gnutls:gnutls.git
8 years agoAdded Appro's SSSE3 SHA implementations
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 10:57:02 +0000 (11:57 +0100)]
Added Appro's SSSE3 SHA implementations

8 years agoUtilize the optimized SHA functions in Padlock HMAC.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 08:14:50 +0000 (09:14 +0100)]
Utilize the optimized SHA functions in Padlock HMAC.

8 years agouse a single BUILT_SOURCES
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 07:41:19 +0000 (08:41 +0100)]
use a single BUILT_SOURCES

8 years agominor phrasing improvements in docs
Patrick Pelletier [Fri, 4 May 2012 01:35:18 +0000 (18:35 -0700)]
minor phrasing improvements in docs

8 years agoAdded auto-generated files in BUILT_SOURCES
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 23:53:28 +0000 (00:53 +0100)]
Added auto-generated files in BUILT_SOURCES

8 years agoFixed check for i < line_size.
Jared Wong [Fri, 13 Dec 2013 08:00:20 +0000 (03:00 -0500)]
Fixed check for i < line_size.

All checks were being done where the line_size check was done last. This
allows data to be read from one past teh end of the line buffer. In C,
accessing data outside of an array is undefined behavior and may cause
yet known problems. Additionally, the compiler may end up making some
unreasonable assumptions under the pretense that the programmer is never
wrong and would not access data outside of the array.

8 years agoAvoid conditional generation of Makefile
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 16:24:51 +0000 (17:24 +0100)]
Avoid conditional generation of Makefile

8 years agoEnforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 15:25:36 +0000 (16:25 +0100)]
Enforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 07:00:22 +0000 (08:00 +0100)]
doc update

8 years agoexported function
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:56:14 +0000 (07:56 +0100)]
exported function

8 years agoAdded gnutls_record_check_corked.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:55 +0000 (07:54 +0100)]
Added gnutls_record_check_corked.

8 years agoAvoided gnu-ism in Makefiles
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:41 +0000 (07:54 +0100)]
Avoided gnu-ism in Makefiles

8 years agosimplified logic
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:35:04 +0000 (09:35 +0100)]
simplified logic

8 years agoCorrectly detect the FIPS140-2 HMAC file.
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:29:08 +0000 (09:29 +0100)]
Correctly detect the FIPS140-2 HMAC file.

8 years agoensure that all the exported pkcs11 functions initialize PKCS #11.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 22:25:09 +0000 (23:25 +0100)]
ensure that all the exported pkcs11 functions initialize PKCS #11.

8 years agofixes in PKCS #11 initialization
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:26:51 +0000 (20:26 +0100)]
fixes in PKCS #11 initialization

8 years agoprovide imprecise time as gmt time.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:12:59 +0000 (20:12 +0100)]
provide imprecise time as gmt time.

8 years agocalling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 14:34:20 +0000 (15:34 +0100)]
calling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization.

8 years agofully initialize the PKCS #11 subsystem only when it is needed to.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 12:35:18 +0000 (13:35 +0100)]
fully initialize the PKCS #11 subsystem only when it is needed to.

8 years agoFIPS140 mode is detected on run-time.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 10:03:25 +0000 (11:03 +0100)]
FIPS140 mode is detected on run-time.

That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.

8 years agoAdded check to verify that gnutls_global_init() is run on the library constructor.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:55 +0000 (19:19 +0100)]
Added check to verify that gnutls_global_init() is run on the library constructor.

8 years agoconverted to a simple check for gnutls_global_init() as gnutls_global_init2() will...
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:17 +0000 (19:19 +0100)]
converted to a simple check for gnutls_global_init() as gnutls_global_init2() will not be added.

8 years agocall p11_kit_modules_load() with null argument.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:07:56 +0000 (19:07 +0100)]
call p11_kit_modules_load() with null argument.

8 years agoonly use LT_INIT
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:13:50 +0000 (16:13 +0100)]
only use LT_INIT

8 years agodoc update
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:09:20 +0000 (16:09 +0100)]
doc update

8 years agodisable static library build by default
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:08:45 +0000 (16:08 +0100)]
disable static library build by default

8 years agognutls_global_init2() is no longer exported.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:29:23 +0000 (11:29 +0100)]
gnutls_global_init2() is no longer exported.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:19:49 +0000 (11:19 +0100)]
doc update

8 years agoAdded automatic reinitialization on fork() on the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:16:03 +0000 (11:16 +0100)]
Added automatic reinitialization on fork() on the PKCS #11 subsystem.

8 years agoPKCS #11 initialization is delayed until first use.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:10:28 +0000 (11:10 +0100)]
PKCS #11 initialization is delayed until first use.

8 years agodoc update
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:42:54 +0000 (17:42 +0100)]
doc update

8 years agoUse a DRBG-AES to generate nonces rather than the yarrow RNG.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:14:33 +0000 (17:14 +0100)]
Use a DRBG-AES to generate nonces rather than the yarrow RNG.

8 years agogetpid() is conditionally used.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:54:28 +0000 (15:54 +0100)]
getpid() is conditionally used.

8 years agodeleted auto-generated files
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:49:43 +0000 (15:49 +0100)]
deleted auto-generated files

8 years agoremoved zombie mode, and no longer use fips140.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:48:49 +0000 (15:48 +0100)]
removed zombie mode, and no longer use fips140.h

8 years agomoved gnutls_fips140_mode_enabled to gnutls.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:45:05 +0000 (15:45 +0100)]
moved gnutls_fips140_mode_enabled to gnutls.h

8 years agosimplified func
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:35:42 +0000 (15:35 +0100)]
simplified func

8 years agocorrected macros
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:15:57 +0000 (15:15 +0100)]
corrected macros

8 years agoCheck whether the RNG can perform many iterations without error.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:11:30 +0000 (15:11 +0100)]
Check whether the RNG can perform many iterations without error.

8 years agoforce reseed and rekey on fork and if we exceed a number of iterations.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)]
force reseed and rekey on fork and if we exceed a number of iterations.

8 years agodo not deinitialize a static mutex to avoid any side-effects.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 08:49:26 +0000 (09:49 +0100)]
do not deinitialize a static mutex to avoid any side-effects.

8 years agore-initialize a deleted staticly initialized mutex
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 19:14:43 +0000 (20:14 +0100)]
re-initialize a deleted staticly initialized mutex

8 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:40:09 +0000 (19:40 +0100)]
doc update

8 years agoAdded hack for nettle's checks.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:39:49 +0000 (19:39 +0100)]
Added hack for nettle's checks.

8 years agoadjusted parameters in normal level for DSA to match nettle's abilities.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:29:24 +0000 (19:29 +0100)]
adjusted parameters in normal level for DSA to match nettle's abilities.

8 years agoadded newlines in error reporting
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:26:51 +0000 (19:26 +0100)]
added newlines in error reporting

8 years agofix self tests when used from slow/cipher-test
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:24:24 +0000 (19:24 +0100)]
fix self tests when used from slow/cipher-test

8 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:19:22 +0000 (19:19 +0100)]
doc update

8 years agoupdated test for the universal lib constructor
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:17:52 +0000 (19:17 +0100)]
updated test for the universal lib constructor

8 years agoremoved deadlock from gnutls_global.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:16:45 +0000 (19:16 +0100)]
removed deadlock from gnutls_global.c

8 years agoconstructor and destructors were moved outside the FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:08:38 +0000 (19:08 +0100)]
constructor and destructors were moved outside the FIPS140 mode.

8 years agoexecute the FIPS-test even when not in FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:06:14 +0000 (19:06 +0100)]
execute the FIPS-test even when not in FIPS140 mode.

8 years agofips140_simulate_error -> lib_simulate_error
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:03:56 +0000 (19:03 +0100)]
fips140_simulate_error -> lib_simulate_error

8 years agoadjusted subgroup bits to be compatible with DSA requirements.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:02:26 +0000 (19:02 +0100)]
adjusted subgroup bits to be compatible with DSA requirements.

8 years agoThe library state is used even when not in FIPS mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:50:20 +0000 (18:50 +0100)]
The library state is used even when not in FIPS mode.

This allows having an error state that blocks the library usage
even when not in FIPS mode.

8 years agoMerged the FIPS140-2 support code.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:30:14 +0000 (18:30 +0100)]
Merged the FIPS140-2 support code.

Conflicts:
lib/gnutls_global.c
tests/mini-overhead.c

8 years agognutls_global_init() and gnutls_global_deinit() are thread-safe.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:50:22 +0000 (11:50 +0100)]
gnutls_global_init() and gnutls_global_deinit() are thread-safe.

They utilize static mutex initializers.

8 years agoupdated cross.mk
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:36:11 +0000 (11:36 +0100)]
updated cross.mk

8 years agoremoved usage of %zu.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:18:00 +0000 (11:18 +0100)]
removed usage of %zu.

8 years agoupdated mini-overhead to account for the removal of salsa20+umac
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:42:24 +0000 (09:42 +0100)]
updated mini-overhead to account for the removal of salsa20+umac

8 years agoDetect the presence of posix locks even without linked to libpthread.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:35:01 +0000 (09:35 +0100)]
Detect the presence of posix locks even without linked to libpthread.

8 years agognutls-cli-debug tests for camellia-gcm.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:15:18 +0000 (09:15 +0100)]
gnutls-cli-debug tests for camellia-gcm.

8 years agoremove bashism.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 23:44:42 +0000 (00:44 +0100)]
remove bashism.

8 years agodoc update
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 19:52:51 +0000 (20:52 +0100)]
doc update

8 years agoAdded 3.2 to reference API fips
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

8 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

8 years agoAdded 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

8 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

8 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

8 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

8 years agoAdded destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c

8 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

8 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

8 years agoAdded ECDH known answer test.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 15:25:49 +0000 (16:25 +0100)]
Added ECDH known answer test.

8 years agoAdded known answer test for Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:57:08 +0000 (15:57 +0100)]
Added known answer test for Diffie-Hellman key exchange.

8 years agoAdded check to prevent generating a DH pubkey of 1.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:06:28 +0000 (15:06 +0100)]
Added check to prevent generating a DH pubkey of 1.

8 years agocompacted DH support files.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:31:56 +0000 (14:31 +0100)]
compacted DH support files.

8 years agoclear the generated ECDH parameters as soon as they are not needed.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:30:28 +0000 (14:30 +0100)]
clear the generated ECDH parameters as soon as they are not needed.

8 years agoWhen checking the generated DSA params make sure that the data to be signed have...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:29:40 +0000 (14:29 +0100)]
When checking the generated DSA params make sure that the data to be signed have the proper size.

8 years agoDH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 12:41:21 +0000 (13:41 +0100)]
DH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.

This allows handling DH key generation in the crypto backend files.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

8 years agosimplified DRBG-AES generator by using a counter (with an arbitrary initial value...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 10:24:13 +0000 (11:24 +0100)]
simplified DRBG-AES generator by using a counter (with an arbitrary initial value) as DT.

8 years agoAdded pairwise constistency test on key generation.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:50:03 +0000 (10:50 +0100)]
Added pairwise constistency test on key generation.

8 years agouse memset in bzero
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:26:07 +0000 (10:26 +0100)]
use memset in bzero

8 years agoupdated example certtool.cfg
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 19:35:14 +0000 (20:35 +0100)]
updated example certtool.cfg

8 years agoavoid using memset to prevent a compiler optimizing out out calls.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 16:23:27 +0000 (17:23 +0100)]
avoid using memset to prevent a compiler optimizing out out calls.

8 years agouse _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:28:33 +0000 (16:28 +0100)]
use _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.

8 years agocorrected params for ULTRA level
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:25:02 +0000 (16:25 +0100)]
corrected params for ULTRA level

8 years agodoc update
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:40:23 +0000 (11:40 +0100)]
doc update

8 years agoRe-run receiving tests on server side, to allow any valgrind errors to propagate...
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:28:13 +0000 (11:28 +0100)]
Re-run receiving tests on server side, to allow any valgrind errors to propagate to exit code.

8 years agoPerform an integrity check on all supporting libraries
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:05:14 +0000 (11:05 +0100)]
Perform an integrity check on all supporting libraries

8 years agoIn FIPS mode the default cipher is AES.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 09:56:47 +0000 (10:56 +0100)]
In FIPS mode the default cipher is AES.

8 years agoDo not link gnutls against librt unlress it is really necessary.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:19:43 +0000 (17:19 +0100)]
Do not link gnutls against librt unlress it is really necessary.

8 years agochecks FIPS-140 lib requirements, moved after clock_gettime() is checked for.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:01:59 +0000 (17:01 +0100)]
checks FIPS-140 lib requirements, moved after clock_gettime() is checked for.

8 years agoremoved unused function
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:02:28 +0000 (17:02 +0100)]
removed unused function

8 years agoremoved unused variable
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:00:31 +0000 (17:00 +0100)]
removed unused variable

8 years agoSkip tests that require the non-suiteb curves.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 15:00:51 +0000 (16:00 +0100)]
Skip tests that require the non-suiteb curves.

8 years ago_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error...
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:58:08 +0000 (15:58 +0100)]
_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error conditions.

8 years agoAdded option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:29:22 +0000 (15:29 +0100)]
Added option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).