gnutls:gnutls.git
10 years agoreleased gnutls_3_1_0pre0
Nikos Mavrogiannopoulos [Sun, 5 Aug 2012 10:14:29 +0000 (12:14 +0200)]
released

10 years agodistribute all generated files
Nikos Mavrogiannopoulos [Sun, 5 Aug 2012 09:37:49 +0000 (11:37 +0200)]
distribute all generated files

10 years agodocumented TPM support
Nikos Mavrogiannopoulos [Sun, 5 Aug 2012 09:37:34 +0000 (11:37 +0200)]
documented TPM support

10 years agocorrected typo
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 20:25:22 +0000 (22:25 +0200)]
corrected typo

10 years agobumped version
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 20:17:02 +0000 (22:17 +0200)]
bumped version

10 years agodocumentation fixes.
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 20:12:48 +0000 (22:12 +0200)]
documentation fixes.

10 years agobetter doc output
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 19:55:50 +0000 (21:55 +0200)]
better doc output

10 years agono need for libgnutlsxx.map
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 19:38:16 +0000 (21:38 +0200)]
no need for libgnutlsxx.map

10 years agocorrected example and added missing files.
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 11:15:28 +0000 (13:15 +0200)]
corrected example and added missing files.

10 years agoconfirm password on key generation.
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 11:14:18 +0000 (13:14 +0200)]
confirm password on key generation.

10 years agoRestored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now...
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 11:09:57 +0000 (13:09 +0200)]
Restored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now accepts the option --null-password.

10 years agoExit with an error code if a PKCS #12 structure cannot be decrypted.
Nikos Mavrogiannopoulos [Sat, 4 Aug 2012 10:05:29 +0000 (12:05 +0200)]
Exit with an error code if a PKCS #12 structure cannot be decrypted.

10 years agoRespect certtool --hash when signing request and CRL
Petr Písař [Thu, 26 Jul 2012 14:18:44 +0000 (16:18 +0200)]
Respect certtool --hash when signing request and CRL

The certtool hard-codes the digest algorithm despite '--hash' option exists.
This patch allows user to choose the algorithm when signing certificate
request or certificate revocation list.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agoPIN-related functions common to TPM and PKCS #11 moved to pin.c.
Nikos Mavrogiannopoulos [Mon, 23 Jul 2012 13:25:52 +0000 (16:25 +0300)]
PIN-related functions common to TPM and PKCS #11 moved to pin.c.

10 years agoGNUTLS_TPMKEY_FMT_PEM renamed to GNUTLS_TPMKEY_FMT_CTK_PEM
Nikos Mavrogiannopoulos [Sun, 22 Jul 2012 07:56:04 +0000 (09:56 +0200)]
GNUTLS_TPMKEY_FMT_PEM renamed to GNUTLS_TPMKEY_FMT_CTK_PEM

10 years agotpmtool now accepts the --inder and --outder options.
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 20:11:38 +0000 (22:11 +0200)]
tpmtool now accepts the --inder and --outder options.

10 years agoSeparated TPM key encodings from the X.509 certificates.
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 19:57:51 +0000 (21:57 +0200)]
Separated TPM key encodings from the X.509 certificates.

Added two TPM-specific encodings the DER and PEM. Even though
they look to be related the are not. The DER encoding is the
one provided using Tspi_EncodeDER_TssBlob, and the PEM is the
compatibility encoding used by create_tpm_key.

10 years agodoc fixes
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 17:01:07 +0000 (19:01 +0200)]
doc fixes

10 years agohandle noindent
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 17:00:57 +0000 (19:00 +0200)]
handle noindent

10 years agomore elaborate PIN documentation
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 16:58:51 +0000 (18:58 +0200)]
more elaborate PIN documentation

10 years agohandle more complex enums
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 16:49:30 +0000 (18:49 +0200)]
handle more complex enums

10 years agodiscussed the generic and openssl privkey import functions.
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 16:07:51 +0000 (18:07 +0200)]
discussed the generic and openssl privkey import functions.

10 years agoadded tpm flag
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:59:43 +0000 (17:59 +0200)]
added tpm flag

10 years agomore doc fixes
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:58:20 +0000 (17:58 +0200)]
more doc fixes

10 years agodoc fix
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:54:18 +0000 (17:54 +0200)]
doc fix

10 years agodoc updates
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:49:29 +0000 (17:49 +0200)]
doc updates

10 years agomore set_pin functions.
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:48:10 +0000 (17:48 +0200)]
more set_pin functions.

10 years agoset PIN function when reading a certificate
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 15:45:41 +0000 (17:45 +0200)]
set PIN function when reading a certificate

10 years agoGNUTLS_PKCS11_PIN -> GNUTLS_PIN
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 12:16:52 +0000 (14:16 +0200)]
GNUTLS_PKCS11_PIN -> GNUTLS_PIN

10 years agouse stack for file paths
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 12:14:53 +0000 (14:14 +0200)]
use stack for file paths

10 years agodoc updates
Nikos Mavrogiannopoulos [Sat, 21 Jul 2012 12:04:05 +0000 (14:04 +0200)]
doc updates

10 years agoIncreate the entropy of TPM when generating keys.
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 22:53:29 +0000 (00:53 +0200)]
Increate the entropy of TPM when generating keys.

When generating a key in TPM provide it with some randomness
using Tspi_TPM_StirRandom(). Suggested by Carolin Latze.

10 years agoForce dependency on nettle 2.5.
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 20:26:08 +0000 (22:26 +0200)]
Force dependency on nettle 2.5.

10 years agoAdded tpmtool manpage.
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 20:21:33 +0000 (22:21 +0200)]
Added tpmtool manpage.

10 years agoupdated TPM doc
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 20:17:23 +0000 (22:17 +0200)]
updated TPM doc

10 years agoEliminated p11common.c.
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 20:07:20 +0000 (22:07 +0200)]
Eliminated p11common.c.

10 years agoPKCS #11 PIN handling fixes.
Nikos Mavrogiannopoulos [Fri, 20 Jul 2012 20:06:24 +0000 (22:06 +0200)]
PKCS #11 PIN handling fixes.

Added gnutls_x509_crt_set_pin_function() and set the PIN
handling function in gnutls_privkey_import_pkcs11_url().

10 years agoCheck for /etc/ssl/cert.pem in OpenBSD. Reported by David Woodhouse and Mike Miller.
Nikos Mavrogiannopoulos [Thu, 19 Jul 2012 19:01:45 +0000 (21:01 +0200)]
Check for /etc/ssl/cert.pem in OpenBSD. Reported by David Woodhouse and Mike Miller.

10 years agoAvoid the usage of alloca(). Reported by Rob McMahon.
Nikos Mavrogiannopoulos [Thu, 19 Jul 2012 18:59:13 +0000 (20:59 +0200)]
Avoid the usage of alloca(). Reported by Rob McMahon.

10 years agoAvoid returning from void function. Patch by Rob McMahon.
Nikos Mavrogiannopoulos [Thu, 19 Jul 2012 18:57:12 +0000 (20:57 +0200)]
Avoid returning from void function. Patch by Rob McMahon.

10 years agobetter title
Nikos Mavrogiannopoulos [Wed, 18 Jul 2012 19:45:27 +0000 (21:45 +0200)]
better title

10 years agomention the context specific PIN functions.
Nikos Mavrogiannopoulos [Wed, 18 Jul 2012 18:56:49 +0000 (20:56 +0200)]
mention the context specific PIN functions.

10 years agoAdded documentation for TPM keys.
Nikos Mavrogiannopoulos [Wed, 18 Jul 2012 18:40:02 +0000 (20:40 +0200)]
Added documentation for TPM keys.

10 years agoUpdated gnulib.
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 16:07:48 +0000 (18:07 +0200)]
Updated gnulib.

10 years agoprint average time per transaction and sample variance.
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 16:05:14 +0000 (18:05 +0200)]
print average time per transaction and sample variance.

10 years agoClient credentials initialization moved outside benchmark
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 15:51:52 +0000 (17:51 +0200)]
Client credentials initialization moved outside benchmark

10 years agoCallbacks are being called even if a global PIN functions is not set.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 23:15:17 +0000 (01:15 +0200)]
Callbacks are being called even if a global PIN functions is not set.

10 years agoAllow association of a PIN function with a credentials structure.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 19:14:39 +0000 (21:14 +0200)]
Allow association of a PIN function with a credentials structure.

This function will be used to override any globally set ones.

10 years agoreturn value fix
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 19:14:17 +0000 (21:14 +0200)]
return value fix

10 years agodocumented updates
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:55:31 +0000 (20:55 +0200)]
documented updates

10 years agoRemoved newly added functions and added gnutls_pkcs11_get_pin_function().
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:50:18 +0000 (20:50 +0200)]
Removed newly added functions and added gnutls_pkcs11_get_pin_function().

10 years agoAdded PIN callbacks in structures that may require PIN access to override the global...
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:46:24 +0000 (20:46 +0200)]
Added PIN callbacks in structures that may require PIN access to override the global callbacks.

10 years agoPIN callback function was made more generic than PKCS #11.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 17:51:01 +0000 (19:51 +0200)]
PIN callback function was made more generic than PKCS #11.

10 years agoadded missing functions
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:35:14 +0000 (13:35 +0200)]
added missing functions

10 years agosigning keys are generated by default
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:34:12 +0000 (13:34 +0200)]
signing keys are generated by default

10 years agorandom uuids are marked as such
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:30:36 +0000 (13:30 +0200)]
random uuids are marked as such

10 years agoAdded gnutls_url_is_supported()
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 10:56:06 +0000 (12:56 +0200)]
Added gnutls_url_is_supported()

10 years agodoc fix
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:43:28 +0000 (10:43 +0200)]
doc fix

10 years agoAllow generation of system and user keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:42:25 +0000 (10:42 +0200)]
Allow generation of system and user keys.

10 years agoAllow handling of user and system keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:38:27 +0000 (10:38 +0200)]
Allow handling of user and system keys.

10 years agominor fixes in TPM code
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:11:49 +0000 (10:11 +0200)]
minor fixes in TPM code

10 years agoEnabled the generation of signing keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 07:56:52 +0000 (09:56 +0200)]
Enabled the generation of signing keys.

10 years agoAdded functions that import any kind of URL into abstract public and private keys.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 19:16:07 +0000 (21:16 +0200)]
Added functions that import any kind of URL into abstract public and private keys.

Added:
 gnutls_pubkey_import_url()
 gnutls_privkey_import_url()

10 years agoWhen verifying a certificate chain make sure it is chain.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 16:02:13 +0000 (18:02 +0200)]
When verifying a certificate chain make sure it is chain.

If the chain is interrupted (wrong) at some point then truncate,
only try to verify the correct part. Patch by David Woodhouse.

10 years agoAllow gnutls-cli to be used with tpmkey urls
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:36:19 +0000 (17:36 +0200)]
Allow gnutls-cli to be used with tpmkey urls

10 years agoAdded flag to disable the use of callbacks in TPM keys.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:22:06 +0000 (17:22 +0200)]
Added flag to disable the use of callbacks in TPM keys.

10 years agoAdded ability to request PIN from a TPM URL. It uses the PKCS11 PIN function.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:09:55 +0000 (17:09 +0200)]
Added ability to request PIN from a TPM URL. It uses the PKCS11 PIN function.

10 years agocorrected function call
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:48:34 +0000 (13:48 +0200)]
corrected function call

10 years agoAdded gnutls_pkcs11_advset_pin_function and gnutls_pkcs11_advset_token_function
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:47:43 +0000 (13:47 +0200)]
Added gnutls_pkcs11_advset_pin_function and gnutls_pkcs11_advset_token_function

10 years agodoc fix
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:36:59 +0000 (13:36 +0200)]
doc fix

10 years agodo not list parent in URL.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:34:32 +0000 (13:34 +0200)]
do not list parent in URL.

10 years agoAllow tpmkey: urls in set_key_file()
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:33:08 +0000 (13:33 +0200)]
Allow tpmkey: urls in set_key_file()

10 years agoAdded support for legacy key
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:19:27 +0000 (13:19 +0200)]
Added support for legacy key

10 years agodocumented updates
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:34 +0000 (13:12 +0200)]
documented updates

10 years agopubkey option can now accept a url
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:23 +0000 (13:12 +0200)]
pubkey option can now accept a url

10 years agosmall fixes in TPM support
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:05 +0000 (13:12 +0200)]
small fixes in TPM support

10 years agointernal functions marked as static
Nikos Mavrogiannopoulos [Thu, 12 Jul 2012 16:35:49 +0000 (18:35 +0200)]
internal functions marked as static

10 years agoAdded functions to handle TPM stored keys.
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 23:03:21 +0000 (01:03 +0200)]
Added functions to handle TPM stored keys.

Not everything is on working state.

10 years agoAllow importing a public key from UUID
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 21:47:58 +0000 (23:47 +0200)]
Allow importing a public key from UUID

10 years agoAdded the option to register a key
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 21:34:57 +0000 (23:34 +0200)]
Added the option to register a key

10 years agoAdded option to load a TPM key from an UUID (untested)
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 19:32:06 +0000 (21:32 +0200)]
Added option to load a TPM key from an UUID (untested)

10 years agoCommon handling of error codes.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 20:24:33 +0000 (22:24 +0200)]
Common handling of error codes.

10 years agocombined TPM initialization.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 19:39:31 +0000 (21:39 +0200)]
combined TPM initialization.

10 years agoTPM key generation allows for arbitrary RSA key bits, but quantizes them to the minim...
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 19:04:23 +0000 (21:04 +0200)]
TPM key generation allows for arbitrary RSA key bits, but quantizes them to the minimum allowed value that is larger than input.

10 years agoAdded functionality to extract the pubkey key from a TPM key.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 12:08:38 +0000 (14:08 +0200)]
Added functionality to extract the pubkey key from a TPM key.

Added new function gnutls_pubkey_import_tpm_raw(). tpmtool can now
print the pubkey key from a TPM key.

10 years agosimplified base64 encoding/decoding functions by using a datum.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 11:13:40 +0000 (13:13 +0200)]
simplified base64 encoding/decoding functions by using a datum.

10 years agono url in tpmtool
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 20:34:35 +0000 (22:34 +0200)]
no url in tpmtool

10 years agoAdded tpmtool.
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 20:27:38 +0000 (22:27 +0200)]
Added tpmtool.

It is a tool to generate TPM private keys. In addition
gnutls_tpm_privkey_generate() was added.

10 years agono tpm test
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 17:29:35 +0000 (19:29 +0200)]
no tpm test

10 years agodistinguish password errors and use the internal octet string decoding functions.
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 17:28:03 +0000 (19:28 +0200)]
distinguish password errors and use the internal octet string decoding functions.

10 years agoAdded initial support for TPM keys.
Nikos Mavrogiannopoulos [Wed, 4 Jul 2012 20:53:00 +0000 (22:53 +0200)]
Added initial support for TPM keys.

10 years agoA deinit function implies GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by...
Nikos Mavrogiannopoulos [Wed, 4 Jul 2012 15:49:51 +0000 (17:49 +0200)]
A deinit function implies  GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by David Woodhouse.

10 years agoAdded gnutls_privkey_import_ext2()
Nikos Mavrogiannopoulos [Tue, 3 Jul 2012 18:42:33 +0000 (20:42 +0200)]
Added gnutls_privkey_import_ext2()

This function allows to specify a deinitialization function.

10 years agognutls_x509_privkey_import_openssl() works only with PEM files. gnutls_3_0_21
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:50:03 +0000 (19:50 +0200)]
gnutls_x509_privkey_import_openssl() works only with PEM files.

10 years agocomment put in context
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:48:35 +0000 (19:48 +0200)]
comment put in context

10 years agoCheck for PEM headers before DEK-Info.
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:46:36 +0000 (19:46 +0200)]
Check for PEM headers before DEK-Info.

10 years agoHandle EC DER keys.
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 11:35:12 +0000 (13:35 +0200)]
Handle EC DER keys.

10 years agoAdded test application that tests GNUTLS_E_LARGE_PACKET and modifies the MTU size...
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:41:46 +0000 (19:41 +0200)]
Added test application that tests GNUTLS_E_LARGE_PACKET and modifies the MTU size during handshake.

10 years agoadded missing function
Nikos Mavrogiannopoulos [Sat, 30 Jun 2012 16:54:13 +0000 (18:54 +0200)]
added missing function

10 years agoReturn GNUTLS_E_LARGE_PACKET instead of truncating when sending DTLS record
David Woodhouse [Fri, 29 Jun 2012 23:07:49 +0000 (00:07 +0100)]
Return GNUTLS_E_LARGE_PACKET instead of truncating when sending DTLS record

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>