gnutls:gnutls.git
8 years agorestricted submodule to a specific version
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 19:26:08 +0000 (20:26 +0100)]
restricted submodule to a specific version

8 years agobootstrap will initialize the submodules
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 19:12:11 +0000 (20:12 +0100)]
bootstrap will initialize the submodules

8 years agoUpdated asm files
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 18:16:34 +0000 (19:16 +0100)]
Updated asm files

8 years agoImport perlasm files directly from openssl using git submodule
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 18:16:18 +0000 (19:16 +0100)]
Import perlasm files directly from openssl using git submodule

8 years agodoc update
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 17:39:34 +0000 (18:39 +0100)]
doc update

8 years agoAdded configure option --with-default-blacklist-file
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 12:03:24 +0000 (13:03 +0100)]
Added configure option --with-default-blacklist-file

This option allows to specify a file containing blacklisted certificates.

8 years agognutls_x509_trust_list_remove_cas() and derivatives will utilize a black list.
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 11:56:02 +0000 (12:56 +0100)]
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a black list.

When a CA or certificate is removed from the trusted list, it is also
added in a blacklist to ensure that it will not be accepted due to
interdependency (e.g., it is a subordinate CA), or because it is not a CA.

8 years agoCorrected documentation for gnutls_x509_trust_list_add_trust_*
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 10:09:34 +0000 (11:09 +0100)]
Corrected documentation for gnutls_x509_trust_list_add_trust_*

8 years agoavoid initializing PKCS #11 modules when not needed in gnutls_pkcs11_reinit.
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 09:17:19 +0000 (10:17 +0100)]
avoid initializing PKCS #11 modules when not needed in gnutls_pkcs11_reinit.

8 years agoAvoid verbose logging
Nikos Mavrogiannopoulos [Mon, 16 Dec 2013 09:05:16 +0000 (10:05 +0100)]
Avoid verbose logging

8 years agouse better definitions
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 22:32:43 +0000 (23:32 +0100)]
use better definitions

8 years agodoc update
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:23:20 +0000 (21:23 +0100)]
doc update

8 years agodoc update
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:18:48 +0000 (21:18 +0100)]
doc update

8 years agoAlign on 16-byte boundaries the buffers provided to cryptodev.
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 20:18:05 +0000 (21:18 +0100)]
Align on 16-byte boundaries the buffers provided to cryptodev.

When gnutls is compiled with support for cryptodev, the buffers
provided to crypto backend are ensured to be 16-byte aligned
(except the ones provided by the user). That increases performance
in several crypto accelerators.

8 years agoupdated to correspond to new fail()
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 19:28:28 +0000 (20:28 +0100)]
updated to correspond to new fail()

8 years agosimplified _mbuffer_alloc
Nikos Mavrogiannopoulos [Sun, 15 Dec 2013 17:15:39 +0000 (18:15 +0100)]
simplified _mbuffer_alloc

8 years agoreorganized source files.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:56:58 +0000 (19:56 +0100)]
reorganized source files.

8 years agowhen AESNI is available without PCLMUL, then use AES-NI in GCM.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:36:17 +0000 (19:36 +0100)]
when AESNI is available without PCLMUL, then use AES-NI in GCM.

8 years agoaddressed warning
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 18:33:34 +0000 (19:33 +0100)]
addressed warning

8 years agogive lower priority to SSSE3 over AESNI
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:34:43 +0000 (18:34 +0100)]
give lower priority to SSSE3 over AESNI

8 years agouse better names for files
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:32:19 +0000 (18:32 +0100)]
use better names for files

8 years agozeroize keys
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:31:19 +0000 (18:31 +0100)]
zeroize keys

8 years agoWhen PCLMUL isn't available use the SSSE3 implementation of AES to optimize GCM.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:25:43 +0000 (18:25 +0100)]
When PCLMUL isn't available use the SSSE3 implementation of AES to optimize GCM.

8 years agoremoved UMAC ciphersuites from benchmark
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:22:28 +0000 (18:22 +0100)]
removed UMAC ciphersuites from benchmark

8 years agoremoved the estream ciphersuites from benchmarks
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 17:21:13 +0000 (18:21 +0100)]
removed the estream ciphersuites from benchmarks

8 years agoAdded Mike Hamburg's SSSE3 AES implementation.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 12:00:55 +0000 (13:00 +0100)]
Added Mike Hamburg's SSSE3 AES implementation.

8 years agodoc update
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 11:12:30 +0000 (12:12 +0100)]
doc update

8 years agoAdded Appro's SSSE3 SHA implementations
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 10:57:02 +0000 (11:57 +0100)]
Added Appro's SSSE3 SHA implementations

8 years agoUtilize the optimized SHA functions in Padlock HMAC.
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 08:14:50 +0000 (09:14 +0100)]
Utilize the optimized SHA functions in Padlock HMAC.

8 years agouse a single BUILT_SOURCES
Nikos Mavrogiannopoulos [Sat, 14 Dec 2013 07:41:19 +0000 (08:41 +0100)]
use a single BUILT_SOURCES

8 years agominor phrasing improvements in docs
Patrick Pelletier [Fri, 4 May 2012 01:35:18 +0000 (18:35 -0700)]
minor phrasing improvements in docs

8 years agoAdded auto-generated files in BUILT_SOURCES
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 23:53:28 +0000 (00:53 +0100)]
Added auto-generated files in BUILT_SOURCES

8 years agoFixed check for i < line_size.
Jared Wong [Fri, 13 Dec 2013 08:00:20 +0000 (03:00 -0500)]
Fixed check for i < line_size.

All checks were being done where the line_size check was done last. This
allows data to be read from one past teh end of the line buffer. In C,
accessing data outside of an array is undefined behavior and may cause
yet known problems. Additionally, the compiler may end up making some
unreasonable assumptions under the pretense that the programmer is never
wrong and would not access data outside of the array.

8 years agoAvoid conditional generation of Makefile
Nikos Mavrogiannopoulos [Fri, 13 Dec 2013 16:24:51 +0000 (17:24 +0100)]
Avoid conditional generation of Makefile

8 years agoEnforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 15:25:36 +0000 (16:25 +0100)]
Enforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 07:00:22 +0000 (08:00 +0100)]
doc update

8 years agoexported function
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:56:14 +0000 (07:56 +0100)]
exported function

8 years agoAdded gnutls_record_check_corked.
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:55 +0000 (07:54 +0100)]
Added gnutls_record_check_corked.

8 years agoAvoided gnu-ism in Makefiles
Nikos Mavrogiannopoulos [Thu, 12 Dec 2013 06:54:41 +0000 (07:54 +0100)]
Avoided gnu-ism in Makefiles

8 years agosimplified logic
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:35:04 +0000 (09:35 +0100)]
simplified logic

8 years agoCorrectly detect the FIPS140-2 HMAC file.
Nikos Mavrogiannopoulos [Wed, 11 Dec 2013 08:29:08 +0000 (09:29 +0100)]
Correctly detect the FIPS140-2 HMAC file.

8 years agoensure that all the exported pkcs11 functions initialize PKCS #11.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 22:25:09 +0000 (23:25 +0100)]
ensure that all the exported pkcs11 functions initialize PKCS #11.

8 years agofixes in PKCS #11 initialization
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:26:51 +0000 (20:26 +0100)]
fixes in PKCS #11 initialization

8 years agoprovide imprecise time as gmt time.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 19:12:59 +0000 (20:12 +0100)]
provide imprecise time as gmt time.

8 years agocalling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 14:34:20 +0000 (15:34 +0100)]
calling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization.

8 years agofully initialize the PKCS #11 subsystem only when it is needed to.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 12:35:18 +0000 (13:35 +0100)]
fully initialize the PKCS #11 subsystem only when it is needed to.

8 years agoFIPS140 mode is detected on run-time.
Nikos Mavrogiannopoulos [Mon, 9 Dec 2013 10:03:25 +0000 (11:03 +0100)]
FIPS140 mode is detected on run-time.

That allows a library compiled in FIPS140 mode to operate as the
full library if the system is not in FIPS mode.

8 years agoAdded check to verify that gnutls_global_init() is run on the library constructor.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:55 +0000 (19:19 +0100)]
Added check to verify that gnutls_global_init() is run on the library constructor.

8 years agoconverted to a simple check for gnutls_global_init() as gnutls_global_init2() will...
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:19:17 +0000 (19:19 +0100)]
converted to a simple check for gnutls_global_init() as gnutls_global_init2() will not be added.

8 years agocall p11_kit_modules_load() with null argument.
Nikos Mavrogiannopoulos [Sun, 8 Dec 2013 18:07:56 +0000 (19:07 +0100)]
call p11_kit_modules_load() with null argument.

8 years agoonly use LT_INIT
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:13:50 +0000 (16:13 +0100)]
only use LT_INIT

8 years agodoc update
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:09:20 +0000 (16:09 +0100)]
doc update

8 years agodisable static library build by default
Nikos Mavrogiannopoulos [Fri, 6 Dec 2013 15:08:45 +0000 (16:08 +0100)]
disable static library build by default

8 years agognutls_global_init2() is no longer exported.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:29:23 +0000 (11:29 +0100)]
gnutls_global_init2() is no longer exported.

8 years agodoc update
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:19:49 +0000 (11:19 +0100)]
doc update

8 years agoAdded automatic reinitialization on fork() on the PKCS #11 subsystem.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:16:03 +0000 (11:16 +0100)]
Added automatic reinitialization on fork() on the PKCS #11 subsystem.

8 years agoPKCS #11 initialization is delayed until first use.
Nikos Mavrogiannopoulos [Thu, 5 Dec 2013 10:10:28 +0000 (11:10 +0100)]
PKCS #11 initialization is delayed until first use.

8 years agodoc update
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:42:54 +0000 (17:42 +0100)]
doc update

8 years agoUse a DRBG-AES to generate nonces rather than the yarrow RNG.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 16:14:33 +0000 (17:14 +0100)]
Use a DRBG-AES to generate nonces rather than the yarrow RNG.

8 years agogetpid() is conditionally used.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:54:28 +0000 (15:54 +0100)]
getpid() is conditionally used.

8 years agodeleted auto-generated files
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:49:43 +0000 (15:49 +0100)]
deleted auto-generated files

8 years agoremoved zombie mode, and no longer use fips140.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:48:49 +0000 (15:48 +0100)]
removed zombie mode, and no longer use fips140.h

8 years agomoved gnutls_fips140_mode_enabled to gnutls.h
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:45:05 +0000 (15:45 +0100)]
moved gnutls_fips140_mode_enabled to gnutls.h

8 years agosimplified func
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:35:42 +0000 (15:35 +0100)]
simplified func

8 years agocorrected macros
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:15:57 +0000 (15:15 +0100)]
corrected macros

8 years agoCheck whether the RNG can perform many iterations without error.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:11:30 +0000 (15:11 +0100)]
Check whether the RNG can perform many iterations without error.

8 years agoforce reseed and rekey on fork and if we exceed a number of iterations.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)]
force reseed and rekey on fork and if we exceed a number of iterations.

8 years agodo not deinitialize a static mutex to avoid any side-effects.
Nikos Mavrogiannopoulos [Wed, 4 Dec 2013 08:49:26 +0000 (09:49 +0100)]
do not deinitialize a static mutex to avoid any side-effects.

8 years agore-initialize a deleted staticly initialized mutex
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 19:14:43 +0000 (20:14 +0100)]
re-initialize a deleted staticly initialized mutex

8 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:40:09 +0000 (19:40 +0100)]
doc update

8 years agoAdded hack for nettle's checks.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:39:49 +0000 (19:39 +0100)]
Added hack for nettle's checks.

8 years agoadjusted parameters in normal level for DSA to match nettle's abilities.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:29:24 +0000 (19:29 +0100)]
adjusted parameters in normal level for DSA to match nettle's abilities.

8 years agoadded newlines in error reporting
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:26:51 +0000 (19:26 +0100)]
added newlines in error reporting

8 years agofix self tests when used from slow/cipher-test
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:24:24 +0000 (19:24 +0100)]
fix self tests when used from slow/cipher-test

8 years agodoc update
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:19:22 +0000 (19:19 +0100)]
doc update

8 years agoupdated test for the universal lib constructor
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:17:52 +0000 (19:17 +0100)]
updated test for the universal lib constructor

8 years agoremoved deadlock from gnutls_global.c
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:16:45 +0000 (19:16 +0100)]
removed deadlock from gnutls_global.c

8 years agoconstructor and destructors were moved outside the FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:08:38 +0000 (19:08 +0100)]
constructor and destructors were moved outside the FIPS140 mode.

8 years agoexecute the FIPS-test even when not in FIPS140 mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:06:14 +0000 (19:06 +0100)]
execute the FIPS-test even when not in FIPS140 mode.

8 years agofips140_simulate_error -> lib_simulate_error
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:03:56 +0000 (19:03 +0100)]
fips140_simulate_error -> lib_simulate_error

8 years agoadjusted subgroup bits to be compatible with DSA requirements.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 18:02:26 +0000 (19:02 +0100)]
adjusted subgroup bits to be compatible with DSA requirements.

8 years agoThe library state is used even when not in FIPS mode.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:50:20 +0000 (18:50 +0100)]
The library state is used even when not in FIPS mode.

This allows having an error state that blocks the library usage
even when not in FIPS mode.

8 years agoMerged the FIPS140-2 support code.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 17:30:14 +0000 (18:30 +0100)]
Merged the FIPS140-2 support code.

Conflicts:
lib/gnutls_global.c
tests/mini-overhead.c

8 years agognutls_global_init() and gnutls_global_deinit() are thread-safe.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:50:22 +0000 (11:50 +0100)]
gnutls_global_init() and gnutls_global_deinit() are thread-safe.

They utilize static mutex initializers.

8 years agoupdated cross.mk
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:36:11 +0000 (11:36 +0100)]
updated cross.mk

8 years agoremoved usage of %zu.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 10:18:00 +0000 (11:18 +0100)]
removed usage of %zu.

8 years agoupdated mini-overhead to account for the removal of salsa20+umac
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:42:24 +0000 (09:42 +0100)]
updated mini-overhead to account for the removal of salsa20+umac

8 years agoDetect the presence of posix locks even without linked to libpthread.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:35:01 +0000 (09:35 +0100)]
Detect the presence of posix locks even without linked to libpthread.

8 years agognutls-cli-debug tests for camellia-gcm.
Nikos Mavrogiannopoulos [Sat, 30 Nov 2013 08:15:18 +0000 (09:15 +0100)]
gnutls-cli-debug tests for camellia-gcm.

8 years agoremove bashism.
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 23:44:42 +0000 (00:44 +0100)]
remove bashism.

8 years agodoc update
Nikos Mavrogiannopoulos [Fri, 29 Nov 2013 19:52:51 +0000 (20:52 +0100)]
doc update

8 years agoAdded 3.2 to reference API fips
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

8 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

8 years agoAdded 3.2 to reference API
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

8 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

8 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

8 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

8 years agoAdded destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c

8 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

8 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.