gnutls:gnutls.git
12 years agoUpdate gnulib files.
Simon Josefsson [Mon, 9 Nov 2009 16:26:51 +0000 (17:26 +0100)]
Update gnulib files.

12 years agoAdd.
Simon Josefsson [Mon, 9 Nov 2009 14:48:31 +0000 (15:48 +0100)]
Add.

12 years agoCleanup header inclusion.
Simon Josefsson [Mon, 9 Nov 2009 14:46:11 +0000 (15:46 +0100)]
Cleanup header inclusion.

12 years agoFix.
Simon Josefsson [Mon, 9 Nov 2009 14:42:55 +0000 (15:42 +0100)]
Fix.

12 years agoMore dead code removed. Based on suggestions by Steve Grubb and Tomaz Mraz
Nikos Mavrogiannopoulos [Fri, 6 Nov 2009 18:18:53 +0000 (20:18 +0200)]
More dead code removed. Based on suggestions by Steve Grubb and Tomaz Mraz

12 years agoAdd.
Simon Josefsson [Fri, 6 Nov 2009 16:22:58 +0000 (17:22 +0100)]
Add.

12 years agoFix --disable-valgrind-tests.
Simon Josefsson [Fri, 6 Nov 2009 16:21:43 +0000 (17:21 +0100)]
Fix --disable-valgrind-tests.

12 years agoUpdate gnulib files.
Simon Josefsson [Fri, 6 Nov 2009 09:04:55 +0000 (10:04 +0100)]
Update gnulib files.

12 years agoUpdate gnulib files.
Simon Josefsson [Fri, 6 Nov 2009 07:44:20 +0000 (08:44 +0100)]
Update gnulib files.

12 years agoLink to libgcrypt explicitly when libgcrypt functions are used.
Simon Josefsson [Fri, 6 Nov 2009 07:32:04 +0000 (08:32 +0100)]
Link to libgcrypt explicitly when libgcrypt functions are used.

12 years agoFix libgcrypt usage.
Simon Josefsson [Fri, 6 Nov 2009 07:29:45 +0000 (08:29 +0100)]
Fix libgcrypt usage.

12 years agoSimplified code which was based on older version of internal structures.
Nikos Mavrogiannopoulos [Thu, 5 Nov 2009 21:42:22 +0000 (23:42 +0200)]
Simplified code which was based on older version of internal structures.
Based on observations by Steve Grubb and Tomas Mraz.

12 years agoCorrected bug fix author.
Nikos Mavrogiannopoulos [Thu, 5 Nov 2009 21:32:17 +0000 (23:32 +0200)]
Corrected bug fix author.

12 years agoDocumented previous commit.
Nikos Mavrogiannopoulos [Thu, 5 Nov 2009 21:13:43 +0000 (23:13 +0200)]
Documented previous commit.

12 years agoCleanups and several bug fixes found by Tomas Mraz.
Nikos Mavrogiannopoulos [Thu, 5 Nov 2009 21:09:51 +0000 (23:09 +0200)]
Cleanups and several bug fixes found by Tomas Mraz.

"I've patched the following problems in the code found by review of
gnutls-2.8.5 code done by Steve Grubb.

See the patch attached.

The gnutls_constate.c bug might be potentially serious so I've decided
to mail it to you directly, not to the public mailing list.

The auth_cert.c change is just cleanup of the code.

In gnutls_openssl.c I've just fixed the potential crasher, correct fix
would require using asprintf or precomputed length of the buffer to
allocate a memory.

The certtool.c change is again just a cleanup."

12 years agoBump versions.
Simon Josefsson [Thu, 5 Nov 2009 16:41:27 +0000 (17:41 +0100)]
Bump versions.

12 years agoGenerated. gnutls_2_9_8
Simon Josefsson [Thu, 5 Nov 2009 16:31:27 +0000 (17:31 +0100)]
Generated.

12 years agoVersion 2.9.8.
Simon Josefsson [Thu, 5 Nov 2009 16:07:26 +0000 (17:07 +0100)]
Version 2.9.8.

12 years agoUpdate gnulib files.
Simon Josefsson [Thu, 5 Nov 2009 14:06:43 +0000 (15:06 +0100)]
Update gnulib files.

12 years agoUpdate gnulib files.
Simon Josefsson [Thu, 5 Nov 2009 13:44:12 +0000 (14:44 +0100)]
Update gnulib files.

12 years agoMake sure libgcrypt's dependency on libgpg-error is known.
Simon Josefsson [Thu, 5 Nov 2009 13:12:16 +0000 (14:12 +0100)]
Make sure libgcrypt's dependency on libgpg-error is known.

12 years agoFix API name change.
Simon Josefsson [Thu, 5 Nov 2009 09:00:57 +0000 (10:00 +0100)]
Fix API name change.

12 years agoFix API name change.
Simon Josefsson [Thu, 5 Nov 2009 08:59:12 +0000 (09:59 +0100)]
Fix API name change.

12 years agoIndent code.
Simon Josefsson [Thu, 5 Nov 2009 08:50:01 +0000 (09:50 +0100)]
Indent code.

12 years agoFix API name change.
Simon Josefsson [Thu, 5 Nov 2009 08:41:56 +0000 (09:41 +0100)]
Fix API name change.

12 years agoFix NEWS blurb. Shorten new API name.
Simon Josefsson [Thu, 5 Nov 2009 08:36:30 +0000 (09:36 +0100)]
Fix NEWS blurb.  Shorten new API name.

12 years agoDoc fix, add Since tag.
Simon Josefsson [Thu, 5 Nov 2009 08:26:17 +0000 (09:26 +0100)]
Doc fix, add Since tag.

12 years agoIndent code.
Simon Josefsson [Thu, 5 Nov 2009 07:50:01 +0000 (08:50 +0100)]
Indent code.

12 years agoFix compile error.
Simon Josefsson [Thu, 5 Nov 2009 07:45:56 +0000 (08:45 +0100)]
Fix compile error.

Tiny patch by Brad Hards <bradh@frogmouth.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3943>.

12 years agoFix compile errors.
Simon Josefsson [Thu, 5 Nov 2009 07:42:19 +0000 (08:42 +0100)]
Fix compile errors.

Tiny patch from Brad Hards <bradh@frogmouth.net>
in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3942>.

12 years agoFix compile errors.
Simon Josefsson [Thu, 5 Nov 2009 07:40:36 +0000 (08:40 +0100)]
Fix compile errors.

Tiny patch from Brad Hards <bradh@frogmouth.net>
in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3941>.

12 years agoUpdate gnulib files.
Simon Josefsson [Thu, 5 Nov 2009 07:30:24 +0000 (08:30 +0100)]
Update gnulib files.

12 years agoAdd.
Simon Josefsson [Thu, 5 Nov 2009 07:29:21 +0000 (08:29 +0100)]
Add.

12 years agoSync with TP.
Simon Josefsson [Thu, 5 Nov 2009 07:28:44 +0000 (08:28 +0100)]
Sync with TP.

12 years agoUse INET_NTOP_LIB and INET_PTON_LIB.
Simon Josefsson [Tue, 3 Nov 2009 06:45:02 +0000 (07:45 +0100)]
Use INET_NTOP_LIB and INET_PTON_LIB.

12 years agoUpdate gnulib files.
Simon Josefsson [Tue, 3 Nov 2009 06:41:31 +0000 (07:41 +0100)]
Update gnulib files.

12 years agoFix.
Simon Josefsson [Mon, 2 Nov 2009 10:33:34 +0000 (11:33 +0100)]
Fix.

12 years agoFix time bomb in chainverify self-test.
Simon Josefsson [Mon, 2 Nov 2009 10:25:27 +0000 (11:25 +0100)]
Fix time bomb in chainverify self-test.

Reported by Andreas Metzler <ametzler@downhill.at.eu.org>
in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.

12 years agoDocumented change for certificate retrieval callbacks.
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 16:06:07 +0000 (18:06 +0200)]
Documented change for certificate retrieval callbacks.

12 years agodo not use gnutls_x509_crt_get_signature_algorithm() on null certificates.
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 15:58:22 +0000 (17:58 +0200)]
do not use gnutls_x509_crt_get_signature_algorithm() on null certificates.

12 years agoDo not check signature algorithms for certificate selection when using openpgp certif...
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 15:52:22 +0000 (17:52 +0200)]
Do not check signature algorithms for certificate selection when using openpgp certificates.

12 years agoAvoid code duplication by using all the functions defined in gnutls_algorithms
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 15:33:19 +0000 (17:33 +0200)]
Avoid code duplication by using all the functions defined in gnutls_algorithms
to map from TLS 1.2 signature algorithm numbers to gnutls signature algorithms.

Added minimal documentation for SIGN-* in gnutls-cli priority strings.

Corrected bug in signature algorithm extension generation.

12 years agoAvoid code duplication by using all the functions defined in gnutls_algorithms
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 15:33:19 +0000 (17:33 +0200)]
Avoid code duplication by using all the functions defined in gnutls_algorithms
to map from TLS 1.2 signature algorithm numbers to gnutls signature algorithms.

Added minimal documentation for SIGN-* in gnutls-cli priority strings.

Corrected bug in signature algorithm extension generation.

12 years agoRationalized function names for signature generation and verification during handshake.
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 14:38:00 +0000 (16:38 +0200)]
Rationalized function names for signature generation and verification during handshake.
_gnutls_tls_sign_hdata -> _gnutls_handshake_sign_cert_vrfy
_gnutls_verify_sig_hdata -> _gnutls_handshake_verify_cert_vrfy
_gnutls_tls_sign_params -> _gnutls_handshake_sign_data
_gnutls_verify_sig_params -> _gnutls_handshake_verify_data

12 years agoDo not output error if a server replies with a SignatureAlgorithms extension.
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 12:57:24 +0000 (14:57 +0200)]
Do not output error if a server replies with a SignatureAlgorithms extension.

12 years agoRSA_SHA -> RSA_SHA1
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 12:23:45 +0000 (14:23 +0200)]
RSA_SHA -> RSA_SHA1

12 years agoDocumented memory leak fix.
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 09:45:08 +0000 (11:45 +0200)]
Documented memory leak fix.

12 years agoFinal touch on signature algorithms in TLS 1.2 support. Added function gnutls_session...
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 09:19:23 +0000 (11:19 +0200)]
Final touch on signature algorithms in TLS 1.2 support. Added function gnutls_session_sign_algorithm_get_requested()
for callbacks to be able to verify they return a correct certificate as well as documentation for its usage.

12 years agoImproved TLS 1.2 support. Added support for the SignatureAlgorithm extension
Nikos Mavrogiannopoulos [Sun, 1 Nov 2009 00:54:08 +0000 (02:54 +0200)]
Improved TLS 1.2 support. Added support for the SignatureAlgorithm extension
as well for the SignatureAlgorithm in certificate request.

Limitation for TLS 1.2 clients:
 Only SHA1 or SHA256 are supported for generating signatures in
certificate verify message. That is to avoid storing all handshake
messages in memory. To be reconsidered in the future.

12 years agofixes in order to compile with -Werror
Nikos Mavrogiannopoulos [Sat, 31 Oct 2009 23:52:14 +0000 (01:52 +0200)]
fixes in order to compile with -Werror

12 years agoremove unnessesary warning.
Nikos Mavrogiannopoulos [Sat, 31 Oct 2009 18:25:17 +0000 (20:25 +0200)]
remove unnessesary warning.

12 years agocorrectly check extension size.
Nikos Mavrogiannopoulos [Sat, 31 Oct 2009 08:33:38 +0000 (10:33 +0200)]
correctly check extension size.

12 years agoWhen resuming a session do not overwrite the initial session data with resumed
Nikos Mavrogiannopoulos [Wed, 28 Oct 2009 08:44:18 +0000 (10:44 +0200)]
When resuming a session do not overwrite the initial session data with resumed
session data. Discovered on discussion at help-gnutls with Sebastien Decugis.

12 years agoFix code style so it compiles with gcc 4.4 with warnings.
Simon Josefsson [Mon, 26 Oct 2009 13:45:39 +0000 (14:45 +0100)]
Fix code style so it compiles with gcc 4.4 with warnings.

12 years agoUpdate gnulib files.
Simon Josefsson [Mon, 26 Oct 2009 13:20:16 +0000 (14:20 +0100)]
Update gnulib files.

12 years agoDrop unknown mini-hfail.
Simon Josefsson [Mon, 26 Oct 2009 13:14:27 +0000 (14:14 +0100)]
Drop unknown mini-hfail.

12 years agoAdd.
Simon Josefsson [Mon, 26 Oct 2009 13:11:47 +0000 (14:11 +0100)]
Add.

12 years agoEnable ClientHello to carry arbitrary length extension data.
Daiki Ueno [Mon, 26 Oct 2009 06:05:13 +0000 (23:05 -0700)]
Enable ClientHello to carry arbitrary length extension data.

12 years agoAdded GNUTLS_BAG_SECRET that adds support for storing a randomly generated key
Nikos Mavrogiannopoulos [Sun, 25 Oct 2009 18:49:18 +0000 (20:49 +0200)]
Added GNUTLS_BAG_SECRET that adds support for storing a randomly generated key
into a PKCS-12 structure. This is a gnutls extension, since PKCS-12 does not
specify what should be in the secret bag. What we do is store the key as
OCTET string and specify an OID of the PKCS-9 random nonce.

12 years agoCorrected warnings in picky compilers and rearanged code.
Nikos Mavrogiannopoulos [Sun, 25 Oct 2009 17:38:16 +0000 (19:38 +0200)]
Corrected warnings in picky compilers and rearanged code.

12 years agoAdded support for the AES family of ciphers in the PKCS8 and 12 encryption options.
Nikos Mavrogiannopoulos [Sat, 24 Oct 2009 14:38:25 +0000 (17:38 +0300)]
Added support for the AES family of ciphers in the PKCS8 and 12 encryption options.

12 years agoDo not print auto-generated files.
Nikos Mavrogiannopoulos [Sat, 24 Oct 2009 14:36:26 +0000 (17:36 +0300)]
Do not print auto-generated files.

12 years agoAdd.
Simon Josefsson [Fri, 23 Oct 2009 16:21:38 +0000 (18:21 +0200)]
Add.

12 years agoFix forgotten braces.
Simon Josefsson [Fri, 23 Oct 2009 16:21:12 +0000 (18:21 +0200)]
Fix forgotten braces.

Reported by Jason Pettiss <jpettiss@yahoo.com>.

12 years agoIndent code.
Simon Josefsson [Fri, 23 Oct 2009 16:20:23 +0000 (18:20 +0200)]
Indent code.

12 years ago1. Fix for memory leaks on interrupted handshake.
Nikos Mavrogiannopoulos [Thu, 22 Oct 2009 16:33:44 +0000 (19:33 +0300)]
1. Fix for memory leaks on interrupted handshake.
2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes if the server will select a different than 1.2 protocol.

3. In TLS 1.2 when a certificate request is sent, support is not complete. In that case abort the handshake. By checking
TLS 1.2 it seems that the algorithms to be used for the signature in the certificate verify message are negotiated not at
the client/server hello messages but rather selected by the server at the certificate request. This might not look as bad, but
since in this message we have to sign all previous handshake messages, it forces us to keep all the handshake messages into a
buffer until this point... I don't know who proposed this change to the TLS WG, but it seems it wasn't really thought of.

12 years agoFix expired cert.
Simon Josefsson [Tue, 20 Oct 2009 09:27:13 +0000 (11:27 +0200)]
Fix expired cert.

12 years agoMake sure we use libgcrypt correctly.
Simon Josefsson [Fri, 16 Oct 2009 06:43:38 +0000 (08:43 +0200)]
Make sure we use libgcrypt correctly.

12 years agoUpdate gnulib files.
Simon Josefsson [Thu, 15 Oct 2009 06:36:07 +0000 (08:36 +0200)]
Update gnulib files.

12 years agoUpdate gnulib files.
Simon Josefsson [Thu, 15 Oct 2009 06:34:52 +0000 (08:34 +0200)]
Update gnulib files.

12 years agoExport C++ symbol visibility.
Simon Josefsson [Thu, 15 Oct 2009 06:27:48 +0000 (08:27 +0200)]
Export C++ symbol visibility.

Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

12 years agoRegenerate.
Simon Josefsson [Wed, 14 Oct 2009 15:24:35 +0000 (17:24 +0200)]
Regenerate.

12 years agoAdd.
Simon Josefsson [Wed, 14 Oct 2009 15:24:00 +0000 (17:24 +0200)]
Add.

12 years agoFix MAC password.
Simon Josefsson [Wed, 14 Oct 2009 15:22:11 +0000 (17:22 +0200)]
Fix MAC password.

12 years agoUse better friendly names.
Simon Josefsson [Wed, 14 Oct 2009 15:18:23 +0000 (17:18 +0200)]
Use better friendly names.

12 years agoAdd self test to test PKCS#12 functions.
Simon Josefsson [Wed, 14 Oct 2009 15:16:08 +0000 (17:16 +0200)]
Add self test to test PKCS#12 functions.

12 years agoWork around 'Cannot find OID: 1.2.840.113549.1.9.21' PKCS#12 problem.
Simon Josefsson [Wed, 14 Oct 2009 14:17:50 +0000 (16:17 +0200)]
Work around 'Cannot find OID: 1.2.840.113549.1.9.21' PKCS#12 problem.

Reported by Michael Welsh Duggan <mwd@cert.org> in
<http://permalink.gmane.org/gmane.network.gnutls.general/1786>.

12 years agoMention that sometimes CA certs needs to be included in PKCS#12 files.
Simon Josefsson [Wed, 14 Oct 2009 09:47:19 +0000 (11:47 +0200)]
Mention that sometimes CA certs needs to be included in PKCS#12 files.

Reported by Ivars Suba <Ivars.Suba@bank.lv>.

13 years agoAfter setting priorities using new API, update current TLS version.
Simon Josefsson [Wed, 7 Oct 2009 16:12:02 +0000 (18:12 +0200)]
After setting priorities using new API, update current TLS version.

13 years agoBump versions.
Simon Josefsson [Tue, 6 Oct 2009 13:53:22 +0000 (15:53 +0200)]
Bump versions.

13 years agoGenerated. gnutls_2_9_7
Simon Josefsson [Tue, 6 Oct 2009 13:21:40 +0000 (15:21 +0200)]
Generated.

13 years agoVersion 2.9.7.
Simon Josefsson [Tue, 6 Oct 2009 13:10:58 +0000 (15:10 +0200)]
Version 2.9.7.

13 years agoUpdate gnulib files.
Simon Josefsson [Tue, 6 Oct 2009 10:41:02 +0000 (12:41 +0200)]
Update gnulib files.

13 years agoAdd.
Simon Josefsson [Tue, 6 Oct 2009 09:50:42 +0000 (11:50 +0200)]
Add.

13 years agoFix symbol export rules.
Simon Josefsson [Tue, 6 Oct 2009 09:46:10 +0000 (11:46 +0200)]
Fix symbol export rules.

Tiny patch by Boyan Kasarov <bkasarov@gmail.com>.

13 years agoInclude config.h.
Simon Josefsson [Tue, 6 Oct 2009 09:42:31 +0000 (11:42 +0200)]
Include config.h.

Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

13 years agoReserve enough room for hash buffers.
Daiki Ueno [Wed, 30 Sep 2009 20:18:17 +0000 (05:18 +0900)]
Reserve enough room for hash buffers.

This fixes x509self self-test.

13 years agoUpdate gnulib files.
Simon Josefsson [Wed, 30 Sep 2009 07:15:37 +0000 (09:15 +0200)]
Update gnulib files.

13 years agoAdd.
Simon Josefsson [Wed, 30 Sep 2009 07:13:13 +0000 (09:13 +0200)]
Add.

13 years agoAttempt to negotiate TLS 1.2 by default.
Simon Josefsson [Wed, 30 Sep 2009 07:11:37 +0000 (09:11 +0200)]
Attempt to negotiate TLS 1.2 by default.

13 years agoAdd.
Simon Josefsson [Wed, 30 Sep 2009 07:11:08 +0000 (09:11 +0200)]
Add.

13 years agoFix comment.
Simon Josefsson [Wed, 30 Sep 2009 05:45:26 +0000 (07:45 +0200)]
Fix comment.

13 years agoFix server-side TLS 1.2 support.
Daiki Ueno [Wed, 30 Sep 2009 01:30:13 +0000 (10:30 +0900)]
Fix server-side TLS 1.2 support.

13 years agoCalculate DER-encoded DigestInfo on-the-fly rather than hard code it.
Daiki Ueno [Tue, 29 Sep 2009 22:11:30 +0000 (07:11 +0900)]
Calculate DER-encoded DigestInfo on-the-fly rather than hard code it.

13 years agoguile: Adjust for Guile 1.9.3+.
Ludovic Courtès [Mon, 28 Sep 2009 20:46:33 +0000 (22:46 +0200)]
guile: Adjust for Guile 1.9.3+.

* guile/src/core.c (mark_session_record_port, free_session_record_port):
  Conditionalize on `SCM_MAJOR_VERSION == 1 && SCM_MINOR_VERSION <= 8'.
  (scm_init_gnutls_session_record_port_type): Adjust accordingly.
  (make_session_record_port): Use `scm_gc_malloc_pointerless ()' when
  available.

13 years agoguile: Syntactic nitpicking.
Ludovic Courtès [Mon, 28 Sep 2009 20:40:08 +0000 (22:40 +0200)]
guile: Syntactic nitpicking.

* guile/src/core.c (SCM_GNUTLS_MAKE_SESSION_DATA,
  SCM_GNUTLS_SET_SESSION_RECORD_PORT): Remove extraneous semicolon.

13 years agoguile: Use Guile's malloc routines.
Ludovic Courtès [Mon, 28 Sep 2009 20:39:03 +0000 (22:39 +0200)]
guile: Use Guile's malloc routines.

* guile/src/core.c (scm_init_gnutls): Use Guile's malloc routines.

13 years agoClarify gnutls_server_name_set usage.
Simon Josefsson [Wed, 23 Sep 2009 15:46:06 +0000 (17:46 +0200)]
Clarify gnutls_server_name_set usage.

Reported by Daniel Black <daniel@cacert.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3878>.

13 years agoFix integer/pointer cast warnings in the Guile bindings on x86_64.
Ludovic Courtès [Wed, 23 Sep 2009 09:07:13 +0000 (11:07 +0200)]
Fix integer/pointer cast warnings in the Guile bindings on x86_64.

* guile/src/core.c (do_fill_port, fill_session_record_port_input,
  scm_gnutls_set_session_transport_fd_x): Make sure pointer/integer casts
  use integers of the right size.

13 years agoUpdate Guile bindings to the current OpenPGP API.
Ludovic Courtès [Wed, 23 Sep 2009 09:04:06 +0000 (11:04 +0200)]
Update Guile bindings to the current OpenPGP API.

* guile/src/extra.c (scm_gnutls_openpgp_certificate_id,
  scm_gnutls_openpgp_certificate_id_x): Use
  the newer `gnutls_openpgp_crt_get_key_id ()'.