]> git.ipfire.org Git - thirdparty/gnutls.git/log
thirdparty/gnutls.git
12 years agoAdded support for constructors and destructors in solaris CC.
Nikos Mavrogiannopoulos [Sat, 3 May 2014 06:08:35 +0000 (08:08 +0200)] 
Added support for constructors and destructors in solaris CC.

12 years agoUpdated dieharder tests.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 13:44:24 +0000 (15:44 +0200)] 
Updated dieharder tests.

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 2 May 2014 13:22:26 +0000 (15:22 +0200)] 
doc update

12 years agoinclude header for self-test functions
Nikos Mavrogiannopoulos [Fri, 2 May 2014 12:51:50 +0000 (14:51 +0200)] 
include header for self-test functions

12 years agoAllow testrng test to run with older versions of dieharder.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 08:06:33 +0000 (10:06 +0200)] 
Allow testrng test to run with older versions of dieharder.

12 years agosimplify casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 07:10:49 +0000 (09:10 +0200)] 
simplify casting to mpz_t using __mpz_struct and cleaned up mpz_t access.

12 years agosimplify casting to mpz_t using __mpz_struct.
Nikos Mavrogiannopoulos [Fri, 2 May 2014 07:10:49 +0000 (09:10 +0200)] 
simplify casting to mpz_t using __mpz_struct.

12 years agoupdated included libtasn1.
Nikos Mavrogiannopoulos [Thu, 1 May 2014 21:14:16 +0000 (23:14 +0200)] 
updated included libtasn1.

12 years agoDo not return from void functions. Reported by dev [at] cor0.com.
Nikos Mavrogiannopoulos [Thu, 1 May 2014 14:17:00 +0000 (16:17 +0200)] 
Do not return from void functions. Reported by dev [at] cor0.com.

12 years agoremoved return from void function.
Nikos Mavrogiannopoulos [Wed, 30 Apr 2014 07:40:35 +0000 (09:40 +0200)] 
removed return from void function.

12 years agoupdated prng test
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 21:14:34 +0000 (23:14 +0200)] 
updated prng test

12 years agoTest the random generators in gnutls using the dieharder tool.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 20:36:25 +0000 (22:36 +0200)] 
Test the random generators in gnutls using the dieharder tool.

12 years agouse different db file for pkcs11-get-issuer.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:22:31 +0000 (15:22 +0200)] 
use different db file for pkcs11-get-issuer.

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:16:25 +0000 (15:16 +0200)] 
doc update

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:12:51 +0000 (15:12 +0200)] 
doc update

12 years agoAdded test to verify whether gnutls_x509_trust_list_get_issuer() operates correctly...
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:06:24 +0000 (15:06 +0200)] 
Added test to verify whether gnutls_x509_trust_list_get_issuer() operates correctly under PKCS #11 trust list.

12 years agognutls_x509_trust_list_get_issuer() will work correctly with a PKCS #11 trust list.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:05:30 +0000 (15:05 +0200)] 
gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS #11 trust list.

12 years agoinitialize the size value
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 13:00:21 +0000 (15:00 +0200)] 
initialize the size value

12 years agoInclude the correct header for the self tests functions
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 12:45:56 +0000 (14:45 +0200)] 
Include the correct header for the self tests functions

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:51:39 +0000 (11:51 +0200)] 
doc update

12 years agoremoved redundant code. Reported by David Binderman.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:49:25 +0000 (11:49 +0200)] 
removed redundant code. Reported by David Binderman.

12 years agoincreased MAX_DATA_ENTRIES to 100.
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:28:28 +0000 (11:28 +0200)] 
increased MAX_DATA_ENTRIES to 100.

12 years agorearranged code
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:24:03 +0000 (11:24 +0200)] 
rearranged code

12 years agoonly fail DANE verification if status is non-zero
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:17:04 +0000 (11:17 +0200)] 
only fail DANE verification if status is non-zero

12 years agoAccept a certificate using DANE if there is at least one entry that matches the certi...
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 09:10:07 +0000 (11:10 +0200)] 
Accept a certificate using DANE if there is at least one entry that matches the certificate.

This corrects the previous behavior that was rejecting the certificate if there
were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO
is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:50:22 +0000 (10:50 +0200)] 
doc update

12 years agoDo not deinitialize in gnutls_global_deinit() if the call to gnutls_global_init(...
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:05:21 +0000 (10:05 +0200)] 
Do not deinitialize in gnutls_global_deinit() if the call to gnutls_global_init() failed.

12 years agoAlternative fix for the initialization of random generator. Reported by Martin Kletza...
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 08:00:28 +0000 (10:00 +0200)] 
Alternative fix for the initialization of random generator. Reported by Martin Kletzander.

12 years agoRevert "Avoid dual initialization of random generator. Reported by Martin Kletzander."
Nikos Mavrogiannopoulos [Mon, 28 Apr 2014 07:56:10 +0000 (09:56 +0200)] 
Revert "Avoid dual initialization of random generator. Reported by Martin Kletzander."

This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.

12 years agox86.h was renamed to x86-common.h to avoid clashes with system headers.
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 17:34:38 +0000 (19:34 +0200)] 
x86.h was renamed to x86-common.h to avoid clashes with system headers.

12 years agodoc update
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 17:31:27 +0000 (19:31 +0200)] 
doc update

12 years agoAvoid dual initialization of random generator. Reported by Martin Kletzander.
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 16:59:02 +0000 (18:59 +0200)] 
Avoid dual initialization of random generator. Reported by Martin Kletzander.

12 years agoTest for the existance of the /etc/system-fips file
Kurt Roeckx [Sat, 19 Apr 2014 17:46:18 +0000 (19:46 +0200)] 
Test for the existance of the /etc/system-fips file

We don't read it, the existance of the file is enough to say in what
mode we are.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12 years agoAdd _gnutls_fips_mode_enabled() return values.
Kurt Roeckx [Sat, 19 Apr 2014 17:46:17 +0000 (19:46 +0200)] 
Add _gnutls_fips_mode_enabled() return values.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12 years agoTypo fix: overriden -> overridden
Andreas Metzler [Sat, 19 Apr 2014 18:07:26 +0000 (20:07 +0200)] 
Typo fix: overriden -> overridden

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12 years agoUse unsigned type for encode(). Based on suggestion by Shawn (sth0r2046 [at] gmail...
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 16:02:45 +0000 (18:02 +0200)] 
Use unsigned type for encode(). Based on suggestion by Shawn (sth0r2046 [at] gmail.com).

12 years agotolerate NULL in strdup(). Patch by shawn (sth0r2046 [at] gmail.com).
Nikos Mavrogiannopoulos [Sun, 27 Apr 2014 15:59:19 +0000 (17:59 +0200)] 
tolerate NULL in strdup(). Patch by shawn (sth0r2046 [at] gmail.com).

12 years agoAllow exporting a CRL in DER format.
Nikos Mavrogiannopoulos [Sat, 26 Apr 2014 09:47:11 +0000 (11:47 +0200)] 
Allow exporting a CRL in DER format.

12 years agocleaned up authors and thanks file.
Nikos Mavrogiannopoulos [Fri, 25 Apr 2014 13:42:53 +0000 (15:42 +0200)] 
cleaned up authors and thanks file.

12 years agoMore script tests run under valgrind
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:52:55 +0000 (18:52 +0200)] 
More script tests run under valgrind

12 years agoRun scripts under valgrind.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:44:37 +0000 (18:44 +0200)] 
Run scripts under valgrind.

12 years agoTreat othername as printable (i.e., null terminate it), as the XMPP printing code...
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:32:07 +0000 (18:32 +0200)] 
Treat othername as printable (i.e., null terminate it), as the XMPP printing code assumes that.

12 years agocleanups in output
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 16:28:04 +0000 (18:28 +0200)] 
cleanups in output

12 years agodo not override gnutls' allocation functions
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 13:04:54 +0000 (15:04 +0200)] 
do not override gnutls' allocation functions

That was not being done using the API, and overriding them
is no longer possible in 3.3.x.

12 years agorelased 3.3.1 gnutls_3_3_1
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 11:10:51 +0000 (13:10 +0200)] 
relased 3.3.1

12 years agochanged port to allow parallelization
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 11:02:57 +0000 (13:02 +0200)] 
changed port to allow parallelization

12 years agognutls_secure_malloc() is no longer part of the API (though it remains in the ABI).
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:56:09 +0000 (12:56 +0200)] 
gnutls_secure_malloc() is no longer part of the API (though it remains in the ABI).

12 years agorevived gnutls_secure_malloc() to avoid breaking ABI.
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:51:20 +0000 (12:51 +0200)] 
revived gnutls_secure_malloc() to avoid breaking ABI.

gnutls_secure_calloc() is no longer exported as it was never in any
public header.

12 years agoremoved file from Makefile that doesn't exist
Nikos Mavrogiannopoulos [Sat, 19 Apr 2014 10:45:33 +0000 (12:45 +0200)] 
removed file from Makefile that doesn't exist

12 years agognutls-cli will no longer allow the session to proceed if DANE verification fails.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:21:45 +0000 (01:21 +0200)] 
gnutls-cli will no longer allow the session to proceed if DANE verification fails.

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:17:59 +0000 (01:17 +0200)] 
doc update

12 years agoAdded test certificate with multiple XMPP othername SAN fields.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:15:57 +0000 (01:15 +0200)] 
Added test certificate with multiple XMPP othername SAN fields.

12 years agoCorrected decoding of XMPP SAN othername.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 23:09:21 +0000 (01:09 +0200)] 
Corrected decoding of XMPP SAN othername.

This also corrects the semantics of the get_*_othername_oid() functions,
such as gnutls_x509_crt_get_subject_alt_othername_oid().

12 years agoalways initialize size values
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 21:34:57 +0000 (23:34 +0200)] 
always initialize size values

12 years agocopy_string() and copy_data() are more resilient on null input
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 21:11:25 +0000 (23:11 +0200)] 
copy_string() and copy_data() are more resilient on null input

12 years agoincreased server startup wait time.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 18:46:14 +0000 (20:46 +0200)] 
increased server startup wait time.

That is because we now check for key/certificate match via a sign/verify
request that may take longer in some systems. Based on patch by Andreas
Metzler.

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 14:37:42 +0000 (16:37 +0200)] 
doc update

12 years agofix issue in gnutls_subject_alt_names_get().
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 14:30:09 +0000 (16:30 +0200)] 
fix issue in gnutls_subject_alt_names_get().

That caused a null pointer dereference when extracting names
from a certificate that contained an OtherName. Reported and
investigated by Kirill A. Shutemov.

12 years agoRemoved the already unused secure alloc functions.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 13:57:41 +0000 (15:57 +0200)] 
Removed the already unused secure alloc functions.

12 years agoUse a harder to optimize out memset().
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 13:55:37 +0000 (15:55 +0200)] 
Use a harder to optimize out memset().

12 years agofix typo
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 12:53:33 +0000 (14:53 +0200)] 
fix typo

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 12:41:24 +0000 (14:41 +0200)] 
doc update

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 11:27:09 +0000 (13:27 +0200)] 
doc update

12 years agocorrected get_auth_info() for SRP-RSA.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:36:24 +0000 (12:36 +0200)] 
corrected get_auth_info() for SRP-RSA.

12 years agoinclude hint into psk test.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:18:01 +0000 (12:18 +0200)] 
include hint into psk test.

12 years agoAvoid dual generation of key.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:17:29 +0000 (12:17 +0200)] 
Avoid dual generation of key.

12 years agoEnable hint in the rsa-psk test.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:13:08 +0000 (12:13 +0200)] 
Enable hint in the rsa-psk test.

12 years agouse custom proc_server_kx for RSA-PSK
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:12:48 +0000 (12:12 +0200)] 
use custom proc_server_kx for RSA-PSK

12 years agoeliminated the leak of hint when deallocating the credentials.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 10:02:39 +0000 (12:02 +0200)] 
eliminated the leak of hint when deallocating the credentials.

12 years ago_gnutls_auth_info_set() will decide the replacing of auth info based on the provided...
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:57:23 +0000 (11:57 +0200)] 
_gnutls_auth_info_set() will decide the replacing of auth info based on the provided credentials type.

This avoids issues with discrepances in server and client mode.

12 years agoMade _gnutls_get_auth_info() safer to use.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:25:47 +0000 (11:25 +0200)] 
Made _gnutls_get_auth_info() safer to use.

12 years agoBoth DANE and PKI verification are advisory when --tofu is being used.
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 09:02:38 +0000 (11:02 +0200)] 
Both DANE and PKI verification are advisory when --tofu is being used.

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 08:44:27 +0000 (10:44 +0200)] 
doc update

12 years agoWhen checking for data to be received use the 'transport_recv_ptr'
Nikos Mavrogiannopoulos [Fri, 18 Apr 2014 08:40:49 +0000 (10:40 +0200)] 
When checking for data to be received use the 'transport_recv_ptr'

This affects cases where there is different send and recv pointers.
Reported and investigated by JMRecio.

12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:23:06 +0000 (21:23 +0200)] 
doc update

12 years agodocumentation update.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:19:14 +0000 (21:19 +0200)] 
documentation update.

12 years agoDo not print certificates twice.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:18:08 +0000 (21:18 +0200)] 
Do not print certificates twice.

That will improve the visibility of messages of the various verification methods.

12 years agoUpdated TOFU documentation. Suggested by Jens Lechtenboerger.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 19:17:29 +0000 (21:17 +0200)] 
Updated TOFU documentation. Suggested by Jens Lechtenboerger.

12 years agoadded newlines to p11tool error messages
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 15:46:38 +0000 (17:46 +0200)] 
added newlines to p11tool error messages

12 years agodoc update
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 14:47:36 +0000 (16:47 +0200)] 
doc update

12 years agocorrected uninitialized value
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 13:16:28 +0000 (15:16 +0200)] 
corrected uninitialized value

12 years agoremoved conditionally exported functions.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:36:51 +0000 (14:36 +0200)] 
removed conditionally exported functions.

12 years agoAdded self check functions to self-test.h.
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:27:10 +0000 (14:27 +0200)] 
Added self check functions to self-test.h.

12 years agobumped versions
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 12:12:49 +0000 (14:12 +0200)] 
bumped versions

12 years agouse MAX_CHAIN definition to avoid overflow issues in the future
Nikos Mavrogiannopoulos [Thu, 17 Apr 2014 07:46:14 +0000 (09:46 +0200)] 
use MAX_CHAIN definition to avoid overflow issues in the future

12 years agoincreased the space available for certificates.
Nikos Mavrogiannopoulos [Wed, 16 Apr 2014 22:08:27 +0000 (00:08 +0200)] 
increased the space available for certificates.

That avoids a crash in sparc64; reported by Andreas Metzler.

12 years agodoc update
Nikos Mavrogiannopoulos [Wed, 16 Apr 2014 21:08:52 +0000 (23:08 +0200)] 
doc update

12 years agoseveral bug fixes in certtool.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:07:30 +0000 (14:07 +0200)] 
several bug fixes in certtool.

12 years agouse the same cflags for included programs as with library.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:03:08 +0000 (14:03 +0200)] 
use the same cflags for included programs as with library.

12 years agoCorrected dane_verify_crt() to not deinitialize any input state.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 12:01:28 +0000 (14:01 +0200)] 
Corrected dane_verify_crt() to not deinitialize any input state.

12 years agoseveral bug fixes due to coverity.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:58:05 +0000 (13:58 +0200)] 
several bug fixes due to coverity.

12 years agoseveral bug fixes due to coverity.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:57:36 +0000 (13:57 +0200)] 
several bug fixes due to coverity.

12 years agoCorrected bugs reported from coverity in opencdk.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 11:35:10 +0000 (13:35 +0200)] 
Corrected bugs reported from coverity in opencdk.

12 years agocorrectly check for message upper limit.
Nikos Mavrogiannopoulos [Tue, 15 Apr 2014 09:56:06 +0000 (11:56 +0200)] 
correctly check for message upper limit.

12 years agoAllow a null ca file; i.e., allow setting only CRLs in gnutls_x509_trust_list_add_tru...
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 11:44:21 +0000 (13:44 +0200)] 
Allow a null ca file; i.e., allow setting only CRLs in gnutls_x509_trust_list_add_trust_file().

12 years agodoc update
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 09:54:53 +0000 (11:54 +0200)] 
doc update

12 years agoAdded the PFS priority string.
Nikos Mavrogiannopoulos [Mon, 14 Apr 2014 09:47:31 +0000 (11:47 +0200)] 
Added the PFS priority string.

12 years agocorrected Peter's name!
Nikos Mavrogiannopoulos [Sat, 12 Apr 2014 07:01:26 +0000 (09:01 +0200)] 
corrected Peter's name!

12 years agodoc update
Nikos Mavrogiannopoulos [Fri, 11 Apr 2014 13:05:41 +0000 (15:05 +0200)] 
doc update

12 years agoAdded self tests for ECC PKCS #8 files.
Nikos Mavrogiannopoulos [Fri, 11 Apr 2014 12:55:08 +0000 (14:55 +0200)] 
Added self tests for ECC PKCS #8 files.