gnutls:gnutls.git
9 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:19:22 +0000 (19:19 +0100)]
doc update

9 years agoupdated test for the universal lib constructor
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:17:52 +0000 (19:17 +0100)]
updated test for the universal lib constructor

9 years agoremoved deadlock from gnutls_global.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:16:45 +0000 (19:16 +0100)]
removed deadlock from gnutls_global.c

9 years agoconstructor and destructors were moved outside the FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:08:38 +0000 (19:08 +0100)]
constructor and destructors were moved outside the FIPS140 mode.

9 years agoexecute the FIPS-test even when not in FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:06:14 +0000 (19:06 +0100)]
execute the FIPS-test even when not in FIPS140 mode.

9 years agofips140_simulate_error -> lib_simulate_error
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:03:56 +0000 (19:03 +0100)]
fips140_simulate_error -> lib_simulate_error

9 years agoadjusted subgroup bits to be compatible with DSA requirements.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:02:26 +0000 (19:02 +0100)]
adjusted subgroup bits to be compatible with DSA requirements.

9 years agoThe library state is used even when not in FIPS mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:50:20 +0000 (18:50 +0100)]
The library state is used even when not in FIPS mode.

This allows having an error state that blocks the library usage
even when not in FIPS mode.

9 years agoMerged the FIPS140-2 support code.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:30:14 +0000 (18:30 +0100)]
Merged the FIPS140-2 support code.

Conflicts:
lib/gnutls_global.c
tests/mini-overhead.c

9 years agognutls_global_init() and gnutls_global_deinit() are thread-safe.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:50:22 +0000 (11:50 +0100)]
gnutls_global_init() and gnutls_global_deinit() are thread-safe.

They utilize static mutex initializers.

9 years agoupdated cross.mk
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:36:11 +0000 (11:36 +0100)]
updated cross.mk

9 years agoremoved usage of %zu.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:18:00 +0000 (11:18 +0100)]
removed usage of %zu.

9 years agoupdated mini-overhead to account for the removal of salsa20+umac
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:42:24 +0000 (09:42 +0100)]
updated mini-overhead to account for the removal of salsa20+umac

9 years agoDetect the presence of posix locks even without linked to libpthread.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:35:01 +0000 (09:35 +0100)]
Detect the presence of posix locks even without linked to libpthread.

9 years agognutls-cli-debug tests for camellia-gcm.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:15:18 +0000 (09:15 +0100)]
gnutls-cli-debug tests for camellia-gcm.

9 years agoremove bashism.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 23:44:42 +0000 (00:44 +0100)]
remove bashism.

9 years agodoc update
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 19:52:51 +0000 (20:52 +0100)]
doc update

9 years agoAdded 3.2 to reference API fips
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

9 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

9 years agoAdded 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

9 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

9 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

9 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

9 years agoAdded destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c

9 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

9 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

9 years agoAdded ECDH known answer test.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 15:25:49 +0000 (16:25 +0100)]
Added ECDH known answer test.

9 years agoAdded known answer test for Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:57:08 +0000 (15:57 +0100)]
Added known answer test for Diffie-Hellman key exchange.

9 years agoAdded check to prevent generating a DH pubkey of 1.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:06:28 +0000 (15:06 +0100)]
Added check to prevent generating a DH pubkey of 1.

9 years agocompacted DH support files.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:31:56 +0000 (14:31 +0100)]
compacted DH support files.

9 years agoclear the generated ECDH parameters as soon as they are not needed.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:30:28 +0000 (14:30 +0100)]
clear the generated ECDH parameters as soon as they are not needed.

9 years agoWhen checking the generated DSA params make sure that the data to be signed have...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:29:40 +0000 (14:29 +0100)]
When checking the generated DSA params make sure that the data to be signed have the proper size.

9 years agoDH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 12:41:21 +0000 (13:41 +0100)]
DH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.

This allows handling DH key generation in the crypto backend files.

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

9 years agosimplified DRBG-AES generator by using a counter (with an arbitrary initial value...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 10:24:13 +0000 (11:24 +0100)]
simplified DRBG-AES generator by using a counter (with an arbitrary initial value) as DT.

9 years agoAdded pairwise constistency test on key generation.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:50:03 +0000 (10:50 +0100)]
Added pairwise constistency test on key generation.

9 years agouse memset in bzero
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:26:07 +0000 (10:26 +0100)]
use memset in bzero

9 years agoupdated example certtool.cfg
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 19:35:14 +0000 (20:35 +0100)]
updated example certtool.cfg

9 years agoavoid using memset to prevent a compiler optimizing out out calls.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 16:23:27 +0000 (17:23 +0100)]
avoid using memset to prevent a compiler optimizing out out calls.

9 years agouse _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:28:33 +0000 (16:28 +0100)]
use _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.

9 years agocorrected params for ULTRA level
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:25:02 +0000 (16:25 +0100)]
corrected params for ULTRA level

9 years agodoc update
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:40:23 +0000 (11:40 +0100)]
doc update

9 years agoRe-run receiving tests on server side, to allow any valgrind errors to propagate...
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:28:13 +0000 (11:28 +0100)]
Re-run receiving tests on server side, to allow any valgrind errors to propagate to exit code.

9 years agoPerform an integrity check on all supporting libraries
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:05:14 +0000 (11:05 +0100)]
Perform an integrity check on all supporting libraries

9 years agoIn FIPS mode the default cipher is AES.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 09:56:47 +0000 (10:56 +0100)]
In FIPS mode the default cipher is AES.

9 years agoDo not link gnutls against librt unlress it is really necessary.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:19:43 +0000 (17:19 +0100)]
Do not link gnutls against librt unlress it is really necessary.

9 years agochecks FIPS-140 lib requirements, moved after clock_gettime() is checked for.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:01:59 +0000 (17:01 +0100)]
checks FIPS-140 lib requirements, moved after clock_gettime() is checked for.

9 years agoremoved unused function
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:02:28 +0000 (17:02 +0100)]
removed unused function

9 years agoremoved unused variable
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:00:31 +0000 (17:00 +0100)]
removed unused variable

9 years agoSkip tests that require the non-suiteb curves.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 15:00:51 +0000 (16:00 +0100)]
Skip tests that require the non-suiteb curves.

9 years ago_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error...
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:58:08 +0000 (15:58 +0100)]
_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error conditions.

9 years agoAdded option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:29:22 +0000 (15:29 +0100)]
Added option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:39:17 +0000 (14:39 +0100)]
updated

9 years agoUse a FIPS140-2 compliant DSA and DH parameter generator.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:23 +0000 (14:26 +0100)]
Use a FIPS140-2 compliant DSA and DH parameter generator.

9 years agoremoved unneeded newlines
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:17 +0000 (14:26 +0100)]
removed unneeded newlines

9 years agomore files ignored
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:47:18 +0000 (13:47 +0100)]
more files ignored

9 years agoAdded DRBG submitted to nettle in gnutls.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:46:22 +0000 (13:46 +0100)]
Added DRBG submitted to nettle in gnutls.

9 years agoAdded deflate compression tests with AES-GCM in order to be tested in FIPS mode.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 10:11:38 +0000 (11:11 +0100)]
Added deflate compression tests with AES-GCM in order to be tested in FIPS mode.

9 years agocorrected comparison
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 09:09:39 +0000 (10:09 +0100)]
corrected comparison

9 years agoAllow MD5 hash in zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:12:39 +0000 (17:12 +0100)]
Allow MD5 hash in zombie mode

9 years agofixed bug
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:06:56 +0000 (17:06 +0100)]
fixed bug

9 years agodon't run openssl (md5) when in fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:45:10 +0000 (16:45 +0100)]
don't run openssl (md5) when in fips mode

9 years agoseparate zombie mode from operational fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:42:55 +0000 (16:42 +0100)]
separate zombie mode from operational fips mode

9 years agomodified to account for zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:41:16 +0000 (16:41 +0100)]
modified to account for zombie mode

9 years agoUse the internal API for MD5 hashing in openssl keys.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:36:27 +0000 (16:36 +0100)]
Use the internal API for MD5 hashing in openssl keys.

9 years agobeautified table
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:33:22 +0000 (16:33 +0100)]
beautified table

9 years agoadded new functions
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:28:37 +0000 (16:28 +0100)]
added new functions

9 years agoeliminated memory leak on PK self check.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:27:39 +0000 (16:27 +0100)]
eliminated memory leak on PK self check.

9 years agoAdded gnutls_global_init2(). This allows initializing gnutls in a constructor in...
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:25:47 +0000 (16:25 +0100)]
Added gnutls_global_init2(). This allows initializing gnutls in a constructor in FIPS140 mode

9 years agoAdded an audit message in self test failure
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:46:37 +0000 (14:46 +0100)]
Added an audit message in self test failure

9 years agobetter error messages.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:44:35 +0000 (14:44 +0100)]
better error messages.

9 years agobinary integrity self test moved to end
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:41:54 +0000 (14:41 +0100)]
binary integrity self test moved to end

9 years agosimplified debugging levels.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:40:37 +0000 (14:40 +0100)]
simplified debugging levels.

9 years agosilence some errors
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:35:32 +0000 (14:35 +0100)]
silence some errors

9 years agoupdated
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:34:09 +0000 (14:34 +0100)]
updated

9 years agoBetter handling of FIPS140-2 initialization
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:33:23 +0000 (14:33 +0100)]
Better handling of FIPS140-2 initialization

9 years agoAdded curve_exists() to pk-backend. That allows to determine which curves are available.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 12:06:49 +0000 (13:06 +0100)]
Added curve_exists() to pk-backend. That allows to determine which curves are available.

9 years agognutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140...
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:27:57 +0000 (12:27 +0100)]
gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140-2 mode.

9 years agoDo not allow MD5 in the high level crypto-api in FIPS mode.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:23:19 +0000 (12:23 +0100)]
Do not allow MD5 in the high level crypto-api in FIPS mode.

9 years agowhen using the rng() with a void option use the FIPS state to indicate errors.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:19:29 +0000 (12:19 +0100)]
when using the rng() with a void option use the FIPS state to indicate errors.

9 years agoRestrict the number of tests run on FIPS140-2 mode.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:12:57 +0000 (12:12 +0100)]
Restrict the number of tests run on FIPS140-2 mode.

9 years agoIn FIPS140-2 mode disable non-conformant ciphers, MAC and hash algorithms.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 10:49:43 +0000 (11:49 +0100)]
In FIPS140-2 mode disable non-conformant ciphers, MAC and hash algorithms.

9 years agoUse nettle for the generation of DH group parameters.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:28:33 +0000 (19:28 +0100)]
Use nettle for the generation of DH group parameters.

9 years agono need to memset. It should have been initialized.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:18:31 +0000 (19:18 +0100)]
no need to memset. It should have been initialized.

9 years agoDo not involve the security level into the certificate comparisons.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:12:46 +0000 (19:12 +0100)]
Do not involve the security level into the certificate comparisons.

9 years agoSeparated pk_generate to pk_generate_params() and pk_generate_keys().
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:04:43 +0000 (19:04 +0100)]
Separated pk_generate to pk_generate_params() and pk_generate_keys().

This allows using the pk_generate interface to get DH parameters
and DH keys.

9 years agorestricted combinations of security parameters in FIPS mode.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 13:43:30 +0000 (14:43 +0100)]
restricted combinations of security parameters in FIPS mode.

9 years agoremoved the initialized static variable.
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 13:21:53 +0000 (14:21 +0100)]
removed the initialized static variable.

9 years agoCorrected _rnd_get_event().
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 13:04:09 +0000 (14:04 +0100)]
Corrected _rnd_get_event().

9 years agoAdded _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace _gnutls_mpi_mod().
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 12:32:48 +0000 (13:32 +0100)]
Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace _gnutls_mpi_mod().

9 years agoIn rng_fork test all random generators.
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 09:23:26 +0000 (10:23 +0100)]
In rng_fork test all random generators.

9 years agocomments updated to conform to the modified version.
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 08:50:59 +0000 (09:50 +0100)]
comments updated to conform to the modified version.

9 years agoremoved external test functions
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 08:45:25 +0000 (09:45 +0100)]
removed external test functions

9 years agoPorted libgcrypt's AES-based DRBG.
Nikos Mavrogiannopoulos [Fri, 15 Nov 2013 14:45:46 +0000 (15:45 +0100)]
Ported libgcrypt's AES-based DRBG.

9 years agosplit some functionality of nettle's RNG.
Nikos Mavrogiannopoulos [Thu, 14 Nov 2013 14:09:16 +0000 (15:09 +0100)]
split some functionality of nettle's RNG.

9 years agolong term keys are always overwritten
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 16:12:51 +0000 (17:12 +0100)]
long term keys are always overwritten

9 years agocorrected typo
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:25:00 +0000 (14:25 +0100)]
corrected typo

9 years agozeroize also ASN.1 structures that hold keys.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:16:34 +0000 (14:16 +0100)]
zeroize also ASN.1 structures that hold keys.

9 years agomore keys are zeroized
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:16:23 +0000 (14:16 +0100)]
more keys are zeroized