gnutls:gnutls.git
2 years agoAdded API to read/write/delete key-cert pairs (limited to windows for now) system-keys
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 15:14:08 +0000 (16:14 +0100)]
Added API to read/write/delete key-cert pairs (limited to windows for now)

2 years agoadded the notion of preferred sign algorithm in a private key
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 11:06:32 +0000 (12:06 +0100)]
added the notion of preferred sign algorithm in a private key

This can be set for keys imported with gnutls_privkey_import_ext3()
with the info callback. It is only considered for client side keys
in TLS sessions.

2 years agoAdded priority string %NO_SESSION_HASH to prevent advertising the extended master...
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 09:18:03 +0000 (10:18 +0100)]
Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension

2 years agocertificate status requestion response is optional according to RFC6066
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 09:06:51 +0000 (10:06 +0100)]
certificate status requestion response is optional according to RFC6066

2 years agoAdded flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:52:43 +0000 (09:52 +0100)]
Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked

2 years agornd: removed the packed attribute from event_st
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:27:38 +0000 (09:27 +0100)]
rnd: removed the packed attribute from event_st

That prevents a SIGBUS on solaris sparc systems.
Reported by Thomas Thorberger.

2 years agoThe priority modifier %LATEST_RECORD_VERSION is now the default
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:18:31 +0000 (09:18 +0100)]
The priority modifier %LATEST_RECORD_VERSION is now the default

This works-around issue with servers that forbit the SSL 3.0
version number from the first packet of the record protocol.

2 years agoadded check for servers that disallow the SSL 3.0 record version
Nikos Mavrogiannopoulos [Thu, 13 Nov 2014 08:16:29 +0000 (09:16 +0100)]
added check for servers that disallow the SSL 3.0 record version

2 years agognutls-cli: print whether status request has been checked
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 18:44:18 +0000 (19:44 +0100)]
gnutls-cli: print whether status request has been checked

2 years agodoc update
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 15:14:55 +0000 (16:14 +0100)]
doc update

2 years agoEnable PIN support to gnutls_x509_privkey_t
Nikos Mavrogiannopoulos [Wed, 12 Nov 2014 14:44:53 +0000 (15:44 +0100)]
Enable PIN support to gnutls_x509_privkey_t

2 years ago_gnutls_ucs2_to_utf8() can handle little endian strings.
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 14:16:12 +0000 (15:16 +0100)]
_gnutls_ucs2_to_utf8() can handle little endian strings.

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 10:25:57 +0000 (11:25 +0100)]
doc update

2 years agoAdded gnutls_memcmp() and exported it.
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 10:25:44 +0000 (11:25 +0100)]
Added gnutls_memcmp() and exported it.

2 years agoindentation fix
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 09:47:56 +0000 (10:47 +0100)]
indentation fix

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 11 Nov 2014 09:40:21 +0000 (10:40 +0100)]
doc update

2 years agoadded gnutls_pkcs12_bag_set_privkey()
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 15:05:10 +0000 (16:05 +0100)]
added gnutls_pkcs12_bag_set_privkey()

Conflicts:
lib/libgnutls.map

2 years agodropped unused copy_func
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 11:59:39 +0000 (12:59 +0100)]
dropped unused copy_func

2 years agosilence warning
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 10:38:58 +0000 (11:38 +0100)]
silence warning

2 years agoAdded check with the invalid crq sent by Sean Burford
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:08:00 +0000 (10:08 +0100)]
Added check with the invalid crq sent by Sean Burford

2 years agowhen exporting curve coordinates to X9.63 format, perform additional sanity checks...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)]
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input

Reported by Sean Burford.

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 08:06:36 +0000 (09:06 +0100)]
doc update

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:38:44 +0000 (08:38 +0100)]
doc update

2 years agoexported gnutls_memset()
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:36:16 +0000 (08:36 +0100)]
exported gnutls_memset()

2 years agodoc: updated text on session tickets
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:35:01 +0000 (08:35 +0100)]
doc: updated text on session tickets

2 years agotools: include arpa/inet.h in socket.c
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 20:46:58 +0000 (21:46 +0100)]
tools: include arpa/inet.h in socket.c

2 years agodoc: use the same port for DTLS client and server
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:18:22 +0000 (19:18 +0100)]
doc: use the same port for DTLS client and server

2 years agopkcs11: pass the correct user type to protected authentication login
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:01:57 +0000 (19:01 +0100)]
pkcs11: pass the correct user type to protected authentication login

2 years agodoc: corrected values for INSECURE level
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 09:22:11 +0000 (10:22 +0100)]
doc: corrected values for INSECURE level

2 years agopkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:55:40 +0000 (08:55 +0100)]
pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags

2 years agopkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 07:44:46 +0000 (08:44 +0100)]
pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH

2 years agopkcs11: perform reauth at the appropriate state
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:54:41 +0000 (07:54 +0100)]
pkcs11: perform reauth at the appropriate state

2 years agopkcs11_login: set the correct user type on reauthentication
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:49:54 +0000 (07:49 +0100)]
pkcs11_login: set the correct user type on reauthentication

2 years agoapplied patch by A. Klitzing to improve compatibile with some apple systems
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:35:21 +0000 (21:35 +0100)]
applied patch by A. Klitzing to improve compatibile with some apple systems

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2 years agopkcs11: force login on tokens that require it
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:30:31 +0000 (21:30 +0100)]
pkcs11: force login on tokens that require it

2 years agopkcs11: always set slot_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:36:09 +0000 (20:36 +0100)]
pkcs11: always set slot_info

2 years agotestcompat-openssl: disable SSL 3.0 as it is not supported on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:25:39 +0000 (20:25 +0100)]
testcompat-openssl: disable SSL 3.0 as it is not supported on debian

2 years agofixed polarssl compatibility checks on debian
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:21:15 +0000 (20:21 +0100)]
fixed polarssl compatibility checks on debian

2 years agopkcs11: eliminated the need for struct token_info
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 19:13:58 +0000 (20:13 +0100)]
pkcs11: eliminated the need for struct token_info

2 years agoadded support for PKCS #11 keys that require reauthentication and simplified pkcs11_login
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 18:51:04 +0000 (19:51 +0100)]
added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login

2 years agognutls-cli-debug: clarified text
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 15:49:53 +0000 (16:49 +0100)]
gnutls-cli-debug: clarified text

2 years agotests: separated the two testcompat tests (openssl/polarssl)
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:46:27 +0000 (15:46 +0100)]
tests: separated the two testcompat tests (openssl/polarssl)

2 years agoadded missing comma
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 21:27:43 +0000 (22:27 +0100)]
added missing comma

2 years agognutls-cli-debug: corrected heartbeat check
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 20:50:45 +0000 (21:50 +0100)]
gnutls-cli-debug: corrected heartbeat check

2 years agognutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)]
gnutls-cli-debug: fixes in tests to prevent false negatives

2 years agognutls-cli-debug: fixes in tests to prevent false negatives
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:19:50 +0000 (19:19 +0100)]
gnutls-cli-debug: fixes in tests to prevent false negatives

2 years agotests: added interoperability tests with openssl's PSK
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 14:37:42 +0000 (15:37 +0100)]
tests: added interoperability tests with openssl's PSK

2 years agocorrected calculation for max send data and other uses of _gnutls_cipher_type()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:13:55 +0000 (14:13 +0100)]
corrected calculation for max send data and other uses of _gnutls_cipher_type()

2 years agomodernized cipher table
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 13:07:46 +0000 (14:07 +0100)]
modernized cipher table

2 years agoFix double-free in gnutls_pkcs12_simple_parse()
Chen Hongzhi [Wed, 5 Nov 2014 11:10:43 +0000 (19:10 +0800)]
Fix double-free in gnutls_pkcs12_simple_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2 years agosimplified checks for EtM
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:21:39 +0000 (13:21 +0100)]
simplified checks for EtM

2 years agotests: enhanced test to check the return value of gnutls_record_send()
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 12:17:31 +0000 (13:17 +0100)]
tests: enhanced test to check the return value of gnutls_record_send()

2 years agotests: Added unit tests for gnutls_certificate_get_ours in mini-x509-2
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 10:34:05 +0000 (11:34 +0100)]
tests: Added unit tests for gnutls_certificate_get_ours in mini-x509-2

2 years agointroduced GNUTLS_MAX_SESSION_ID_SIZE
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 09:47:56 +0000 (10:47 +0100)]
introduced GNUTLS_MAX_SESSION_ID_SIZE

2 years agomytexi2latex: handle na@"ive
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 20:54:49 +0000 (21:54 +0100)]
mytexi2latex: handle na@"ive

2 years agoCleaning up some awkward phrasings.
Chris Barry [Tue, 4 Nov 2014 18:17:20 +0000 (13:17 -0500)]
Cleaning up some awkward phrasings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2 years agotests: Added test for MAC verification checks
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:56:27 +0000 (19:56 +0100)]
tests: Added test for MAC verification checks

2 years agoEtM fixes: it only applies to block ciphers
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 18:27:24 +0000 (19:27 +0100)]
EtM fixes: it only applies to block ciphers

2 years agognutls-cli-debug: reorganized output
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 16:05:20 +0000 (17:05 +0100)]
gnutls-cli-debug: reorganized output

2 years agomoved the HTTPS server name outside of verbose tests; only run when the HTTPS protoco...
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 15:55:12 +0000 (16:55 +0100)]
moved the HTTPS server name outside of verbose tests; only run when the HTTPS protocol is used

2 years agoenhanced gnutls-cli-debug verbose output (uses files for mass text)
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 13:44:27 +0000 (14:44 +0100)]
enhanced gnutls-cli-debug verbose output (uses files for mass text)

2 years agognutls-cli-debug: Added tests for EtM and extended master secret support
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:44:55 +0000 (13:44 +0100)]
gnutls-cli-debug: Added tests for EtM and extended master secret support

In addition reworked the output for existing tests.

2 years agotools: only warn of an error if it is fatal
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:37:01 +0000 (13:37 +0100)]
tools: only warn of an error if it is fatal

2 years agotestcompat: increased the number of test cases checked
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 12:32:31 +0000 (13:32 +0100)]
testcompat: increased the number of test cases checked

2 years agoupdated text
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:20:07 +0000 (11:20 +0100)]
updated text

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:22:30 +0000 (09:22 +0100)]
doc update

2 years agotestcompat-polarssl: try to run the test only if polarssl binaries are available
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:16:52 +0000 (09:16 +0100)]
testcompat-polarssl: try to run the test only if polarssl binaries are available

2 years agotestcompat: check the PSK ciphersuite interoperability against polarssl
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 08:13:13 +0000 (09:13 +0100)]
testcompat: check the PSK ciphersuite interoperability against polarssl

2 years agotestcompat: added interop tests with polarssl
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:31:47 +0000 (17:31 +0100)]
testcompat: added interop tests with polarssl

2 years agodoc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport...
Jaak Ristioja [Mon, 3 Nov 2014 19:28:28 +0000 (21:28 +0200)]
doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2 years agodoc: Fixed typo in inline comment of gnutls_transport_set_errno().
Jaak Ristioja [Mon, 3 Nov 2014 19:28:27 +0000 (21:28 +0200)]
doc: Fixed typo in inline comment of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2 years agodoc update
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 16:04:30 +0000 (17:04 +0100)]
doc update

2 years agoAdded support for RFC7366 (encrypt then authenticate)
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 13:23:48 +0000 (14:23 +0100)]
Added support for RFC7366 (encrypt then authenticate)

It implements a revised version of RFC7366, to avoid interoperability
issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html
This is currently enabled by default, unless %NO_ETM, or %COMPAT
is specified.

2 years agoMade AEAD type an alternative to stream and block
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 12:21:31 +0000 (13:21 +0100)]
Made AEAD type an alternative to stream and block

That way the terminology becomes closer to the TLS rfc.

2 years agoupdated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET
Nikos Mavrogiannopoulos [Sun, 2 Nov 2014 14:55:17 +0000 (15:55 +0100)]
updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET

2 years agodoc update
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:46:25 +0000 (11:46 +0100)]
doc update

2 years agotests: Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 + PIN
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:43:05 +0000 (11:43 +0100)]
tests: Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11 + PIN

2 years agomore files to ignore
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 10:41:05 +0000 (11:41 +0100)]
more files to ignore

2 years agowhen calling gnutls_x509_crt_get_subject_key_id set the id_size
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 08:59:23 +0000 (09:59 +0100)]
when calling gnutls_x509_crt_get_subject_key_id set the id_size

2 years agodeinitialize the temporary spki data
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 06:44:29 +0000 (07:44 +0100)]
deinitialize the temporary spki data

2 years agotests: added test for gnutls_global_init after all descriptors are closed
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 21:01:43 +0000 (22:01 +0100)]
tests: added test for gnutls_global_init after all descriptors are closed

2 years agocorrected check for urandom fd
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:42:21 +0000 (21:42 +0100)]
corrected check for urandom fd

2 years agotests: dtls-stress: fix issues in the suite
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:35:49 +0000 (21:35 +0100)]
tests: dtls-stress: fix issues in the suite

2 years agoDo not require a PIN callback in the certificate credentials when a password is specified
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 14:17:15 +0000 (15:17 +0100)]
Do not require a PIN callback in the certificate credentials when a password is specified

2 years agodoc update
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 13:05:32 +0000 (14:05 +0100)]
doc update

2 years agocorrected exit state from gnutls_global_init
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:46:24 +0000 (09:46 +0100)]
corrected exit state from gnutls_global_init

2 years agoupdated text for gnutls_fd_in_use() to account the new behavior
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:40:26 +0000 (09:40 +0100)]
updated text for gnutls_fd_in_use() to account the new behavior

2 years agodropped gnutls_fd_in_use, it is no longer necessary
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:34:15 +0000 (09:34 +0100)]
dropped gnutls_fd_in_use, it is no longer necessary

2 years agoWhen gnutls_global_init() is called manually from the application check the urandom...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:32:16 +0000 (09:32 +0100)]
When gnutls_global_init() is called manually from the application check the urandom fd for validity

That addresses the issue where a server closes all open file descriptors
and then calls gnutls_global_init().

2 years agoAdded support for getentropy() and reworked getrandom support
Nikos Mavrogiannopoulos [Thu, 30 Oct 2014 10:15:20 +0000 (11:15 +0100)]
Added support for getentropy() and reworked getrandom support

2 years ago_gnutls_dh_generate_key() will account the q_bits
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:17:45 +0000 (16:17 +0100)]
_gnutls_dh_generate_key() will account the q_bits

2 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:44 +0000 (16:09 +0100)]
doc update

2 years agoAdded gnutls_dh_params_import_raw2(), which allows to specify the number of bits...
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:09:23 +0000 (16:09 +0100)]
Added gnutls_dh_params_import_raw2(), which allows to specify the number of bits for key size

2 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:08:21 +0000 (15:08 +0100)]
doc update

2 years agouse Linux' getrandom() when available
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 14:06:34 +0000 (15:06 +0100)]
use Linux' getrandom() when available

2 years agouse the random rnd context when refreshing the nonce context
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 23:18:15 +0000 (00:18 +0100)]
use the random rnd context when refreshing the nonce context

That avoids frequent reads from /dev/urandom.

2 years agodo not explicitly refresh rnd state on session deinit
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:43:04 +0000 (10:43 +0100)]
do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

2 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:40:53 +0000 (10:40 +0100)]
doc update

2 years agoincrease the reseed time
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:37:47 +0000 (10:37 +0100)]
increase the reseed time

2 years agotests: enhance cipher test to include tag verification error
Nikos Mavrogiannopoulos [Sun, 26 Oct 2014 06:42:45 +0000 (07:42 +0100)]
tests: enhance cipher test to include tag verification error