gnutls:gnutls.git
2 years agoadded fix for certificate algorithm consistency check gnutls_2_12_x
Nikos Mavrogiannopoulos [Mon, 23 Feb 2015 09:41:56 +0000 (10:41 +0100)]
added fix for certificate algorithm consistency check

2 years agoupdated autotools generated files
Nikos Mavrogiannopoulos [Mon, 23 Feb 2015 09:18:14 +0000 (10:18 +0100)]
updated autotools generated files

2 years agoadded AM_PROG_AR in configure
Nikos Mavrogiannopoulos [Mon, 23 Feb 2015 08:50:37 +0000 (09:50 +0100)]
added AM_PROG_AR in configure

3 years agodoc update
Nikos Mavrogiannopoulos [Sun, 29 Jun 2014 12:35:12 +0000 (14:35 +0200)]
doc update

3 years agoPrevent memory corruption due to server hello parsing.
Nikos Mavrogiannopoulos [Fri, 23 May 2014 17:53:03 +0000 (19:53 +0200)]
Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.

3 years agoremove -Werror
Nikos Mavrogiannopoulos [Thu, 27 Feb 2014 18:52:16 +0000 (19:52 +0100)]
remove -Werror

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 27 Feb 2014 18:42:56 +0000 (19:42 +0100)]
doc update

3 years agocorrected return codes
Nikos Mavrogiannopoulos [Thu, 27 Feb 2014 18:42:26 +0000 (19:42 +0100)]
corrected return codes

3 years agodoc update
Nikos Mavrogiannopoulos [Sun, 16 Feb 2014 13:14:04 +0000 (14:14 +0100)]
doc update

3 years agoFixed bug that prevented the rejection of v1 intermediate CA certificates.
Nikos Mavrogiannopoulos [Wed, 12 Feb 2014 15:41:33 +0000 (16:41 +0100)]
Fixed bug that prevented the rejection of v1 intermediate CA certificates.

4 years agore-applied sanity check patch
Nikos Mavrogiannopoulos [Thu, 23 May 2013 07:54:37 +0000 (09:54 +0200)]
re-applied sanity check patch

4 years agoRevert "Added sanity check in pad size."
Nikos Mavrogiannopoulos [Thu, 23 May 2013 07:54:13 +0000 (09:54 +0200)]
Revert "Added sanity check in pad size."

This reverts commit 3dcd0f873d3a03859a7f5c6bb05df8fbee094127.

4 years agoAdded sanity check in pad size.
Nikos Mavrogiannopoulos [Thu, 23 May 2013 07:43:19 +0000 (09:43 +0200)]
Added sanity check in pad size.

4 years agoadded date gnutls_2_12_23
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:26:13 +0000 (10:26 +0100)]
added date

4 years agoDN variable 'T' was expanded to 'title'
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 09:16:26 +0000 (10:16 +0100)]
DN variable 'T' was expanded to 'title'

4 years agocorrected fix
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:39:42 +0000 (09:39 +0100)]
corrected fix

4 years agodoc update + bumped version
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 08:34:30 +0000 (09:34 +0100)]
doc update + bumped version

4 years agoFixes to avoid a timing attack in TLS CBC record parsing.
Nikos Mavrogiannopoulos [Mon, 4 Feb 2013 02:08:04 +0000 (03:08 +0100)]
Fixes to avoid a timing attack in TLS CBC record parsing.

4 years agofree allocated module name. Reported by Sam Varshavchik.
Daniel Kahn Gillmor [Sun, 3 Feb 2013 18:13:34 +0000 (13:13 -0500)]
free allocated module name. Reported by Sam Varshavchik.

This is the same fix from the 3.0 branch as:

 ce7caadb  "free allocated module name. Reported by Sam Varshavchik."

4 years agolibgcrypt code updated with similar checks to nettle code gnutls_2_12_22
Nikos Mavrogiannopoulos [Sat, 5 Jan 2013 23:11:01 +0000 (00:11 +0100)]
libgcrypt code updated with similar checks to nettle code

4 years agoguile: Fix dependencies to be parallel-safe.
Ludovic Courtès [Fri, 30 Nov 2012 23:52:58 +0000 (00:52 +0100)]
guile: Fix dependencies to be parallel-safe.

4 years agoreleased
Nikos Mavrogiannopoulos [Sat, 5 Jan 2013 22:54:01 +0000 (23:54 +0100)]
released

4 years agouse AC_CONFIG_HEADERS()
Nikos Mavrogiannopoulos [Thu, 3 Jan 2013 22:59:46 +0000 (23:59 +0100)]
use AC_CONFIG_HEADERS()

4 years agoCorrected bugs in record padding parsing.
Nikos Mavrogiannopoulos [Thu, 3 Jan 2013 22:48:38 +0000 (23:48 +0100)]
Corrected bugs in record padding parsing.

4 years agoStricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi.
Nikos Mavrogiannopoulos [Thu, 3 Jan 2013 22:46:59 +0000 (23:46 +0100)]
Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi.

4 years agodocumented fix
Nikos Mavrogiannopoulos [Sat, 17 Nov 2012 09:25:57 +0000 (10:25 +0100)]
documented fix

4 years agomore gcc warnings to ignore
Nikos Mavrogiannopoulos [Sat, 17 Nov 2012 09:17:04 +0000 (10:17 +0100)]
more gcc warnings to ignore

4 years agobumped version
Nikos Mavrogiannopoulos [Sat, 17 Nov 2012 09:13:57 +0000 (10:13 +0100)]
bumped version

4 years agoPrevent the usage of strlen() on null values.
Nikos Mavrogiannopoulos [Sat, 25 Aug 2012 13:37:17 +0000 (15:37 +0200)]
Prevent the usage of strlen() on null values.

4 years agoupdated gnulib, and added hash-pjw-bare.
Nikos Mavrogiannopoulos [Sun, 11 Nov 2012 03:16:01 +0000 (04:16 +0100)]
updated gnulib, and added hash-pjw-bare.

This fixed compilation with the newer minitasn1.

4 years agoupdated doc gnutls_2_12_21
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:49:08 +0000 (23:49 +0100)]
updated doc

4 years agoupdated
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:45:23 +0000 (23:45 +0100)]
updated

4 years agobumped versions
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 22:41:48 +0000 (23:41 +0100)]
bumped versions

4 years agotolerate key usage violation.
Nikos Mavrogiannopoulos [Thu, 8 Nov 2012 16:12:03 +0000 (17:12 +0100)]
tolerate key usage violation.

4 years agoupdate cflags and libs
Nikos Mavrogiannopoulos [Sat, 3 Nov 2012 18:38:44 +0000 (19:38 +0100)]
update cflags and libs

4 years agoupdated libtasn1
Nikos Mavrogiannopoulos [Sat, 3 Nov 2012 18:35:30 +0000 (19:35 +0100)]
updated libtasn1

4 years agoKey usage violations are allowed when the COMPAT keyword is specified.
Nikos Mavrogiannopoulos [Sat, 15 Sep 2012 18:21:02 +0000 (20:21 +0200)]
Key usage violations are allowed when the COMPAT keyword is specified.

I've noticed in the SSL observatory data that most key usage bits in
a certificate are set randomly (e.g., there are DSA certificates marked
for encryption, and most RSA certificates marked for signature only are used
for encryption anyway). There is no point of being strict in such environment.

4 years agoCorrected bug in PGP subpacket encoding
Nikos Mavrogiannopoulos [Sun, 23 Sep 2012 17:06:00 +0000 (19:06 +0200)]
Corrected bug in PGP subpacket encoding

4 years agodepend on libtasn1 2.14 or later.
Nikos Mavrogiannopoulos [Sat, 3 Nov 2012 12:55:51 +0000 (13:55 +0100)]
depend on libtasn1 2.14 or later.

4 years agoUse the new asn1_read_node_value()
Nikos Mavrogiannopoulos [Wed, 12 Sep 2012 20:45:55 +0000 (22:45 +0200)]
Use the new asn1_read_node_value()

5 years agodo not use @euro gnutls_2_12_20
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 10:55:02 +0000 (12:55 +0200)]
do not use @euro

5 years agobumped versions
Nikos Mavrogiannopoulos [Sun, 10 Jun 2012 10:47:11 +0000 (12:47 +0200)]
bumped versions

5 years agoFixed leaks in PKCS #8 decoding
Nikos Mavrogiannopoulos [Sat, 9 Jun 2012 09:48:02 +0000 (11:48 +0200)]
Fixed leaks in PKCS #8 decoding

5 years agoRevert "This patch fixes following kind of issue with automake 1.12"
Nikos Mavrogiannopoulos [Fri, 1 Jun 2012 22:53:01 +0000 (00:53 +0200)]
Revert "This patch fixes following kind of issue with automake 1.12"

This reverts commit 77670476814c078bbad56ce8772b192a3b5736b6.

5 years agocorrected data copy
Nikos Mavrogiannopoulos [Sun, 27 May 2012 11:53:35 +0000 (13:53 +0200)]
corrected data copy

5 years agoWhen checking for an issuer check for a match in the key identifiers.
Nikos Mavrogiannopoulos [Thu, 24 May 2012 16:20:32 +0000 (18:20 +0200)]
When checking for an issuer check for a match in the key identifiers.

5 years agoThis patch fixes following kind of issue with automake 1.12
Nikos Mavrogiannopoulos [Wed, 9 May 2012 06:14:48 +0000 (08:14 +0200)]
This patch fixes following kind of issue with automake 1.12

| automake: warnings are treated as errors
| /.../automake-1.12/am/ltlibrary.am: warning: 'libgnutls.la': linking libtool libraries using a non-POSIX
| /.../automake-1.12/am/ltlibrary.am: archiver requires 'AM_PROG_AR' in 'configure.ac'

Patch by: Nitin A Kamble <nitin.a.kamble@intel.com>

5 years agobumped version gnutls_2_12_19
Nikos Mavrogiannopoulos [Sat, 5 May 2012 17:24:38 +0000 (19:24 +0200)]
bumped version

5 years agocorrected bug in scan_nz()
Nikos Mavrogiannopoulos [Wed, 25 Apr 2012 08:19:16 +0000 (10:19 +0200)]
corrected bug in scan_nz()

5 years agobumped version.
Nikos Mavrogiannopoulos [Sun, 22 Apr 2012 16:05:50 +0000 (18:05 +0200)]
bumped version.

5 years agodocumented fix
Nikos Mavrogiannopoulos [Sun, 22 Apr 2012 15:59:49 +0000 (17:59 +0200)]
documented fix

5 years agoAdded complete check in SRP parameters.
Nikos Mavrogiannopoulos [Thu, 19 Apr 2012 18:26:50 +0000 (20:26 +0200)]
Added complete check in SRP parameters.

5 years agoAdded better sanity checks in Diffie-Hellman key exchange.
Nikos Mavrogiannopoulos [Wed, 18 Apr 2012 15:26:15 +0000 (17:26 +0200)]
Added better sanity checks in Diffie-Hellman key exchange.

Conflicts:

lib/gnutls_dh.c

5 years agoIf a callback fails try the other.
Nikos Mavrogiannopoulos [Mon, 16 Apr 2012 16:41:00 +0000 (18:41 +0200)]
If a callback fails try the other.

5 years agodocumented fix
Nikos Mavrogiannopoulos [Mon, 16 Apr 2012 16:20:21 +0000 (18:20 +0200)]
documented fix

5 years agoby default register a file callback in p11-kit to read a file from the pin-source...
Nikos Mavrogiannopoulos [Mon, 16 Apr 2012 16:18:51 +0000 (18:18 +0200)]
by default register a file callback in p11-kit to read a file from the pin-source pkcs11url field.

5 years agoupdated libtasn1
Nikos Mavrogiannopoulos [Sun, 1 Apr 2012 19:16:05 +0000 (21:16 +0200)]
updated libtasn1

5 years agoreleased 2.12.18 gnutls_2_12_18
Nikos Mavrogiannopoulos [Fri, 16 Mar 2012 16:26:22 +0000 (17:26 +0100)]
released 2.12.18

5 years agocorrected memory leaks in tests.
Nikos Mavrogiannopoulos [Fri, 16 Mar 2012 07:27:11 +0000 (08:27 +0100)]
corrected memory leaks in tests.

5 years agocorrected memory leaks in prime generation.
Nikos Mavrogiannopoulos [Fri, 16 Mar 2012 07:26:42 +0000 (08:26 +0100)]
corrected memory leaks in prime generation.

5 years agomore files to ignore
Nikos Mavrogiannopoulos [Fri, 16 Mar 2012 07:07:36 +0000 (08:07 +0100)]
more files to ignore

5 years agoUpgraded to libtasn1 version 2.12.
Nikos Mavrogiannopoulos [Fri, 16 Mar 2012 07:03:31 +0000 (08:03 +0100)]
Upgraded to libtasn1 version 2.12.

5 years agobumped version
Nikos Mavrogiannopoulos [Wed, 14 Mar 2012 21:04:18 +0000 (22:04 +0100)]
bumped version

5 years agoFixed leaks in key generation and other cleanups. Patch by Tomas Mraz.
Nikos Mavrogiannopoulos [Thu, 8 Mar 2012 22:26:50 +0000 (23:26 +0100)]
Fixed leaks in key generation and other cleanups. Patch by Tomas Mraz.

5 years agoCorrected SRP-RSA ciphersuites when used under TLS 1.2.
Nikos Mavrogiannopoulos [Fri, 2 Mar 2012 22:31:26 +0000 (23:31 +0100)]
Corrected SRP-RSA ciphersuites when used under TLS 1.2.

5 years agoreleased 2.12.17 gnutls_2_12_17
Nikos Mavrogiannopoulos [Fri, 2 Mar 2012 18:07:57 +0000 (19:07 +0100)]
released 2.12.17

5 years agoFixes and memory leak elimination in SRP authentication.
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 23:26:23 +0000 (00:26 +0100)]
Fixes and memory leak elimination in SRP authentication.

5 years agoadded new api
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 16:49:45 +0000 (17:49 +0100)]
added new api

5 years agoAdded gnutls_pkcs11_reinit().
Nikos Mavrogiannopoulos [Mon, 23 Jan 2012 19:04:04 +0000 (20:04 +0100)]
Added gnutls_pkcs11_reinit().

Conflicts:

NEWS
doc/cha-cert-auth2.texi
lib/libgnutls.map

5 years agoUpdated gnulib.
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 16:05:00 +0000 (17:05 +0100)]
Updated gnulib.

5 years agobumped version
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 15:51:29 +0000 (16:51 +0100)]
bumped version

5 years agovalgrind only used in development environment
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 15:48:01 +0000 (16:48 +0100)]
valgrind only used in development environment

5 years agoNo longer crash on a pkcs11 object without an ID.
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 15:39:25 +0000 (16:39 +0100)]
No longer crash on a pkcs11 object without an ID.

5 years agobetter check decrypted data.
Nikos Mavrogiannopoulos [Thu, 1 Mar 2012 08:50:40 +0000 (09:50 +0100)]
better check decrypted data.

5 years agoadded sanity for parameters in _gnutls_pkcs1_rsa_decrypt().
Nikos Mavrogiannopoulos [Mon, 9 Jan 2012 22:48:29 +0000 (23:48 +0100)]
added sanity for parameters in _gnutls_pkcs1_rsa_decrypt().

5 years agoreleased 2.12.16. gnutls_2_12_16
Nikos Mavrogiannopoulos [Mon, 9 Jan 2012 22:47:42 +0000 (23:47 +0100)]
released 2.12.16.

5 years agoCorrected functionality of gnutls_record_get_direction(). Reported by Philip Allison.
Nikos Mavrogiannopoulos [Fri, 6 Jan 2012 19:07:55 +0000 (20:07 +0100)]
Corrected functionality of gnutls_record_get_direction(). Reported by Philip Allison.

5 years agoupdated news gnutls_2_12_15
Nikos Mavrogiannopoulos [Fri, 6 Jan 2012 20:35:00 +0000 (21:35 +0100)]
updated news

5 years agocorrected rnd generation for w.
Nikos Mavrogiannopoulos [Fri, 6 Jan 2012 20:18:47 +0000 (21:18 +0100)]
corrected rnd generation for w.

5 years agobumped version.
Nikos Mavrogiannopoulos [Fri, 6 Jan 2012 18:22:29 +0000 (19:22 +0100)]
bumped version.

5 years agominor update to the fix.
Nikos Mavrogiannopoulos [Thu, 5 Jan 2012 14:14:46 +0000 (15:14 +0100)]
minor update to the fix.

5 years agoDisable signature algorithms that are not supported for client certificate verification.
Nikos Mavrogiannopoulos [Thu, 5 Jan 2012 13:58:16 +0000 (14:58 +0100)]
Disable signature algorithms that are not supported for client certificate verification.

5 years agooptimized DH group generation process (ported from 3.0.x)
Nikos Mavrogiannopoulos [Fri, 16 Dec 2011 04:05:58 +0000 (05:05 +0100)]
optimized DH group generation process (ported from 3.0.x)

5 years agodropped unneeded function.
Nikos Mavrogiannopoulos [Thu, 24 Nov 2011 07:19:49 +0000 (08:19 +0100)]
dropped unneeded function.

5 years agoreleased 2.12.14 gnutls_2_12_14a
Nikos Mavrogiannopoulos [Tue, 8 Nov 2011 07:27:42 +0000 (08:27 +0100)]
released 2.12.14

5 years agobug fix in gnutls_session_get_data(). gnutls_2_12_14
Nikos Mavrogiannopoulos [Tue, 8 Nov 2011 06:52:51 +0000 (07:52 +0100)]
bug fix in gnutls_session_get_data().

5 years agodocumented updates gnutls_2_12_13
Nikos Mavrogiannopoulos [Mon, 7 Nov 2011 20:36:49 +0000 (21:36 +0100)]
documented updates

5 years agoupgraded to minitasn 2.10
Nikos Mavrogiannopoulos [Mon, 7 Nov 2011 20:25:36 +0000 (21:25 +0100)]
upgraded to minitasn 2.10

5 years agognutls_session_get_data: fix possible buffer overflow
Alban Crequy [Mon, 7 Nov 2011 18:51:27 +0000 (18:51 +0000)]
gnutls_session_get_data: fix possible buffer overflow

The test to avoid the buffer overflow was always false because
session_data_size was set at the wrong place. This problem has been introduced
by this commit:

|commit ad4ed44c65e753e6d3a00104c049dd81826ccbf3
|Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|Date:   Mon Nov 7 22:24:48 2005 +0000
|
|    This is the initial commit in the 1.3 branch. Ported from the PSK branch:
|    * PSK ciphersuites have been added.
|    * The session resumption data are now system independent.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
5 years agobumped version gnutls_2_12_12
Nikos Mavrogiannopoulos [Thu, 20 Oct 2011 18:58:35 +0000 (20:58 +0200)]
bumped version

5 years agoUpdate gnulib files.
Simon Josefsson [Wed, 12 Oct 2011 08:51:34 +0000 (10:51 +0200)]
Update gnulib files.

5 years agoavoid using C99 constructs.
Nikos Mavrogiannopoulos [Sat, 8 Oct 2011 10:47:52 +0000 (12:47 +0200)]
avoid using C99 constructs.

5 years agoFixes to enable external signing callback to
Nikos Mavrogiannopoulos [Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)]
Fixes to enable external signing callback to
operate with TLS 1.2.

5 years agobackported valgrind updates.
Nikos Mavrogiannopoulos [Mon, 3 Oct 2011 16:29:20 +0000 (18:29 +0200)]
backported valgrind updates.

5 years agofixes in unused variables.
Nikos Mavrogiannopoulos [Mon, 3 Oct 2011 15:58:37 +0000 (17:58 +0200)]
fixes in unused variables.

5 years agoAdded new gnulib.
Nikos Mavrogiannopoulos [Mon, 3 Oct 2011 15:46:41 +0000 (17:46 +0200)]
Added new gnulib.

6 years agoguile: Fix docstring extraction with CPP 4.5+.
Ludovic Courtès [Sun, 27 Feb 2011 22:57:54 +0000 (23:57 +0100)]
guile: Fix docstring extraction with CPP 4.5+.

6 years agoreleased 2.12.11 gnutls_2_12_11
Nikos Mavrogiannopoulos [Sun, 18 Sep 2011 21:25:02 +0000 (23:25 +0200)]
released 2.12.11

6 years agobumped version
Nikos Mavrogiannopoulos [Sun, 18 Sep 2011 18:51:55 +0000 (20:51 +0200)]
bumped version

6 years agonew gaa
Nikos Mavrogiannopoulos [Sun, 18 Sep 2011 18:29:15 +0000 (20:29 +0200)]
new gaa