]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
11 years agopkcs11: pass the correct user type to protected authentication login
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:01:57 +0000 (19:01 +0100)] 
pkcs11: pass the correct user type to protected authentication login

11 years agodoc: corrected values for INSECURE level
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 09:22:11 +0000 (10:22 +0100)] 
doc: corrected values for INSECURE level

11 years agopkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:55:40 +0000 (08:55 +0100)] 
pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags

11 years agopkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:44:46 +0000 (08:44 +0100)] 
pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH

11 years agopkcs11: perform reauth at the appropriate state
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:54:41 +0000 (07:54 +0100)] 
pkcs11: perform reauth at the appropriate state

11 years agopkcs11_login: set the correct user type on reauthentication
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:49:54 +0000 (07:49 +0100)] 
pkcs11_login: set the correct user type on reauthentication

11 years agoapplied patch by A. Klitzing to improve compatibile with some apple systems
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:35:21 +0000 (21:35 +0100)] 
applied patch by A. Klitzing to improve compatibile with some apple systems

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years agopkcs11: force login on tokens that require it
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:30:31 +0000 (21:30 +0100)] 
pkcs11: force login on tokens that require it

11 years agopkcs11: always set slot_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:36:09 +0000 (20:36 +0100)] 
pkcs11: always set slot_info

11 years agotestcompat-openssl: disable SSL 3.0 as it is not supported on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:25:39 +0000 (20:25 +0100)] 
testcompat-openssl: disable SSL 3.0 as it is not supported on debian

11 years agofixed polarssl compatibility checks on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:21:15 +0000 (20:21 +0100)] 
fixed polarssl compatibility checks on debian

11 years agopkcs11: eliminated the need for struct token_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:13:58 +0000 (20:13 +0100)] 
pkcs11: eliminated the need for struct token_info

11 years agoadded support for PKCS #11 keys that require reauthentication and simplified pkcs11_login
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 18:51:04 +0000 (19:51 +0100)] 
added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login

11 years agognutls-cli-debug: clarified text
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 15:49:53 +0000 (16:49 +0100)] 
gnutls-cli-debug: clarified text

11 years agotests: separated the two testcompat tests (openssl/polarssl)
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:46:27 +0000 (15:46 +0100)] 
tests: separated the two testcompat tests (openssl/polarssl)

11 years agoadded missing comma
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 21:27:43 +0000 (22:27 +0100)] 
added missing comma

11 years agognutls-cli-debug: corrected heartbeat check
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 20:50:45 +0000 (21:50 +0100)] 
gnutls-cli-debug: corrected heartbeat check

11 years agognutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)] 
gnutls-cli-debug: fixes in tests to prevent false negatives

11 years agognutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)] 
gnutls-cli-debug: fixes in tests to prevent false negatives

11 years agotests: added interoperability tests with openssl's PSK
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:37:42 +0000 (15:37 +0100)] 
tests: added interoperability tests with openssl's PSK

11 years agocorrected calculation for max send data and other uses of _gnutls_cipher_type()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:13:55 +0000 (14:13 +0100)] 
corrected calculation for max send data and other uses of _gnutls_cipher_type()

11 years agomodernized cipher table
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:07:46 +0000 (14:07 +0100)] 
modernized cipher table

11 years agoFix double-free in gnutls_pkcs12_simple_parse()
Chen Hongzhi [Wed, 5 Nov 2014 11:10:43 +0000 (19:10 +0800)] 
Fix double-free in gnutls_pkcs12_simple_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
11 years agosimplified checks for EtM
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:21:39 +0000 (13:21 +0100)] 
simplified checks for EtM

11 years agotests: enhanced test to check the return value of gnutls_record_send()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:17:31 +0000 (13:17 +0100)] 
tests: enhanced test to check the return value of gnutls_record_send()

11 years agotests: Added unit tests for gnutls_certificate_get_ours in mini-x509-2
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 10:34:05 +0000 (11:34 +0100)] 
tests: Added unit tests for gnutls_certificate_get_ours in mini-x509-2

11 years agointroduced GNUTLS_MAX_SESSION_ID_SIZE
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 09:47:56 +0000 (10:47 +0100)] 
introduced GNUTLS_MAX_SESSION_ID_SIZE

11 years agomytexi2latex: handle na@"ive
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 20:54:49 +0000 (21:54 +0100)] 
mytexi2latex: handle na@"ive

11 years agoCleaning up some awkward phrasings.
Chris Barry [Tue, 4 Nov 2014 18:17:20 +0000 (13:17 -0500)] 
Cleaning up some awkward phrasings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years agotests: Added test for MAC verification checks
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:56:27 +0000 (19:56 +0100)] 
tests: Added test for MAC verification checks

11 years agoEtM fixes: it only applies to block ciphers
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:27:24 +0000 (19:27 +0100)] 
EtM fixes: it only applies to block ciphers

11 years agognutls-cli-debug: reorganized output
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 16:05:20 +0000 (17:05 +0100)] 
gnutls-cli-debug: reorganized output

11 years agomoved the HTTPS server name outside of verbose tests; only run when the HTTPS protoco...
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 15:55:12 +0000 (16:55 +0100)] 
moved the HTTPS server name outside of verbose tests; only run when the HTTPS protocol is used

11 years agoenhanced gnutls-cli-debug verbose output (uses files for mass text)
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 13:44:27 +0000 (14:44 +0100)] 
enhanced gnutls-cli-debug verbose output (uses files for mass text)

11 years agognutls-cli-debug: Added tests for EtM and extended master secret support
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:44:55 +0000 (13:44 +0100)] 
gnutls-cli-debug: Added tests for EtM and extended master secret support

In addition reworked the output for existing tests.

11 years agotools: only warn of an error if it is fatal
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:37:01 +0000 (13:37 +0100)] 
tools: only warn of an error if it is fatal

11 years agotestcompat: increased the number of test cases checked
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:32:31 +0000 (13:32 +0100)] 
testcompat: increased the number of test cases checked

11 years agoupdated text
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:20:07 +0000 (11:20 +0100)] 
updated text

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:22:30 +0000 (09:22 +0100)] 
doc update

11 years agotestcompat-polarssl: try to run the test only if polarssl binaries are available
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:16:52 +0000 (09:16 +0100)] 
testcompat-polarssl: try to run the test only if polarssl binaries are available

11 years agotestcompat: check the PSK ciphersuite interoperability against polarssl
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:13:13 +0000 (09:13 +0100)] 
testcompat: check the PSK ciphersuite interoperability against polarssl

11 years agotestcompat: added interop tests with polarssl
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:31:47 +0000 (17:31 +0100)] 
testcompat: added interop tests with polarssl

11 years agodoc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport...
Jaak Ristioja [Mon, 3 Nov 2014 19:28:28 +0000 (21:28 +0200)] 
doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years agodoc: Fixed typo in inline comment of gnutls_transport_set_errno().
Jaak Ristioja [Mon, 3 Nov 2014 19:28:27 +0000 (21:28 +0200)] 
doc: Fixed typo in inline comment of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years agodoc update
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:04:30 +0000 (17:04 +0100)] 
doc update

11 years agoAdded support for RFC7366 (encrypt then authenticate)
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 13:23:48 +0000 (14:23 +0100)] 
Added support for RFC7366 (encrypt then authenticate)

It implements a revised version of RFC7366, to avoid interoperability
issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html
This is currently enabled by default, unless %NO_ETM, or %COMPAT
is specified.

11 years agoMade AEAD type an alternative to stream and block
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 12:21:31 +0000 (13:21 +0100)] 
Made AEAD type an alternative to stream and block

That way the terminology becomes closer to the TLS rfc.

11 years agoupdated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET
Nikos Mavrogiannopoulos [Sun, 2 Nov 2014 14:55:17 +0000 (15:55 +0100)] 
updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:46:25 +0000 (11:46 +0100)] 
doc update

11 years agotests: Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 + PIN
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:43:05 +0000 (11:43 +0100)] 
tests: Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 + PIN

11 years agomore files to ignore
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:41:05 +0000 (11:41 +0100)] 
more files to ignore

11 years agowhen calling gnutls_x509_crt_get_subject_key_id set the id_size
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 08:59:23 +0000 (09:59 +0100)] 
when calling gnutls_x509_crt_get_subject_key_id set the id_size

11 years agodeinitialize the temporary spki data
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 06:44:29 +0000 (07:44 +0100)] 
deinitialize the temporary spki data

11 years agotests: added test for gnutls_global_init after all descriptors are closed
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 21:01:43 +0000 (22:01 +0100)] 
tests: added test for gnutls_global_init after all descriptors are closed

11 years agocorrected check for urandom fd
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:42:21 +0000 (21:42 +0100)] 
corrected check for urandom fd

11 years agotests: dtls-stress: fix issues in the suite
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:35:49 +0000 (21:35 +0100)] 
tests: dtls-stress: fix issues in the suite

11 years agoDo not require a PIN callback in the certificate credentials when a password is specified
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 14:17:15 +0000 (15:17 +0100)] 
Do not require a PIN callback in the certificate credentials when a password is specified

11 years agodoc update
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 13:05:32 +0000 (14:05 +0100)] 
doc update

11 years agocorrected exit state from gnutls_global_init
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:46:24 +0000 (09:46 +0100)] 
corrected exit state from gnutls_global_init

11 years agoupdated text for gnutls_fd_in_use() to account the new behavior
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:40:26 +0000 (09:40 +0100)] 
updated text for gnutls_fd_in_use() to account the new behavior

11 years agodropped gnutls_fd_in_use, it is no longer necessary
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:34:15 +0000 (09:34 +0100)] 
dropped gnutls_fd_in_use, it is no longer necessary

11 years agoWhen gnutls_global_init() is called manually from the application check the urandom...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:32:16 +0000 (09:32 +0100)] 
When gnutls_global_init() is called manually from the application check the urandom fd for validity

That addresses the issue where a server closes all open file descriptors
and then calls gnutls_global_init().

11 years agoAdded support for getentropy() and reworked getrandom support
Nikos Mavrogiannopoulos [Thu, 30 Oct 2014 10:15:20 +0000 (11:15 +0100)] 
Added support for getentropy() and reworked getrandom support

11 years ago_gnutls_dh_generate_key() will account the q_bits
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:17:45 +0000 (16:17 +0100)] 
_gnutls_dh_generate_key() will account the q_bits

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:44 +0000 (16:09 +0100)] 
doc update

11 years agoAdded gnutls_dh_params_import_raw2(), which allows to specify the number of bits...
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:23 +0000 (16:09 +0100)] 
Added gnutls_dh_params_import_raw2(), which allows to specify the number of bits for key size

11 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:08:21 +0000 (15:08 +0100)] 
doc update

11 years agouse Linux' getrandom() when available
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:06:34 +0000 (15:06 +0100)] 
use Linux' getrandom() when available

11 years agouse the random rnd context when refreshing the nonce context
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 23:18:15 +0000 (00:18 +0100)] 
use the random rnd context when refreshing the nonce context

That avoids frequent reads from /dev/urandom.

11 years agodo not explicitly refresh rnd state on session deinit
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:43:04 +0000 (10:43 +0100)] 
do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

11 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:40:53 +0000 (10:40 +0100)] 
doc update

11 years agoincrease the reseed time
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:37:47 +0000 (10:37 +0100)] 
increase the reseed time

11 years agotests: enhance cipher test to include tag verification error
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:42:45 +0000 (07:42 +0100)] 
tests: enhance cipher test to include tag verification error

11 years agobetter documented the new API
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:38:22 +0000 (07:38 +0100)] 
better documented the new API

11 years agoharmonise variable names
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:32:41 +0000 (07:32 +0100)] 
harmonise variable names

11 years agodisable hardware acceleration by default in solaris
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 22:09:34 +0000 (00:09 +0200)] 
disable hardware acceleration by default in solaris

11 years agoImproved support of draft-ietf-tls-session-hash-02.
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 19:25:11 +0000 (21:25 +0200)] 
Improved support of draft-ietf-tls-session-hash-02.

Now the session hash is calculated correctly even when a
client certificate is sent. That is, the session hash now
does not take into account the CertificateVerify message.

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:28:34 +0000 (15:28 +0200)] 
doc update

11 years agodoc update
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:24:56 +0000 (15:24 +0200)] 
doc update

11 years agodoc: list the AEAD API
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 13:01:56 +0000 (15:01 +0200)] 
doc: list the AEAD API

11 years agoAdded a new simple to use AEAD API
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 12:55:48 +0000 (14:55 +0200)] 
Added a new simple to use AEAD API

11 years agothe openssl compatibility library isn't built by default
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:36:13 +0000 (10:36 +0200)] 
the openssl compatibility library isn't built by default

11 years agodo not use the ifdef directive in assembly files, as it isn't portable
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:30:33 +0000 (10:30 +0200)] 
do not use the ifdef directive in assembly files, as it isn't portable

11 years agoeliminate IV size usage in TLS encryption/decryption; it was a remnant of salsa20
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 12:45:15 +0000 (14:45 +0200)] 
eliminate IV size usage in TLS encryption/decryption; it was a remnant of salsa20

11 years agocorrected likely macro usage
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 09:12:10 +0000 (11:12 +0200)] 
corrected likely macro usage

Spotted by Manuel Pégourié-Gonnard.

11 years agoremoved support for SALSA20 and for stream ciphers with IV
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 08:41:04 +0000 (10:41 +0200)] 
removed support for SALSA20 and for stream ciphers with IV

The proposal was not adopted by the TLS WG, and the AEAD path
will be used.

11 years agoAdded priority string %NO_TICKETS that disables session ticket support
Nikos Mavrogiannopoulos [Fri, 24 Oct 2014 08:27:20 +0000 (10:27 +0200)] 
Added priority string %NO_TICKETS that disables session ticket support

This is implied by the priority string PFS.

11 years agodo not negotiate nor use the 'extended master secret' in SSL 3.0
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 21:42:45 +0000 (23:42 +0200)] 
do not negotiate nor use the 'extended master secret' in SSL 3.0

According to Alfredo Pironti support for that protocol will be dropped
from the draft.

11 years agocompile 3.3.9 by default
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:18:10 +0000 (22:18 +0200)] 
compile 3.3.9 by default

11 years agoalways send the mandatory extensions (even in SSL 3.0)
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 08:44:23 +0000 (10:44 +0200)] 
always send the mandatory extensions (even in SSL 3.0)

The only way to force no extensions and usage of SCSVs is the
%NO_EXTENSIONS priority string.

11 years agoEXT MASTER SECRET moved to mandatory extensions
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 08:40:42 +0000 (10:40 +0200)] 
EXT MASTER SECRET moved to mandatory extensions

11 years agocheck and use libnsl (used in solaris)
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:52:36 +0000 (09:52 +0200)] 
check and use libnsl (used in solaris)

11 years agoupdated asm sources
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:41:36 +0000 (09:41 +0200)] 
updated asm sources

11 years agoupdated perl asm sources
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:40:31 +0000 (09:40 +0200)] 
updated perl asm sources

11 years agouse the GNU-stack note in linux systems
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:36:05 +0000 (09:36 +0200)] 
use the GNU-stack note in linux systems

11 years agoupdated gnulib
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:18:23 +0000 (09:18 +0200)] 
updated gnulib

11 years agotests: check the issuer value validity of gnutls_x509_trust_list_get_issuer
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:49:20 +0000 (08:49 +0200)] 
tests: check the issuer value validity of gnutls_x509_trust_list_get_issuer

11 years agocorrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_...
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:47:27 +0000 (08:47 +0200)] 
corrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_GET_COPY flag

11 years agotests: include minitasn1 when needed
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:15:30 +0000 (22:15 +0200)] 
tests: include minitasn1 when needed

11 years agouse HAVE_DANE ifdef for unused functions
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:05:16 +0000 (22:05 +0200)] 
use HAVE_DANE ifdef for unused functions