gnutls:gnutls.git
3 years agoAdded 3.2 to reference API fips
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:44:29 +0000 (17:44 +0100)]
Added 3.2 to reference API

3 years agoupdated links in reference. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:42:40 +0000 (17:42 +0100)]
updated links in reference. Reported by Nico R.

3 years agoupdated addresses and URLs. Reported by Nico R.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:39:52 +0000 (17:39 +0100)]
updated addresses and URLs. Reported by Nico R.

3 years agoAdded destructor and moved both *structors to fips.c
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:35:18 +0000 (17:35 +0100)]
Added destructor and moved both *structors to fips.c

3 years agoEliminated memory leak in print_aia(). Reported by Ben de Graaff.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 16:27:55 +0000 (17:27 +0100)]
Eliminated memory leak in print_aia(). Reported by Ben de Graaff.

3 years agoAdded ECDH known answer test.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 15:25:49 +0000 (16:25 +0100)]
Added ECDH known answer test.

3 years agoAdded known answer test for Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:57:08 +0000 (15:57 +0100)]
Added known answer test for Diffie-Hellman key exchange.

3 years agoAdded check to prevent generating a DH pubkey of 1.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 14:06:28 +0000 (15:06 +0100)]
Added check to prevent generating a DH pubkey of 1.

3 years agocompacted DH support files.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:31:56 +0000 (14:31 +0100)]
compacted DH support files.

3 years agoclear the generated ECDH parameters as soon as they are not needed.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:30:28 +0000 (14:30 +0100)]
clear the generated ECDH parameters as soon as they are not needed.

3 years agoWhen checking the generated DSA params make sure that the data to be signed have...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 13:29:40 +0000 (14:29 +0100)]
When checking the generated DSA params make sure that the data to be signed have the proper size.

3 years agoDH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 12:41:21 +0000 (13:41 +0100)]
DH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions.

This allows handling DH key generation in the crypto backend files.

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 11:00:58 +0000 (12:00 +0100)]
doc update

3 years agosimplified DRBG-AES generator by using a counter (with an arbitrary initial value...
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 10:24:13 +0000 (11:24 +0100)]
simplified DRBG-AES generator by using a counter (with an arbitrary initial value) as DT.

3 years agoAdded pairwise constistency test on key generation.
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:50:03 +0000 (10:50 +0100)]
Added pairwise constistency test on key generation.

3 years agouse memset in bzero
Nikos Mavrogiannopoulos [Thu, 28 Nov 2013 09:26:07 +0000 (10:26 +0100)]
use memset in bzero

3 years agoavoid using memset to prevent a compiler optimizing out out calls.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 16:23:27 +0000 (17:23 +0100)]
avoid using memset to prevent a compiler optimizing out out calls.

3 years agouse _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:28:33 +0000 (16:28 +0100)]
use _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size.

3 years agocorrected params for ULTRA level
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 15:25:02 +0000 (16:25 +0100)]
corrected params for ULTRA level

3 years agodoc update
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:40:23 +0000 (11:40 +0100)]
doc update

3 years agoRe-run receiving tests on server side, to allow any valgrind errors to propagate...
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:28:13 +0000 (11:28 +0100)]
Re-run receiving tests on server side, to allow any valgrind errors to propagate to exit code.

3 years agoPerform an integrity check on all supporting libraries
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 10:05:14 +0000 (11:05 +0100)]
Perform an integrity check on all supporting libraries

3 years agoIn FIPS mode the default cipher is AES.
Nikos Mavrogiannopoulos [Wed, 27 Nov 2013 09:56:47 +0000 (10:56 +0100)]
In FIPS mode the default cipher is AES.

3 years agoDo not link gnutls against librt unlress it is really necessary.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:19:43 +0000 (17:19 +0100)]
Do not link gnutls against librt unlress it is really necessary.

3 years agochecks FIPS-140 lib requirements, moved after clock_gettime() is checked for.
Nikos Mavrogiannopoulos [Tue, 26 Nov 2013 16:01:59 +0000 (17:01 +0100)]
checks FIPS-140 lib requirements, moved after clock_gettime() is checked for.

3 years agoremoved unused function
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:02:28 +0000 (17:02 +0100)]
removed unused function

3 years agoremoved unused variable
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 16:00:31 +0000 (17:00 +0100)]
removed unused variable

3 years agoSkip tests that require the non-suiteb curves.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 15:00:51 +0000 (16:00 +0100)]
Skip tests that require the non-suiteb curves.

3 years ago_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error...
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:58:08 +0000 (15:58 +0100)]
_gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error conditions.

3 years agoAdded option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 14:29:22 +0000 (15:29 +0100)]
Added option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves).

3 years agoupdated
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:39:17 +0000 (14:39 +0100)]
updated

3 years agoUse a FIPS140-2 compliant DSA and DH parameter generator.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:23 +0000 (14:26 +0100)]
Use a FIPS140-2 compliant DSA and DH parameter generator.

3 years agoremoved unneeded newlines
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 13:26:17 +0000 (14:26 +0100)]
removed unneeded newlines

3 years agomore files ignored
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:47:18 +0000 (13:47 +0100)]
more files ignored

3 years agoAdded DRBG submitted to nettle in gnutls.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 12:46:22 +0000 (13:46 +0100)]
Added DRBG submitted to nettle in gnutls.

3 years agoAdded deflate compression tests with AES-GCM in order to be tested in FIPS mode.
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 10:11:38 +0000 (11:11 +0100)]
Added deflate compression tests with AES-GCM in order to be tested in FIPS mode.

3 years agocorrected comparison
Nikos Mavrogiannopoulos [Mon, 25 Nov 2013 09:09:39 +0000 (10:09 +0100)]
corrected comparison

3 years agoAllow MD5 hash in zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:12:39 +0000 (17:12 +0100)]
Allow MD5 hash in zombie mode

3 years agofixed bug
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 16:06:56 +0000 (17:06 +0100)]
fixed bug

3 years agodon't run openssl (md5) when in fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:45:10 +0000 (16:45 +0100)]
don't run openssl (md5) when in fips mode

3 years agoseparate zombie mode from operational fips mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:42:55 +0000 (16:42 +0100)]
separate zombie mode from operational fips mode

3 years agomodified to account for zombie mode
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:41:16 +0000 (16:41 +0100)]
modified to account for zombie mode

3 years agoUse the internal API for MD5 hashing in openssl keys.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:36:27 +0000 (16:36 +0100)]
Use the internal API for MD5 hashing in openssl keys.

3 years agobeautified table
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:33:22 +0000 (16:33 +0100)]
beautified table

3 years agoadded new functions
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:28:37 +0000 (16:28 +0100)]
added new functions

3 years agoeliminated memory leak on PK self check.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:27:39 +0000 (16:27 +0100)]
eliminated memory leak on PK self check.

3 years agoAdded gnutls_global_init2(). This allows initializing gnutls in a constructor in...
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 15:25:47 +0000 (16:25 +0100)]
Added gnutls_global_init2(). This allows initializing gnutls in a constructor in FIPS140 mode

3 years agoAdded an audit message in self test failure
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:46:37 +0000 (14:46 +0100)]
Added an audit message in self test failure

3 years agobetter error messages.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:44:35 +0000 (14:44 +0100)]
better error messages.

3 years agobinary integrity self test moved to end
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:41:54 +0000 (14:41 +0100)]
binary integrity self test moved to end

3 years agosimplified debugging levels.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:40:37 +0000 (14:40 +0100)]
simplified debugging levels.

3 years agosilence some errors
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:35:32 +0000 (14:35 +0100)]
silence some errors

3 years agoupdated
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:34:09 +0000 (14:34 +0100)]
updated

3 years agoBetter handling of FIPS140-2 initialization
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 13:33:23 +0000 (14:33 +0100)]
Better handling of FIPS140-2 initialization

3 years agoAdded curve_exists() to pk-backend. That allows to determine which curves are available.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 12:06:49 +0000 (13:06 +0100)]
Added curve_exists() to pk-backend. That allows to determine which curves are available.

3 years agognutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140...
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:27:57 +0000 (12:27 +0100)]
gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140-2 mode.

3 years agoDo not allow MD5 in the high level crypto-api in FIPS mode.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:23:19 +0000 (12:23 +0100)]
Do not allow MD5 in the high level crypto-api in FIPS mode.

3 years agowhen using the rng() with a void option use the FIPS state to indicate errors.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:19:29 +0000 (12:19 +0100)]
when using the rng() with a void option use the FIPS state to indicate errors.

3 years agoRestrict the number of tests run on FIPS140-2 mode.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 11:12:57 +0000 (12:12 +0100)]
Restrict the number of tests run on FIPS140-2 mode.

3 years agoIn FIPS140-2 mode disable non-conformant ciphers, MAC and hash algorithms.
Nikos Mavrogiannopoulos [Fri, 22 Nov 2013 10:49:43 +0000 (11:49 +0100)]
In FIPS140-2 mode disable non-conformant ciphers, MAC and hash algorithms.

3 years agoUse nettle for the generation of DH group parameters.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:28:33 +0000 (19:28 +0100)]
Use nettle for the generation of DH group parameters.

3 years agono need to memset. It should have been initialized.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:18:31 +0000 (19:18 +0100)]
no need to memset. It should have been initialized.

3 years agoDo not involve the security level into the certificate comparisons.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:12:46 +0000 (19:12 +0100)]
Do not involve the security level into the certificate comparisons.

3 years agoSeparated pk_generate to pk_generate_params() and pk_generate_keys().
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 18:04:43 +0000 (19:04 +0100)]
Separated pk_generate to pk_generate_params() and pk_generate_keys().

This allows using the pk_generate interface to get DH parameters
and DH keys.

3 years agorestricted combinations of security parameters in FIPS mode.
Nikos Mavrogiannopoulos [Wed, 20 Nov 2013 13:43:30 +0000 (14:43 +0100)]
restricted combinations of security parameters in FIPS mode.

3 years agoremoved the initialized static variable.
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 13:21:53 +0000 (14:21 +0100)]
removed the initialized static variable.

3 years agoCorrected _rnd_get_event().
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 13:04:09 +0000 (14:04 +0100)]
Corrected _rnd_get_event().

3 years agoAdded _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace _gnutls_mpi_mod().
Nikos Mavrogiannopoulos [Tue, 19 Nov 2013 12:32:48 +0000 (13:32 +0100)]
Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace _gnutls_mpi_mod().

3 years agoIn rng_fork test all random generators.
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 09:23:26 +0000 (10:23 +0100)]
In rng_fork test all random generators.

3 years agocomments updated to conform to the modified version.
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 08:50:59 +0000 (09:50 +0100)]
comments updated to conform to the modified version.

3 years agoremoved external test functions
Nikos Mavrogiannopoulos [Mon, 18 Nov 2013 08:45:25 +0000 (09:45 +0100)]
removed external test functions

3 years agoPorted libgcrypt's AES-based DRBG.
Nikos Mavrogiannopoulos [Fri, 15 Nov 2013 14:45:46 +0000 (15:45 +0100)]
Ported libgcrypt's AES-based DRBG.

3 years agosplit some functionality of nettle's RNG.
Nikos Mavrogiannopoulos [Thu, 14 Nov 2013 14:09:16 +0000 (15:09 +0100)]
split some functionality of nettle's RNG.

3 years agolong term keys are always overwritten
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 16:12:51 +0000 (17:12 +0100)]
long term keys are always overwritten

3 years agocorrected typo
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:25:00 +0000 (14:25 +0100)]
corrected typo

3 years agozeroize also ASN.1 structures that hold keys.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:16:34 +0000 (14:16 +0100)]
zeroize also ASN.1 structures that hold keys.

3 years agomore keys are zeroized
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:16:23 +0000 (14:16 +0100)]
more keys are zeroized

3 years agorequire libtasn1 3.4
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 13:00:09 +0000 (14:00 +0100)]
require libtasn1 3.4

3 years agoupdated libtasn1 version
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 12:59:50 +0000 (13:59 +0100)]
updated libtasn1 version

3 years agouse the most appropriate nettle function
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 11:24:28 +0000 (12:24 +0100)]
use the most appropriate nettle function

3 years agobetter naming for free_datum functions.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 11:22:33 +0000 (12:22 +0100)]
better naming for free_datum functions.

3 years agooverwrite temp buffers of private keys.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 10:11:25 +0000 (11:11 +0100)]
overwrite temp buffers of private keys.

3 years agozeroize ECC secret scalars and points.
Nikos Mavrogiannopoulos [Wed, 13 Nov 2013 09:47:48 +0000 (10:47 +0100)]
zeroize ECC secret scalars and points.

3 years agoAdded zeroization of keys in several parts within gnutls.
Nikos Mavrogiannopoulos [Tue, 12 Nov 2013 13:24:34 +0000 (14:24 +0100)]
Added zeroization of keys in several parts within gnutls.

3 years agodoc update
Nikos Mavrogiannopoulos [Tue, 12 Nov 2013 13:05:41 +0000 (14:05 +0100)]
doc update

3 years agoAdded key zeroization primitives.
Nikos Mavrogiannopoulos [Tue, 12 Nov 2013 12:59:35 +0000 (13:59 +0100)]
Added key zeroization primitives.

3 years agoSimplified _gnutls_mpi_release()
Nikos Mavrogiannopoulos [Tue, 12 Nov 2013 12:12:15 +0000 (13:12 +0100)]
Simplified _gnutls_mpi_release()

3 years agoUpdated FIPS140 initialization and added a self test for it.
Nikos Mavrogiannopoulos [Tue, 12 Nov 2013 11:46:10 +0000 (12:46 +0100)]
Updated FIPS140 initialization and added a self test for it.

3 years agoAdded binary integrity test
Nikos Mavrogiannopoulos [Mon, 11 Nov 2013 20:12:16 +0000 (21:12 +0100)]
Added binary integrity test

3 years agoAdded support for fips states.
Nikos Mavrogiannopoulos [Mon, 11 Nov 2013 17:07:17 +0000 (18:07 +0100)]
Added support for fips states.

This implies that when in FIPS mode and the library is not in operational
state (i.e., all self checks succeeded), crypto functionality of the library will fail.
This includes:
* API functions of gnutls/crypto.h
* API functions of gnutls/abstract.h
* API functions of gnutls/x509.h
* gnutls_init()
* API functions of gnutls/xssl.h

3 years agoindented code
Nikos Mavrogiannopoulos [Mon, 11 Nov 2013 13:51:35 +0000 (14:51 +0100)]
indented code

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 11 Nov 2013 13:40:31 +0000 (14:40 +0100)]
doc update

3 years agoSelf checks are conditionally included in the library.
Nikos Mavrogiannopoulos [Fri, 8 Nov 2013 15:48:32 +0000 (16:48 +0100)]
Self checks are conditionally included in the library.

3 years agoAdded pair-wise consistency tests for RSA, DSA and ECDSA.
Nikos Mavrogiannopoulos [Fri, 8 Nov 2013 12:30:22 +0000 (13:30 +0100)]
Added pair-wise consistency tests for RSA, DSA and ECDSA.

3 years agoin gnutls_x509_privkey_generate() allow specifying an explicit curve.
Nikos Mavrogiannopoulos [Fri, 8 Nov 2013 10:09:41 +0000 (11:09 +0100)]
in gnutls_x509_privkey_generate() allow specifying an explicit curve.

3 years agoAdded gnutls_privkey_generate().
Nikos Mavrogiannopoulos [Fri, 8 Nov 2013 09:45:47 +0000 (10:45 +0100)]
Added gnutls_privkey_generate().

3 years agoAdded self tests on RSA, DSA, and ECDSA key usage.
Nikos Mavrogiannopoulos [Thu, 7 Nov 2013 15:25:20 +0000 (16:25 +0100)]
Added self tests on RSA, DSA, and ECDSA key usage.

3 years agoAdded option to run all available self tests per category in a single run.
Nikos Mavrogiannopoulos [Thu, 7 Nov 2013 14:18:04 +0000 (15:18 +0100)]
Added option to run all available self tests per category in a single run.

3 years agocompleted self-tests by adding digest and MAC tests.
Nikos Mavrogiannopoulos [Thu, 7 Nov 2013 13:50:35 +0000 (14:50 +0100)]
completed self-tests by adding digest and MAC tests.

3 years agoAdded self tests
Nikos Mavrogiannopoulos [Wed, 6 Nov 2013 15:33:59 +0000 (16:33 +0100)]
Added self tests