]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Wed, 20 Aug 2014 11:04:57 +0000 (13:04 +0200)]
renamed rfc2818_hostname to hostname-verify
The file no longer follows RFC2818.
Nikos Mavrogiannopoulos [Wed, 20 Aug 2014 08:51:42 +0000 (10:51 +0200)]
updated minitasn1
Nikos Mavrogiannopoulos [Mon, 18 Aug 2014 13:44:15 +0000 (15:44 +0200)]
Safer reinitialization of structures on re-import to avoid memory leaks.
That also adds the gnutls_pkcs7_t structure into the list of allowed to
re-import.
Nikos Mavrogiannopoulos [Sun, 17 Aug 2014 07:27:26 +0000 (09:27 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 17 Aug 2014 07:25:07 +0000 (09:25 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 16 Aug 2014 20:37:05 +0000 (22:37 +0200)]
Re-initialize the ASN.1 structures on every import
That allows to import a key/certificate on a structure even if the
previous import failed.
Nikos Mavrogiannopoulos [Thu, 14 Aug 2014 09:26:33 +0000 (11:26 +0200)]
gnutls-cli: added --fips140-mode command line option
That option will report the status of the FIPS140-2 mode in the library.
Nikos Mavrogiannopoulos [Thu, 14 Aug 2014 08:11:03 +0000 (10:11 +0200)]
The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140-2 mode
Nikos Mavrogiannopoulos [Wed, 13 Aug 2014 06:13:48 +0000 (08:13 +0200)]
gnutls-cli/danetool: corrected check on ipv6 IPs
Nikos Mavrogiannopoulos [Wed, 13 Aug 2014 06:09:10 +0000 (08:09 +0200)]
Follow the rfc6125 requirement that a single CN must be present for hostname verification.
Follow up on the original commit that simplifies checking for more than a single
hostname.
Nikos Mavrogiannopoulos [Wed, 13 Aug 2014 03:23:53 +0000 (05:23 +0200)]
gnutls-cli/danetool: added a common check for hostname being an IP
Nikos Mavrogiannopoulos [Wed, 13 Aug 2014 03:17:12 +0000 (05:17 +0200)]
Follow the rfc6125 requirement that a single CN must be present for hostname verification.
Nikos Mavrogiannopoulos [Tue, 12 Aug 2014 20:48:04 +0000 (22:48 +0200)]
tests: check that gnutls_x509_crt_check_hostname() will correctly use the last CN when multiple
Nikos Mavrogiannopoulos [Tue, 12 Aug 2014 20:38:58 +0000 (22:38 +0200)]
when checking the hostname of a certificate with multiple CNs use the "most specific" CN
In our case we use the last CN present in the DN. Reported
by David Woodhouse.
https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 15:18:14 +0000 (17:18 +0200)]
gnutls-cli: more organized printing of cipher benchmark output
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 15:12:30 +0000 (17:12 +0200)]
gnutls-cli: removed salsa20 from the benchmarked ciphers
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 13:39:39 +0000 (15:39 +0200)]
bumped current and age version to allow 3.3.x releases with new symbols
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 11:16:02 +0000 (13:16 +0200)]
_gnutls_pkcs12_string_to_key(): enforce a block size of 64-bytes
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 08:05:13 +0000 (10:05 +0200)]
mac_to_entry -> _gnutls_mac_to_entry
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 07:40:24 +0000 (09:40 +0200)]
gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
Nikos Mavrogiannopoulos [Mon, 11 Aug 2014 07:38:23 +0000 (09:38 +0200)]
pkcs12: added check for null OID in gnutls_pkcs12_generate_mac2
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 10:06:31 +0000 (12:06 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 10:06:10 +0000 (12:06 +0200)]
tests: check gnutls_pkcs12_generate_mac2()
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 10:00:31 +0000 (12:00 +0200)]
pkcs12: added gnutls_pkcs12_generate_mac2()
That allows a choice on the MAC algorithm to be used.
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 09:54:42 +0000 (11:54 +0200)]
doc update
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 09:54:10 +0000 (11:54 +0200)]
certtool: --p12-info will provide information on the MAC algorithm
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 09:53:40 +0000 (11:53 +0200)]
pkcs12: added gnutls_pkcs12_mac_info to obtain information on the MAC
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 09:26:34 +0000 (11:26 +0200)]
tests: updated string to keys tests for new internal API
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 09:24:15 +0000 (11:24 +0200)]
tests: test the decoding of a PKCS #12 structure with SHA256 MAC
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 08:28:57 +0000 (10:28 +0200)]
pkcs12: Allow verification with structures that support other than HMAC-SHA1 MACs.
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 08:26:52 +0000 (10:26 +0200)]
tests: remove test for nettle's pbkdf2; this is tested in nettle
Nikos Mavrogiannopoulos [Sun, 10 Aug 2014 08:08:47 +0000 (10:08 +0200)]
updated doc for gnutls_pkcs12_simple_parse()
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 15:38:07 +0000 (17:38 +0200)]
testdane: re-enabled DANE checks and added checks on SMTP
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 15:31:57 +0000 (17:31 +0200)]
danetool: obtain certificate only once
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 13:59:48 +0000 (15:59 +0200)]
pkcs11: modified prototype and doc to be recognized by doc parser
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 11:19:58 +0000 (13:19 +0200)]
doc update
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 08:22:40 +0000 (10:22 +0200)]
danetool/gnutls-cli-debug: added support for imap starttls
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 07:54:09 +0000 (09:54 +0200)]
gnutls-cli-debug: supports SMTP starttls
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 07:43:45 +0000 (09:43 +0200)]
danetool: supports SMTP starttls
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 07:23:43 +0000 (09:23 +0200)]
danetool: improvements in information presentation
Nikos Mavrogiannopoulos [Sat, 9 Aug 2014 07:01:59 +0000 (09:01 +0200)]
libdane: disable debugging mode
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 18:50:55 +0000 (20:50 +0200)]
updated documentation for gnutls_handshake()
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 18:32:02 +0000 (20:32 +0200)]
danetool: if the certificate to verify against is not provide it try to obtain it
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 11:51:40 +0000 (13:51 +0200)]
doc update
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 11:51:31 +0000 (13:51 +0200)]
pbkdf2: removed internal implementation, use nettle's
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 09:25:36 +0000 (11:25 +0200)]
protect _gnutls_params_get_rsa_raw() from crashing when exporting an RSA public key
That could happen in case of PKCS #11 abstract keys.
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 09:14:34 +0000 (11:14 +0200)]
corrected typo
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 08:59:27 +0000 (10:59 +0200)]
p11tool: added --info parameter
That allows obtaining information on a specific object.
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 08:57:10 +0000 (10:57 +0200)]
pkcs11: added GNUTLS_PKCS11_OBJ_ATTR_MATCH flag
This flag allows listing only the tokens that match the URL.
That is, this performs an object URL comparison, rather than
a token URL usage.
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 08:34:34 +0000 (10:34 +0200)]
p11tool: only print the debugging message in debuglevel > 4
Nikos Mavrogiannopoulos [Fri, 8 Aug 2014 07:06:14 +0000 (09:06 +0200)]
pkcs11: check CKA_UNWRAP as well for enabling GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 18:50:24 +0000 (20:50 +0200)]
removed reference to UMAC
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 18:49:24 +0000 (20:49 +0200)]
removed references to SALSA20
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 14:28:47 +0000 (16:28 +0200)]
doc update
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 13:38:48 +0000 (15:38 +0200)]
testpkcs11: rearranged checks to avoid wrong deletions
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 12:19:25 +0000 (14:19 +0200)]
pkcs11: simplified pkcs11_privkey handling
A PKCS #11 always holds an open session to the key.
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 11:40:16 +0000 (13:40 +0200)]
gnutls_pkcs11_flags_get_str -> gnutls_pkcs11_obj_flags_get_str
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 11:11:38 +0000 (13:11 +0200)]
tests: ensure that no environment variables confuse softhsm
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 11:04:22 +0000 (13:04 +0200)]
testpkcs11: test the trusted and ca flags being set
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 08:54:02 +0000 (10:54 +0200)]
pkcs11: added new functions to query the object's flags
gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
and gnutls_pkcs11_flags_get_str() allows printing them.
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 07:16:28 +0000 (09:16 +0200)]
pkcs11.h: introduced gnutls_pkcs11_obj_flags
Nikos Mavrogiannopoulos [Thu, 7 Aug 2014 07:07:22 +0000 (09:07 +0200)]
testpkcs11: exit if export_pubkey_of_privkey fails
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 20:19:58 +0000 (22:19 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 20:09:39 +0000 (22:09 +0200)]
p11tool: simplify the passing of flags and pass the key wrapping flag
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 15:15:16 +0000 (17:15 +0200)]
README: removed gmplib 4.2.2 reference
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 14:43:28 +0000 (16:43 +0200)]
gnutls-cli: TLS benchmark parameters were updated
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:51:55 +0000 (15:51 +0200)]
_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:37:08 +0000 (15:37 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:35:54 +0000 (15:35 +0200)]
changed semantics of gnutls_pkcs11_privkey_get_pubkey; named gnutls_pkcs11_privkey_export_pubkey
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:12:32 +0000 (15:12 +0200)]
gnutls_pkcs11_privkey_get_pubkey: return GNUTLS_E_INVALID_REQUEST on invalid params
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:11:56 +0000 (15:11 +0200)]
p11tool: activate the --batch option
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 13:09:50 +0000 (15:09 +0200)]
testpkcs11: Test the export of public key
Wolfgang Meyer zu Bergsten [Wed, 6 Aug 2014 11:20:24 +0000 (13:20 +0200)]
add public key export to p11tool
Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
Wolfgang Meyer zu Bergsten [Mon, 4 Aug 2014 13:09:05 +0000 (15:09 +0200)]
add pubkey export from private key in pkcs11 subsystem
There are cases where we need to export the public key of private
key at a later time. Previously, the public key was only available
immediately after creation of a key pair. This patch allows to
retrieve the public key of a private key at any time after
creation.
Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 12:49:06 +0000 (14:49 +0200)]
documented flags format
Wolfgang Meyer zu Bergsten [Mon, 4 Aug 2014 13:32:53 +0000 (15:32 +0200)]
improve compatibility in pkcs11 key generation
* add key wrap/unwrap key usage
* explicitly set public exponent in template
Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 11:39:09 +0000 (13:39 +0200)]
gnutls-cli-debug: added AES and CAMELLIA to the list of default ciphers
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 09:33:11 +0000 (11:33 +0200)]
doc update
Nikos Mavrogiannopoulos [Wed, 6 Aug 2014 09:29:41 +0000 (11:29 +0200)]
mention profile in security parameters table
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 12:11:16 +0000 (14:11 +0200)]
Added people who have sent a DCO for gnutls
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:42:56 +0000 (11:42 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:40:29 +0000 (11:40 +0200)]
pkcs12: fixes in decryption with null password
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:23:40 +0000 (11:23 +0200)]
certtool: free unused variables
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:21:52 +0000 (11:21 +0200)]
added missing file
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:03:27 +0000 (11:03 +0200)]
certtool: print more information on PKCS #12 structures.
use gnutls_pkcs12_bag_enc_info to print more information on
encrypted PKCS #12 structures.
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 09:02:30 +0000 (11:02 +0200)]
added new function to obtain information on a PKCS #12 encrypted bag
New function: gnutls_pkcs12_bag_enc_info()
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 08:32:32 +0000 (10:32 +0200)]
doc update
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 00:29:51 +0000 (02:29 +0200)]
certtool: default pkcs-cipher is now 3des as in PKCS #12
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 00:26:52 +0000 (02:26 +0200)]
gnutls_pkcs8_info: will return OID value even on unsupported structures
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 00:12:55 +0000 (02:12 +0200)]
doc: replaced non-0 with non-zero
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 14:45:18 +0000 (16:45 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 14:29:31 +0000 (16:29 +0200)]
simplified decrypt_data() and initialize parameters on decryption
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:58:21 +0000 (14:58 +0200)]
further increase iteration count
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:54:15 +0000 (14:54 +0200)]
certtool: improved PKCS #8 information printing
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:39:57 +0000 (14:39 +0200)]
tests: added more PKCS #8 decoding tests
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:30:21 +0000 (14:30 +0200)]
small fixes and optimizations in PKCS #8 information
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:04:50 +0000 (14:04 +0200)]
doc update
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:03:32 +0000 (14:03 +0200)]
certtool: added --p8-info option
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 12:02:48 +0000 (14:02 +0200)]
added new functions to obtain information on PKCS #8 structures.
Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(),
and gnutls_pkcs_schema_get_oid().
Nikos Mavrogiannopoulos [Mon, 4 Aug 2014 10:21:58 +0000 (12:21 +0200)]
PKCS #8 encryption support was made more compact and manageable