gnutls:gnutls.git
3 years agotestcompat: updated gnutls_3_3_10
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 07:43:28 +0000 (08:43 +0100)]
testcompat: updated

3 years agobumped version
Nikos Mavrogiannopoulos [Mon, 10 Nov 2014 07:41:05 +0000 (08:41 +0100)]
bumped version

3 years agodoc update
Nikos Mavrogiannopoulos [Sun, 9 Nov 2014 22:04:52 +0000 (23:04 +0100)]
doc update

3 years agoAdded check with the invalid crq sent by Sean Burford
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:08:00 +0000 (10:08 +0100)]
Added check with the invalid crq sent by Sean Burford

3 years agowhen exporting curve coordinates to X9.63 format, perform additional sanity checks...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 09:00:32 +0000 (10:00 +0100)]
when exporting curve coordinates to X9.63 format, perform additional sanity checks on input

Reported by Sean Burford.

3 years agodoc update
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:38:00 +0000 (08:38 +0100)]
doc update

3 years agodoc: updated text on session tickets
Nikos Mavrogiannopoulos [Sat, 8 Nov 2014 07:35:01 +0000 (08:35 +0100)]
doc: updated text on session tickets

3 years agotools: include arpa/inet.h in socket.c
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 20:46:58 +0000 (21:46 +0100)]
tools: include arpa/inet.h in socket.c

3 years agodoc: use the same port for DTLS client and server
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:18:22 +0000 (19:18 +0100)]
doc: use the same port for DTLS client and server

3 years agopkcs11: pass the correct user type to protected authentication login
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 18:01:57 +0000 (19:01 +0100)]
pkcs11: pass the correct user type to protected authentication login

3 years agodoc: corrected values for INSECURE level
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 09:22:11 +0000 (10:22 +0100)]
doc: corrected values for INSECURE level

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 08:00:46 +0000 (09:00 +0100)]
doc update

3 years agopkcs11_login: set the correct user type on reauthentication
Nikos Mavrogiannopoulos [Fri, 7 Nov 2014 06:49:54 +0000 (07:49 +0100)]
pkcs11_login: set the correct user type on reauthentication

3 years agopkcs11: force login on tokens that require it
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:30:31 +0000 (21:30 +0100)]
pkcs11: force login on tokens that require it

3 years agoadded support for PKCS #11 keys that require reauthentication and simplified pkcs11_login
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 18:51:04 +0000 (19:51 +0100)]
added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login

3 years agoapplied patch by A. Klitzing to improve compatibile with some apple systems
Nikos Mavrogiannopoulos [Thu, 6 Nov 2014 20:35:21 +0000 (21:35 +0100)]
applied patch by A. Klitzing to improve compatibile with some apple systems

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agognutls-cli-debug: backported changes from 3.4.0 branch
Nikos Mavrogiannopoulos [Wed, 5 Nov 2014 18:32:45 +0000 (19:32 +0100)]
gnutls-cli-debug: backported changes from 3.4.0 branch

3 years agoFix double-free in gnutls_pkcs12_simple_parse()
Chen Hongzhi [Wed, 5 Nov 2014 11:10:43 +0000 (19:10 +0800)]
Fix double-free in gnutls_pkcs12_simple_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
3 years agomytexi2latex: handle na@"ive
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 20:54:49 +0000 (21:54 +0100)]
mytexi2latex: handle na@"ive

3 years agoCleaning up some awkward phrasings.
Chris Barry [Tue, 4 Nov 2014 18:17:20 +0000 (13:17 -0500)]
Cleaning up some awkward phrasings.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agoupdated text
Nikos Mavrogiannopoulos [Tue, 4 Nov 2014 10:20:07 +0000 (11:20 +0100)]
updated text

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 3 Nov 2014 20:38:57 +0000 (21:38 +0100)]
doc update

3 years agodoc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport...
Jaak Ristioja [Mon, 3 Nov 2014 19:28:28 +0000 (21:28 +0200)]
doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agodoc: Fixed typo in inline comment of gnutls_transport_set_errno().
Jaak Ristioja [Mon, 3 Nov 2014 19:28:27 +0000 (21:28 +0200)]
doc: Fixed typo in inline comment of gnutls_transport_set_errno().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 years agoupdated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET
Nikos Mavrogiannopoulos [Sun, 2 Nov 2014 14:55:17 +0000 (15:55 +0100)]
updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET

3 years agowhen calling gnutls_x509_crt_get_subject_key_id set the id_size
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 08:59:23 +0000 (09:59 +0100)]
when calling gnutls_x509_crt_get_subject_key_id set the id_size

3 years agodeinitialize the temporary spki data
Nikos Mavrogiannopoulos [Sat, 1 Nov 2014 06:44:06 +0000 (07:44 +0100)]
deinitialize the temporary spki data

3 years agotests: added test for gnutls_global_init after all descriptors are closed
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 21:01:43 +0000 (22:01 +0100)]
tests: added test for gnutls_global_init after all descriptors are closed

Conflicts:
tests/Makefile.am

3 years agocorrected check for urandom fd
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 20:42:21 +0000 (21:42 +0100)]
corrected check for urandom fd

3 years agocorrected exit state from gnutls_global_init
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:46:24 +0000 (09:46 +0100)]
corrected exit state from gnutls_global_init

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:44:17 +0000 (09:44 +0100)]
doc update

3 years agoupdated text for gnutls_fd_in_use() to account the new behavior
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:40:26 +0000 (09:40 +0100)]
updated text for gnutls_fd_in_use() to account the new behavior

3 years agodropped gnutls_fd_in_use, it is no longer necessary
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:34:15 +0000 (09:34 +0100)]
dropped gnutls_fd_in_use, it is no longer necessary

Conflicts:
lib/libgnutls.map

3 years agoWhen gnutls_global_init() is called manually from the application check the urandom...
Nikos Mavrogiannopoulos [Fri, 31 Oct 2014 08:32:16 +0000 (09:32 +0100)]
When gnutls_global_init() is called manually from the application check the urandom fd for validity

That addresses the issue where a server closes all open file descriptors
and then calls gnutls_global_init().

Conflicts:
lib/nettle/rnd-common.c

3 years ago_gnutls_dh_generate_key() will account the q_bits
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 15:18:38 +0000 (16:18 +0100)]
_gnutls_dh_generate_key() will account the q_bits

3 years agodoc update
Nikos Mavrogiannopoulos [Wed, 29 Oct 2014 10:48:25 +0000 (11:48 +0100)]
doc update

3 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:50:42 +0000 (10:50 +0100)]
doc update

3 years agodoc update
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:40:53 +0000 (10:40 +0100)]
doc update

3 years agodo not explicitly refresh rnd state on session deinit
Nikos Mavrogiannopoulos [Tue, 28 Oct 2014 09:43:04 +0000 (10:43 +0100)]
do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

3 years agodisable hardware acceleration by default in solaris
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 22:09:34 +0000 (00:09 +0200)]
disable hardware acceleration by default in solaris

3 years agotests: dtls-stress -r disabled as it causes issues when used with freebsd kernel
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 09:36:17 +0000 (11:36 +0200)]
tests: dtls-stress -r disabled as it causes issues when used with freebsd kernel

3 years agodo not use the ifdef directive in assembly files, as it isn't portable
Nikos Mavrogiannopoulos [Sat, 25 Oct 2014 08:32:44 +0000 (10:32 +0200)]
do not use the ifdef directive in assembly files, as it isn't portable

3 years agocheck and use libnsl (used in solaris)
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:52:36 +0000 (09:52 +0200)]
check and use libnsl (used in solaris)

3 years agouse the .note.GNU-stack in linux systems only
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:44:15 +0000 (09:44 +0200)]
use the .note.GNU-stack in linux systems only

3 years agoupdated gnulib
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 07:19:21 +0000 (09:19 +0200)]
updated gnulib

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:51:31 +0000 (08:51 +0200)]
doc update

3 years agotests: check the issuer value validity of gnutls_x509_trust_list_get_issuer
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:49:20 +0000 (08:49 +0200)]
tests: check the issuer value validity of gnutls_x509_trust_list_get_issuer

3 years agocorrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_...
Nikos Mavrogiannopoulos [Thu, 23 Oct 2014 06:47:27 +0000 (08:47 +0200)]
corrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_GET_COPY flag

3 years agotests: include minitasn1 when needed
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:15:30 +0000 (22:15 +0200)]
tests: include minitasn1 when needed

3 years agouse HAVE_DANE ifdef for unused functions
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 20:05:16 +0000 (22:05 +0200)]
use HAVE_DANE ifdef for unused functions

3 years agoexported gnutls_fd_in_use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 19:44:47 +0000 (21:44 +0200)]
exported gnutls_fd_in_use

3 years agodoc update
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 19:17:41 +0000 (21:17 +0200)]
doc update

3 years agodocument gnutls_fd_in_use()
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:35:42 +0000 (16:35 +0200)]
document gnutls_fd_in_use()

3 years agocorrected FIND_OBJECT loop when the token func is used
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:20 +0000 (16:31 +0200)]
corrected FIND_OBJECT loop when the token func is used

3 years agognutls_fd_in_use: mention version
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 14:31:49 +0000 (16:31 +0200)]
gnutls_fd_in_use: mention version

3 years agoadded gnutls_fd_in_use() to check whether a file descriptor is in use
Nikos Mavrogiannopoulos [Wed, 22 Oct 2014 10:19:25 +0000 (12:19 +0200)]
added gnutls_fd_in_use() to check whether a file descriptor is in use

3 years agofips140-2: limit the FIPS code in fips mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 18:00:54 +0000 (20:00 +0200)]
fips140-2: limit the FIPS code in fips mode

3 years agofips140-2: use the FIPS algorithms only when in FIPS140-2 mode
Nikos Mavrogiannopoulos [Tue, 21 Oct 2014 06:50:29 +0000 (08:50 +0200)]
fips140-2: use the FIPS algorithms only when in FIPS140-2 mode

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 20 Oct 2014 18:01:39 +0000 (20:01 +0200)]
doc update

3 years agocerttool: default pkcs-cipher is now 3des as in PKCS #12
Nikos Mavrogiannopoulos [Tue, 5 Aug 2014 00:29:51 +0000 (02:29 +0200)]
certtool: default pkcs-cipher is now 3des as in PKCS #12

3 years agognutls-cli: prevent the combination of the -p and --list options
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 11:20:30 +0000 (13:20 +0200)]
gnutls-cli: prevent the combination of the -p and --list options

As -p may be mistaken for --priority that would prevent wrong outputs.

3 years agoavoid d from getting out of scope
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 10:11:02 +0000 (12:11 +0200)]
avoid d from getting out of scope

3 years agognutls-serv: avoid possible buffer overrun
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 10:05:56 +0000 (12:05 +0200)]
gnutls-serv: avoid possible buffer overrun

3 years agoavoid memory leak on gnutls_x509_privkey_generate() failure
Nikos Mavrogiannopoulos [Fri, 17 Oct 2014 07:45:07 +0000 (09:45 +0200)]
avoid memory leak on gnutls_x509_privkey_generate() failure

3 years agoin FIPS140-2 mode only disable 1024-bit DSA parameters when generating
Nikos Mavrogiannopoulos [Wed, 15 Oct 2014 12:20:40 +0000 (14:20 +0200)]
in FIPS140-2 mode only disable 1024-bit DSA parameters when generating

3 years agoguile: Remove trailing zero in 'gnutls_server_name_set' call.
Ludovic Courtès [Tue, 14 Oct 2014 20:33:10 +0000 (22:33 +0200)]
guile: Remove trailing zero in 'gnutls_server_name_set' call.

In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
'set-session-server-name!' would pass a trailing nul character on the
wire after the server name, which would thus be rejected by servers.

3 years agoFIPS140-2 RSA key generation changes to account for seed starting with null byte
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 11:57:33 +0000 (13:57 +0200)]
FIPS140-2 RSA key generation changes to account for seed starting with null byte

3 years agocorrected libopt's Makefile.am
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 19:05:34 +0000 (21:05 +0200)]
corrected libopt's Makefile.am

reported by Marius Schamschula.

3 years agouse lcm(p-1,q-1) instead of phi(n) for RSA key generation in FIPS-140-2 mode
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 11:29:43 +0000 (13:29 +0200)]
use lcm(p-1,q-1) instead of phi(n) for RSA key generation in FIPS-140-2 mode

3 years agocorrected the SSSE3 optimized SHA224
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 09:05:20 +0000 (11:05 +0200)]
corrected the SSSE3 optimized SHA224

3 years agosimplified getrusage code; the failure check code wasn't needed
Nikos Mavrogiannopoulos [Tue, 14 Oct 2014 07:21:14 +0000 (09:21 +0200)]
simplified getrusage code; the failure check code wasn't needed

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 13:21:56 +0000 (15:21 +0200)]
doc update

3 years agotests: added check for import failure of v1 certificate with extensions
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 13:12:21 +0000 (15:12 +0200)]
tests: added check for import failure of v1 certificate with extensions

3 years agodo not allow importing X.509 certificates with version < 3 and extensions present
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 13:05:47 +0000 (15:05 +0200)]
do not allow importing X.509 certificates with version < 3 and extensions present

3 years agoupdate the guile manual along the C one
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 07:01:20 +0000 (09:01 +0200)]
update the guile manual along the C one

3 years agobumped version gnutls_3_3_9
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 04:18:35 +0000 (06:18 +0200)]
bumped version

3 years agodoc update
Nikos Mavrogiannopoulos [Mon, 13 Oct 2014 04:18:03 +0000 (06:18 +0200)]
doc update

3 years agoupdated to libopts 5.18.4
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 21:04:04 +0000 (23:04 +0200)]
updated to libopts 5.18.4

3 years agoplace all rusage variables into HAVE_GETRUSAGE block
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 17:42:56 +0000 (19:42 +0200)]
place all rusage variables into HAVE_GETRUSAGE block

3 years agodoc update
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 12:46:45 +0000 (14:46 +0200)]
doc update

3 years agornd: if RUSAGE_THREAD fails try RUSAGE_SELF
Nikos Mavrogiannopoulos [Sat, 11 Oct 2014 12:34:02 +0000 (14:34 +0200)]
rnd: if RUSAGE_THREAD fails try RUSAGE_SELF

3 years agotests: pkcs11-combo: use unique db file
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 07:29:58 +0000 (09:29 +0200)]
tests: pkcs11-combo: use unique db file

3 years agodoc update
Nikos Mavrogiannopoulos [Fri, 10 Oct 2014 07:27:54 +0000 (09:27 +0200)]
doc update

3 years agouse wait and retransmit when receiving session tickets
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 12:55:01 +0000 (14:55 +0200)]
use wait and retransmit when receiving session tickets

3 years agotests: added -r option to dtls-stress
Nikos Mavrogiannopoulos [Thu, 2 Oct 2014 12:10:16 +0000 (14:10 +0200)]
tests: added -r option to dtls-stress

That allows it to replay messages in a kind of arbitrary way.

3 years agoforbid heartbeat messages during a handshake
Nikos Mavrogiannopoulos [Thu, 25 Sep 2014 10:04:32 +0000 (12:04 +0200)]
forbid heartbeat messages during a handshake

3 years agoadded internal variable to track handshake status
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 16:15:01 +0000 (18:15 +0200)]
added internal variable to track handshake status

Conflicts:
lib/gnutls_handshake.c

3 years agomore files to ignore
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 12:19:10 +0000 (14:19 +0200)]
more files to ignore

3 years agotests: updated time in pkcs11-is-known
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 12:09:01 +0000 (14:09 +0200)]
tests: updated time in pkcs11-is-known

3 years agopkcs11: handle errors from override_cert_exts as fatal
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 11:16:32 +0000 (13:16 +0200)]
pkcs11: handle errors from override_cert_exts as fatal

3 years agotests: allow running specific chainverify tests on fixed dates
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:34:46 +0000 (12:34 +0200)]
tests: allow running specific chainverify tests on fixed dates

Conflicts:
tests/chainverify.c
tests/suite/pkcs11-chainverify.c
tests/test-chains.h

3 years ago_gnutls_check_valid_key_id: corrected activation/expiration check
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:28:34 +0000 (12:28 +0200)]
_gnutls_check_valid_key_id: corrected activation/expiration check

3 years agopkcs11: simplified and optimized loop
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 10:09:52 +0000 (12:09 +0200)]
pkcs11: simplified and optimized loop

3 years agomention nettle as the recommended crypto backend
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 09:35:10 +0000 (11:35 +0200)]
mention nettle as the recommended crypto backend

3 years agotests: Added check to ensure that trust list combination with extra certificates...
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 09:10:15 +0000 (11:10 +0200)]
tests: Added check to ensure that trust list combination with extra certificates works

3 years agodoc update
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 08:52:43 +0000 (10:52 +0200)]
doc update

3 years agowhen both a trust module and additional CAs are present account the latter as well
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 08:41:57 +0000 (10:41 +0200)]
when both a trust module and additional CAs are present account the latter as well

That solves an issue in openconnect which used the system trust module,
plus additional certificates.

Conflicts:
lib/x509/verify-high.c

3 years agosimplify the handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not given
Nikos Mavrogiannopoulos [Thu, 9 Oct 2014 08:13:48 +0000 (10:13 +0200)]
simplify the handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not given

3 years agocorrected assignment
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 09:47:49 +0000 (11:47 +0200)]
corrected assignment

3 years agocorrected the name of exported function
Nikos Mavrogiannopoulos [Wed, 8 Oct 2014 08:21:43 +0000 (10:21 +0200)]
corrected the name of exported function