Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 18:16:18 +0000 (19:16 +0100)]
Import perlasm files directly from openssl using git submodule
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 17:39:34 +0000 (18:39 +0100)]
doc update
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 12:03:24 +0000 (13:03 +0100)]
Added configure option --with-default-blacklist-file
This option allows to specify a file containing blacklisted certificates.
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 11:56:02 +0000 (12:56 +0100)]
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a black list.
When a CA or certificate is removed from the trusted list, it is also
added in a blacklist to ensure that it will not be accepted due to
interdependency (e.g., it is a subordinate CA), or because it is not a CA.
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 10:09:34 +0000 (11:09 +0100)]
Corrected documentation for gnutls_x509_trust_list_add_trust_*
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 09:17:19 +0000 (10:17 +0100)]
avoid initializing PKCS #11 modules when not needed in gnutls_pkcs11_reinit.
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 09:05:16 +0000 (10:05 +0100)]
Avoid verbose logging
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 22:32:43 +0000 (23:32 +0100)]
use better definitions
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:23:20 +0000 (21:23 +0100)]
doc update
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:18:48 +0000 (21:18 +0100)]
doc update
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:18:05 +0000 (21:18 +0100)]
Align on 16-byte boundaries the buffers provided to cryptodev.
When gnutls is compiled with support for cryptodev, the buffers
provided to crypto backend are ensured to be 16-byte aligned
(except the ones provided by the user). That increases performance
in several crypto accelerators.
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 19:28:28 +0000 (20:28 +0100)]
updated to correspond to new fail()
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 17:15:39 +0000 (18:15 +0100)]
simplified _mbuffer_alloc
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:56:58 +0000 (19:56 +0100)]
reorganized source files.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:36:17 +0000 (19:36 +0100)]
when AESNI is available without PCLMUL, then use AES-NI in GCM.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:33:34 +0000 (19:33 +0100)]
addressed warning
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:34:43 +0000 (18:34 +0100)]
give lower priority to SSSE3 over AESNI
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:32:19 +0000 (18:32 +0100)]
use better names for files
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:31:19 +0000 (18:31 +0100)]
zeroize keys
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:25:43 +0000 (18:25 +0100)]
When PCLMUL isn't available use the SSSE3 implementation of AES to optimize GCM.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:22:28 +0000 (18:22 +0100)]
removed UMAC ciphersuites from benchmark
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:21:13 +0000 (18:21 +0100)]
removed the estream ciphersuites from benchmarks
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 12:00:55 +0000 (13:00 +0100)]
Added Mike Hamburg's SSSE3 AES implementation.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 11:12:30 +0000 (12:12 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 10:57:02 +0000 (11:57 +0100)]
Added Appro's SSSE3 SHA implementations
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 08:14:50 +0000 (09:14 +0100)]
Utilize the optimized SHA functions in Padlock HMAC.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 07:41:19 +0000 (08:41 +0100)]
use a single BUILT_SOURCES
Patrick Pelletier [Fri, 4 May 2012 01:35:18 +0000 (18:35 -0700)]
minor phrasing improvements in docs
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 23:53:28 +0000 (00:53 +0100)]
Added auto-generated files in BUILT_SOURCES
Jared Wong [Fri, 13 Dec 2013 08:00:20 +0000 (03:00 -0500)]
Fixed check for i < line_size.
All checks were being done where the line_size check was done last. This
allows data to be read from one past teh end of the line buffer. In C,
accessing data outside of an array is undefined behavior and may cause
yet known problems. Additionally, the compiler may end up making some
unreasonable assumptions under the pretense that the programmer is never
wrong and would not access data outside of the array.
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 16:24:51 +0000 (17:24 +0100)]
Avoid conditional generation of Makefile
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 15:25:36 +0000 (16:25 +0100)]
Enforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 07:00:22 +0000 (08:00 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:56:14 +0000 (07:56 +0100)]
exported function
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:55 +0000 (07:54 +0100)]
Added gnutls_record_check_corked.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:41 +0000 (07:54 +0100)]
Avoided gnu-ism in Makefiles
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:35:04 +0000 (09:35 +0100)]
simplified logic
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:29:08 +0000 (09:29 +0100)]
Correctly detect the FIPS140-2 HMAC file.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 22:25:09 +0000 (23:25 +0100)]
ensure that all the exported pkcs11 functions initialize PKCS #11.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:26:51 +0000 (20:26 +0100)]
fixes in PKCS #11 initialization
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:12:59 +0000 (20:12 +0100)]
provide imprecise time as gmt time.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 14:34:20 +0000 (15:34 +0100)]
calling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 12:35:18 +0000 (13:35 +0100)]
fully initialize the PKCS #11 subsystem only when it is needed to.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 10:03:25 +0000 (11:03 +0100)]
FIPS140 mode is detected on run-time.
That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:55 +0000 (19:19 +0100)]
Added check to verify that gnutls_global_init() is run on the library constructor.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:17 +0000 (19:19 +0100)]
converted to a simple check for gnutls_global_init() as gnutls_global_init2() will not be added.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:07:56 +0000 (19:07 +0100)]
call p11_kit_modules_load() with null argument.
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:13:50 +0000 (16:13 +0100)]
only use LT_INIT
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:09:20 +0000 (16:09 +0100)]
doc update
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:08:45 +0000 (16:08 +0100)]
disable static library build by default
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:29:23 +0000 (11:29 +0100)]
gnutls_global_init2() is no longer exported.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:19:49 +0000 (11:19 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:16:03 +0000 (11:16 +0100)]
Added automatic reinitialization on fork() on the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:10:28 +0000 (11:10 +0100)]
PKCS #11 initialization is delayed until first use.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:42:54 +0000 (17:42 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:14:33 +0000 (17:14 +0100)]
Use a DRBG-AES to generate nonces rather than the yarrow RNG.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:54:28 +0000 (15:54 +0100)]
getpid() is conditionally used.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:49:43 +0000 (15:49 +0100)]
deleted auto-generated files
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:48:49 +0000 (15:48 +0100)]
removed zombie mode, and no longer use fips140.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:45:05 +0000 (15:45 +0100)]
moved gnutls_fips140_mode_enabled to gnutls.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:35:42 +0000 (15:35 +0100)]
simplified func
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:15:57 +0000 (15:15 +0100)]
corrected macros
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:11:30 +0000 (15:11 +0100)]
Check whether the RNG can perform many iterations without error.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)]
force reseed and rekey on fork and if we exceed a number of iterations.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 08:49:26 +0000 (09:49 +0100)]
do not deinitialize a static mutex to avoid any side-effects.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 19:14:43 +0000 (20:14 +0100)]
re-initialize a deleted staticly initialized mutex
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:40:09 +0000 (19:40 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:39:49 +0000 (19:39 +0100)]
Added hack for nettle's checks.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:29:24 +0000 (19:29 +0100)]
adjusted parameters in normal level for DSA to match nettle's abilities.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:26:51 +0000 (19:26 +0100)]
added newlines in error reporting
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:24:24 +0000 (19:24 +0100)]
fix self tests when used from slow/cipher-test
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:19:22 +0000 (19:19 +0100)]
doc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:17:52 +0000 (19:17 +0100)]
updated test for the universal lib constructor
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:16:45 +0000 (19:16 +0100)]
removed deadlock from gnutls_global.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:08:38 +0000 (19:08 +0100)]
constructor and destructors were moved outside the FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:06:14 +0000 (19:06 +0100)]
execute the FIPS-test even when not in FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:03:56 +0000 (19:03 +0100)]
fips140_simulate_error -> lib_simulate_error
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:02:26 +0000 (19:02 +0100)]
adjusted subgroup bits to be compatible with DSA requirements.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:50:20 +0000 (18:50 +0100)]
The library state is used even when not in FIPS mode.
This allows having an error state that blocks the library usage
even when not in FIPS mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:30:14 +0000 (18:30 +0100)]
Merged the FIPS140-2 support code.
Conflicts:
lib/gnutls_global.c
tests/mini-overhead.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:50:22 +0000 (11:50 +0100)]
gnutls_global_init() and gnutls_global_deinit() are thread-safe.
They utilize static mutex initializers.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:36:11 +0000 (11:36 +0100)]
updated cross.mk
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:18:00 +0000 (11:18 +0100)]
removed usage of %zu.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:42:24 +0000 (09:42 +0100)]
updated mini-overhead to account for the removal of salsa20+umac
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:35:01 +0000 (09:35 +0100)]
Detect the presence of posix locks even without linked to libpthread.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:15:18 +0000 (09:15 +0100)]
gnutls-cli-debug tests for camellia-gcm.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 23:44:42 +0000 (00:44 +0100)]
remove bashism.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 19:52:51 +0000 (20:52 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 15:25:49 +0000 (16:25 +0100)]
Added ECDH known answer test.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:57:08 +0000 (15:57 +0100)]
Added known answer test for Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:06:28 +0000 (15:06 +0100)]
Added check to prevent generating a DH pubkey of 1.