gnutls:gnutls.git
8 years agoconverted to a simple check for gnutls_global_init() as gnutls_global_init2() will...
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:17 +0000 (19:19 +0100)]
converted to a simple check for gnutls_global_init() as gnutls_global_init2() will not be added.

8 years agocall p11_kit_modules_load() with null argument.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:07:56 +0000 (19:07 +0100)]
call p11_kit_modules_load() with null argument.

8 years agoonly use LT_INIT
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:13:50 +0000 (16:13 +0100)]
only use LT_INIT

8 years agodoc update
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:09:20 +0000 (16:09 +0100)]
doc update

8 years agodisable static library build by default
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:08:45 +0000 (16:08 +0100)]
disable static library build by default

8 years agognutls_global_init2() is no longer exported.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:29:23 +0000 (11:29 +0100)]
gnutls_global_init2() is no longer exported.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:19:49 +0000 (11:19 +0100)]
doc update

8 years agoAdded automatic reinitialization on fork() on the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:16:03 +0000 (11:16 +0100)]
Added automatic reinitialization on fork() on the PKCS #11 subsystem.

8 years agoPKCS #11 initialization is delayed until first use.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:10:28 +0000 (11:10 +0100)]
PKCS #11 initialization is delayed until first use.

8 years agodoc update
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:42:54 +0000 (17:42 +0100)]
doc update

8 years agoUse a DRBG-AES to generate nonces rather than the yarrow RNG.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:14:33 +0000 (17:14 +0100)]
Use a DRBG-AES to generate nonces rather than the yarrow RNG.

8 years agogetpid() is conditionally used.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:54:28 +0000 (15:54 +0100)]
getpid() is conditionally used.

8 years agodeleted auto-generated files
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:49:43 +0000 (15:49 +0100)]
deleted auto-generated files

8 years agoremoved zombie mode, and no longer use fips140.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:48:49 +0000 (15:48 +0100)]
removed zombie mode, and no longer use fips140.h

8 years agomoved gnutls_fips140_mode_enabled to gnutls.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:45:05 +0000 (15:45 +0100)]
moved gnutls_fips140_mode_enabled to gnutls.h

8 years agosimplified func
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:35:42 +0000 (15:35 +0100)]
simplified func

8 years agocorrected macros
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:15:57 +0000 (15:15 +0100)]
corrected macros

8 years agoCheck whether the RNG can perform many iterations without error.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:11:30 +0000 (15:11 +0100)]
Check whether the RNG can perform many iterations without error.

8 years agoforce reseed and rekey on fork and if we exceed a number of iterations.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)]
force reseed and rekey on fork and if we exceed a number of iterations.

8 years agodo not deinitialize a static mutex to avoid any side-effects.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 08:49:26 +0000 (09:49 +0100)]
do not deinitialize a static mutex to avoid any side-effects.

9 years agore-initialize a deleted staticly initialized mutex
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 19:14:43 +0000 (20:14 +0100)]
re-initialize a deleted staticly initialized mutex

9 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:40:09 +0000 (19:40 +0100)]
doc update

9 years agoAdded hack for nettle's checks.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:39:49 +0000 (19:39 +0100)]
Added hack for nettle's checks.

9 years agoadjusted parameters in normal level for DSA to match nettle's abilities.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:29:24 +0000 (19:29 +0100)]
adjusted parameters in normal level for DSA to match nettle's abilities.

9 years agoadded newlines in error reporting
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:26:51 +0000 (19:26 +0100)]
added newlines in error reporting

9 years agofix self tests when used from slow/cipher-test
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:24:24 +0000 (19:24 +0100)]
fix self tests when used from slow/cipher-test

9 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:19:22 +0000 (19:19 +0100)]
doc update

9 years agoupdated test for the universal lib constructor
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:17:52 +0000 (19:17 +0100)]
updated test for the universal lib constructor

9 years agoremoved deadlock from gnutls_global.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:16:45 +0000 (19:16 +0100)]
removed deadlock from gnutls_global.c

9 years agoconstructor and destructors were moved outside the FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:08:38 +0000 (19:08 +0100)]
constructor and destructors were moved outside the FIPS140 mode.

9 years agoexecute the FIPS-test even when not in FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:06:14 +0000 (19:06 +0100)]
execute the FIPS-test even when not in FIPS140 mode.

9 years agofips140_simulate_error -> lib_simulate_error
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:03:56 +0000 (19:03 +0100)]
fips140_simulate_error -> lib_simulate_error

9 years agoadjusted subgroup bits to be compatible with DSA requirements.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:02:26 +0000 (19:02 +0100)]
adjusted subgroup bits to be compatible with DSA requirements.

9 years agoThe library state is used even when not in FIPS mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:50:20 +0000 (18:50 +0100)]
The library state is used even when not in FIPS mode.

This allows having an error state that blocks the library usage
even when not in FIPS mode.

9 years agoMerged the FIPS140-2 support code.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:30:14 +0000 (18:30 +0100)]
Merged the FIPS140-2 support code.

Conflicts:
lib/gnutls_global.c
tests/mini-overhead.c

9 years agognutls_global_init() and gnutls_global_deinit() are thread-safe.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:50:22 +0000 (11:50 +0100)]
gnutls_global_init() and gnutls_global_deinit() are thread-safe.

They utilize static mutex initializers.

9 years agoupdated cross.mk
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:36:11 +0000 (11:36 +0100)]
updated cross.mk

9 years agoremoved usage of %zu.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:18:00 +0000 (11:18 +0100)]
removed usage of %zu.

9 years agoupdated mini-overhead to account for the removal of salsa20+umac
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:42:24 +0000 (09:42 +0100)]
updated mini-overhead to account for the removal of salsa20+umac

9 years agoDetect the presence of posix locks even without linked to libpthread.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:35:01 +0000 (09:35 +0100)]
Detect the presence of posix locks even without linked to libpthread.

9 years agognutls-cli-debug tests for camellia-gcm.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:15:18 +0000 (09:15 +0100)]
gnutls-cli-debug tests for camellia-gcm.

9 years agoremove bashism.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 23:44:42 +0000 (00:44 +0100)]
remove bashism.

9 years agodoc update
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 19:52:51 +0000 (20:52 +0100)]
doc update

9 years agoAdded 3.2 to reference API fips
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

9 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

9 years agoAdded 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

9 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

9 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

9 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

9 years agoAdded destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c

9 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

9 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

9 years agoAdded ECDH known answer test.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 15:25:49 +0000 (16:25 +0100)]
Added ECDH known answer test.

9 years agoAdded known answer test for Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:57:08 +0000 (15:57 +0100)]
Added known answer test for Diffie-Hellman key exchange.

9 years agoAdded check to prevent generating a DH pubkey of 1.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:06:28 +0000 (15:06 +0100)]
Added check to prevent generating a DH pubkey of 1.

9 years agocompacted DH support files.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:31:56 +0000 (14:31 +0100)]
compacted DH support files.

9 years agoclear the generated ECDH parameters as soon as they are not needed.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:30:28 +0000 (14:30 +0100)]
clear the generated ECDH parameters as soon as they are not needed.

9 years agoWhen checking the generated DSA params make sure that the data to be signed have...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:29:40 +0000 (14:29 +0100)]
When checking the generated DSA params make sure that the data to be signed have the proper size.

9 years agoDH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 12:41:21 +0000 (13:41 +0100)]
DH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.

This allows handling DH key generation in the crypto backend files.

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

9 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

9 years agosimplified DRBG-AES generator by using a counter (with an arbitrary initial value...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 10:24:13 +0000 (11:24 +0100)]
simplified DRBG-AES generator by using a counter (with an arbitrary initial value) as DT.

9 years agoAdded pairwise constistency test on key generation.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:50:03 +0000 (10:50 +0100)]
Added pairwise constistency test on key generation.

9 years agouse memset in bzero
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:26:07 +0000 (10:26 +0100)]
use memset in bzero

9 years agoupdated example certtool.cfg
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 19:35:14 +0000 (20:35 +0100)]
updated example certtool.cfg

9 years agoavoid using memset to prevent a compiler optimizing out out calls.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 16:23:27 +0000 (17:23 +0100)]
avoid using memset to prevent a compiler optimizing out out calls.

9 years agouse _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:28:33 +0000 (16:28 +0100)]
use _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.

9 years agocorrected params for ULTRA level
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:25:02 +0000 (16:25 +0100)]
corrected params for ULTRA level

9 years agodoc update
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:40:23 +0000 (11:40 +0100)]
doc update

9 years agoRe-run receiving tests on server side, to allow any valgrind errors to propagate...
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:28:13 +0000 (11:28 +0100)]
Re-run receiving tests on server side, to allow any valgrind errors to propagate to exit code.

9 years agoPerform an integrity check on all supporting libraries
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:05:14 +0000 (11:05 +0100)]
Perform an integrity check on all supporting libraries

9 years agoIn FIPS mode the default cipher is AES.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 09:56:47 +0000 (10:56 +0100)]
In FIPS mode the default cipher is AES.

9 years agoDo not link gnutls against librt unlress it is really necessary.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:19:43 +0000 (17:19 +0100)]
Do not link gnutls against librt unlress it is really necessary.

9 years agochecks FIPS-140 lib requirements, moved after clock_gettime() is checked for.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:01:59 +0000 (17:01 +0100)]
checks FIPS-140 lib requirements, moved after clock_gettime() is checked for.

9 years agoremoved unused function
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:02:28 +0000 (17:02 +0100)]
removed unused function

9 years agoremoved unused variable
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:00:31 +0000 (17:00 +0100)]
removed unused variable

9 years agoSkip tests that require the non-suiteb curves.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 15:00:51 +0000 (16:00 +0100)]
Skip tests that require the non-suiteb curves.

9 years ago_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error...
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:58:08 +0000 (15:58 +0100)]
_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error conditions.

9 years agoAdded option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:29:22 +0000 (15:29 +0100)]
Added option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).

9 years agoupdated
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:39:17 +0000 (14:39 +0100)]
updated

9 years agoUse a FIPS140-2 compliant DSA and DH parameter generator.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:23 +0000 (14:26 +0100)]
Use a FIPS140-2 compliant DSA and DH parameter generator.

9 years agoremoved unneeded newlines
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:17 +0000 (14:26 +0100)]
removed unneeded newlines

9 years agomore files ignored
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:47:18 +0000 (13:47 +0100)]
more files ignored

9 years agoAdded DRBG submitted to nettle in gnutls.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:46:22 +0000 (13:46 +0100)]
Added DRBG submitted to nettle in gnutls.

9 years agoAdded deflate compression tests with AES-GCM in order to be tested in FIPS mode.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 10:11:38 +0000 (11:11 +0100)]
Added deflate compression tests with AES-GCM in order to be tested in FIPS mode.

9 years agocorrected comparison
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 09:09:39 +0000 (10:09 +0100)]
corrected comparison

9 years agoAllow MD5 hash in zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:12:39 +0000 (17:12 +0100)]
Allow MD5 hash in zombie mode

9 years agofixed bug
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:06:56 +0000 (17:06 +0100)]
fixed bug

9 years agodon't run openssl (md5) when in fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:45:10 +0000 (16:45 +0100)]
don't run openssl (md5) when in fips mode

9 years agoseparate zombie mode from operational fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:42:55 +0000 (16:42 +0100)]
separate zombie mode from operational fips mode

9 years agomodified to account for zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:41:16 +0000 (16:41 +0100)]
modified to account for zombie mode

9 years agoUse the internal API for MD5 hashing in openssl keys.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:36:27 +0000 (16:36 +0100)]
Use the internal API for MD5 hashing in openssl keys.

9 years agobeautified table
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:33:22 +0000 (16:33 +0100)]
beautified table

9 years agoadded new functions
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:28:37 +0000 (16:28 +0100)]
added new functions

9 years agoeliminated memory leak on PK self check.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:27:39 +0000 (16:27 +0100)]
eliminated memory leak on PK self check.

9 years agoAdded gnutls_global_init2(). This allows initializing gnutls in a constructor in...
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:25:47 +0000 (16:25 +0100)]
Added gnutls_global_init2(). This allows initializing gnutls in a constructor in FIPS140 mode

9 years agoAdded an audit message in self test failure
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:46:37 +0000 (14:46 +0100)]
Added an audit message in self test failure

9 years agobetter error messages.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:44:35 +0000 (14:44 +0100)]
better error messages.

9 years agobinary integrity self test moved to end
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:41:54 +0000 (14:41 +0100)]
binary integrity self test moved to end

9 years agosimplified debugging levels.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:40:37 +0000 (14:40 +0100)]
simplified debugging levels.