikos Mavrogiannopoulos [Thu, 4 Dec 2014 13:26:05 +0000 (14:26 +0100)]
tests: enhanced x509cert-tl
Verify gnutls_x509_trust_list_verify_crt2() in combination with
gnutls_x509_trust_list_add_named_crt().
Nikos Mavrogiannopoulos [Thu, 4 Dec 2014 13:21:46 +0000 (14:21 +0100)]
use gnutls_x509_trust_list_verify_named_crt in gnutls_x509_trust_list_verify_crt2
Ludovic Courtès [Fri, 12 Dec 2014 13:24:14 +0000 (14:24 +0100)]
Update 'NEWS'.
Nikos Mavrogiannopoulos [Fri, 12 Dec 2014 08:35:29 +0000 (09:35 +0100)]
gnutls_rnd: doc update
Nikos Mavrogiannopoulos [Fri, 12 Dec 2014 07:48:24 +0000 (08:48 +0100)]
gnutls_pkcs12_simple_parse: doc update
Nikos Mavrogiannopoulos [Fri, 12 Dec 2014 07:26:53 +0000 (08:26 +0100)]
improved documentation on dane
Ludovic Courtès [Thu, 11 Dec 2014 18:06:18 +0000 (19:06 +0100)]
guile: Open binary file in binary mode, for the sake of MinGW.
Reported by Eli Zaretskii <eliz@gnu.org>.
* guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead of
'open-input-file'.
Ludovic Courtès [Thu, 11 Dec 2014 18:04:17 +0000 (19:04 +0100)]
guile: Link with '-no-undefined'.
Fixes builds on MinGW.
Reported by Eli Zaretskii <eliz@gnu.org>.
* guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add
-no-undefined.
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 18:03:28 +0000 (19:03 +0100)]
p11tool: use Sleep() in windows
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 18:01:16 +0000 (19:01 +0100)]
certtool: ensure that default_serial_int is 64-bits or more
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 17:59:27 +0000 (18:59 +0100)]
use select() instead of alarm for better portability
Based on patch by Eli Zaretskii.
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 17:53:21 +0000 (18:53 +0100)]
cross.mk: updated for 3.3.11
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 09:15:54 +0000 (10:15 +0100)]
Allow a random generator with the same priority to re-register
That corrects an issue where the library is deinitialized, and
reinitialization wouldn't register the same rnd module.
Reported by Stanislav Zidek.
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 08:27:58 +0000 (09:27 +0100)]
tests: x509cert: verify that length returned from gnutls_x509_crt_get_dn matches strlen
Nikos Mavrogiannopoulos [Thu, 11 Dec 2014 05:08:33 +0000 (06:08 +0100)]
testcompat: corrected usage of null cipher
Nikos Mavrogiannopoulos [Wed, 10 Dec 2014 14:40:49 +0000 (15:40 +0100)]
added the .check function in FIPS140-2 code
Nikos Mavrogiannopoulos [Mon, 8 Dec 2014 22:30:07 +0000 (23:30 +0100)]
corrected typo
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 09:48:52 +0000 (10:48 +0100)]
configure: added option --without-idn
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 09:46:24 +0000 (10:46 +0100)]
accelerated: added required casts
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 09:40:48 +0000 (10:40 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 09:40:09 +0000 (10:40 +0100)]
the priority string EXPORT is no more
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 09:27:00 +0000 (10:27 +0100)]
aesni-ccm: removed unused struct entries
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 08:41:08 +0000 (09:41 +0100)]
added AESNI accelerated CCM
Nikos Mavrogiannopoulos [Sat, 6 Dec 2014 08:33:20 +0000 (09:33 +0100)]
more nettle3 related changes
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 18:58:42 +0000 (19:58 +0100)]
dane: use the new _gnutls_buffer_to_datum
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 09:36:34 +0000 (10:36 +0100)]
tests: corrected the expected lengths in ocsp
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 09:31:41 +0000 (10:31 +0100)]
_gnutls_buffer_to_datum: includes code for exporting strings
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 09:04:50 +0000 (10:04 +0100)]
when the trusted list contains a non-CA certificate warn via the audit log
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 08:52:40 +0000 (09:52 +0100)]
modified the CCM ciphersuite's name to match the one in the IANA registry
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 08:52:14 +0000 (09:52 +0100)]
ciphersuite test: enhanced check for correct ciphersuites
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 08:35:46 +0000 (09:35 +0100)]
ciphersuites tests: add missing includes
Nikos Mavrogiannopoulos [Fri, 5 Dec 2014 08:00:04 +0000 (09:00 +0100)]
ciphersuite tests: define HAVE_CONFIG_H
Ludovic Courtès [Thu, 4 Dec 2014 21:15:57 +0000 (22:15 +0100)]
guile: Build with warnings.
* guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra
-Wno-unused-parameter.
Ludovic Courtès [Thu, 4 Dec 2014 21:14:57 +0000 (22:14 +0100)]
guile: Remove the deprecated priority API.
* guile/modules/gnutls/build/priorities.scm: Remove.
* guile/src/make-session-priorities.scm: Remove.
* guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly.
* guile/src/Makefile.am (EXTRA_DIST): Likewise.
(GENERATED_BINDINGS): Remove 'priorities.i.c'.
(priorities.i.c): Remove target.
* guile/src/core.c: Don't include it.
(scm_gnutls_set_default_priority_x): Remove.
* guile/modules/gnutls.in (gnutls): Adjust export list.
* guile/tests/session-record-port.scm: Use 'set-session-priorities!'.
* guile/tests/x509-auth.scm: Likewise.
Ludovic Courtès [Thu, 4 Dec 2014 21:15:16 +0000 (22:15 +0100)]
guile: Remove RSA parameters and related procedures.
* guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove.
(%gnutls-smobs): Remove it.
* guile/src/core.c (scm_gnutls_make_rsa_parameters,
scm_gnutls_pkcs1_import_rsa_parameters,
scm_gnutls_pkcs1_export_rsa_parameters,
scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove.
* guile/modules/gnutls.in: Adjust export list.
* guile/tests/openpgp-auth.scm (import-rsa-params): Remove.
Remove references to it and to
'set-certificate-credentials-rsa-export-parameters!'.
* guile/tests/x509-auth.scm: Likewise.
* doc/gnutls-guile.texi (Representation of Binary Data): Remove
references to RSA parameters. Adjust example accordingly.
(OpenPGP Authentication Guile Example): Likewise.
Nikos Mavrogiannopoulos [Thu, 4 Dec 2014 15:05:58 +0000 (16:05 +0100)]
updated TODO list
Nikos Mavrogiannopoulos [Thu, 4 Dec 2014 13:39:03 +0000 (14:39 +0100)]
removed several of the unneeded exported internal symbols
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 09:53:25 +0000 (10:53 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 09:39:51 +0000 (10:39 +0100)]
doc: corrected typo
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 19:21:52 +0000 (20:21 +0100)]
use unsigned long in gcm_cast_st
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 14:43:55 +0000 (15:43 +0100)]
corrected issue in AES-256-GCM
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 14:20:07 +0000 (15:20 +0100)]
tests: enhanced cipher check to include all ciphers.
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 13:56:27 +0000 (14:56 +0100)]
simplified abstractions over nettle based on Niels' comments.
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 10:21:29 +0000 (11:21 +0100)]
API doc update
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 10:20:26 +0000 (11:20 +0100)]
Added test vectors for CCM mode
Nikos Mavrogiannopoulos [Wed, 26 Nov 2014 09:27:23 +0000 (10:27 +0100)]
CCM: corrected AEAD decryption
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 19:27:05 +0000 (20:27 +0100)]
CCM mode moved to the lowest priority
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 18:42:10 +0000 (19:42 +0100)]
aes-gcm-aead.h: generalized
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 16:57:15 +0000 (17:57 +0100)]
gnutls-cli: added benchmark for CCM
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 16:46:55 +0000 (17:46 +0100)]
tests: updated for AES-128-CCM ciphersuites
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 16:27:03 +0000 (17:27 +0100)]
use the new AEAD API in gnutls_cipher.c
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 16:04:25 +0000 (17:04 +0100)]
Added definitions for CCM ciphersuites
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 15:02:25 +0000 (16:02 +0100)]
Modified crypto backend to accomodate for the CCM ciphersuites
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 09:54:55 +0000 (10:54 +0100)]
More nettle2 updates (in FIPS140-2 mode)
Nikos Mavrogiannopoulos [Sun, 23 Nov 2014 21:58:41 +0000 (22:58 +0100)]
ported to nettle 3.0
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 09:10:05 +0000 (10:10 +0100)]
reduced current soversion
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 09:06:32 +0000 (10:06 +0100)]
documented the removal of deprecated functions
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:53:52 +0000 (09:53 +0100)]
corrected comparison
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:49:24 +0000 (09:49 +0100)]
removed the old gnutls_retr_st compatibility functions
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:45:19 +0000 (09:45 +0100)]
Removed binary compatibility with RSA-EXPORT using applications
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:41:33 +0000 (09:41 +0100)]
removed the old priority functions
That is:
gnutls_cipher_set_priority
gnutls_mac_set_priority
gnutls_compression_set_priority
gnutls_kx_set_priority
gnutls_protocol_set_priority
gnutls_certificate_type_set_priority
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:37:55 +0000 (09:37 +0100)]
removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:35:26 +0000 (09:35 +0100)]
gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:32:21 +0000 (09:32 +0100)]
renumbered fields in gnutls.h
Nikos Mavrogiannopoulos [Wed, 3 Dec 2014 08:28:10 +0000 (09:28 +0100)]
increased gnutls' soversion
Nikos Mavrogiannopoulos [Tue, 2 Dec 2014 09:50:45 +0000 (10:50 +0100)]
if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed
Nikos Mavrogiannopoulos [Sun, 30 Nov 2014 21:17:31 +0000 (22:17 +0100)]
tests: Added check for verification using CRLs
Nikos Mavrogiannopoulos [Sun, 30 Nov 2014 20:44:10 +0000 (21:44 +0100)]
Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation()
Reported by Tim Rühsen.
Nikos Mavrogiannopoulos [Sat, 29 Nov 2014 14:27:34 +0000 (15:27 +0100)]
systemkey: updated for new gnutls_system_key_iter_get_info
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 15:16:19 +0000 (16:16 +0100)]
gnutls_system_key_iter_get_info() allows restricting results to a specific certificate type
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 15:12:31 +0000 (16:12 +0100)]
removed unneeded variable
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 13:39:58 +0000 (14:39 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 12:18:49 +0000 (13:18 +0100)]
doc: added recommendation to use the higher level functions to load keys
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 09:40:34 +0000 (10:40 +0100)]
certtool: avoid gcc warnings
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 10:47:56 +0000 (11:47 +0100)]
gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 09:32:22 +0000 (10:32 +0100)]
gnutls_session_get_desc: allow proper printing of the NULL KX
Nikos Mavrogiannopoulos [Fri, 28 Nov 2014 08:30:04 +0000 (09:30 +0100)]
gnutls_session_get_desc will return NULL if initial negotiation is not complete
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 22:17:29 +0000 (23:17 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 22:16:04 +0000 (23:16 +0100)]
tests: small fix in mini-chain-unsorted
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 21:39:08 +0000 (22:39 +0100)]
GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from gnutls_pcert_import_x509_list
That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT is specified.
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 15:28:10 +0000 (16:28 +0100)]
gnutls_pcert_import_x509_list: only sort the lists it can sort
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 15:12:33 +0000 (16:12 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 15:10:44 +0000 (16:10 +0100)]
simplified windows URLs
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 15:08:46 +0000 (16:08 +0100)]
system-keys-win: include urls.h
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 15:06:46 +0000 (16:06 +0100)]
tests: added mini-chain-unsorted
Nikos Mavrogiannopoulos [Thu, 27 Nov 2014 14:06:11 +0000 (15:06 +0100)]
Added flag GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import*
That also allows automatically sorting input chains to the
gnutls_certificate_credentials_t structure.
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 20:53:03 +0000 (21:53 +0100)]
tests: Added check for memory leaks when a file cannot be loaded.
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 20:52:23 +0000 (21:52 +0100)]
gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed
Reported by Georg Richter.
Nikos Mavrogiannopoulos [Tue, 25 Nov 2014 19:33:15 +0000 (20:33 +0100)]
libdane: undef gnutls_assert() before redefining it
Nikos Mavrogiannopoulos [Mon, 24 Nov 2014 21:39:23 +0000 (22:39 +0100)]
gnutls-cli-debug: do not print error on unknown protocols