gnutls:gnutls.git
10 years agoUpdated gnulib.
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 16:07:48 +0000 (18:07 +0200)]
Updated gnulib.

10 years agoprint average time per transaction and sample variance.
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 16:05:14 +0000 (18:05 +0200)]
print average time per transaction and sample variance.

10 years agoClient credentials initialization moved outside benchmark
Nikos Mavrogiannopoulos [Tue, 17 Jul 2012 15:51:52 +0000 (17:51 +0200)]
Client credentials initialization moved outside benchmark

10 years agoCallbacks are being called even if a global PIN functions is not set.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 23:15:17 +0000 (01:15 +0200)]
Callbacks are being called even if a global PIN functions is not set.

10 years agoAllow association of a PIN function with a credentials structure.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 19:14:39 +0000 (21:14 +0200)]
Allow association of a PIN function with a credentials structure.

This function will be used to override any globally set ones.

10 years agoreturn value fix
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 19:14:17 +0000 (21:14 +0200)]
return value fix

10 years agodocumented updates
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:55:31 +0000 (20:55 +0200)]
documented updates

10 years agoRemoved newly added functions and added gnutls_pkcs11_get_pin_function().
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:50:18 +0000 (20:50 +0200)]
Removed newly added functions and added gnutls_pkcs11_get_pin_function().

10 years agoAdded PIN callbacks in structures that may require PIN access to override the global...
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 18:46:24 +0000 (20:46 +0200)]
Added PIN callbacks in structures that may require PIN access to override the global callbacks.

10 years agoPIN callback function was made more generic than PKCS #11.
Nikos Mavrogiannopoulos [Mon, 16 Jul 2012 17:51:01 +0000 (19:51 +0200)]
PIN callback function was made more generic than PKCS #11.

10 years agoadded missing functions
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:35:14 +0000 (13:35 +0200)]
added missing functions

10 years agosigning keys are generated by default
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:34:12 +0000 (13:34 +0200)]
signing keys are generated by default

10 years agorandom uuids are marked as such
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 11:30:36 +0000 (13:30 +0200)]
random uuids are marked as such

10 years agoAdded gnutls_url_is_supported()
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 10:56:06 +0000 (12:56 +0200)]
Added gnutls_url_is_supported()

10 years agodoc fix
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:43:28 +0000 (10:43 +0200)]
doc fix

10 years agoAllow generation of system and user keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:42:25 +0000 (10:42 +0200)]
Allow generation of system and user keys.

10 years agoAllow handling of user and system keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:38:27 +0000 (10:38 +0200)]
Allow handling of user and system keys.

10 years agominor fixes in TPM code
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 08:11:49 +0000 (10:11 +0200)]
minor fixes in TPM code

10 years agoEnabled the generation of signing keys.
Nikos Mavrogiannopoulos [Sat, 14 Jul 2012 07:56:52 +0000 (09:56 +0200)]
Enabled the generation of signing keys.

10 years agoAdded functions that import any kind of URL into abstract public and private keys.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 19:16:07 +0000 (21:16 +0200)]
Added functions that import any kind of URL into abstract public and private keys.

Added:
 gnutls_pubkey_import_url()
 gnutls_privkey_import_url()

10 years agoWhen verifying a certificate chain make sure it is chain.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 16:02:13 +0000 (18:02 +0200)]
When verifying a certificate chain make sure it is chain.

If the chain is interrupted (wrong) at some point then truncate,
only try to verify the correct part. Patch by David Woodhouse.

10 years agoAllow gnutls-cli to be used with tpmkey urls
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:36:19 +0000 (17:36 +0200)]
Allow gnutls-cli to be used with tpmkey urls

10 years agoAdded flag to disable the use of callbacks in TPM keys.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:22:06 +0000 (17:22 +0200)]
Added flag to disable the use of callbacks in TPM keys.

10 years agoAdded ability to request PIN from a TPM URL. It uses the PKCS11 PIN function.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 15:09:55 +0000 (17:09 +0200)]
Added ability to request PIN from a TPM URL. It uses the PKCS11 PIN function.

10 years agocorrected function call
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:48:34 +0000 (13:48 +0200)]
corrected function call

10 years agoAdded gnutls_pkcs11_advset_pin_function and gnutls_pkcs11_advset_token_function
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:47:43 +0000 (13:47 +0200)]
Added gnutls_pkcs11_advset_pin_function and gnutls_pkcs11_advset_token_function

10 years agodoc fix
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:36:59 +0000 (13:36 +0200)]
doc fix

10 years agodo not list parent in URL.
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:34:32 +0000 (13:34 +0200)]
do not list parent in URL.

10 years agoAllow tpmkey: urls in set_key_file()
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:33:08 +0000 (13:33 +0200)]
Allow tpmkey: urls in set_key_file()

10 years agoAdded support for legacy key
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:19:27 +0000 (13:19 +0200)]
Added support for legacy key

10 years agodocumented updates
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:34 +0000 (13:12 +0200)]
documented updates

10 years agopubkey option can now accept a url
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:23 +0000 (13:12 +0200)]
pubkey option can now accept a url

10 years agosmall fixes in TPM support
Nikos Mavrogiannopoulos [Fri, 13 Jul 2012 11:12:05 +0000 (13:12 +0200)]
small fixes in TPM support

10 years agointernal functions marked as static
Nikos Mavrogiannopoulos [Thu, 12 Jul 2012 16:35:49 +0000 (18:35 +0200)]
internal functions marked as static

10 years agoAdded functions to handle TPM stored keys.
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 23:03:21 +0000 (01:03 +0200)]
Added functions to handle TPM stored keys.

Not everything is on working state.

10 years agoAllow importing a public key from UUID
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 21:47:58 +0000 (23:47 +0200)]
Allow importing a public key from UUID

10 years agoAdded the option to register a key
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 21:34:57 +0000 (23:34 +0200)]
Added the option to register a key

10 years agoAdded option to load a TPM key from an UUID (untested)
Nikos Mavrogiannopoulos [Wed, 11 Jul 2012 19:32:06 +0000 (21:32 +0200)]
Added option to load a TPM key from an UUID (untested)

10 years agoCommon handling of error codes.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 20:24:33 +0000 (22:24 +0200)]
Common handling of error codes.

10 years agocombined TPM initialization.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 19:39:31 +0000 (21:39 +0200)]
combined TPM initialization.

10 years agoTPM key generation allows for arbitrary RSA key bits, but quantizes them to the minim...
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 19:04:23 +0000 (21:04 +0200)]
TPM key generation allows for arbitrary RSA key bits, but quantizes them to the minimum allowed value that is larger than input.

10 years agoAdded functionality to extract the pubkey key from a TPM key.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 12:08:38 +0000 (14:08 +0200)]
Added functionality to extract the pubkey key from a TPM key.

Added new function gnutls_pubkey_import_tpm_raw(). tpmtool can now
print the pubkey key from a TPM key.

10 years agosimplified base64 encoding/decoding functions by using a datum.
Nikos Mavrogiannopoulos [Sun, 8 Jul 2012 11:13:40 +0000 (13:13 +0200)]
simplified base64 encoding/decoding functions by using a datum.

10 years agono url in tpmtool
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 20:34:35 +0000 (22:34 +0200)]
no url in tpmtool

10 years agoAdded tpmtool.
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 20:27:38 +0000 (22:27 +0200)]
Added tpmtool.

It is a tool to generate TPM private keys. In addition
gnutls_tpm_privkey_generate() was added.

10 years agono tpm test
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 17:29:35 +0000 (19:29 +0200)]
no tpm test

10 years agodistinguish password errors and use the internal octet string decoding functions.
Nikos Mavrogiannopoulos [Fri, 6 Jul 2012 17:28:03 +0000 (19:28 +0200)]
distinguish password errors and use the internal octet string decoding functions.

10 years agoAdded initial support for TPM keys.
Nikos Mavrogiannopoulos [Wed, 4 Jul 2012 20:53:00 +0000 (22:53 +0200)]
Added initial support for TPM keys.

10 years agoA deinit function implies GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by...
Nikos Mavrogiannopoulos [Wed, 4 Jul 2012 15:49:51 +0000 (17:49 +0200)]
A deinit function implies  GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by David Woodhouse.

10 years agoAdded gnutls_privkey_import_ext2()
Nikos Mavrogiannopoulos [Tue, 3 Jul 2012 18:42:33 +0000 (20:42 +0200)]
Added gnutls_privkey_import_ext2()

This function allows to specify a deinitialization function.

10 years agognutls_x509_privkey_import_openssl() works only with PEM files. gnutls_3_0_21
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:50:03 +0000 (19:50 +0200)]
gnutls_x509_privkey_import_openssl() works only with PEM files.

10 years agocomment put in context
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:48:35 +0000 (19:48 +0200)]
comment put in context

10 years agoCheck for PEM headers before DEK-Info.
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:46:36 +0000 (19:46 +0200)]
Check for PEM headers before DEK-Info.

10 years agoHandle EC DER keys.
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 11:35:12 +0000 (13:35 +0200)]
Handle EC DER keys.

10 years agoAdded test application that tests GNUTLS_E_LARGE_PACKET and modifies the MTU size...
Nikos Mavrogiannopoulos [Mon, 2 Jul 2012 17:41:46 +0000 (19:41 +0200)]
Added test application that tests GNUTLS_E_LARGE_PACKET and modifies the MTU size during handshake.

10 years agoadded missing function
Nikos Mavrogiannopoulos [Sat, 30 Jun 2012 16:54:13 +0000 (18:54 +0200)]
added missing function

10 years agoReturn GNUTLS_E_LARGE_PACKET instead of truncating when sending DTLS record
David Woodhouse [Fri, 29 Jun 2012 23:07:49 +0000 (00:07 +0100)]
Return GNUTLS_E_LARGE_PACKET instead of truncating when sending DTLS record

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agofix
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 23:47:26 +0000 (01:47 +0200)]
fix

10 years agono need to check for DTLS
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 23:46:19 +0000 (01:46 +0200)]
no need to check for DTLS

10 years agono need for _gnutls prefix.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 23:44:39 +0000 (01:44 +0200)]
no need for _gnutls prefix.

10 years agoonly block ciphers need 1 byte padding.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 23:42:14 +0000 (01:42 +0200)]
only block ciphers need 1 byte padding.

10 years agoFix documentation for gnutls_dtls_set_mtu()
David Woodhouse [Fri, 29 Jun 2012 21:08:24 +0000 (22:08 +0100)]
Fix documentation for gnutls_dtls_set_mtu()

It *isn't* the interface MTU, it's the transport MTU.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agosign fixes
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 23:00:28 +0000 (01:00 +0200)]
sign fixes

10 years agoAdd gnutls_dtls_set_data_mtu()
David Woodhouse [Fri, 29 Jun 2012 20:14:25 +0000 (21:14 +0100)]
Add gnutls_dtls_set_data_mtu()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agognutls_dtls_get_data_mtu() is more precise. Based on patch by David Woodhouse.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 22:35:56 +0000 (00:35 +0200)]
gnutls_dtls_get_data_mtu() is more precise. Based on patch by David Woodhouse.

10 years agocleaned up errno handling.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 14:40:30 +0000 (16:40 +0200)]
cleaned up errno handling.

10 years agoAdded Camellia-192-CBC algorithm identifier.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 14:36:03 +0000 (16:36 +0200)]
Added Camellia-192-CBC algorithm identifier.

Based on patch by David Woodhouse.

10 years agoIncluded more algorithms in openssl privkey decryption.
Nikos Mavrogiannopoulos [Fri, 29 Jun 2012 14:27:30 +0000 (16:27 +0200)]
Included more algorithms in openssl privkey decryption.

10 years agoAdded functions gnutls_x509_privkey_import2 and gnutls_x509_privkey_import_openssl.
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 21:25:31 +0000 (23:25 +0200)]
Added functions gnutls_x509_privkey_import2 and gnutls_x509_privkey_import_openssl.

The former imports keys in arbitrary formats and the latter imports openssl keys (unfinished).

10 years agodoc fixes
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 19:55:10 +0000 (21:55 +0200)]
doc fixes

10 years agodocument the gnutls_pcert_st
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 19:49:20 +0000 (21:49 +0200)]
document the gnutls_pcert_st

10 years agouse new functions.
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 19:44:25 +0000 (21:44 +0200)]
use new functions.

10 years agodoc fix
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 19:27:21 +0000 (21:27 +0200)]
doc fix

10 years agoReturn GNUTLS_E_LARGE_PACKET when errno is EMSGSIZE
Nikos Mavrogiannopoulos [Thu, 28 Jun 2012 19:21:33 +0000 (21:21 +0200)]
Return GNUTLS_E_LARGE_PACKET when errno is EMSGSIZE

10 years agoadded missing file
Nikos Mavrogiannopoulos [Mon, 25 Jun 2012 22:11:05 +0000 (00:11 +0200)]
added missing file

10 years agoSplitted Lucas' contribution to allow incorporation.
Nikos Mavrogiannopoulos [Mon, 25 Jun 2012 19:15:52 +0000 (21:15 +0200)]
Splitted Lucas' contribution to allow incorporation.

10 years agoDot require load-privkey for to-p12
Nikos Mavrogiannopoulos [Mon, 25 Jun 2012 17:39:43 +0000 (19:39 +0200)]
Dot require load-privkey for to-p12

10 years agodocument limitations
Nikos Mavrogiannopoulos [Sun, 24 Jun 2012 18:56:43 +0000 (20:56 +0200)]
document limitations

10 years agoUpdated Lucas' patch
Nikos Mavrogiannopoulos [Sun, 24 Jun 2012 18:30:59 +0000 (20:30 +0200)]
Updated Lucas' patch

10 years agoupdated doc
Nikos Mavrogiannopoulos [Sun, 24 Jun 2012 18:25:45 +0000 (20:25 +0200)]
updated doc

10 years agoCerttool exports multiple keys in PKCS12 file
Lucas Fisher [Sat, 23 Jun 2012 21:50:52 +0000 (17:50 -0400)]
Certtool exports multiple keys in PKCS12 file

Update certtool to export multiple keys in a PKCS12 file so multiple
certificate/key pairs may be included in one file.

- Add load_privkey_list() so that --load-privkey loads multiple keys

- Change generate_pkcs12() to add multiple keys to the PKCS12 file

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agoupdated versions
Nikos Mavrogiannopoulos [Thu, 21 Jun 2012 20:20:44 +0000 (22:20 +0200)]
updated versions

10 years agoAdded functions to directly load a private key.
Nikos Mavrogiannopoulos [Thu, 21 Jun 2012 20:09:16 +0000 (22:09 +0200)]
Added functions to directly load a private key.

They allow loading a data buffer into a gnutls_privkey_t without
going through cumbersome convertions.

10 years agoAdded gnutls_load_file().
Nikos Mavrogiannopoulos [Thu, 21 Jun 2012 19:24:16 +0000 (21:24 +0200)]
Added gnutls_load_file().

10 years agoUse the label when looking for a certificate or private key in PKCS #11.
Nikos Mavrogiannopoulos [Thu, 21 Jun 2012 18:57:38 +0000 (20:57 +0200)]
Use the label when looking for a certificate or private key in PKCS #11.

Patch by David Woodhouse.

10 years agomoved symbol
Nikos Mavrogiannopoulos [Wed, 20 Jun 2012 17:55:04 +0000 (19:55 +0200)]
moved symbol

10 years agobuild: make sure to declare the generated source files as BUILT_SOURCES
Diego Elio Pettenò [Fri, 15 Jun 2012 19:19:12 +0000 (12:19 -0700)]
build: make sure to declare the generated source files as BUILT_SOURCES

This allows proper building when using parallel make on a multi-core
system.

Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years agocorrect comparison of sent data in dtls-stress.
Nikos Mavrogiannopoulos [Mon, 18 Jun 2012 22:38:57 +0000 (00:38 +0200)]
correct comparison of sent data in dtls-stress.

10 years agosmall fix
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 19:33:47 +0000 (21:33 +0200)]
small fix

10 years agoUpdate to libtasn1 2.13.
Simon Josefsson [Mon, 11 Jun 2012 10:45:49 +0000 (12:45 +0200)]
Update to libtasn1 2.13.

10 years agoremoved old news entry
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 10:31:33 +0000 (12:31 +0200)]
removed old news entry

10 years agoupdated TODO
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 10:31:23 +0000 (12:31 +0200)]
updated TODO

10 years agoAdded flag GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED for gnutls_pkcs12_simple_parse().
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 00:25:13 +0000 (02:25 +0200)]
Added flag GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED for gnutls_pkcs12_simple_parse().

10 years agodeinitialize extra certs if they are empty.
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 00:15:05 +0000 (02:15 +0200)]
deinitialize extra certs if they are empty.

10 years agoRevert "documented pin_callback expectations."
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 13:42:45 +0000 (15:42 +0200)]
Revert "documented pin_callback expectations."

This reverts commit 2576a9d933e4f29f69a7182faa9c4210eeec8fee.

10 years agoadded author of code.
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 13:41:30 +0000 (15:41 +0200)]
added author of code.

10 years agomore files to ignore
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 12:12:44 +0000 (14:12 +0200)]
more files to ignore

10 years agoIn tokens that allow multiple sessions make the private key session persistent.
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 12:10:44 +0000 (14:10 +0200)]
In tokens that allow multiple sessions make the private key session persistent.
This prevents asking for PIN on every private key operation.

10 years agoWhen generating a pkcs12 structure with multiple certificates set a friendly name...
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 09:56:24 +0000 (11:56 +0200)]
When generating a pkcs12 structure with multiple certificates set a friendly name only on the first one.

10 years agoremoved entry which was included in 3.0.20
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 09:48:26 +0000 (11:48 +0200)]
removed entry which was included in 3.0.20