2017-03-06 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2017-03-05 Nikos Mavrogiannopoulos * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos 2017-03-05 Alex Gaynor * lib/opencdk/read-packet.c: Enforce the max packet length for OpenPGP subpackets as well This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor 2017-03-01 Nikos Mavrogiannopoulos * NEWS: doc update 2017-03-01 Nikos Mavrogiannopoulos * lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/opencdk.h, lib/opencdk/read-packet.c, lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c: opencdk: do not parse any secret keys in packet when reading a certificate This reduces the attack surface on the parsers, and prevents any bugs in the secret key parser to be exploitable by inserting secret key sub-packets into an openpgp certificate. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 Signed-off-by: Nikos Mavrogiannopoulos 2017-02-28 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/crt_apis.c: tests: backported crt_apis from master branch In addition to other APIs, this explicitly tests gnutls_x509_crt_set_subject_unique_id() and gnutls_x509_crt_set_issuer_unique_id(). Signed-off-by: Nikos Mavrogiannopoulos 2017-02-28 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: increased buffer for reading from user This allows reading longer than 128-byte fields interactively. The new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/pkcs11/pkcs11-import-with-pin.c: tests: added PKCS#11 test for pin input This introduces a test on PIN input to retrieve an object using pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * tests/utils.c, tests/utils.h: tests: utils: added ability to use tmpfiles Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/pkcs11/pkcs11-pubkey-import-rsa.c, tests/pkcs11/pkcs11-pubkey-import.c: tests: backported PKCS#11 test In addition to public key import checks, this test ensures that the pin-value attribute is functional. Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if available in p11-kit This allows parsing the pin-value attribute of the PKCS#11 URI. Signed-off-by: Nikos Mavrogiannopoulos 2017-02-22 Nikos Mavrogiannopoulos * lib/nettle/pk.c: nettle/pk: added error checking in _rsa_params_to_pubkey Signed-off-by: Nikos Mavrogiannopoulos 2017-02-21 Nikos Mavrogiannopoulos * lib/nettle/pk.c: nettle/pk: corrected memcpy of Q in DSA params Signed-off-by: Nikos Mavrogiannopoulos 2017-02-21 Nikos Mavrogiannopoulos * NEWS: doc update 2017-02-20 Nikos Mavrogiannopoulos * lib/opencdk/read-packet.c: opencdk/read-packet.c: corrected typo in type cast Signed-off-by: Nikos Mavrogiannopoulos 2017-02-20 Nikos Mavrogiannopoulos * lib/opencdk/read-packet.c: cdk_pkt_read: enforce packet limits That ensures that there are no overflows in the subsequent calculations. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos 2017-02-03 Nikos Mavrogiannopoulos * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2: Always return an initialized pointer When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, could have returned zero number of elements with a pointer that was uninitialized. Ensure that an initialized (i.e., null in that case), pointer is always returned. Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos 2017-01-17 Nikos Mavrogiannopoulos * lib/opencdk/read-packet.c: opencdk: improved error code checking in the stream reading functions This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos 2017-01-09 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/key-tests/Makefile.am: tests: do not run key-tests and cert-tests under leak sanitizer The reason is that we cannot distinguish between a memory leak on application failure (which is followed by exit- thus should be ignored) and an address sanitizer issue (which should never be ignored). As such we disable leak detection with asan and rely on valgrind. Signed-off-by: Nikos Mavrogiannopoulos 2017-01-09 Nikos Mavrogiannopoulos * tests/key-tests/Makefile.am: tests: added missing file 2017-01-09 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: Build and Check - separate build dir (x86): force build in gitlab shared runners In the Centos7 based runners there is an issue running autogen. Signed-off-by: Nikos Mavrogiannopoulos 2017-01-09 Nikos Mavrogiannopoulos * .gitignore, src/Makefile.am: tools: use stamp files to allow parallel build of autogen files Autogen seems to output on the creates files gradually, something that makes 'make' believe that the command is complete prior to the output file being fully populated. The current approach uses stamp files to ensure that no incomplete files are used for compilation. 2017-01-09 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2017-01-09 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated auto-generated files 2017-01-09 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2017-01-09 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2017-01-04 Nikos Mavrogiannopoulos * lib/opencdk/read-packet.c: opencdk: added error checking in the stream reading functions This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos 2017-01-04 Nikos Mavrogiannopoulos * lib/opencdk/pubkey.c: opencdk: cdk_pk_get_keyid: fix stack overflow Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos 2017-01-04 Nikos Mavrogiannopoulos * lib/opencdk/read-packet.c: opencdk: read_attribute: added more precise checks when reading stream That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos 2017-01-01 Alex Gaynor * lib/opencdk/read-packet.c: Corrected a leak in OpenPGP sub-packet parsing. Signed-off-by: Alex Gaynor 2016-12-30 Alex Gaynor * lib/opencdk/read-packet.c: Attempt to fix a leak in OpenPGP cert parsing. 2016-12-26 Alex Gaynor * lib/opencdk/read-packet.c: Do not infinite loop if an EOF occurs while skipping a PGP packet Signed-off-by: Alex Gaynor 2016-02-29 Nikos Mavrogiannopoulos * lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior (found with libubsan) 2017-01-04 Nikos Mavrogiannopoulos * NEWS: doc update 2017-01-04 Nikos Mavrogiannopoulos * lib/auth/rsa.c: auth rsa: eliminated memory leak on pkcs-1 formatting attack path Signed-off-by: Nikos Mavrogiannopoulos 2017-01-02 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-12-09 Nikos Mavrogiannopoulos * lib/x509/verify.c: pkcs11 verification: ensure that an issuer we retrieve is not blacklist It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. 2016-12-31 Nikos Mavrogiannopoulos * src/certtool.c: certtool: improved error reporting on file error 2016-12-20 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-12-15 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: gnutls_x509_ext_import_proxy: fix issue reading the policy language If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. 2016-12-16 Nikos Mavrogiannopoulos * : commit 5ca126e1a5daf071ce690f28823fa97de6a7ae68 Author: Nikos Mavrogiannopoulos Date: Thu Dec 15 17:05:59 2016 +0100 2016-12-14 Nikos Mavrogiannopoulos * NEWS: doc update 2016-12-13 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/pkcs8-key-decode-encrypted.c, tests/pkcs8-key-decode.c: tests: added test for PKCS#8 encrypted key decoding This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. 2016-11-14 Nikos Mavrogiannopoulos * tests/key-tests/Makefile.am, tests/key-tests/pkcs8-invalid: tests: added test suite with PKCS#8 files that have invalid encryption 2016-12-14 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: PKCS#7 decrypt_data: merge all errors during decryption to GNUTLS_E_DECRYPTION_FAILED 2016-12-13 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: pkcs8: ensure that the correct error code is returned on decryption failure 2016-12-14 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: added sanity check on padding size Relates #148 2016-12-14 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: fail without leak on unknown MAC 2016-12-14 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: fail early on invalid block sizes 2016-12-14 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS#5,7 decryption: enforce limits in the support parameter sizes This allows to detect invalid parameters early rather than later. Relates #148 2016-12-09 Nikos Mavrogiannopoulos * NEWS: doc update 2015-07-14 Nikos Mavrogiannopoulos * src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign parameter 2016-12-09 Nikos Mavrogiannopoulos * src/tpmtool.c: compiler warnings elimination and other bug fixes 2015-06-05 Nikos Mavrogiannopoulos * src/tpmtool.c: tpmtool: added newline in error messages 2016-12-09 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, lib/abstract_int.h, lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_privkey.c, lib/includes/gnutls/gnutls.h.in, lib/tpm.c: tpm: backported improvements from master branch * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop 2016-12-09 Nikos Mavrogiannopoulos * src/certtool-args.def: doc: updated to documentation of certtool [ci skip] This corrects options which incorrectly mentioned they support URLs. 2016-12-07 Nikos Mavrogiannopoulos * src/certtool.c: Don't trash DER CRQ output with text data Backported patch from master. 2016-11-29 Nikos Mavrogiannopoulos * NEWS: doc update 2016-11-29 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: tests: backported test suite for p11tool --set-id and --set-label options 2015-03-11 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: added --set-id and --set-label options 2015-03-11 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.c, lib/pkcs11_int.h: added gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the CKA_LABEL of an object. 2016-11-29 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on copy/generation is correct 2016-11-29 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: allow setting the CKA_ID on object initialization/generation 2016-11-29 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported new functions 2015-03-31 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: enhanced key generation functions to allow specifying a CKA_ID 2015-03-30 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy functions to allow specifying a CKA_ID 2016-11-29 Nikos Mavrogiannopoulos * lib/x509/pkcs12_encr.c: pkcs12: fixed the calculation of p_size Include the trailing zero into the size calculation. 2016-11-28 Nikos Mavrogiannopoulos * NEWS: doc update 2016-11-28 Nikos Mavrogiannopoulos * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: tests: added pkcs12 check with openssl generated structure and long password 2016-11-28 Nikos Mavrogiannopoulos * lib/x509/pkcs12_encr.c: pkcs12: fixed the calculation of p_size That affects passwords which exceed 32 characters. 2016-11-07 Nikos Mavrogiannopoulos * lib/nettle/pk.c: _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success This will prevent verification to succeed if the system is in error state. 2016-11-02 Nikos Mavrogiannopoulos * NEWS: doc update 2016-10-21 Nikos Mavrogiannopoulos * lib/ext/signature.c, lib/gnutls_alert.c: Terminate handshake if only unknown or disabled signatures are advertized by the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. 2016-10-26 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-13 Nikos Mavrogiannopoulos * lib/ext/status_request.c: certificate status requestion response is optional according to RFC6066 2016-10-18 Nikos Mavrogiannopoulos * src/certtool.c: certtool: allow setting key purposes for non-CA certificates That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. 2016-10-14 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/multi-alerts.c: tests: added check to verify that the server will bail out after many alerts 2016-10-14 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/naked-alerts.c: tests: added check to verify that the server will bail out after receiving only alerts 2016-10-14 Nikos Mavrogiannopoulos * tests/cert-common.h: tests: backported the common certs from master 2016-10-14 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: handshake: set a maximum number of warning messages that can be received per handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. 2016-10-14 Nikos Mavrogiannopoulos * lib/gnutls_record.c: record: disallow parsing of alert messages prior to session start 2016-10-14 Nikos Mavrogiannopoulos * src/certtool-common.c: certtool: improve text on missing options for cert generation 2016-10-13 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: avoid asking the security officer PIN twice on initialization 2016-10-13 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: improved messages on token initialization 2016-10-13 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: corrected check of PIN existance in token initialization 2016-10-09 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: link tests which utilize nettle with nettle 2016-10-09 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: updated auto-generated files 2016-10-09 Nikos Mavrogiannopoulos * NEWS: doc update 2016-10-09 Nikos Mavrogiannopoulos * lib/gnutls_extensions.c: TLS extensions: only cache the extension IDs from exts that the server supports That avoids imposing any artificial limits on the number of extensions that a server can handle. Resolves #136 2016-10-07 Nikos Mavrogiannopoulos * src/certtool.c: certtool: added safety net when generating a certificate request That is, do not allow specifying --generate-request --load-pubkey without specifying --load-privkey. Previously if --load-pubkey would have been used, it would have been ignored, causing confusion to the users. 2016-09-19 Nikos Mavrogiannopoulos * NEWS: doc update 2016-09-16 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h: Increased the maximum size allowed for handshake messages to 128kb This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario. 2016-09-12 Nikos Mavrogiannopoulos * NEWS: doc update 2016-09-12 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures That is, ensure that we keep no local references that are shared with the caller, and that we properly free all initialized values. 2016-09-07 Nikos Mavrogiannopoulos * NEWS: doc update 2016-09-07 Nikos Mavrogiannopoulos * lib/system.c: _gnutls_ucs2_to_utf8: fixed use of WideCharToMultiByte in windows 2016-09-06 Nikos Mavrogiannopoulos * src/ocsptool.c: ocsptool: do not enter a spurious newline to responses. 2015-11-12 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-test, tests/cert-tests/template-unique.pem, tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs are generated as expected 2015-11-12 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: certtool: Allow writing unique IDs in generated certificates 2016-09-05 Nikos Mavrogiannopoulos * NEWS: doc update 2016-09-05 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2015-11-12 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id() and gnutls_x509_crt_set_subject_unique_id() 2016-09-05 Nikos Mavrogiannopoulos * NEWS: doc update 2016-09-03 Nikos Mavrogiannopoulos * lib/gnutls_pk.c: _gnutls_encode_ber_rs_raw: zero-pad values when necessary This addresses issue when encoding values obtained via PKCS#11 which may not be necessarily padded. Resolves #122 2016-09-03 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: tests: don't run overflow tests on archs which fail This addresses a CI failure on x86. 2016-09-03 Nikos Mavrogiannopoulos * tests/slow/hash-large.c: tests: backported hash-large from master 2016-09-03 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: use the gitlab.com shared runners Backported from master branch 2016-08-28 David Woodhouse * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: set the key value to null on failure 2016-08-27 Nikos Mavrogiannopoulos * lib/x509/ocsp.c: ocsp: corrected the comparison of the serial size in OCSP response Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't. Reported by Stefan Buehler. 2016-08-24 Nikos Mavrogiannopoulos * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8, tests/pkcs8-decode/pkcs8-pbes2-sha256.pem: tests: added decoding of key with pbes2 and SHA256 PRF 2016-08-24 Nikos Mavrogiannopoulos * NEWS, lib/algorithms.h, lib/algorithms/mac.c, lib/gnutls_int.h, lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h, tests/gc.c: Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF This backports nettle pbkdf2 support, and improves compatibility with new openssl versions. 2014-08-04 Nikos Mavrogiannopoulos * lib/x509/pkcs12.c: pkcs12: increased the number of iterations for MAC 2016-08-10 Nikos Mavrogiannopoulos * lib/crypto-api.c: gnutls_key_generate: fail if the state of the library is invalid Suggested by Stephan Mueller. 2016-08-09 Nikos Mavrogiannopoulos * NEWS: doc update 2016-08-08 Stefan Sørensen * lib/x509/pkcs12.c: Fix gnutls_pkcs12_simple_parse to always extract the complete chain gnutls_pkcs12_simple_parse was only collecting extra certificates that was possible elements of the certificate chain when the extra_certs argument was not NULL. Fix by allways collecting all the certificates, any unneeded certificates are released before returning if extra_certs is NULL anyway. Signed-off-by: Stefan Sørensen 2016-08-07 Nikos Mavrogiannopoulos * lib/nettle/pk.c: nettle: use rsa_*_key_prepare on key import Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). This patch avoids calling rsa_private_key_prepare every time we construct a nettle private key struct, because this function requires a bigint multiplication. We call that function once on private key import. 2016-08-08 Nikos Mavrogiannopoulos * lib/nettle/pk.c: Revert "nettle: use rsa_*_key_prepare" This reverts commit a2c3ee54ea8080eeb59fcfeec88a842324982c90. 2016-08-01 Nikos Mavrogiannopoulos * lib/nettle/pk.c: nettle: use rsa_*_key_prepare Previously we calculated the size of the key directly, but by using the rsa_*_key_prepare we benefit from any checks that may be introduced in the future. Specifically any checks for invalid public keys (e.g., keys that may crash the underlying gmp functions). 2016-07-28 Nikos Mavrogiannopoulos * NEWS: doc update 2016-07-09 Tim Kosse * lib/x509/x509.c: gnutls_x509_crt_list_import2 was ignoring the passed flags if all certificates in the list fit within the initially allocated memory. 2016-07-09 Tim Kosse * lib/x509/crl.c: gnutls_x509_crl_list_import2 was ignoring the passed flags if all CTLs in the list fit within the initially allocated memory. 2016-07-25 Nikos Mavrogiannopoulos * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/element.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: minitasn1: updated to libtasn1 4.9 2016-07-08 Nikos Mavrogiannopoulos * NEWS: NEWS: corrected release date [ci skip] 2016-07-06 Nikos Mavrogiannopoulos * NEWS: released 3.3.24 2016-06-30 Nikos Mavrogiannopoulos * configure.ac: configure: check for libdl irrespective of FIPS140 configuration This allows to link to libdl for the tests that require it. 2016-07-05 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2016-07-05 Nikos Mavrogiannopoulos * libdane/errors.c, libdane/includes/gnutls/dane.h: dane: corrected the license of libdane files The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni. 2016-06-30 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: account pkcs11/pkcs11-mock-ext.h in Makefile 2016-06-30 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: link pkcs11-import-url-privkey with libdl That is because it uses dlopen(). 2016-06-30 Nikos Mavrogiannopoulos * NEWS: doc update 2016-06-30 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/pkcs11/pkcs11-import-url-privkey.c, tests/pkcs11/pkcs11-mock-ext.h, tests/pkcs11/pkcs11-mock.c: tests: added check to verify the tolerance of broken C_GetAttributes That is, test gnutls_pkcs11_obj_list_import_url4() when importing private keys from tokens that return CKR_OK on sensitive objects, and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108 2016-06-30 Nikos Mavrogiannopoulos * lib/pkcs11_int.c: pkcs11_get_attribute_avalue: correctly handle a -1 value length from C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108 2016-06-29 Nikos Mavrogiannopoulos * NEWS: doc update 2016-06-29 Nikos Mavrogiannopoulos * lib/pkcs11_int.c: pkcs11_get_attribute_avalue: do not assign values on failure When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108. 2016-06-29 Nikos Mavrogiannopoulos * tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests: updated testpkcs11 to support softhsmv2 2016-06-29 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/{suite => pkcs11}/pkcs11-chainverify.c, tests/{suite => pkcs11}/pkcs11-combo.c, tests/{suite => pkcs11}/pkcs11-get-issuer.c, tests/{suite => pkcs11}/pkcs11-is-known.c, tests/{suite => pkcs11}/softhsm.h, tests/suite/Makefile.am: tests: moved pkcs11 tests to main test suite 2016-06-28 Nikos Mavrogiannopoulos * tests/suite/pkcs11-is-known.c: tests: backported pkcs11-is-known from master 2016-06-23 Nikos Mavrogiannopoulos * lib/pkcs11.c: gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given 2016-06-28 Nikos Mavrogiannopoulos * lib/pkcs11.c: find_cert_cb: minor cleanups in find_cert_cb 2016-06-22 Nikos Mavrogiannopoulos * NEWS: doc update 2016-06-22 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c, tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c, tests/suite/softhsm.h: tests: backported the softhsmv2 pkcs11 checks from 3.4.0 2016-06-22 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: correctly encode the serial number when searching for certificate In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number. 2016-06-22 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: correctly account check_found_cert() 2016-06-22 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: Amended "Corrected the writing of serial number in PKCS#11 modules" This corrects the writing of the serial number. 2016-06-16 Nikos Mavrogiannopoulos * NEWS: doc update 2016-06-16 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: dtls: corrected reconstruction of handshake packets received out of order That is, when the handshake packet is split into multiple different chunks and received out of order, make sure that reconstruction occurs properly. Reported by Guillaume Roguez. 2016-06-16 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: Corrected the writing of serial number in PKCS#11 modules That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek. 2016-05-31 Nikos Mavrogiannopoulos * NEWS: doc update 2016-05-31 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: when generating a private key ensure the public key is not private This is a backport from the 3.4.x branch. 2016-05-28 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: x86-common: use secure_getenv() 2016-05-27 Nikos Mavrogiannopoulos * configure.ac: configure.ac: check for secure_getenv where available and always enable system extensions 2016-05-27 Nikos Mavrogiannopoulos * NEWS: doc update 2016-05-27 Nikos Mavrogiannopoulos * lib/fips.c, lib/gnutls_global.c, lib/gnutls_mem.h, lib/system.c: env: use secure_getenv when reading environment variables 2016-05-23 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: added sanity check to find_obj_url_cb() for object validity Also avoid unnecessary recursion. 2016-05-20 Nikos Mavrogiannopoulos * tests/suite/eagain, tests/suite/testsrn: tests: use /bin/bash in tests which require common.sh 2016-05-21 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/testcompat, tests/suite/testcompat-common, tests/suite/testcompat-main: tests: backported full openssl suite from master Removed the priority strings not applicable in 3.3.x. 2016-05-13 Nikos Mavrogiannopoulos * tests/dsa/testdsa, tests/openpgp-certs/testcerts, tests/scripts/common.sh, tests/suite/eagain, tests/suite/mini-eagain2.c, tests/suite/testcompat-main, tests/suite/testsrn: tests: simplified server launching process Also attempt to use a new port on every started server and added a waiting period for the port to become re-usable. 2016-05-21 Nikos Mavrogiannopoulos * tests/version-checks.c: added check for the VERS-ALL priority keyword 2016-05-21 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: gnutls_priority_init: recognize the VERS-ALL keyword This keyword is identical to VERS-TLS-ALL, but it will allow to re-use priority strings from 3.4.x+ to this branch of gnutls. 2016-05-20 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: do not use pkglib to generate libpkcs11mock1.so This resulted in the test library being installed. Install we use noinst for the library, but pass -rpath to LDFLAGS as a hack to for libtool to generate the shared version. 2016-05-20 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: released 3.3.23 2016-05-19 Nikos Mavrogiannopoulos * src/cli.c, src/socket.c, src/socket.h: gnutls-cli: allow operation with stdin input That is once commands from stdin are given, they are not only sent to server, but we also wait for a response prior to exiting. Resolves #96 2016-05-17 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-05-17 Nikos Mavrogiannopoulos * NEWS: doc update 2016-05-17 Nikos Mavrogiannopoulos * src/cli.c: gnutls-cli: corrected check for OCSP verification success 2016-01-18 Nikos Mavrogiannopoulos * lib/gnutls_global.c: gnutls_global_init: log gnutls' version on initialization 2016-05-12 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-05-12 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-server-name.c: tests: backported server name checks 2016-05-12 Nikos Mavrogiannopoulos * lib/ext/server_name.c: server_name: only save the supported server names in the session Invalid server names with embedded nulls and unsupported types are not saved. 2016-05-10 Nikos Mavrogiannopoulos * NEWS: doc update 2016-05-10 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: cert cred: add the CN to the list of known hostnames only if no dns_names That is, follow rfc6125 and support CN as a fallback only. 2016-05-10 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: gnutls_certificate_set_key: import the DNS names of the certificates That is, only when no (NULL) names are provided. 2016-05-03 Nikos Mavrogiannopoulos * tests/pkcs11/pkcs11-cert-import-url-exts.c, tests/pkcs11/pkcs11-get-exts.c, tests/pkcs11/pkcs11-get-raw-issuer-exts.c: Revert "tests: ignore failure to load pkcs11 mock provider" This reverts commit ae40598e5597b1b1f01a7e55d35b5f476d7d19d7. 2016-05-03 Nikos Mavrogiannopoulos * configure.ac, tests/Makefile.am: tests: don't run pkcs11 mock module tests under buggy p11-kit 2016-05-03 Nikos Mavrogiannopoulos * tests/pkcs11/pkcs11-cert-import-url-exts.c, tests/pkcs11/pkcs11-get-exts.c, tests/pkcs11/pkcs11-get-raw-issuer-exts.c: tests: ignore failure to load pkcs11 mock provider GnuTLS 3.3.x can work with old versions of p11-kit which do not have the necessary fixes to load absolute paths. 2016-05-03 Nikos Mavrogiannopoulos * lib/nettle/gnettle.h: Fixed _NETTLE_UPDATE macro The macro was not using the input parameters but rather the actual variable name from the function (which was identical to input). Patch by Stanislav Zidek. 2016-05-03 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: gnutls_certificate_set_key: duplicate the provided memory That is, do not assume that a heap allocated value is provided. 2016-05-03 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-05-03 Nikos Mavrogiannopoulos * NEWS: doc update 2016-05-02 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/pkcs11/pkcs11-cert-import-url-exts.c, tests/pkcs11/pkcs11-get-exts.c, tests/pkcs11/pkcs11-get-raw-issuer-exts.c, tests/pkcs11/pkcs11-mock.c, tests/pkcs11/pkcs11-mock.h: tests: added a basic PKCS#11 mock module This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. 2016-05-03 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already running While some modules implicitly terminated the previous run, this is not something that PKCS#11 modules are expected to typically do. 2016-05-03 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url() or gnutls_x509_crt_import_url() will be able to be extracted with their extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() and friends. 2016-05-03 Nikos Mavrogiannopoulos * lib/pkcs11x.c: pkcs11: find_ext_cb: eliminated memory leak 2016-05-02 Nikos Mavrogiannopoulos * lib/pkcs11x.c: gnutls_pkcs11_obj_get_exts: updated documentation [ci skip] 2016-04-29 Nikos Mavrogiannopoulos * lib/gnutls_privkey_raw.c: corrected import issue in gnutls_privkey_import_ecc_raw 2016-04-29 Nikos Mavrogiannopoulos * lib/x509/privkey.c: x509/privkey: in raw import functions set the parameter's algorithm type 2016-04-26 Nikos Mavrogiannopoulos * tests/dane.c: tests: enhanced dane testing with offline verification checks 2016-04-26 Nikos Mavrogiannopoulos * libdane/dane.c: dane: verification will not fail if a CA entry is encountered but cannot be verified That addresses the issue of verifying a single certificate against a list of TLSA entries that contain an entry with CA usage (cert usage 0). With the previous behavior verification would have failed, while now this entry will be skipped. 2016-04-26 Nikos Mavrogiannopoulos * lib/gnutls_cert.c, libdane/dane.c: doc: improved documentation on certificate and DANE verification functions 2016-04-18 Nikos Mavrogiannopoulos * lib/nettle/pk.c: _wrap_nettle_pk_derive: reject values of public key that are over the prime That is do not canonicalise the value we get from the network, but rather check it for validity. This saves a modular reduction on handshake and performs a sanity check on the peer's (client) parameters. Reported by Hubert Kario. Resolves #84 2016-04-13 Nikos Mavrogiannopoulos * lib/gnutls_sig.c: handshake: do not overwrite the server's signature algorithm That is, correct a bug under which a client sending a certificate would overwrite the server's idea about the used signature algorithm. Reported by Hubert Kario. 2016-04-12 Nikos Mavrogiannopoulos * lib/x509/ocsp.c: gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable That is because this field is not optional, and a failure on its parsing is always fatal. Reported by Yuan Jochen Kang. 2016-04-09 Nikos Mavrogiannopoulos * lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn about insecure algorithm when unknown 2016-04-08 Nikos Mavrogiannopoulos * lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey definition OCSP is defined in an EXPLICIT tags module, and as such we must tag explicitly all of its tags. 2016-04-05 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: name constraints: enforce the rules for IP constraints when adding This will prevent gnutls from generating badly formed certificates. 2016-04-02 Nikos Mavrogiannopoulos * NEWS: doc update 2016-04-02 Nikos Mavrogiannopoulos * src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. 2016-03-30 Nikos Mavrogiannopoulos * NEWS: doc update 2016-03-30 Nikos Mavrogiannopoulos * lib/x509/output.c: x509/output: simplified cidr_to_string() 2016-03-29 Nikos Mavrogiannopoulos * lib/x509/output.c: x509/output: print RFC5280 CIDRs in name constraints 2016-03-30 Nikos Mavrogiannopoulos * lib/system.c: system_recv_timeout(): verify that the file descriptor is acceptable for select() 2016-03-21 Nikos Mavrogiannopoulos * NEWS: doc update 2016-03-15 Nikos Mavrogiannopoulos * tests/cert-tests/template-nc.pem: tests: template-test was updated for OCSP key purpose reordering 2016-03-15 Nikos Mavrogiannopoulos * src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. 2016-03-16 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: x86-common: CPUID override will only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities. Reported by Andreas Metzler. 2016-03-18 Nikos Mavrogiannopoulos * NEWS: doc update 2016-03-18 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: handshake: parse the mandatory to parse extension prior to any callback call This relates to the change of ALPN extension to mandatory to parse, and allows applications to get ALPN data prior to handshake completion. 2016-03-18 Nikos Mavrogiannopoulos * tests/mini-x509-callbacks.c: tests: verify that the post-client-hello callback has access to ALPN data 2016-03-18 Nikos Mavrogiannopoulos * tests/resume.c: tests: added checks for session resumption and ALPN This checks whether the ALPN extension is re-read on resumption and is negotiated. 2016-02-11 Nikos Mavrogiannopoulos * tests/resume.c: tests: resume: simplified structure assignment using C99 syntax 2016-03-15 Yuriy M. Kaminskiy * lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not be saved with session data In addition the extension was moved to the mandatory to parse to ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not establish properties of the session, only of the connection. When session resumption or session tickets [RFC5077] are used, the previous contents of this extension are irrelevant, and only the values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy Signed-off-by: Nikos Mavrogiannopoulos 2016-03-11 Nikos Mavrogiannopoulos * src/cli.c: gnutls-cli: fix invalid initialization in cert_verify_ocsp() 2016-03-10 Nikos Mavrogiannopoulos * NEWS: doc update 2016-03-08 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-03-08 Nikos Mavrogiannopoulos * tests/mini-loss-time.c: tests: backported mini-loss-time fixes 2016-03-08 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-03-04 Nikos Mavrogiannopoulos * tests/slow/Makefile.am: tests: do not run hash-large twice 2016-03-03 Nikos Mavrogiannopoulos * tests/version-checks.c: tests: corrected typo in version-checks 2016-03-03 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: added check on build with SSL 3.0 2016-03-03 Nikos Mavrogiannopoulos * tests/suite/testsrn: tests: backported testsrn from 3.4 branch 2016-03-03 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/cert-common.h, tests/version-checks.c: tests: added check for version negotiation default prio string That verifies whether the support versions are negotiated. 2016-03-03 Nikos Mavrogiannopoulos * NEWS: doc update 2016-03-03 Nikos Mavrogiannopoulos * configure.ac, lib/gnutls_priority.c: Remove SSL 3.0 from the default priority strings That can be reverted by using the --with-ssl3 configure option. 2016-03-03 Nikos Mavrogiannopoulos * tests/slow/Makefile.am: tests: include test-hash-large into dist 2016-03-01 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: separate builds with asan 2016-03-01 Nikos Mavrogiannopoulos * lib/openpgp/extras.c: gnutls_openpgp_keyring_import: backported mem leak fix 2016-03-01 Nikos Mavrogiannopoulos * src/p11tool.c: p11tool: avoid warning with cast 2016-03-01 Nikos Mavrogiannopoulos * src/certtool.c: certtool: eliminated memory leaks on cert verification 2016-03-01 Nikos Mavrogiannopoulos * src/certtool.c: certtool: backported memory leak fixes in PKCS#12 handling 2015-11-09 Nikos Mavrogiannopoulos * src/certtool.c: certtool: eliminate leaks in _verify_x509_mem() 2015-11-09 Nikos Mavrogiannopoulos * src/certtool.c: certtool: eliminate memory leaks in certificate generation 2016-02-29 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version [ci skip] 2016-02-29 Nikos Mavrogiannopoulos * src/certtool.c: certtool: avoid warning with cast 2016-02-29 Nikos Mavrogiannopoulos * lib/ext/ecc.c: ecc: optimized extension parsing 2016-02-29 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: fixed asan build for nettle3 2016-02-29 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-02-29 Nikos Mavrogiannopoulos * lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit systems 2016-02-29 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: Fixes to prevent undefined behavior (found with libubsan) 2016-02-29 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent undefined behavior (found with libubsan) 2016-02-29 Nikos Mavrogiannopoulos * lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent undefined behavior (found with libubsan) 2016-02-26 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: added libasan build with nettle3 2016-02-25 Jan Vcelak * lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing algorithm setting for DSA keys The algorithm number was set only in the private key structure, not in the nested structure with parameters. This made certain operations to fail (e.g., copying the key into a PKCS #11 token). Signed-off-by: Jan Vcelak 2015-06-17 Nikos Mavrogiannopoulos * tests/cert-tests/template-date.pem, tests/cert-tests/template-dn.pem, tests/cert-tests/template-generalized.pem, tests/cert-tests/template-nc.pem, tests/cert-tests/template-overflow.pem, tests/cert-tests/template-overflow2.pem, tests/cert-tests/template-test, tests/cert-tests/template-test.pem, tests/cert-tests/template-utf8.pem: tests: regenerate the results in template-test using UTC times 2016-02-25 Nikos Mavrogiannopoulos * NEWS: doc update 2016-02-25 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1 structure follow the RFC5280 recommendations That is make sure we generate dates with UTCTime prior to 2050 and GeneralizedTime format after 2050. 2015-06-17 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem, tests/cert-tests/template-dn.pem, tests/cert-tests/template-generalized.pem, tests/cert-tests/template-generalized.tmpl, tests/cert-tests/template-nc.pem, tests/cert-tests/template-overflow.pem, tests/cert-tests/template-overflow2.pem, tests/cert-tests/template-test, tests/cert-tests/template-test.pem, tests/cert-tests/template-utf8.pem: tests: verify that we generate dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050. 2016-02-19 Nikos Mavrogiannopoulos * lib/nettle/cipher.c: Prevent the encryption or decryption of more than 2^32 bytes with nettle2 That is because of nettle2 API limitations. Unlike the hash functions there is no real need for a wrapper as encrypting or decrypting that amount of data is unlikely. 2016-02-13 Nikos Mavrogiannopoulos * tests/dsa/testdsa, tests/scripts/common.sh: tests: backported testdsa to prevent random failures in test suite 2016-02-13 Nikos Mavrogiannopoulos * NEWS: doc update 2016-02-13 Nikos Mavrogiannopoulos * lib/accelerated/x86/hmac-padlock.c, lib/accelerated/x86/hmac-x86-ssse3.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h, lib/accelerated/x86/x86-common.h, lib/nettle/gnettle.h, lib/nettle/mac.c: nettle: use the correct type for hash and MAC functions In addition allow for hashing of more than UINT_MAX data bytes with nettle 2.x in 64-bit systems. 2016-02-12 Nikos Mavrogiannopoulos * tests/slow/Makefile.am, tests/slow/hash-large.c, tests/slow/test-hash-large: tests: check whether large buffer hashes and MAC work as expected 2016-02-10 Nikos Mavrogiannopoulos * tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available. 2016-02-03 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2016-01-31 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2016-01-30 Nikos Mavrogiannopoulos * tests/cert-tests/template-date.pem, tests/cert-tests/template-dn.pem, tests/cert-tests/template-nc.pem, tests/cert-tests/template-overflow.pem, tests/cert-tests/template-overflow2.pem, tests/cert-tests/template-test.pem: Revert "tests: updated to account for cert generation after c1405c6e08ef55421108bd4395588368f4122dda fix" This reverts commit 09dcbe564a85c021ebcbf7a3f28075d19c399ce4. 2016-01-30 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage" This was a false negative and not a real out-of-bounds read. This reverts commit c1405c6e08ef55421108bd4395588368f4122dda. 2016-01-21 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: Added build with ARCFOUR 2016-01-21 Nikos Mavrogiannopoulos * NEWS, configure.ac, lib/gnutls_priority.c, tests/priorities.c: Added configure flag --with-arcfour128 This flag will re-enable ARCFOUR in the priority strings by default. 2016-01-20 Nikos Mavrogiannopoulos * NEWS: doc update 2016-01-20 Nikos Mavrogiannopoulos * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c, tests/record-sizes.c: Revert "Revert "tests: updated to account for ARCFOUR being disabled"" This reverts commit a2f907d0d4e52eb4dd24cc1f5d7d892b21abfd83. 2016-01-20 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Revert "Revert "ARCFOUR is disabled from the default priority strings"" This reverts commit b3b5db319d4246e4735017cc423b92175f713a89. 2016-01-13 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory leak 2016-01-11 Nikos Mavrogiannopoulos * lib/x509/output.c: x509: place newline when printing unsupported othernames 2016-01-10 Nikos Mavrogiannopoulos * NEWS: doc update 2016-01-10 Nikos Mavrogiannopoulos * lib/ext/alpn.c: alpn: when parsing the list of protocols return at the first mutually common That resolves an issue where the server wouldn't select the first mutually supported. Resolves #63 2016-01-10 Nikos Mavrogiannopoulos * tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection order 2016-01-10 Nikos Mavrogiannopoulos * tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN negotiation 2016-01-09 Nikos Mavrogiannopoulos * lib/ext/alpn.c: alpn: document how the selected protocol is selected [ci skip] 2016-01-09 Nikos Mavrogiannopoulos * tests/mini-alpn.c: tests: verify that the selected ALPN protocol is the first advertised 2016-01-08 Nikos Mavrogiannopoulos * NEWS: released 3.3.20 2016-01-08 Nikos Mavrogiannopoulos * NEWS: reverted ARCFOUR removal change 2016-01-08 Nikos Mavrogiannopoulos * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c, tests/record-sizes.c: Revert "tests: updated to account for ARCFOUR being disabled" This reverts commit 45926d9561b2e888c505524663b7c7ad87c263bc. 2016-01-08 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Revert "ARCFOUR is disabled from the default priority strings" This reverts commit 76be7bda79d6785eeab3ef8e96db026ad7aac9c3. 2016-01-07 Nikos Mavrogiannopoulos * configure.ac: configure: no longer distribute lzip tarballs 2015-11-25 Nikos Mavrogiannopoulos * src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows for files 2015-11-25 Nikos Mavrogiannopoulos * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3, src/libopts/COPYING.mbsd, src/libopts/Makefile.am, src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts.c, src/libopts/autoopts.h, src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c, src/libopts/check.c, src/libopts/compat/compat.h, src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h, src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c, src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h, src/libopts/libopts.c, src/libopts/load.c, src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4, src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c, src/libopts/nested.c, src/libopts/numeric.c, src/libopts/option-value-type.c, src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c, src/libopts/parse-duration.h, src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c, src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c, src/libopts/stack.c, src/libopts/stdnoreturn.in.h, src/libopts/streqvcmp.c, src/libopts/text_mmap.c, src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: libopts: updated to 5.18.6 2016-01-07 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2016-01-07 Nikos Mavrogiannopoulos * Makefile.am, symbols.last: symbols.last: don't include internal symbols into exported list 2016-01-07 Nikos Mavrogiannopoulos * NEWS: NEWS: doc update 2016-01-05 Nikos Mavrogiannopoulos * tests/cert-tests/template-date.pem, tests/cert-tests/template-dn.pem, tests/cert-tests/template-nc.pem, tests/cert-tests/template-overflow.pem, tests/cert-tests/template-overflow2.pem, tests/cert-tests/template-test.pem: tests: updated to account for cert generation after c1405c6e08ef55421108bd4395588368f4122dda fix 2016-01-05 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: Makefile.am: removed invalid program ld flags 2016-01-04 Nikos Mavrogiannopoulos * NEWS: doc update 2016-01-04 Tim Kosse * lib/x509/x509_ext.c: Fix out-of-bounds read in gnutls_x509_ext_export_key_usage 2016-01-01 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test suite. 2015-12-31 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: fixes to store the imported URL This ammends 603d0db776537c19bdfd907e0fc77c7321874bf0 with changes for the 3.3.x branch. 2015-12-31 Nikos Mavrogiannopoulos * NEWS: doc update [ci skip] 2015-12-31 Nikos Mavrogiannopoulos * NEWS: doc update 2015-12-31 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: import public keys from any available object That is, load public keys from the public key object, or the certificate object if they are present. That affects non-RSA public keys which do not contain all required fields on the private key object. 2015-12-31 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key 2015-12-31 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object Previously only RSA objects were correctly written. 2015-12-24 Nikos Mavrogiannopoulos * NEWS: NEWS: doc update [ci skip] 2015-12-23 Nikos Mavrogiannopoulos * lib/ext/max_record.c: max_record: don't consider this extension on DTLS That is because it doesn't work as expected, and does not fragment handshake messages. Relates with #61 2015-12-20 Nikos Mavrogiannopoulos * NEWS: doc update 2015-04-28 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos 2015-12-15 Nikos Mavrogiannopoulos * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c, tests/record-sizes.c: tests: updated to account for ARCFOUR being disabled 2015-12-15 Nikos Mavrogiannopoulos * NEWS: doc update 2015-12-15 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: ARCFOUR is disabled from the default priority strings ARCFOUR is a cipher known to be broken theoretically and practically. Configurations that depend on that cipher being on should explicitly enable it. Resolves #23 2015-12-08 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are available. This is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. 2015-12-08 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: Revert "Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA" This reverts commit 0e79aabab519a6b568cf8c31b38523cce7416bd8. 2015-12-06 Nikos Mavrogiannopoulos * NEWS: doc update 2015-12-06 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for a direct import. Reported by Jan Vcelak. 2015-12-06 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't used 2015-12-06 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11: deinitialize gnutls_pkcs11_obj_t's pubkey on deinit 2015-12-06 Jan Vcelak * lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in privkey_get_pubkey The code worked for RSA because the content of the variables matched. But it doesn't match for ECC. CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0) CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak 2015-11-30 Nikos Mavrogiannopoulos * lib/x509/x509.c: allow specifying NULL buffer in gnutls_x509_crt_get_*_unique_id() 2015-11-22 Nikos Mavrogiannopoulos * NEWS: released 3.3.19 2015-11-21 Nikos Mavrogiannopoulos * symbols.last: updated auto-generated files 2015-11-21 Nikos Mavrogiannopoulos * doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions with _gnutls prefix 2015-11-21 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: gnutls_global_init_skip: prefixed with an underscore 2015-11-21 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2015-11-19 Nikos Mavrogiannopoulos * NEWS: doc update 2015-11-16 Nikos Mavrogiannopoulos * tests/global-init-override.c, tests/global-init.c: tests: corrected copyright info 2015-11-16 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/global-init-override.c: tests: added check for overriding global initialization 2015-11-16 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro 2015-11-16 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skip implicit global initialization 2015-11-16 Nikos Mavrogiannopoulos * tests/utils.c, tests/utils.h: utils: backported sec_sleep() 2015-11-16 Nikos Mavrogiannopoulos * tests/mini-handshake-timeout.c: tests: backported mini-handshake-timeout 2015-11-16 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: added build and check in FIPS140-2 mode 2015-11-16 Nikos Mavrogiannopoulos * tests/mini-dtls-record.c, tests/resume-dtls.c: tests: backported mini-dtls-record.c and resume-dtls.c 2015-11-16 Nikos Mavrogiannopoulos * .gitlab-ci.yml: .gitlab-ci.yml: remove the minimal library from targets 2015-11-15 Nikos Mavrogiannopoulos * lib/x509/x509_write.c: disable_optional_stuff: don't disable unique IDs if set There are sideways set these values even if they are not in the public API, and we shouldn't disable them unconditionally. 2015-11-15 Nikos Mavrogiannopoulos * .gitlab-ci.yml: Added CI build rules 2015-11-09 Nikos Mavrogiannopoulos * NEWS: doc update 2015-11-09 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c, tests/mini-record.c: Require TLS 1.2 for all the ciphersuites which are defined for it only This solves an interoperability issue with openssl. Reported by Viktor Dukhovni. 2015-11-11 Nikos Mavrogiannopoulos * NEWS: doc update 2015-11-11 Nikos Mavrogiannopoulos * lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to DHE and ECDHE on a rehandshake 2015-11-08 Nikos Mavrogiannopoulos * NEWS: doc update 2015-11-03 Nikos Mavrogiannopoulos * lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the link options Reported by Dan Kegel. Resolves #49 2015-10-23 Nikos Mavrogiannopoulos * NEWS: doc update 2015-10-15 Nikos Mavrogiannopoulos * lib/algorithms/ciphers.c, lib/gnutls_cipher_int.c, lib/gnutls_priority.c: Disable the NULL cipher on runtime when FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode. 2015-10-15 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c, lib/gnutls_int.h, lib/gnutls_priority.c: backport: Tolerate priority strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications which disable or enable algorithms which no longer are supported. Relates #44 2015-10-15 Nikos Mavrogiannopoulos * NEWS: doc update 2015-10-15 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate That allows NSS to read and use the written certificate. Resolves #43 2015-10-12 Nikos Mavrogiannopoulos * NEWS: doc update 2015-10-12 Lennert Buytenhek * lib/nettle/pk.c: Fix memory leak in wrap_nettle_hash_algorithm(). wrap_nettle_hash_algorithm() leaks an mpz_t if it is called with pk == GNUTLS_PK_RSA and sig == NULL, in which case it will return without going through the regular exit path that clears the mpz_t it allocated at the beginning of the function. Use the regular exit path instead to fix this. This leak can be triggered via calls to gnutls_pubkey_get_preferred_hash_algorithm(). Signed-off-by: Lennert Buytenhek 2015-09-14 Nikos Mavrogiannopoulos * lib/gnutls_str.c: _gnutls_hex2bin: avoid overrun in the provided buffer 2015-09-12 Nikos Mavrogiannopoulos * doc/manpages/tpmtool.1: tpmtool.1: updated 2015-09-12 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2015-09-11 Nikos Mavrogiannopoulos * lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35 2015-08-21 Nikos Mavrogiannopoulos * lib/gnutls_session_pack.c: session packing: corrected issue in PSK session unpack 2015-08-21 Nikos Mavrogiannopoulos * NEWS: doc update 2015-08-21 Nikos Mavrogiannopoulos * lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted. 2015-08-21 Nikos Mavrogiannopoulos * src/certtool.c: certtool: allow exporting very long CRLs 2015-08-19 Nikos Mavrogiannopoulos * NEWS: doc update 2015-08-12 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check whether the CRL generation code works as expected 2015-08-12 Nikos Mavrogiannopoulos * src/certtool.c: certtool: removed limit on maximum imported certificates in the -i option 2015-08-12 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool.c: certtool: eliminated memory leaks due to new cert loading code 2015-08-12 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool-common.h: certtool: lifted limits on file size to load 2015-08-10 Nikos Mavrogiannopoulos * Makefile.am: before dist ensure that included libopts matches autogen 2015-08-09 Nikos Mavrogiannopoulos * tests/suite/mini-eagain2.c: tests: backported fix in mini-eagain2 2015-08-09 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: pkcs11: increase attributes size in gnutls_pkcs11_copy_x509_privkey 2015-08-09 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2015-08-09 Nikos Mavrogiannopoulos * NEWS: doc update 2015-08-03 Nikos Mavrogiannopoulos * NEWS: doc update 2015-08-03 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag, to simulate the previous behavior. 2015-07-31 Nikos Mavrogiannopoulos * lib/ext/safe_renegotiation.c: safe renegotiation: simulate receiving the extension on receival of SCSV 2015-07-31 Nikos Mavrogiannopoulos * NEWS: doc update 2015-07-31 Nikos Mavrogiannopoulos * lib/ext/safe_renegotiation.c: safe renegotiation: handle case where client didn't send any extension That was affected by the "don't try to send extensions we didn't receive". 2015-07-31 Nikos Mavrogiannopoulos * lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h: As server don't try to send extensions we didn't receive. 2015-07-20 Nikos Mavrogiannopoulos * lib/x509/common.c: Reset the output value on error in _gnutls_x509_dn_to_string() Reported by Kurt Roeckx. 2015-07-20 Nikos Mavrogiannopoulos * lib/gnutls_state.c: gnutls_prf: document that this is not identical to RFC5705 2015-07-20 Nikos Mavrogiannopoulos * src/p11tool-args.def: p11tool: fix documentation for --generate-ecc and generate-dsa 2015-07-12 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2015-07-10 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c: corrected function name 2015-07-10 Nikos Mavrogiannopoulos * NEWS: doc update 2015-07-10 Nikos Mavrogiannopoulos * lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites 2015-07-09 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert. 2015-07-02 Daniel Kahn Gillmor * src/certtool.c: certtool --outder should not emit signature verification status When emitting binary-formatted output, send signature verification status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature verification to stderr, but that would change the text-formatted output. 2015-07-01 Nikos Mavrogiannopoulos * NEWS: doc update 2015-07-01 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from public key should depend on P not Y That allows to do the proper evaluation to check certificate strength. Reported by Hubert Kario. 2015-07-01 Nikos Mavrogiannopoulos * NEWS: doc update 2015-07-01 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: name constraints: don't reject certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS constraints, and the end certificate doesn't have an IPaddress name or a URI set. 2015-06-26 Nikos Mavrogiannopoulos * lib/x509/privkey.c: enhanced header matching code for private keys to skip unrelated data 2015-06-25 Nikos Mavrogiannopoulos * NEWS: doc update 2015-06-25 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh, tests/suite/ciphersuite/test-ciphers.js, tests/suite/ciphersuite/test-ciphersuites.sh, tests/suite/test-ciphersuite-names: tests: backported test-ciphersuite-names from master 2015-06-25 Nikos Mavrogiannopoulos * lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to trying all encrypted options. 2015-06-25 Nikos Mavrogiannopoulos * lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will release any data on failure Resolves #15 2015-06-11 Nikos Mavrogiannopoulos * tests/suite/testcompat-main: tests: backported test-compat-main from master 2015-06-10 Nikos Mavrogiannopoulos * lib/nettle/cipher.c: Corrected camellia256 set key in nettle3 compat mode 2015-06-04 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c: drbg-aes: include gnutls_errors.h 2015-06-03 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c: fips140: added check for reseed detection 2015-06-03 Nikos Mavrogiannopoulos * tests/rng-fork.c: tests: check random generator for long outputs as well 2015-06-03 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only on reseed 2015-06-03 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on the reseed and generate function 2015-06-03 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140: enforce the max_number_of_bits_per_request 2015-05-26 Nikos Mavrogiannopoulos * lib/x509/ocsp_output.c: Check the OID size for match when comparing for the OCSP nonce extension Reported by Hanno Böck. 2015-05-23 Armin Burgmeier * lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not used Before, the number of bits of a zero-length number was attempted to be extracted, resulting in an error. The changed behaviour is consistent with the documentation which explicitly states that 0 should be returned if no DH key exchange was performed. 2015-05-22 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may include a leading zero 2015-05-21 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less 2015-05-14 Nikos Mavrogiannopoulos * NEWS: doc update 2015-05-13 Nikos Mavrogiannopoulos * configure.ac, lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86-aesni.c, lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c, lib/nettle/pk.c, m4/hooks.m4, tests/dsa/testdsa: Allow using nettle3 with gnutls3.3 2015-05-06 Nikos Mavrogiannopoulos * tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false failures 2015-05-05 Nikos Mavrogiannopoulos * tests/mini-loss-time.c: tests: eliminate mem leaks in mini-loss-time 2015-05-05 Nikos Mavrogiannopoulos * tests/mini-loss-time.c: tests: backported mini-loss-time from master 2015-04-28 Jan Vcelak * lib/nettle/pk.c: fix memory leak in ECDSA key parameters verification Signed-off-by: Jan Vcelak 2015-05-03 Nikos Mavrogiannopoulos * NEWS: updated NEWS 2015-05-03 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: released 3.3.15 2015-04-30 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts 2015-04-30 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly work with DTLS 2015-04-30 Nikos Mavrogiannopoulos * doc/examples/ex-client-dtls.c: doc: fixed example with DTLS timeouts 2015-04-28 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated minitasn1 2015-04-25 Nikos Mavrogiannopoulos * NEWS: doc update 2015-04-25 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer for the MD5 acceptance issue Reported by Karthikeyan Bhargavan. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.htmlConflicts: tests/Makefile.am 2015-04-25 Nikos Mavrogiannopoulos * lib/ext/signature.c: before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled 2015-04-25 Nikos Mavrogiannopoulos * lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms 2015-04-25 Nikos Mavrogiannopoulos * lib/auth/cert.c: set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate That allows gnutls_certificate_client_get_request_status() to be properly operating from the callback. Reported by Anton Lavrentiev. 2015-04-22 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev 2015-04-21 Nikos Mavrogiannopoulos * NEWS: doc update 2015-04-20 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the certificate even if a callback was used This corrects a bug where this function would not work, when gnutls_certificate_set_retrieve_function2() was used. 2015-04-20 Nikos Mavrogiannopoulos * lib/x509/x509.c: ensure that the X.509 version number is one byte only 2015-04-20 Nikos Mavrogiannopoulos * lib/x509/x509.c: Check for invalid length in the X.509 version field If such an invalid length is detected, reject the certificate. Reported by Hanno Böck. 2015-03-30 Nikos Mavrogiannopoulos * tests/mini-loss-time.c: tests: mini-loss-time: ignore sigpipe 2015-03-30 Nikos Mavrogiannopoulos * NEWS: released 3.3.14 2015-03-30 Nikos Mavrogiannopoulos * tests/suite/testcompat-main: tests: change the default port in testcompat to avoid clash with testsrn 2015-03-30 Nikos Mavrogiannopoulos * doc/texinfo.css: doc: increase border spacing in HTML tables 2015-03-29 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2015-03-29 Nikos Mavrogiannopoulos * NEWS: doc update 2015-03-28 Nikos Mavrogiannopoulos * lib/gnutls_int.h: do not penalize CBC ciphers with the maximum send data size That reduced the maximum send size for CBC ciphers from 16384 to 16384-(block size), which was unnecessary and was causing issues: https://bugs.winehq.org/show_bug.cgi?id=37500 2015-03-29 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c, tests/suite/ciphersuite/scan-gnutls.sh: made ciphersuites.c more self-contained to be handled by test-ciphersuites.sh 2015-03-28 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: Better fix for the double free in dist point parsing 2015-03-28 Nikos Mavrogiannopoulos * lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated libtasn1 2015-03-28 Nikos Mavrogiannopoulos * lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c, lib/x509/x509_ext.c: gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings 2015-03-23 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: eliminated double-free in the parsing of dist points Reported by Robert Święcki. 2015-03-27 Nikos Mavrogiannopoulos * NEWS: doc update 2015-03-27 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes 2015-03-27 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error condition 2015-03-27 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation 2015-03-26 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key 2015-03-26 Nikos Mavrogiannopoulos * lib/ext/server_name.c: When an application calls gnutls_server_name_set() with a name of zero size disable the extension Resolves #2 2015-03-25 Nikos Mavrogiannopoulos * NEWS: doc update 2015-03-25 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: name constraints: when no name of the type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos. 2015-03-20 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS 2015-03-13 Nikos Mavrogiannopoulos * lib/gnutls_supplemental.c: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. 2015-03-13 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: doc update 2015-03-13 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: gnutls_priority_init: document that priorities can be NULL 2015-03-13 Nikos Mavrogiannopoulos * lib/crypto-selftests.c: corrected self test for 3DES 2015-03-11 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: only set ID and label when both size and data are set 2015-03-05 Nikos Mavrogiannopoulos * configure.ac: configure: check for /usr/share/dns/root.key as well for dns root key 2015-03-09 Nikos Mavrogiannopoulos * m4/hooks.m4: corrected macro which checks libtasn1 for asn1_decode_simple_ber 2015-03-09 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3 2015-03-09 Nikos Mavrogiannopoulos * doc/cha-internals.texi: rearranged internal documentation 2015-03-09 Nikos Mavrogiannopoulos * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def, src/socket.c: tools: added ftp as a starttls protocol 2015-03-09 Nikos Mavrogiannopoulos * src/cli-args.def: gnutls-cli: starttls and starttls-proto can't mix 2015-03-07 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: expand on SECURE256 being an alias to SECURE192 2015-03-06 Nikos Mavrogiannopoulos * src/tests.c: gnutls-cli-debug: corrected check of certificate chain order 2015-03-06 Nikos Mavrogiannopoulos * tests/x509cert.c: tests: added small test to verify that GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert 2015-03-06 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable unsupported TLS protocols as soon 2015-03-06 Nikos Mavrogiannopoulos * src/socket.c: cli sockets: check for a digit prior using atoi 2015-03-06 Nikos Mavrogiannopoulos * src/tests.c: gnutls-cli-debug: a cert list of size 1 is always sorted 2015-03-06 Nikos Mavrogiannopoulos * src/socket.c: gnutls-cli-debug: do not warn multiple times about unknown protocols 2015-03-06 Nikos Mavrogiannopoulos * doc/cha-support.texi: updated documentation on FIPS140-2 2015-03-05 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-basic.pem, tests/cert-tests/template-basic.tmpl, tests/cert-tests/template-test: Revert "tests: template-test: added a baseline check to detect slow systems" This reverts commit 2ee2a78178a842c9b0ef2ca3e12909ca3bb9fe79. 2015-03-05 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: tests: don't perform the overflow check in 32-bit systems 2015-03-05 Nikos Mavrogiannopoulos * tests/cert-tests/template-date.pem, tests/cert-tests/template-date.tmpl: tests: date parsing test was modified to work in 32-bit systems 2015-03-05 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-basic.pem, tests/cert-tests/template-basic.tmpl, tests/cert-tests/template-test: tests: template-test: added a baseline check to detect slow systems 2015-03-04 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-12 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: testpkcs11: do not ignore the failure to write a trusted CA 2015-01-05 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: testpkcs11: detect softhsm2 2015-03-04 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c, m4/hooks.m4: use asn1_decode_simple_ber if available 2015-02-27 Nikos Mavrogiannopoulos * lib/includes/gnutls/abstract.h: list gnutls_pubkey_get_verify_algorithm as deprected 2015-02-26 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: corrected typo in gnutls_handshake(), spotted by Andris Mednis 2015-02-25 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: released 3.3.13 2015-02-20 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig, tests/cert-tests/invalid-sig2.pem, tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid X.509 certificate signatures 2015-02-24 Nikos Mavrogiannopoulos * lib/gnutls_session.c: doc update: document that session_get_data() must be used in non-resumed sessions 2015-02-21 Nikos Mavrogiannopoulos * tests/suite/testcompat-main: tests: testcompat: disable tests with NULL ciphersuites; debian doesn't support them 2015-02-21 Nikos Mavrogiannopoulos * NEWS: doc update 2015-02-21 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN 2015-02-21 Nikos Mavrogiannopoulos * tests/mini-overhead.c, tests/mini-record.c: tests: require DTLS 1.2 when using GCM 2015-02-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: corrected check which prevented client to sent an unacceptable for the version ciphersuite 2015-02-20 Nikos Mavrogiannopoulos * lib/gnutls_record.c: fixed sequence number copy 2015-02-17 Nikos Mavrogiannopoulos * NEWS: doc update 2015-02-17 Nikos Mavrogiannopoulos * lib/x509/x509.c: when importing a certificate ensure that the signature parameters match 2015-02-14 Nikos Mavrogiannopoulos * NEWS: doc update 2015-02-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in x86 2015-02-04 Nikos Mavrogiannopoulos * src/cli.c: handle differently OCSP responses that are revoked and of unknown status 2015-02-01 Nikos Mavrogiannopoulos * src/common.c: compilation fix with return on void function; reported by David Marx 2015-01-29 Nikos Mavrogiannopoulos * lib/gnutls_state.c: doc update 2015-01-29 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: set the appropriate direction when _gnutls_io_write_flush() is called 2015-01-28 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: documented using a session with fork or multiple threads 2015-01-25 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: print errno in a more uniform way 2015-01-19 Nikos Mavrogiannopoulos * lib/x509/x509.c: on certificate import check whether the two signature algorithms match 2015-01-25 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the total length 2015-01-19 Nikos Mavrogiannopoulos * src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be so verbose about the OCSP nonce; it is universally unsupported 2015-01-17 Tim Ruehsen * src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos 2015-01-17 Nikos Mavrogiannopoulos * NEWS: released 3.3.12 2015-01-16 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-16 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped versions 2015-01-16 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-16 Nikos Mavrogiannopoulos * libdane/errors.c: corrected typos Reported by Guido Kroon. 2015-01-16 Nikos Mavrogiannopoulos * lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of obsolete versions That prevents using these versions as record version numbers, unless they are the only protocol supported. This avoids the issues with servers that have banned SSL 3.0 record versions. 2015-01-16 Nikos Mavrogiannopoulos * src/ocsptool-common.c: ocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access 2015-01-16 Nikos Mavrogiannopoulos * lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc update 2015-01-15 Nikos Mavrogiannopoulos * src/ocsptool-common.c: ocsptool-common: iterate through all AIA items prior to decidig the OCSP server 2015-01-13 Nikos Mavrogiannopoulos * src/cli-args.def: simplified text for inline-commands-prefix 2015-01-12 Nikos Mavrogiannopoulos * NEWS: doc update: added urls of savannah reports 2015-01-12 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-12 Nikos Mavrogiannopoulos * src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added --starttls-proto option 2015-01-12 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: cleanup the name of types Conflicts: lib/pkcs11.c 2015-01-12 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: when importing a public key, import it's data as well (version 2 fix) 2015-01-12 Nikos Mavrogiannopoulos * lib/x509/verify.c: doc update 2015-01-11 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: when importing a public key, import it's data as well 2015-01-11 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: doc update 2015-01-10 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-10 Nikos Mavrogiannopoulos * lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP from a client, the server verifies if it supports the extension’s contents in _gnutls_session_cert_type_supported(). This function checks for cred->get_cert_callback but not cred->get_cert_callback2. As a result, servers setup for OpenPGP certificate credential callback with gnutls_certificate_set_retrieve_function2() are unable to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein. 2015-01-10 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not release the cached value 2015-01-08 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-08 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712 2015-01-08 Ludovic Courtès * NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both during expansion and at run time. Fixes . * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'. * NEWS: Update. 2015-01-06 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-06 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: in DTLS don't combine multiple packets which exceed MTU Resolves: https://savannah.gnu.org/support/?108715 2015-01-06 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: Added more precise check of push functions availability 2015-01-06 Nikos Mavrogiannopoulos * src/Makefile.am: danetool: only compile when dane is enabled 2014-12-11 Nikos Mavrogiannopoulos * lib/crypto-backend.c: Allow a random generator with the same priority to re-register That corrects an issue where the library is deinitialized, and reinitialization wouldn't register the same rnd module. Reported by Stanislav Zidek. 2015-01-04 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: modified check for READ_NUMERIC 2015-01-04 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: use 64-bit type for CRL serial number 2015-01-04 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: check for overflows when reading serial numbers 2015-01-04 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as type for integers read 2015-01-04 Nikos Mavrogiannopoulos * src/socket.c: gnutls-cli-debug: more precise handling of SMTP protocol Patch by Andreas Metzler. 2015-01-04 Nikos Mavrogiannopoulos * NEWS: doc update 2015-01-04 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c, gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4, gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4, gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4, gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h, gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h, gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h, gl/tests/signature.h, gl/tests/test-alloca-opt.c, gl/tests/test-base64.c, gl/tests/test-binary-io.c, gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c, gl/tests/test-errno.c, gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c, gl/tests/test-fgetc.c, gl/tests/test-float.c, gl/tests/test-fputc.c, gl/tests/test-fread.c, gl/tests/test-fstat.c, gl/tests/test-ftell.c, gl/tests/test-ftell3.c, gl/tests/test-ftello.c, gl/tests/test-ftello3.c, gl/tests/test-ftello4.c, gl/tests/test-func.c, gl/tests/test-fwrite.c, gl/tests/test-getdelim.c, gl/tests/test-getline.c, gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c, gl/tests/test-init.sh, gl/tests/test-intprops.c, gl/tests/test-inttypes.c, gl/tests/test-memchr.c, gl/tests/test-netdb.c, gl/tests/test-netinet_in.c, gl/tests/test-read-file.c, gl/tests/test-snprintf.c, gl/tests/test-stdalign.c, gl/tests/test-stdbool.c, gl/tests/test-stddef.c, gl/tests/test-stdint.c, gl/tests/test-stdio.c, gl/tests/test-stdlib.c, gl/tests/test-string.c, gl/tests/test-strings.c, gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c, gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h, gl/tests/test-time.c, gl/tests/test-u64.c, gl/tests/test-unistd.c, gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh, gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c, gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c, gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h, src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h, src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c, src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c, src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c, src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h, src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c, src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c, src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c, src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h, src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c, src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c, src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4, src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4, src/gl/m4/exponentd.m4, src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4, src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4, src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4, src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4, src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4, src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4, src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4, src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4, src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4, src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4, src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4, src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c, src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c, src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h, src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h, src/gl/parse-datetime.y, src/gl/printf-args.c, src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h, src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c, src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c, src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c, src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c, src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h, src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c, src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.in.h, src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h, src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c, src/gl/xsize.h: updated gnulib 2015-01-02 Nikos Mavrogiannopoulos * src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored checks 2014-12-31 Nikos Mavrogiannopoulos * NEWS: doc update 2014-12-31 Nikos Mavrogiannopoulos * NEWS: doc update 2014-12-31 Nikos Mavrogiannopoulos * src/certtool.c: certtool: --pubkey-info will load a public key from stdin 2014-12-31 Nikos Mavrogiannopoulos * lib/system.h: include netinet/in.h if present to access ipv6 related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713 2014-12-30 Matthias-Christian Ott * lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this case and thus does not need to be called. 2014-12-30 Matthias-Christian Ott * lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for VIA PadLock functions If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the plaintext length (last parameter) is greater than zero and segfault otherwise. The assembler code for both functions is automatically generated and imported from OpenSSL, so to ease maintenance the length should be validated in the functions that call padlock_ecb_encrypt or padlock_cbc_encrypt. 2014-12-28 Nikos Mavrogiannopoulos * tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test 2014-12-28 Nikos Mavrogiannopoulos * lib/openpgp/output.c: openpgp: properly print names in oneline output as well 2014-12-28 Nikos Mavrogiannopoulos * lib/openpgp/output.c: updates in openpgp DSA key printing 2014-12-28 Nikos Mavrogiannopoulos * lib/openpgp/output.c: properly print openpgp names 2014-12-25 Nikos Mavrogiannopoulos * src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP functions only when OCSP is enabled 2014-12-24 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and gnutls_pubkey_import_ecc_x962(). 2014-12-24 Nikos Mavrogiannopoulos * src/certtool-args.def, src/p11tool-args.def: tools: document the available curves 2014-12-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-12-23 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: Use hints to support incomplete PKCS#11 URIs 2014-12-23 Nikos Mavrogiannopoulos * doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely separated the two gnulibs to avoid conflicts 2014-12-23 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4, gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c, gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c, src/gl/Makefile.am, src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y, src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib 2014-12-22 Nikos Mavrogiannopoulos * NEWS: doc update 2014-12-22 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: when importing object CAs from PKCS#11 URL, import the marked as trusted only 2014-12-22 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: when matching objects, also match the label 2014-12-21 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c: added missing variable 2014-12-21 Nikos Mavrogiannopoulos * lib/x509/Makefile.am: Added p11-kit cflags in x509/ 2014-12-21 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c, tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c, tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in softhsm detection Conflicts: tests/suite/pkcs11-chainverify.c tests/suite/pkcs11-privkey.c 2014-12-21 Nikos Mavrogiannopoulos * lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS #11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a token URL, but rather a direct reference to specific objects. 2014-12-19 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation for the cork/uncork functions Reported by Jaak Ristioja. 2014-12-19 Nikos Mavrogiannopoulos * lib/gnutls_record.c: doc update 2014-12-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-12-19 Nikos Mavrogiannopoulos * lib/algorithms/protocols.c: Added more precise version check in _gnutls_version_lowest 2014-11-21 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/protocols.c, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The record version in the client Hello will be set to the lowest supported protocol There should have been no harm in keeping it SSL 3.0 but unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked as MUST NOT do that. That will be fixed in a later revision but since then there are servers not accepting SSL 3.0 as a valid record version (note that this is about the record version, which describes the format of the packet, nothing to do with the negotiated version). 2014-12-19 Nikos Mavrogiannopoulos * lib/gnutls_record.c: corrected documentation of gnutls_cork() 2014-12-12 Ludovic Courtès * NEWS, doc/gnutls-guile.texi, guile/modules/gnutls.in, guile/modules/gnutls/build/smobs.scm, guile/src/core.c, guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: Revert "guile: Remove RSA parameters and related procedures." This reverts commit 9f5788469f6f3f3fdd4cf064621a903607f10f2f; this will be done in the 3.4 branch, as for the C library. Update NEWS accordingly. 2014-12-12 Ludovic Courtès * NEWS: Update 'NEWS'. 2014-12-11 Ludovic Courtès * guile/tests/openpgp-keyring.scm: guile: Open binary file in binary mode, for the sake of MinGW. Reported by Eli Zaretskii . * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead of 'open-input-file'. 2014-12-11 Ludovic Courtès * guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii . * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined. 2014-12-04 Ludovic Courtès * guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter. 2014-12-04 Ludovic Courtès * guile/modules/Makefile.am, guile/modules/gnutls.in, guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am, guile/src/core.c, guile/src/make-session-priorities.scm, guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use 'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise. 2014-12-04 Ludovic Courtès * doc/gnutls-guile.texi, guile/modules/gnutls.in, guile/modules/gnutls/build/smobs.scm, guile/src/core.c, guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile: Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise. 2014-12-12 Nikos Mavrogiannopoulos * lib/random.c: gnutls_rnd: doc update 2014-12-12 Nikos Mavrogiannopoulos * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update 2014-12-12 Nikos Mavrogiannopoulos * libdane/dane.c: improved documentation on dane 2014-12-11 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: use Sleep() in windows 2014-12-11 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: ensure that default_serial_int is 64-bits or more 2014-12-11 Nikos Mavrogiannopoulos * src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii. 2014-12-11 Nikos Mavrogiannopoulos * NEWS: released 3.3.11 2014-12-11 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2014-12-11 Nikos Mavrogiannopoulos * tests/suite/testcompat-main: testcompat: corrected usage of null cipher 2014-12-10 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code 2014-12-05 Nikos Mavrogiannopoulos * lib/x509/dn.c: _gnutls_x509_get_dn() always return a null terminated string 2014-12-02 Nikos Mavrogiannopoulos * lib/random.h: if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed 2014-11-30 Nikos Mavrogiannopoulos * lib/x509/x509.c: Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation() Reported by Tim Rühsen. 2014-11-28 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc update 2014-11-25 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required 2014-11-28 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of the NULL KX 2014-11-25 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed Reported by Georg Richter. 2014-11-24 Nikos Mavrogiannopoulos * src/socket.c: gnutls-cli-debug: do not print error on unknown protocols 2014-11-24 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: documented the limitations of the loading functions 2014-11-24 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter. 2014-11-24 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added check for sorted certificate chain 2014-11-22 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_record.c, tests/mini-rehandshake-2.c: restore only the documented behavior 2014-11-21 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-21 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake Conflicts: tests/Makefile.am 2014-11-21 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_record.c: treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship. https://savannah.gnu.org/support/?108690 2014-11-21 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-21 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Revert "The priority modifier %LATEST_RECORD_VERSION is now the default" This reverts commit 96b408b20fe8707306f38cba6f652556b99a47e4. 2014-11-13 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid valgrind complaints 2014-11-21 Nikos Mavrogiannopoulos * lib/fips.c: compilation fix for FIPS140-2 mode 2014-11-21 Nikos Mavrogiannopoulos * lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are done when it is required only. 2014-11-17 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: NORMAL priority: prioritize the less than 256-bits curves at the lowest level 2014-11-16 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879 2014-11-15 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-14 David Weber * src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable to compile gnutls (./configure complains about gl_INIT and ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos 2014-11-14 Nikos Mavrogiannopoulos * src/common.c: gnutls-cli: print info on the OCSP status request 2014-11-14 Nikos Mavrogiannopoulos * lib/x509/ocsp.c: use the original DER/BER data when verifying an OCSP response Conflicts: lib/x509/ocsp.c 2014-11-14 Nikos Mavrogiannopoulos * lib/system.c: windows: updated _gnutls_ucs2_to_utf8() 2014-11-14 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check for OCSP status response Conflicts: src/tests.c 2014-11-13 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: added check for servers that disallow the SSL 3.0 record version 2014-11-14 Nikos Mavrogiannopoulos * tests/cert-tests/crq: corrected crq test case; reported by Andreas Metzler 2014-11-13 Nikos Mavrogiannopoulos * lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback 2014-11-13 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.h: rnd: removed the packed attribute from event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas Thorberger. 2014-11-13 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-13 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: The priority modifier %LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version number from the first packet of the record protocol. 2014-11-10 Nikos Mavrogiannopoulos * tests/suite/testcompat-common, tests/suite/testcompat-main: testcompat: updated 2014-11-10 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2014-11-09 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-31 Nikos Mavrogiannopoulos * configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq: Added check with the invalid crq sent by Sean Burford 2014-10-31 Nikos Mavrogiannopoulos * lib/gnutls_ecc.c: when exporting curve coordinates to X9.63 format, perform additional sanity checks on input Reported by Sean Burford. 2014-11-08 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: doc update 2014-11-08 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text on session tickets 2014-11-07 Nikos Mavrogiannopoulos * src/socket.c: tools: include arpa/inet.h in socket.c 2014-11-07 Nikos Mavrogiannopoulos * doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS client and server 2014-11-07 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: pass the correct user type to protected authentication login 2014-11-07 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc: corrected values for INSECURE level 2014-11-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-07 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user type on reauthentication 2014-11-06 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11: force login on tokens that require it 2014-11-06 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added support for PKCS #11 keys that require reauthentication and simplified pkcs11_login 2014-11-06 Nikos Mavrogiannopoulos * gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos 2014-11-05 Nikos Mavrogiannopoulos * src/cli-debug.c, src/common.c, src/common.h, src/tests.c: gnutls-cli-debug: backported changes from 3.4.0 branch 2014-11-05 Chen Hongzhi * lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos 2014-11-04 Nikos Mavrogiannopoulos * doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive 2014-11-04 Chris Barry * doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi: Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos 2014-11-04 Nikos Mavrogiannopoulos * lib/ext/alpn.c: updated text 2014-11-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-11-03 Jaak Ristioja * lib/system_override.c: doc: Added missing reference for EMSGSIZE to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos 2014-11-03 Jaak Ristioja * lib/system_override.c: doc: Fixed typo in inline comment of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos 2014-11-02 Nikos Mavrogiannopoulos * lib/gnutls_errors.c: updated the text for GNUTLS_E_UNSUPPORTED_VERSION_PACKET 2014-11-01 Nikos Mavrogiannopoulos * lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id set the id_size 2014-11-01 Nikos Mavrogiannopoulos * lib/pkcs11.c: deinitialize the temporary spki data 2014-10-31 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/init_fds.c: tests: added test for gnutls_global_init after all descriptors are closed Conflicts: tests/Makefile.am 2014-10-31 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h: corrected check for urandom fd 2014-10-31 Nikos Mavrogiannopoulos * lib/gnutls_global.c: corrected exit state from gnutls_global_init 2014-10-31 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-31 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to account the new behavior 2014-10-31 Nikos Mavrogiannopoulos * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/nettle/rnd-common.c: dropped gnutls_fd_in_use, it is no longer necessary Conflicts: lib/libgnutls.map 2014-10-31 Nikos Mavrogiannopoulos * lib/crypto-backend.h, lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c, lib/random.h: When gnutls_global_init() is called manually from the application check the urandom fd for validity That addresses the issue where a server closes all open file descriptors and then calls gnutls_global_init(). Conflicts: lib/nettle/rnd-common.c 2014-10-29 Nikos Mavrogiannopoulos * lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits 2014-10-29 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-28 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: doc update 2014-10-28 Nikos Mavrogiannopoulos * lib/gnutls_state.c: do not explicitly refresh rnd state on session deinit It is already being refreshed during the session lifetime. 2014-10-26 Nikos Mavrogiannopoulos * configure.ac: disable hardware acceleration by default in solaris 2014-10-25 Nikos Mavrogiannopoulos * tests/dtls/dtls: tests: dtls-stress -r disabled as it causes issues when used with freebsd kernel 2014-10-25 Nikos Mavrogiannopoulos * lib/accelerated/x86/elf/aes-ssse3-x86.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/cpuid-x86.s, lib/accelerated/x86/elf/cpuid-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/ghash-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-avx-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef directive in assembly files, as it isn't portable 2014-10-23 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am: check and use libnsl (used in solaris) 2014-10-23 Nikos Mavrogiannopoulos * lib/accelerated/x86/elf/aes-ssse3-x86.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/cpuid-x86.s, lib/accelerated/x86/elf/cpuid-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/ghash-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-avx-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: use the .note.GNU-stack in linux systems only 2014-10-23 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4, gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4, gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h, gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am, src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h, src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib 2014-10-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-23 Nikos Mavrogiannopoulos * tests/suite/pkcs11-get-issuer.c: tests: check the issuer value validity of gnutls_x509_trust_list_get_issuer 2014-10-23 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: corrected bug in gnutls_x509_trust_list_get_issuer() when used without the GNUTLS_TL_GET_COPY flag 2014-10-22 Nikos Mavrogiannopoulos * tests/slow/Makefile.am: tests: include minitasn1 when needed 2014-10-22 Nikos Mavrogiannopoulos * src/danetool.c: use HAVE_DANE ifdef for unused functions 2014-10-22 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported gnutls_fd_in_use 2014-10-22 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-22 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: document gnutls_fd_in_use() 2014-10-22 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token func is used 2014-10-22 Nikos Mavrogiannopoulos * lib/gnutls_state.c: gnutls_fd_in_use: mention version 2014-10-22 Nikos Mavrogiannopoulos * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to check whether a file descriptor is in use 2014-10-21 Nikos Mavrogiannopoulos * lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode 2014-10-21 Nikos Mavrogiannopoulos * lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in FIPS140-2 mode 2014-10-20 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-05 Nikos Mavrogiannopoulos * src/certtool.c: certtool: default pkcs-cipher is now 3des as in PKCS #12 2014-10-17 Nikos Mavrogiannopoulos * src/cli-args.def: gnutls-cli: prevent the combination of the -p and --list options As -p may be mistaken for --priority that would prevent wrong outputs. 2014-10-17 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: avoid d from getting out of scope 2014-10-17 Nikos Mavrogiannopoulos * src/udp-serv.c: gnutls-serv: avoid possible buffer overrun 2014-10-17 Nikos Mavrogiannopoulos * lib/x509/privkey.c: avoid memory leak on gnutls_x509_privkey_generate() failure 2014-10-15 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable 1024-bit DSA parameters when generating 2014-10-14 Ludovic Courtès * guile/src/core.c: guile: Remove trailing zero in 'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17), 'set-session-server-name!' would pass a trailing nul character on the wire after the server name, which would thus be rejected by servers. 2014-10-14 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c, lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation changes to account for seed starting with null byte 2014-10-14 Nikos Mavrogiannopoulos * src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula. 2014-10-10 Nikos Mavrogiannopoulos * lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of phi(n) for RSA key generation in FIPS-140-2 mode 2014-10-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized SHA224 2014-10-14 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: simplified getrusage code; the failure check code wasn't needed 2014-10-13 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-13 Nikos Mavrogiannopoulos * tests/x509-extensions.c: tests: added check for import failure of v1 certificate with extensions 2014-10-13 Nikos Mavrogiannopoulos * lib/x509/x509.c: do not allow importing X.509 certificates with version < 3 and extensions present 2014-10-13 Nikos Mavrogiannopoulos * cfg.mk: update the guile manual along the C one 2014-10-13 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2014-10-13 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-11 Nikos Mavrogiannopoulos * src/libopts/Makefile.am, src/libopts/ag-char-map.h, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts.h, src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/intprops.h, src/libopts/m4/libopts.m4, src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c, src/libopts/option-value-type.h, src/libopts/option-xat-attribute.c, src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c, src/libopts/proto.h, src/libopts/stdnoreturn.in.h, src/libopts/version.c: updated to libopts 5.18.4 2014-10-11 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: place all rusage variables into HAVE_GETRUSAGE block 2014-10-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-11 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try RUSAGE_SELF 2014-10-10 Nikos Mavrogiannopoulos * tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db file 2014-10-10 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-02 Nikos Mavrogiannopoulos * lib/ext/session_ticket.c: use wait and retransmit when receiving session tickets 2014-10-02 Nikos Mavrogiannopoulos * tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option to dtls-stress That allows it to replay messages in a kind of arbitrary way. 2014-09-25 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: forbid heartbeat messages during a handshake 2014-10-09 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: added internal variable to track handshake status Conflicts: lib/gnutls_handshake.c 2014-10-09 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2014-10-09 Nikos Mavrogiannopoulos * tests/suite/pkcs11-is-known.c: tests: updated time in pkcs11-is-known 2014-10-09 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as fatal 2014-10-09 Nikos Mavrogiannopoulos * tests/chainverify.c, tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: allow running specific chainverify tests on fixed dates Conflicts: tests/chainverify.c tests/suite/pkcs11-chainverify.c tests/test-chains.h 2014-10-09 Nikos Mavrogiannopoulos * lib/x509/common.c: _gnutls_check_valid_key_id: corrected activation/expiration check 2014-10-09 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: simplified and optimized loop 2014-10-09 Nikos Mavrogiannopoulos * doc/cha-crypto.texi: mention nettle as the recommended crypto backend 2014-10-09 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added check to ensure that trust list combination with extra certificates works 2014-10-09 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-09 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: when both a trust module and additional CAs are present account the latter as well That solves an issue in openconnect which used the system trust module, plus additional certificates. Conflicts: lib/x509/verify-high.c 2014-10-09 Nikos Mavrogiannopoulos * lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not given 2014-10-08 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected assignment 2014-10-08 Nikos Mavrogiannopoulos * lib/libgnutls.map: corrected the name of exported function 2014-10-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-07 Nikos Mavrogiannopoulos * tests/test-chains.h: tests: corrected test for v1 cert signing (removed bogus authorityIdentifier) 2014-10-07 Nikos Mavrogiannopoulos * src/certtool.c: certtool: only set the authority key identifier, if there is a corresponding subject key identifier 2014-10-07 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: do not shortcut checks when GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified 2014-10-07 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements. 2014-10-06 Armin Burgmeier * lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs are added to a trust list Before, the new URL would overwrite the old URL, and the memory of theold URL would be leaked. It is documented that only one URL can be used, so it should be safe to reject any attempt to add another one. Signed-off-by: Armin Burgmeier 2014-10-07 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when no CKA_ID can be relied on fallback on checking the SubjectKeyIdentifier Patch by David Woodhouse. 2014-10-02 Nikos Mavrogiannopoulos * lib/gnutls_global.c: report the FIPS140-2 mode 2014-10-07 Nikos Mavrogiannopoulos * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH verification functions 2014-10-07 Nikos Mavrogiannopoulos * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH verification functions 2014-10-07 Nikos Mavrogiannopoulos * tests/suite/pkcs11-is-known.c: tests: corrected check with gnutls_x509_trust_list_get_issuer 2014-10-06 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: corrected remove_pkcs11_url() 2014-10-06 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests: check gnutls_pkcs11_crt_is_known() when multiple same DNs are present 2014-10-06 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: when checking for presence do not give up on the first mismatch 2014-10-06 Nikos Mavrogiannopoulos * lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known() 2014-10-05 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: doc update: clarifications in gnutls_x509_trust_list_add_trust_file 2014-10-02 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: corrected compilation for non-pkcs11; reported by David Woodhouse. 2014-09-29 Nikos Mavrogiannopoulos * NEWS: corrected typo 2014-10-01 Nikos Mavrogiannopoulos * NEWS: doc update 2014-10-01 Nikos Mavrogiannopoulos * tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added check for GNUTLS_TL_GET_COPY 2014-10-01 Nikos Mavrogiannopoulos * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY flag and documented the limitations of gnutls_x509_trust_list_get_issuer() 2014-09-30 Nikos Mavrogiannopoulos * lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the actual function prototypes 2014-09-30 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-26 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions 2014-09-25 Nikos Mavrogiannopoulos * lib/system.c: gnutls_x509_trust_list_add_system_trust() will not allow duplicate entries 2014-09-25 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect d->d_type 2014-09-25 Nikos Mavrogiannopoulos * lib/x509/x509.c: corrected type 2014-09-25 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an infinite loop on handshake 2014-09-25 Nikos Mavrogiannopoulos * lib/gnutls_errors.c: removed unused error values 2014-09-25 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h: restrict the number of non-fatal errors gnutls_handshake() can return 2014-09-25 Nikos Mavrogiannopoulos * lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by splitting the errors to two tables 2014-09-22 Ludovic Courtès * guile/src/core.c: guile: Restore cross-reference in 'set-session-priorities!' docstring. This had been destroyed in 32d90395. 2014-09-22 Ludovic Courtès * guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm, guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the 'server-name-type' enum type. 2014-09-18 Armin Burgmeier * lib/x509/verify-high.c: Memory leak fix on certificate copy failure Signed-off-by: Armin Burgmeier 2014-09-17 Armin Burgmeier * lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier 2014-09-19 Nikos Mavrogiannopoulos * cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk 2014-09-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-19 Nikos Mavrogiannopoulos * libdane/dane.c: libdane: do not require the CA to be a direct CA 2014-09-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-19 Nikos Mavrogiannopoulos * tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced test suite to pass more of the PKCS #11 API under valgrind 2014-09-19 Nikos Mavrogiannopoulos * src/serv-args.def, src/serv.c: gnutls-serv: added the --provider option 2014-09-19 Nikos Mavrogiannopoulos * src/common.c: tools: corrected pin entry 2014-09-19 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: cleaned up memory deallocation in read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported by Joseph Peruski. 2014-09-18 Nikos Mavrogiannopoulos * doc/certtool.cfg: updated certtool.cfg 2014-09-18 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated auto-generated files 2014-09-15 Nikos Mavrogiannopoulos * tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is cancelled out while we parse it, would result to a good signature. 2014-09-18 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-18 Nikos Mavrogiannopoulos * configure.ac: depend on p11-kit 0.20.7 2014-09-17 Nikos Mavrogiannopoulos * configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6 2014-09-04 Nikos Mavrogiannopoulos * m4/hooks.m4: require libtasn1 3.9 or later That is because of the ocsp fix. 2014-09-17 Nikos Mavrogiannopoulos * lib/verify-tofu.c: removed unused variable 2014-09-17 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: added sanity check on cleanup 2014-09-17 Nikos Mavrogiannopoulos * src/certtool.c: certtool: corrected typo in printing error 2014-09-17 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse. 2014-09-16 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust module verification 2014-09-16 Nikos Mavrogiannopoulos * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: unified the key purpose checks functions 2014-09-16 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA will overwrite any previous one with the same name and key. 2014-09-16 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: hostname and key purpose checks were moved above CRL checks 2014-09-16 Nikos Mavrogiannopoulos * lib/x509/output.c, lib/x509/x509_ext.c: doc update 2014-09-16 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped library version 2014-09-16 Nikos Mavrogiannopoulos * lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn() 2014-09-16 Nikos Mavrogiannopoulos * lib/x509/common.c: only deallocate data when allocation succeeds 2014-09-16 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-15 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c: updated libtasn1 2014-09-15 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: documented the environment variables 2014-09-15 Nikos Mavrogiannopoulos * lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: Backported x509_raw_crt_to_raw_pubkey and x509_crt_to_raw_pubkey 2014-09-12 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-12 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: print Attached Extensions, instead of extensions 2014-09-12 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: when adding a duplicate certificate, keep the last entry 2014-09-12 Nikos Mavrogiannopoulos * tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not hardcode the chain number, use its name 2014-09-11 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509-ext.h, lib/libgnutls.map, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c, src/pkcs11.c: fixes in the extension handling 2014-09-11 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: will print trust module extensions if present 2014-09-10 Nikos Mavrogiannopoulos * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: check the key purpose of the CA certificate when in pkcs11 cert validation 2014-09-10 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h, lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions in a trust module using GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT Conflicts: lib/pkcs11.c 2014-09-10 Nikos Mavrogiannopoulos * lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c, lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h and prefixed s/get_extension with _gnutls 2014-09-10 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: doc update 2014-09-09 Nikos Mavrogiannopoulos * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for flexibility. Conflicts: lib/libgnutls.map 2014-09-08 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: doc update 2014-09-08 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c, lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and gnutls_x509_crq_get_extension_by_oid2() 2014-09-08 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/verify-high.c: Added gnutls_x509_trust_list_verify_purpose_crt() Conflicts: lib/libgnutls.map 2014-09-13 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-13 Nikos Mavrogiannopoulos * configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate pkcs11x.h when it doesn't exist 2014-09-13 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/pkcs11.c, lib/pkcs11x.h: added pkcs11x.h 2014-09-13 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls Conflicts: tests/Makefile.am 2014-09-13 Nikos Mavrogiannopoulos * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the invalid status Reported by Armin Burgmeier. 2014-09-13 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: doc update 2014-09-12 Nikos Mavrogiannopoulos * lib/pkcs11x.c: added missing file 2014-09-13 Nikos Mavrogiannopoulos * lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always set the invalid status" This reverts commit 950b62da58542938adec366620948c85b78607dd. 2014-09-13 Nikos Mavrogiannopoulos * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the invalid status Reported by Armin Burgmeier. 2014-09-05 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-08 Nikos Mavrogiannopoulos * src/tpmtool.c: tpmtool: corrected key password read 2014-09-08 Nikos Mavrogiannopoulos * src/danetool.c: set umask prior to calling mkstemp 2014-09-08 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: initialize verification output to zero 2014-09-08 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: dtls: when discarding packet, discard the correct number of bytes 2014-09-08 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: check_ip: initialize ret 2014-09-08 Nikos Mavrogiannopoulos * lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to null to prevent any issue 2014-09-08 Nikos Mavrogiannopoulos * lib/pkcs11.c: do not dereference find_data->p_list in pkcs11 callback 2014-09-08 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: corrected issue in fips RNG 2014-09-08 Nikos Mavrogiannopoulos * lib/nettle/pk.c: added comment to clarify check 2014-09-08 Nikos Mavrogiannopoulos * lib/opencdk/literal.c: opencdk: corrected unsigned comparison 2014-09-08 Nikos Mavrogiannopoulos * lib/tpm.c: fixes in loop for SRK password input 2014-09-08 Nikos Mavrogiannopoulos * src/common.c: apps: corrected GNUTLS_PIN reading 2014-09-08 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir: corrected CRL loading error 2014-09-08 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: corrected copy+paste error 2014-09-05 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-05 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: corrected usage of readdir_r() 2014-09-05 Nikos Mavrogiannopoulos * src/ocsptool-common.c: ocsptool: better error message 2014-09-05 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: reentrant fixes for gnutls_x509_trust_list_add_trust_dir() handle unknown file types 2014-09-05 Nikos Mavrogiannopoulos * tests/ocsp.c: doc update 2014-09-05 Nikos Mavrogiannopoulos * m4/hooks.m4, tests/ocsp.c: Revert "require libtasn0 3.9 or later" This reverts commit 07a906b4e5c9d1446aee1bf4e091fefa1f1eb1da. 2014-09-04 Nikos Mavrogiannopoulos * lib/x509/x509_dn.c: optimized escaped comma handling 2014-09-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-04 Nikos Mavrogiannopoulos * m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix. 2014-09-04 Nikos Mavrogiannopoulos * tests/crq_apis.c: tests: extended crq API checks 2014-09-04 Nikos Mavrogiannopoulos * lib/x509/x509_write.c: doc update 2014-09-04 Nikos Mavrogiannopoulos * lib/x509/x509_dn.c: when setting a DN properly handle spaces and escaped commas 2014-09-04 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/x509.c: The get_raw_dn() functions were modified to work even if the certificate is generated (not imported) 2014-09-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-04 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets which have data. Reported by Manuel Pégourié-Gonnard. 2014-09-04 Nikos Mavrogiannopoulos * configure.ac, lib/vasprintf.c: steal openconnect's vasprintf() implementation 2014-09-04 Nikos Mavrogiannopoulos * lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff Lee 2014-09-04 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2014-09-04 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated included libtasn1 2014-09-04 Nikos Mavrogiannopoulos * tests/ocsp.c: tests: Added tests on the invalid OCSP response 2014-09-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-03 Nikos Mavrogiannopoulos * lib/x509/common.h, lib/x509/verify.c: when comparing an end-certificate with the trusted list compare the entire certificate 2014-09-02 Nikos Mavrogiannopoulos * tests/test-chains.h: tests: Added test for amazon.com chain with new verisign CA. 2014-09-02 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. That can happen when an intermediate CA certificate is replaced by a self-signed one. 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new allocations and keep a pointer to the DER data for DN 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when importing a CRL keep the DER data 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when importing a certificate, keep the DER data 2014-09-03 Nikos Mavrogiannopoulos * lib/fips.c: fips140: check the integrity of GMP 2014-09-02 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h, lib/gnutls_global.c, lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two rounds One round is before the AES acceleration is registered, and the second is after. That is to allow testing of the AES implementation used in the DRBG. That is a hack until nettle handles all cipher acceleration. Conflicts: lib/gnutls_global.c 2014-09-01 Nikos Mavrogiannopoulos * NEWS: doc update 2014-09-01 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: name constraints: do not check CN when a DNSname is available 2014-09-01 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h: drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions. 2014-09-01 Nikos Mavrogiannopoulos * lib/crypto-selftests.c: fips140: fail on encryption test failure 2014-09-01 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails, put the library into error state 2014-08-31 Nikos Mavrogiannopoulos * doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex: small doc updates 2014-08-31 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc: fixes in sectioning for p11tool and tpmtool invocation 2014-08-29 Tristan Matthews * lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos 2014-08-29 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: allow printing multiple types of tokens 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: refer to rfc6125 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/privkey.c: additional sanity check in RSA key generation testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to prevent any issues with an accidental null encryption. 2014-08-29 Nikos Mavrogiannopoulos * lib/x509/privkey.c: when in FIPS140-2 mode switch the library to error state if key generation fails 2014-08-29 Nikos Mavrogiannopoulos * cfg.mk, configure.ac, devel/openssl, lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c: added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support for padlock. 2014-08-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-28 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: when listing tokens, list their type as well 2014-08-27 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s 2014-08-27 Nikos Mavrogiannopoulos * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import data in a single pass 2014-08-26 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-26 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple objects at a time That improves the performance significantly when reading from tokens with a significant number of objects. Reported by David Woodhouse. 2014-08-26 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: do not fail the entire operation if a single object cannot be imported 2014-08-26 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: allow objects without label or without ID 2014-08-26 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-26 Nikos Mavrogiannopoulos * tests/test-chains.h: tests: updated name constraints checks to not include a CN 2014-08-26 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c, lib/x509/x509.c: doc update 2014-08-26 Nikos Mavrogiannopoulos * lib/x509/verify.c: only check name constraints in non-CA certificates 2014-08-26 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: ignore constraints for different type than the checked 2014-08-26 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: when verifying name constrains enforce the single CN rule 2014-08-25 Nikos Mavrogiannopoulos * src/libopts/autoopts.h: check for stdnoreturn.h presence 2014-08-24 Alon Bar-Lev * tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl: support separate builddir Signed-off-by: Alon Bar-Lev 2014-08-24 Alon Bar-Lev * lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev 2014-08-24 Nikos Mavrogiannopoulos * NEWS: released 3.3.7 2014-08-23 Nikos Mavrogiannopoulos * lib/gnutls_record.c: record: tolerate a finished packet with errors in DTLS 2014-08-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-23 Nikos Mavrogiannopoulos * lib/gnutls_record.c: record: in DTLS discard only messages that cause unexpected packet errors 2014-08-23 Nikos Mavrogiannopoulos * src/socket.c: tools: use the AI_IDN flag in getaddrinfo if it exists 2014-08-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-23 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool-extras.c, src/common.c, src/danetool.c, src/socket.c: danetool: added openssl-linking exception That allows linking against unbound. 2014-08-23 Nikos Mavrogiannopoulos * src/danetool.c: danetool: ensure the temporary file is always removed 2014-08-22 Nikos Mavrogiannopoulos * lib/gnutls_errors.c: doc update 2014-08-22 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA parameter generation only when FIPS-mode is enabled. 2014-08-22 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024, qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7. 2014-08-21 Nikos Mavrogiannopoulos * lib/system.c: use the windows API in windows even if iconv is available 2014-08-20 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c: updated libtasn1 2014-08-20 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c: updated minitasn1 2014-08-20 Nikos Mavrogiannopoulos * m4/hooks.m4: configure: print error message when nettle is 3.0 or later 2014-08-18 Nikos Mavrogiannopoulos * lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed to re-import. 2014-08-17 Nikos Mavrogiannopoulos * lib/verify-tofu.c: doc update 2014-08-17 Nikos Mavrogiannopoulos * lib/verify-tofu.c: doc update 2014-08-16 Nikos Mavrogiannopoulos * lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h: Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the previous import failed. 2014-08-14 Nikos Mavrogiannopoulos * symbols.last: symbols.last: added private entry 2014-08-14 Nikos Mavrogiannopoulos * src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode command line option That option will report the status of the FIPS140-2 mode in the library. 2014-08-14 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-14 Nikos Mavrogiannopoulos * lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140-2 mode 2014-08-13 Nikos Mavrogiannopoulos * src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs 2014-08-13 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-13 Nikos Mavrogiannopoulos * src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c: gnutls-cli/danetool: added a common check for hostname being an IP 2014-08-13 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more than a single hostname. 2014-08-13 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the rfc6125 requirement that a single CN must be present for hostname verification. 2014-08-12 Nikos Mavrogiannopoulos * tests/hostname-check.c: tests: check that gnutls_x509_crt_check_hostname() will correctly use the last CN when multiple 2014-08-12 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: when checking the hostname of a certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2 2014-08-11 Nikos Mavrogiannopoulos * src/benchmark-cipher.c: gnutls-cli: more organized printing of cipher benchmark output 2014-08-11 Nikos Mavrogiannopoulos * src/benchmark-tls.c: gnutls-cli: removed salsa20 from the benchmarked ciphers 2014-08-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-11 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map: mac_to_entry -> _gnutls_mac_to_entry 2014-08-10 Nikos Mavrogiannopoulos * lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to keys tests for new internal API 2014-08-10 Nikos Mavrogiannopoulos * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: tests: test the decoding of a PKCS #12 structure with SHA256 MAC 2014-08-10 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow verification with structures that support other than HMAC-SHA1 MACs. 2014-08-11 Nikos Mavrogiannopoulos * lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP 2014-08-10 Nikos Mavrogiannopoulos * lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse() 2014-08-09 Nikos Mavrogiannopoulos * src/danetool.c: danetool: obtain certificate only once 2014-08-09 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped version 2014-08-09 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new functions 2014-08-09 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: modified prototype and doc to be recognized by doc parser 2014-08-09 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-09 Nikos Mavrogiannopoulos * src/cli-debug-args.def, src/danetool-args.def, src/socket.c: danetool/gnutls-cli-debug: added support for imap starttls 2014-08-09 Nikos Mavrogiannopoulos * doc/manpages/tpmtool.1: auto-generated files update 2014-08-09 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-09 Nikos Mavrogiannopoulos * src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug: supports SMTP starttls 2014-08-09 Nikos Mavrogiannopoulos * src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: danetool: supports SMTP starttls 2014-08-09 Nikos Mavrogiannopoulos * src/danetool-args.def, src/danetool.c, src/socket.c: danetool: improvements in information presentation 2014-08-09 Nikos Mavrogiannopoulos * libdane/dane.c: libdane: disable debugging mode 2014-08-08 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-08 Nikos Mavrogiannopoulos * src/Makefile.am, src/cli.c, src/danetool.c, src/ocsptool-common.c, src/socket.c, src/socket.h, tests/suite/testdane: danetool: if the certificate to verify against is not provide it try to obtain it 2014-08-08 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: updated documentation for gnutls_handshake() 2014-08-08 Nikos Mavrogiannopoulos * lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys. 2014-08-08 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: corrected typo 2014-08-08 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-08 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: added --info parameter That allows obtaining information on a specific object. 2014-08-08 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That is, this performs an object URL comparison, rather than a token URL usage. 2014-08-08 Nikos Mavrogiannopoulos * src/p11tool.c: p11tool: only print the debugging message in debuglevel > 4 2014-08-08 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP 2014-08-07 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: removed reference to UMAC 2014-08-07 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: removed references to SALSA20 2014-08-07 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: doc update 2014-08-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-07 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key. 2014-08-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-07 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, src/pkcs11.c: gnutls_pkcs11_flags_get_str -> gnutls_pkcs11_obj_flags_get_str 2014-08-07 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c: tests: ensure that no environment variables confuse softhsm 2014-08-07 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: testpkcs11: exit if export_pubkey_of_privkey fails 2014-08-07 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c: pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags, and gnutls_pkcs11_flags_get_str() allows printing them. 2014-08-07 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced gnutls_pkcs11_obj_flags 2014-08-06 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-06 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: simplify the passing of flags and pass the key wrapping flag 2014-08-06 Nikos Mavrogiannopoulos * src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were updated 2014-08-06 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-06 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: _gnutls_privkey_get_mpis: extended to work for PKCS #11 keys 2014-08-06 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_privkey.c: doc update 2014-08-06 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of gnutls_pkcs11_privkey_get_pubkey; named gnutls_pkcs11_privkey_export_pubkey Conflicts: lib/libgnutls.map 2014-08-06 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-06 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return GNUTLS_E_INVALID_REQUEST on invalid params 2014-08-06 Nikos Mavrogiannopoulos * src/p11tool.c: p11tool: activate the --batch option 2014-08-06 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: testpkcs11: Test the export of public key 2014-08-06 Wolfgang Meyer zu Bergsten * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten 2014-08-04 Wolfgang Meyer zu Bergsten * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11 subsystem There are cases where we need to export the public key of private key at a later time. Previously, the public key was only available immediately after creation of a key pair. This patch allows to retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten 2014-08-06 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: documented flags format 2014-08-04 Wolfgang Meyer zu Bergsten * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten 2014-08-06 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and CAMELLIA to the list of default ciphers 2014-08-05 Nikos Mavrogiannopoulos * lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with non-zero 2014-08-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-08-04 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: pkcs8: initialize parameters on decryption 2014-07-31 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c, lib/system.h, lib/x509/verify-high2.c: several windows compilation fixes Conflicts: lib/atfork.h 2014-07-29 Nikos Mavrogiannopoulos * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3, src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts.c, src/libopts/autoopts.h, src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c, src/libopts/check.c, src/libopts/compat/compat.h, src/libopts/compat/windows-config.h, src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c, src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c, src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c, src/libopts/nested.c, src/libopts/numeric.c, src/libopts/option-value-type.c, src/libopts/option-value-type.h, src/libopts/option-xat-attribute.c, src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c, src/libopts/parse-duration.h, src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c, src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c, src/libopts/stack.c, src/libopts/streqvcmp.c, src/libopts/text_mmap.c, src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: updated to libopts 5.18.3 2014-07-29 Nikos Mavrogiannopoulos * build-aux/config.rpath, build-aux/gendocs.sh, doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4, gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4, src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c, src/gl/select.c, src/gl/xalloc.h: updated gnulib 2014-07-29 Nikos Mavrogiannopoulos * lib/x509/pkcs12.c: updated documentation for gnutls_pkcs12_simple_parse 2014-07-29 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped versions 2014-07-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-28 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/inet_pton.c, lib/system.h, lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of the library. 2014-07-28 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: Added text on PKCS #11 verification 2014-07-27 Nikos Mavrogiannopoulos * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile applications that use a header of gnutls. Report and patch Ryan Schmidt. 2014-07-27 Nikos Mavrogiannopoulos * Makefile.am, configure.ac, doc/Makefile.am: check for sed in configure.ac and use the output variable in Makefiles 2014-07-24 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: doc update 2014-07-23 Nikos Mavrogiannopoulos * tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER to dane_state_init That prevents unbound from complaining in systems where no DNSSEC functionality is present. 2014-07-23 Nikos Mavrogiannopoulos * libdane/dane.c: doc update 2014-07-23 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: added libdane/includes to includes dir 2014-07-23 Nikos Mavrogiannopoulos * NEWS: released 3.3.6 2014-07-23 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added missing functions 2014-07-22 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped library version 2014-07-22 Nikos Mavrogiannopoulos * libdane/dane.c: libdane: simplified initialization of variables. 2014-07-22 Nikos Mavrogiannopoulos * libdane/dane.c: libdane: bogus and secure values are always initialized in dane_query_to_raw_tlsa 2014-07-22 Nikos Mavrogiannopoulos * tests/dane.c: tests: eliminated leak from dane check 2014-07-22 Nikos Mavrogiannopoulos * libdane/dane.c: libdane: use gnutls_malloc() and doc update 2014-07-22 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/dane.c: Added self test for DANE raw functions 2014-07-22 Nikos Mavrogiannopoulos * src/danetool-args.def, src/danetool.c: danetool: added option to print the raw entries. 2014-07-22 Nikos Mavrogiannopoulos * libdane/dane.c: doc update 2014-07-22 Nikos Mavrogiannopoulos * lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols 2014-07-22 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES IV set. 2014-07-22 Nikos Mavrogiannopoulos * lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added _gnutls_prf_raw() which can calculate the TLS PRF without depending on a session structure. 2014-07-22 Nikos Mavrogiannopoulos * lib/fips.c: fips140-2: do not check the libtasn1's integrity 2014-07-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding, and there can be ambiguities when using that over SSL 3.0. See: http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html 2014-07-22 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to any action That allows a valid err_pos, even on a memory allocation error. Reported by Dan Fandrich. 2014-07-22 Nikos Mavrogiannopoulos * doc/TODO: updated TODO 2014-07-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: minimum version was changed to TLS 1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard. 2014-07-21 Nikos Mavrogiannopoulos * lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when returned on reinitialization 2014-07-21 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c: tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir() 2014-07-21 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: doc update 2014-07-21 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-21 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir() 2014-07-21 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c, lib/x509/verify-high2.c: Added gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory with trusted certificates. 2014-07-21 Nikos Mavrogiannopoulos * configure.ac, lib/system.c: Allow specifying a directory as trust store 2014-07-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-10 Simon Arlott * libdane/dane.c, libdane/includes/gnutls/dane.h, libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for dane_raw_tlsa() to make it easy to copy the results of the (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for dane_data_len to avoid trying to malloc 0 bytes if q->data_entries is 0 (it is possible for malloc/calloc to return NULL when requested to allocate 0 bytes). Signed-off-by: Simon Arlott 2014-07-08 Nikos Mavrogiannopoulos * lib/fips.c: FIPS140-2 tests: no need for MD5 check 2014-07-08 Nikos Mavrogiannopoulos * lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple (and time-consuming) tests. 2014-07-08 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: Allow specifying GNUTLS_CPUID_OVERRIDE in either hex or decimal. 2014-07-08 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-08 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: Added option to disable any cpu optimizations 2014-07-08 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID registers 2014-07-08 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.c: Allow overriding the detected CPUID using the GNUTLS_CPUID_OVERRIDE environment variable 2014-07-08 Nikos Mavrogiannopoulos * lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency check for RSA encryption 2014-07-08 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048 and DSA-3072 bit keys, as well as SHA256. 2014-07-08 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048 and RSA-3072 bit keys 2014-07-08 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: tests: check RSA with SHA256 2014-07-08 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA encrypted data differ from plaintext 2014-07-07 Nikos Mavrogiannopoulos * lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV size required by SP800-38D (section 8.2) 2014-07-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-07 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-common.c, src/certtool-common.h, src/certtool.c, src/p11tool-args.def, src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use when generating a key. 2014-07-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-07 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set CKA_EC_PARAMS when generating an ECDSA key 2014-07-07 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: only print warning about key sizes in RSA keys 2014-07-07 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: make brief output more brief 2014-07-07 Nikos Mavrogiannopoulos * lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead of memset() 2014-07-06 Nikos Mavrogiannopoulos * libdane/dane.c: dane: Skip DANE entries that may contain unknown info That would allow skipping any future entries without failing. Reported by Simon Arlott. 2014-07-06 Nikos Mavrogiannopoulos * libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by Simon Arlott. 2014-07-06 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: examples: mention that gnutls_global_init() is optional 2014-07-06 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: doc: mention and link to trust storage module 2014-07-06 Nikos Mavrogiannopoulos * doc/cha-bib.texi, doc/cha-tokens.texi: doc update 2014-07-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-04 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero length. 2014-07-04 Nikos Mavrogiannopoulos * lib/pkcs11.c: Increased number of attributes 2014-07-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-03 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: try to restart on session errors, to avoid having a failed call. 2014-07-03 Nikos Mavrogiannopoulos * lib/pkcs11.c: corrected pkcs11 reinitialization 2014-07-03 Nikos Mavrogiannopoulos * lib/pkcs11_privkey.c: If we get a PKCS #11 session error, invalidate the cached session. 2014-07-03 Nikos Mavrogiannopoulos * lib/pkcs11.c: set the maximum value when printing library_description 2014-07-03 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS #11 privkey cached session 2014-07-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-03 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted and private objects, and there is no one-size fits all policy. Thus allow a proper failure and warn the user that so-login may be required. 2014-07-03 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: testpkcs11: Try to write the trusted object both by so-pin and normal pin 2014-07-02 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: tests: testpkcs11: temp parameters are deleted after generation 2014-07-02 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2014-07-02 Nikos Mavrogiannopoulos * tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm 2014-07-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-02 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and GNUTLS_SO_PIN when setting the PINs of an initialized token. 2014-07-02 Nikos Mavrogiannopoulos * tests/slow/gendh.c: tests: gendh: increased the DH prime size to allow usage under FIPS140-2 mode 2014-07-02 Nikos Mavrogiannopoulos * src/common.c: tools: when in batch mode and no PIN, print a note about using the environment variables 2014-07-02 Nikos Mavrogiannopoulos * tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode. 2014-07-02 Nikos Mavrogiannopoulos * tests/crq_key_id.c: tests: improved error reporting in crq_key_id 2014-07-02 Nikos Mavrogiannopoulos * doc/cha-upgrade.texi: doc: properly terminate table 2014-07-02 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter generation. 2014-07-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-02 Nikos Mavrogiannopoulos * src/certtool.c, src/common.c, src/common.h, src/danetool.c, src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch mode and will not ask for PIN. 2014-07-02 Nikos Mavrogiannopoulos * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not specified. Added --batch parameter to disable interaction. 2014-07-02 Nikos Mavrogiannopoulos * src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is only a single token available, don't bother complaining about specifying the correct URL 2014-07-02 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.h: updated comment 2014-07-01 Nikos Mavrogiannopoulos * NEWS: doc update 2014-07-01 Nikos Mavrogiannopoulos * src/certtool-args.def: certtool: document that URLs are supported 2014-07-01 Nikos Mavrogiannopoulos * src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable 2014-07-01 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/testpkcs11, tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm, tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite 2014-07-01 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2(): corrected public key extraction (for ECDSA keys) 2014-07-01 Nikos Mavrogiannopoulos * src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading security officer's PIN 2014-07-01 Nikos Mavrogiannopoulos * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process. 2014-06-30 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4 and IPv6 address matching. 2014-06-29 Nikos Mavrogiannopoulos * tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE 2014-06-29 Nikos Mavrogiannopoulos * doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from 3.2.x 2014-06-27 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: do not exit the loop in case a name doesn't fit into our buffer. 2014-06-27 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it as a hostname There are several misconfigured servers that placed their IP as a DNS name. Pointed out by David Woodhouse. 2014-06-27 Nikos Mavrogiannopoulos * lib/x509/output.c: supress warnings 2014-06-27 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-27 Nikos Mavrogiannopoulos * configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton instead for AF_INET6 2014-06-27 Nikos Mavrogiannopoulos * configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP addresses. The old dumb code is used in systems that don't have that function. 2014-06-27 Nikos Mavrogiannopoulos * tests/hostname-check.c: tests: Added test cases for IPv4/6 matching. 2014-06-27 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() checks text ip addresses as well. That aligns the documentation with the implementation. Reported by David Woodhouse. 2014-06-27 Nikos Mavrogiannopoulos * lib/gnutls_str.c: initialize str to NULL 2014-06-26 Nikos Mavrogiannopoulos * lib/x509/crl.c: fixed documentation 2014-06-26 Nikos Mavrogiannopoulos * tests/cert-tests/aki, tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, tests/suite/crl-test, tests/suite/invalid-cert, tests/suite/testcompat-main, tests/suite/testrandom: tests: better replacement of LIBTOOL variable in scripts 2014-06-26 Nikos Mavrogiannopoulos * tests/Makefile.am: tests: ship certs/ 2014-06-26 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new symbols 2014-06-26 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2014-06-25 Nikos Mavrogiannopoulos * src/serv-args.def, src/serv.c: gnutls-serv: removed the --print-cert option; the cert was anyway being printed. 2014-06-18 Nikos Mavrogiannopoulos * doc/TODO: doc update 2014-06-26 Nikos Mavrogiannopoulos * src/p11tool-args.def: corrected typo 2014-06-26 Nikos Mavrogiannopoulos * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/element.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: minitasn1: updated to version 4.0 2014-06-26 Nikos Mavrogiannopoulos * src/p11tool-args.def: p11tool: updated documentation 2014-06-26 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: Warn when no --outfile has been specified on key generation 2014-06-26 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-26 Nikos Mavrogiannopoulos * tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12 structure generation and decoding. 2014-06-26 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-common.c, src/certtool-common.h, src/certtool.c: certtool: allow specifying the friendly name on the command line and use the load-ca-certificate 2014-06-25 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: warn in more operations if --login is not specified 2014-06-25 Nikos Mavrogiannopoulos * src/pkcs11.c: p11tool: No longer assume a default URL for operations. 2014-06-25 Nikos Mavrogiannopoulos * src/common.c: p11tool: Do not allow a newline as PIN. 2014-06-25 Nikos Mavrogiannopoulos * lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length is zero. 2014-06-18 Nikos Mavrogiannopoulos * THANKS: updated thanks file 2014-06-18 Nikos Mavrogiannopoulos * README: clarified license text 2014-06-17 Nikos Mavrogiannopoulos * src/cli.c: gnutls-cli: Do not try to load the system CA trust if --insecure is specified. 2014-06-17 Nikos Mavrogiannopoulos * lib/gnutls_srp.c: doc: more consistent use of pointer star. 2014-06-16 Attila Molnar * lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior for the SRP server callback Signed-off-by: Attila Molnar 2014-06-16 Attila Molnar * doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc: Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates in both the SRP and the X.509 server example Signed-off-by: Attila Molnar 2014-06-16 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c, lib/gnutls_record.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet in the future. 2014-06-16 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output the same on resumed sessions. 2014-06-16 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-16 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c: Test the return code of gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11 token. Check whether the return code of gnutls_x509_trust_list_add_trust_file() is non-zero when certificates are present. 2014-06-16 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file(): returns the number of certificates present when loading a PKCS #11 URL. 2014-06-16 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: Allow marking a certificate as a CA. 2014-06-16 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA (category==CA) 2014-06-15 Nikos Mavrogiannopoulos * doc/README.CODING_STYLE: coding style: update the DCO text 2014-06-15 Attila Molnar * lib/gnutls_state.c: doc: Corrections for gnutls_handshake_set_hook_function() 2014-06-09 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: doc: updated text for the ALPN experimental protocols 2014-06-09 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they are duplicated in the section index. 2014-06-09 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-09 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/eagain-common.h, tests/mini-x509-callbacks-intr.c: tests: Added check for the interrupted post client hello. 2014-06-09 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c: handshake: Allow the post client hello callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED, and can be resumed when needed. 2014-06-06 Nikos Mavrogiannopoulos * src/benchmark-tls.c: use the new API for receiving data 2014-06-06 Nikos Mavrogiannopoulos * tests/anonself.c: Adapted test to check gnutls_record_recv_packet(). 2014-06-06 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-06 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(), i.e., a variant that eliminates the data memcpy(). 2014-06-06 Nikos Mavrogiannopoulos * src/tests.c: gnutls-cli-debug: Use proper HTTP request 2014-06-06 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-06 Nikos Mavrogiannopoulos * lib/x509/common.c: When decoding of a DN string fails, treat it as unknown string and print its hex value. 2014-06-05 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: Print errors but avoid being verbose on stderr 2014-06-05 Nikos Mavrogiannopoulos * src/certtool-common.c: certtool: avoid sizeof() on lbuffer 2014-06-05 Nikos Mavrogiannopoulos * src/certtool-common.c: certtool: ensure that allocated buffer has a minimum size of 64kb. 2014-06-05 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool.c: certtool: Added option --stdout-info 2014-06-05 Nikos Mavrogiannopoulos * lib/x509/x509.c: initialize iterator. 2014-06-05 Nikos Mavrogiannopoulos * lib/x509/crl.c: corrected the allocation size for CRL iterator. 2014-06-05 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/crl-test, tests/suite/crl/long.pem: Added test for CRL decoding. 2014-06-05 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial() thread-safe by making the iterator explicit. 2014-06-05 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/aki, tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, tests/suite/Makefile.am, tests/suite/invalid-cert, tests/suite/testcompat-main, tests/suite/testrandom: Pass the LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an issue on OS X systems that ship a different libtool. Reported by Daniel E. Macks. 2014-06-04 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial. 2014-06-04 Nikos Mavrogiannopoulos * lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally 2014-06-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-06-04 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added gnutls_x509_crl_get_crt_serial2(), a faster variant of gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL structures with lots of entries (e.g., 50000+ entries). 2014-06-04 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool-common.h, src/certtool.c, src/danetool.c: certtool: When an external file is used increase out maximum buffer accordingly. 2014-06-04 Nikos Mavrogiannopoulos * lib/x509/output.c: Abort printing on error. 2014-06-04 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: tie the weak DH warning to the very weak security parameter. 2014-06-03 Nikos Mavrogiannopoulos * m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at http://savannah.gnu.org/support/?108592 2014-06-02 Nikos Mavrogiannopoulos * lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid SSLv2 hello length. 2014-05-31 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2014-05-30 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-30 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2014-05-30 Nikos Mavrogiannopoulos * devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s, lib/accelerated/x86/coff/aes-ssse3-x86_64.s, lib/accelerated/x86/coff/aesni-x86.s, lib/accelerated/x86/coff/aesni-x86_64.s, lib/accelerated/x86/coff/e_padlock-x86.s, lib/accelerated/x86/coff/e_padlock-x86_64.s, lib/accelerated/x86/coff/ghash-x86_64.s, lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, lib/accelerated/x86/coff/sha256-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, lib/accelerated/x86/elf/aes-ssse3-x86.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/ghash-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, lib/accelerated/x86/macosx/aes-ssse3-x86.s, lib/accelerated/x86/macosx/aes-ssse3-x86_64.s, lib/accelerated/x86/macosx/aesni-x86.s, lib/accelerated/x86/macosx/aesni-x86_64.s, lib/accelerated/x86/macosx/e_padlock-x86.s, lib/accelerated/x86/macosx/e_padlock-x86_64.s, lib/accelerated/x86/macosx/ghash-x86_64.s, lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, lib/accelerated/x86/macosx/sha256-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm sources 2014-05-29 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-29 Nikos Mavrogiannopoulos * cross.mk: updated windows makefile 2014-05-29 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update files for gnutls_credentials_get() 2014-05-29 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2014-05-29 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/long-session-id.c: Added test for memory corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit. 2014-05-25 Nikos Mavrogiannopoulos * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated libtasn1 2014-05-25 Nikos Mavrogiannopoulos * lib/x509/common.c: avoid cleanup when there are no allocations in _gnutls_x509_der_encode(). 2014-05-25 Nikos Mavrogiannopoulos * lib/gnutls_ecc.c: cleanup resources on _gnutls_ecc_ansi_x963_export() failure. 2014-05-25 Nikos Mavrogiannopoulos * src/serv-args.def, src/serv.c: Added the --print-cert option to gnutls-serv. 2014-05-24 Nikos Mavrogiannopoulos * src/certtool-extras.c: certtool: correct size calculation when loading privkey 2014-05-24 Nikos Mavrogiannopoulos * lib/opencdk/armor.c: re-indented messy table. 2014-05-24 Nikos Mavrogiannopoulos * lib/opencdk/armor.c: Removed unused function. 2014-05-24 Nikos Mavrogiannopoulos * m4/hooks.m4: document the symbol version bump needed in a .so version bump. 2014-05-23 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: Prevent memory corruption due to server hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon. 2014-05-23 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: only try to copy session ID if there is a session ID. 2014-05-29 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-29 Kurt Roeckx * lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos 2014-05-29 Nikos Mavrogiannopoulos * lib/pkcs11.c: increased the maximum certificate size buffer in the PKCS #11 subsystem. 2014-05-29 Nikos Mavrogiannopoulos * lib/system.c: re-enabled config path discovery code, and check the return code of getpwuid_r(). Reported by Viktor Dukhovni. 2014-05-27 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-27 Nikos Mavrogiannopoulos * src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def, src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library. 2014-05-27 Nikos Mavrogiannopoulos * lib/accelerated/accelerated.c: removed old check for nettle 2014-05-27 Nikos Mavrogiannopoulos * lib/safe-memset.c: safe_memset: allow memset of zero bytes. 2014-05-27 Hani Benhabiles * lib/x509/verify-high.c: Fix unused variable warning without PKCS#11 support. Signed-off-by: Hani Benhabiles 2014-05-26 Nikos Mavrogiannopoulos * src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. 2014-05-23 Nikos Mavrogiannopoulos * lib/algorithms/protocols.c, lib/gnutls_handshake.c: _gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error instead of negative. 2014-05-23 Nikos Mavrogiannopoulos * src/certtool-cfg.c: Allow wildcard comparison of options. 2014-05-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-23 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-23 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: Warn when invalid configuration options are set into a template. 2014-05-22 Nikos Mavrogiannopoulos * lib/x509/common.c: Do not allow null strings to be read from ASN.1 structures. This corrects a null pointer dereference when parsing some specially crafted certificates. Issue discovered using the Codenomicon TLS test suite. 2014-05-22 Nikos Mavrogiannopoulos * lib/x509/common.c: removed redundant null termination 2014-05-22 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls prefix from static functions. 2014-05-22 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: Do not call the user_hello_func multiple times when performing ticket resumption. 2014-05-22 Nikos Mavrogiannopoulos * doc/TODO: doc update 2014-05-22 Nikos Mavrogiannopoulos * lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return zero if data is NULL and memory buffer size is not sufficient. 2014-05-22 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: When assigning the TLS version, double check that it is valid. 2014-05-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon. 2014-05-20 Nikos Mavrogiannopoulos * src/certtool-cfg.c: Added aliases for unit and organization. 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/common.c: use a signed value for bits. 2014-05-20 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-20 Nikos Mavrogiannopoulos * src/certtool-cfg.c: certtool: allow multiple organizations and organizational unit names to be specified in a template. 2014-05-19 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: increased the number of allowed elements in a priority string. 2014-05-19 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: simplify break_comma_list(). 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code. 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/x509.c: more sanity checks on signature size 2014-05-17 Nikos Mavrogiannopoulos * src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def: tools: Replace normal sec-param with medium in documentation. 2014-05-17 Nikos Mavrogiannopoulos * doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not print the bug reports line from autogen. 2014-05-17 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-17 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in, lib/safe-memset.c: do not yet export gnutls_memset(). 2014-05-17 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2014-05-15 Michał Górny * tests/slow/Makefile.am: tests/slow: add -I flags necessary for out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos 2014-05-15 Michał Górny * tests/Makefile.am: tests: pass PKCS12PATH to fix tests in out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a subdirectory of the current working directory. When an out-of-source build is performed, the files reside in a subdirectory of source directory instead. Set PKCS12PATH to that directory in order to fix the build. Signed-off-by: Nikos Mavrogiannopoulos 2014-05-17 Nikos Mavrogiannopoulos * tests/dsa/testdsa: changed port of DSA test 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the correct signature size rather than the max. 2014-05-17 Nikos Mavrogiannopoulos * lib/openpgp/output.c: Print the openpgp DN only when gnutls_openpgp_crt_get_name() failed appropriately. 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: initialize string in gnutls_x509_ext_import_basic_constraints(). 2014-05-17 Nikos Mavrogiannopoulos * lib/x509/x509.c: corrected error checking in gnutls_x509_crt_get_extension_data() 2014-05-16 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: Allow null list_size argument in gnutls_certificate_get_peers() 2014-05-16 Nikos Mavrogiannopoulos * src/serv.c: certificate verification is performed asynchronously. 2014-05-15 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-15 Nikos Mavrogiannopoulos * src/danetool-args.def: enhanced the danetool usage instructions. 2014-05-15 Nikos Mavrogiannopoulos * src/certtool-args.def: Do not use autogen's file option for input parameters. Instead use a string. We check the file for validity and autogen's check was imposing rules such as normal file (as opposed to a device), that were not needed. 2014-05-14 Nikos Mavrogiannopoulos * src/certtool-common.c: certtool: check for null prior to checking for empty passwd 2014-05-11 Nikos Mavrogiannopoulos * lib/auth/ecdhe.c: cleanup in the initialization of ECDH parameters. 2014-05-14 Nikos Mavrogiannopoulos * lib/nettle/pk.c: Eliminated memory leak on failed curve assignment. The memory leak was uncovered by the Codenomicon TLS suite. 2014-05-13 Nikos Mavrogiannopoulos * src/cli.c: gnutls-cli: if dane verification is used but not PKIX only check the end certificate. 2014-05-13 Nikos Mavrogiannopoulos * libdane/dane.c: doc update 2014-05-11 Nikos Mavrogiannopoulos * doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use gnutls_set_default_priority() in examples. 2014-05-10 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-10 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h, libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6. 2014-05-10 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3. 2014-05-10 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected prototypes for dane_verify_crt_raw2(). 2014-05-10 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in, lib/safe-memset.c: export gnutls_memset(). 2014-05-10 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-10 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h, libdane/libdane.map: Added dane_verify_crt_raw2() which allows verifying against the certificate name. 2014-05-10 Nikos Mavrogiannopoulos * libdane/dane.c: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 2014-05-10 Nikos Mavrogiannopoulos * lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c, lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c, lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c, lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c: removed legacy code. 2014-05-10 Nikos Mavrogiannopoulos * lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_credentials_get(). 2014-05-09 Nikos Mavrogiannopoulos * src/serv-args.def, src/serv.c: Added gnutls-serv option --verify-client-cert. That option allows forcing verification of the provided certificate even if it is not required to present one. In that case the connection will be closed with a fatal alert. 2014-05-09 Nikos Mavrogiannopoulos * lib/ext/status_request.c: Addressed memory leak in status request extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite. 2014-05-09 Nikos Mavrogiannopoulos * lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite. 2014-05-08 Nikos Mavrogiannopoulos * cross.mk: updated cross compilation Makefile. 2014-05-08 Nikos Mavrogiannopoulos * lib/ext/safe_renegotiation.c: Avoid memory leak in safe renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite. 2014-05-08 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite. 2014-05-07 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-05-07 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-07 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: updated documentation on library initialization to reflex the changes in 3.3.0. 2014-05-07 Nikos Mavrogiannopoulos * lib/locks.c: re-enabled gnutls_global_set_mutex(). 2014-05-06 Nikos Mavrogiannopoulos * src/Makefile.am: Do not run autogen twice to generate the header files. 2014-05-06 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am: Ship suppressions.valgrind 2014-05-06 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2014-05-05 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite. 2014-05-04 Nikos Mavrogiannopoulos * lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite. 2014-05-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-05 Nikos Mavrogiannopoulos * src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default. 2014-05-05 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: fixed typo 2014-05-05 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c, lib/includes/gnutls/x509.h, lib/priority_options.gperf, lib/x509/verify.c: Added the 'very weak' certificate verification profile. This profile corresponds to a 64-bit security level (e.g., RSA parameters of 768 bits). 2014-05-05 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-05-04 Nikos Mavrogiannopoulos * doc/credentials/x509/cert-ecc.pem, doc/credentials/x509/clicert-ecdsa.pem, doc/credentials/x509/clikey-ecdsa.pem, doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to secp256r1 2014-05-04 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool.c: When generating ECDSA keys, generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are not widely supported. 2014-05-04 Nikos Mavrogiannopoulos * doc/credentials/x509/clicert-ecdsa.pem, doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys. 2014-05-04 Nikos Mavrogiannopoulos * lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite. 2014-05-04 Nikos Mavrogiannopoulos * NEWS: doc update 2014-05-04 Nikos Mavrogiannopoulos * lib/ext/srp.c: initialize to null the SRP extension data on allocation. Issue identified using valgrind and the Codenomicon TLS test suite. 2014-05-04 Nikos Mavrogiannopoulos * tests/suite/testrng: Modified the testrng for Debian's dieharder. 2014-05-04 Nikos Mavrogiannopoulos * lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite. 2014-05-04 Nikos Mavrogiannopoulos * lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c: More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite. 2014-05-04 Nikos Mavrogiannopoulos * lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite. 2014-05-04 Nikos Mavrogiannopoulos * src/serv.c: Added a timeout to close inactive sessions. 2014-05-03 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-05-03 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-05-03 Nikos Mavrogiannopoulos * src/serv.c: Send the appropriate alert when a certificate is required but not present. 2014-05-03 Nikos Mavrogiannopoulos * lib/gnutls_global.c: use __sun definition to detect solaris. 2014-05-03 Nikos Mavrogiannopoulos * src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client disconnections. 2014-05-03 Nikos Mavrogiannopoulos * lib/gnutls_global.c: Added support for constructors and destructors in solaris CC. 2014-05-02 Nikos Mavrogiannopoulos * tests/suite/testrng: Updated dieharder tests. 2014-05-02 Nikos Mavrogiannopoulos * README-alpha: doc update 2014-05-02 Nikos Mavrogiannopoulos * tests/slow/cipher-test.c: include header for self-test functions 2014-05-02 Nikos Mavrogiannopoulos * tests/suite/testrng: Allow testrng test to run with older versions of dieharder. 2014-05-02 Nikos Mavrogiannopoulos * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify casting to mpz_t using __mpz_struct and cleaned up mpz_t access. 2014-05-02 Nikos Mavrogiannopoulos * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify casting to mpz_t using __mpz_struct. 2014-05-01 Nikos Mavrogiannopoulos * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/element.h, lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c, lib/minitasn1/structure.h, lib/minitasn1/version.c: updated included libtasn1. 2014-05-01 Nikos Mavrogiannopoulos * src/certtool-cfg.c: Do not return from void functions. Reported by dev [at] cor0.com. 2014-04-30 Nikos Mavrogiannopoulos * lib/gnutls_global.c: removed return from void function. 2014-04-28 Nikos Mavrogiannopoulos * tests/suite/rng.c, tests/suite/testrng: updated prng test 2014-04-28 Nikos Mavrogiannopoulos * .gitignore, tests/suite/Makefile.am, tests/suite/rng.c, tests/suite/testrng: Test the random generators in gnutls using the dieharder tool. 2014-04-28 Nikos Mavrogiannopoulos * tests/suite/pkcs11-get-issuer.c: use different db file for pkcs11-get-issuer. 2014-04-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-28 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: doc update 2014-04-28 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added test to verify whether gnutls_x509_trust_list_get_issuer() operates correctly under PKCS #11 trust list. 2014-04-28 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/verify-high.c: gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS #11 trust list. 2014-04-28 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: initialize the size value 2014-04-28 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c: Include the correct header for the self tests functions 2014-04-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-28 Nikos Mavrogiannopoulos * lib/ext/safe_renegotiation.c: removed redundant code. Reported by David Binderman. 2014-04-28 Nikos Mavrogiannopoulos * libdane/dane.c: increased MAX_DATA_ENTRIES to 100. 2014-04-28 Nikos Mavrogiannopoulos * libdane/dane.c: rearranged code 2014-04-28 Nikos Mavrogiannopoulos * src/cli.c: only fail DANE verification if status is non-zero 2014-04-28 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a certificate using DANE if there is at least one entry that matches the certificate. This corrects the previous behavior that was rejecting the certificate if there were multiple entries and one couldn't be validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos 2014-04-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-28 Nikos Mavrogiannopoulos * lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit() if the call to gnutls_global_init() failed. 2014-04-28 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the initialization of random generator. Reported by Martin Kletzander. 2014-04-28 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: Revert "Avoid dual initialization of random generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed. 2014-04-27 Nikos Mavrogiannopoulos * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-cbc-x86-aesni.c, lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86-aesni.c, lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/x86-common.c, lib/accelerated/x86/{x86.h => x86-common.h}: x86.h was renamed to x86-common.h to avoid clashes with system headers. 2014-04-27 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-27 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: Avoid dual initialization of random generator. Reported by Martin Kletzander. 2014-04-19 Kurt Roeckx * lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what mode we are. Signed-off-by: Nikos Mavrogiannopoulos 2014-04-19 Kurt Roeckx * lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos 2014-04-19 Andreas Metzler * lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos 2014-04-27 Nikos Mavrogiannopoulos * lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on suggestion by Shawn (sth0r2046 [at] gmail.com). 2014-04-27 Nikos Mavrogiannopoulos * lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn (sth0r2046 [at] gmail.com). 2014-04-26 Nikos Mavrogiannopoulos * src/certtool.c: Allow exporting a CRL in DER format. 2014-04-25 Nikos Mavrogiannopoulos * AUTHORS, THANKS: cleaned up authors and thanks file. 2014-04-19 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/invalid-cert, tests/suite/suppressions.valgrind, tests/suite/testcompat-main, tests/suite/testrandom: More script tests run under valgrind 2014-04-19 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/aki, tests/cert-tests/pathlen, tests/cert-tests/pem-decoding, tests/cert-tests/suppressions.valgrind: Run scripts under valgrind. 2014-04-19 Nikos Mavrogiannopoulos * lib/x509/x509.c: Treat othername as printable (i.e., null terminate it), as the XMPP printing code assumes that. 2014-04-19 Nikos Mavrogiannopoulos * lib/x509/output.c: cleanups in output 2014-04-19 Nikos Mavrogiannopoulos * guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no longer possible in 3.3.x. 2014-04-19 Nikos Mavrogiannopoulos * NEWS: relased 3.3.1 2014-04-19 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: changed port to allow parallelization 2014-04-19 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no longer part of the API (though it remains in the ABI). 2014-04-19 Nikos Mavrogiannopoulos * lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any public header. 2014-04-19 Nikos Mavrogiannopoulos * lib/Makefile.am: removed file from Makefile that doesn't exist 2014-04-19 Nikos Mavrogiannopoulos * src/cli.c: gnutls-cli will no longer allow the session to proceed if DANE verification fails. 2014-04-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-19 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding, tests/cert-tests/xmpp-othername.pem: Added test certificate with multiple XMPP othername SAN fields. 2014-04-19 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h, lib/x509/output.c, lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid() functions, such as gnutls_x509_crt_get_subject_alt_othername_oid(). 2014-04-18 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: always initialize size values 2014-04-18 Nikos Mavrogiannopoulos * lib/x509/common.c: copy_string() and copy_data() are more resilient on null input 2014-04-18 Nikos Mavrogiannopoulos * tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a sign/verify request that may take longer in some systems. Based on patch by Andreas Metzler. 2014-04-18 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-18 Nikos Mavrogiannopoulos * lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a certificate that contained an OtherName. Reported and investigated by Kirill A. Shutemov. 2014-04-18 Nikos Mavrogiannopoulos * lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed the already unused secure alloc functions. 2014-04-18 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h, lib/safe-memset.c: Use a harder to optimize out memset(). 2014-04-18 Nikos Mavrogiannopoulos * NEWS: fix typo 2014-04-18 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-18 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-18 Nikos Mavrogiannopoulos * lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA. 2014-04-18 Nikos Mavrogiannopoulos * tests/pskself.c: include hint into psk test. 2014-04-18 Nikos Mavrogiannopoulos * lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key. 2014-04-18 Nikos Mavrogiannopoulos * tests/mini-rsa-psk.c: Enable hint in the rsa-psk test. 2014-04-18 Nikos Mavrogiannopoulos * lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK 2014-04-18 Nikos Mavrogiannopoulos * lib/gnutls_psk.c: eliminated the leak of hint when deallocating the credentials. 2014-04-18 Nikos Mavrogiannopoulos * lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode. 2014-04-18 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c, lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use. 2014-04-18 Nikos Mavrogiannopoulos * src/cli-args.def, src/cli.c: Both DANE and PKI verification are advisory when --tofu is being used. 2014-04-18 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-18 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: When checking for data to be received use the 'transport_recv_ptr' This affects cases where there is different send and recv pointers. Reported and investigated by JMRecio. 2014-04-17 Nikos Mavrogiannopoulos * src/cli-args.def: doc update 2014-04-17 Nikos Mavrogiannopoulos * src/cli.c: documentation update. 2014-04-17 Nikos Mavrogiannopoulos * src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various verification methods. 2014-04-17 Nikos Mavrogiannopoulos * src/cli-args.def: Updated TOFU documentation. Suggested by Jens Lechtenboerger. 2014-04-17 Nikos Mavrogiannopoulos * src/p11tool.c: added newlines to p11tool error messages 2014-04-17 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-17 Nikos Mavrogiannopoulos * lib/fips.c: corrected uninitialized value 2014-04-17 Nikos Mavrogiannopoulos * doc/Makefile.am: removed conditionally exported functions. 2014-04-17 Nikos Mavrogiannopoulos * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/self-test.h: Added self check functions to self-test.h. 2014-04-17 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped versions 2014-04-17 Nikos Mavrogiannopoulos * tests/chainverify.c, tests/suite/pkcs11-chainverify.c, tests/test-chains.h: use MAX_CHAIN definition to avoid overflow issues in the future 2014-04-17 Nikos Mavrogiannopoulos * tests/chainverify.c: increased the space available for certificates. That avoids a crash in sparc64; reported by Andreas Metzler. 2014-04-16 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: doc update 2014-04-15 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool. 2014-04-15 Nikos Mavrogiannopoulos * src/Makefile.am: use the same cflags for included programs as with library. 2014-04-15 Nikos Mavrogiannopoulos * libdane/dane.c: Corrected dane_verify_crt() to not deinitialize any input state. 2014-04-15 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c, lib/verify-tofu.c: several bug fixes due to coverity. 2014-04-15 Nikos Mavrogiannopoulos * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c, lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug fixes due to coverity. 2014-04-15 Nikos Mavrogiannopoulos * lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs reported from coverity in opencdk. 2014-04-15 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: correctly check for message upper limit. 2014-04-14 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting only CRLs in gnutls_x509_trust_list_add_trust_file(). 2014-04-14 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-04-14 Nikos Mavrogiannopoulos * src/cli-args.def: Added the PFS priority string. 2014-04-12 Nikos Mavrogiannopoulos * NEWS: corrected Peter's name! 2014-04-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-11 Nikos Mavrogiannopoulos * tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8, tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8, tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files. 2014-04-11 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS #8 files with ECC parameters from openssl. These files do not contain the curve information with the private key (ECPrivateKey), but they rather contain it in the privateKeyAlgorithm. 2014-04-11 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: More strict checking of heartbeat padding size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest by Peter Williams; initially investigated by Frank Li. 2014-04-10 Nikos Mavrogiannopoulos * lib/gnutls_mem.h: unconditionally zeroize temporal keys. 2014-04-10 Nikos Mavrogiannopoulos * cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib. 2014-04-10 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded dependency 2014-04-10 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include the FIPS140-specific functions into the main documentation. 2014-04-10 Nikos Mavrogiannopoulos * tests/key-tests/Makefile.am: Added missing file 2014-04-10 Nikos Mavrogiannopoulos * NEWS: updated documentation 2014-04-10 Nikos Mavrogiannopoulos * lib/libgnutls.map, symbols.last: updated exported symbols table. 2014-04-10 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-10 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/libgnutls.map: mark functions that are only available under FIPS140 mode 2014-04-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated auto-generated files. 2014-04-10 Nikos Mavrogiannopoulos * lib/x509/rfc2818_hostname.c: doc update 2014-04-10 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the public and private keys match. 2014-04-10 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: doc update 2014-04-09 Nikos Mavrogiannopoulos * cross.mk: update gmplib location 2014-04-09 Nikos Mavrogiannopoulos * lib/Makefile.am: removed double entry 2014-04-09 Nikos Mavrogiannopoulos * tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32 updates 2014-04-09 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2014-04-09 Nikos Mavrogiannopoulos * lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't include this gnulib module. 2014-04-09 Nikos Mavrogiannopoulos * tests/suite/Makefile.am: do not build ecore when cross-compiling for windows. 2014-04-09 Nikos Mavrogiannopoulos * src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: Added bind gnulib module. 2014-04-09 Nikos Mavrogiannopoulos * src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: Added connect gnulib module. 2014-04-09 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/test-getdelim.c, gl/tests/test-getline.c: Added getline() in gnulib. 2014-04-09 Nikos Mavrogiannopoulos * configure.ac: corrected configure test for pthread_mutex_lock 2014-04-09 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, lib/x509/x509.c: updated documentation 2014-04-09 Nikos Mavrogiannopoulos * tests/suite/certs/create-chain.sh: updated test cert generator. 2014-04-09 Nikos Mavrogiannopoulos * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c, doc/examples/verify.c, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c, src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c, tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the need to add new functions. 2014-04-08 Nikos Mavrogiannopoulos * NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi, doc/examples/ex-client-x509.c, doc/examples/verify.c, lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will verify in addition to hostname, the purpose of the end-certificate. 2014-04-08 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped version 2014-04-08 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2() using gnutls_certificate_verify_peers3(). 2014-04-08 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: doc update 2014-04-08 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: doc update 2014-04-08 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: modify to conform to the documentated level. 2014-04-08 Nikos Mavrogiannopoulos * cross.mk: updated makefile 2014-04-07 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am: avoid checking or linking with libpthread in windows 2014-04-07 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: Corrected check for softhsm shared object. 2014-04-07 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Allow multiple spaces into priorities file. 2014-04-07 Nikos Mavrogiannopoulos * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: The "SYSTEM" initial keyword was replaced with the more generic "@KEYWORD" The @KEYWORD string will open the pre-configured system priority file and will expand the KEYWORD, to the priority string set in the file. The file should have the following format: KEYWORD=PRIORITY_STRING 2014-04-07 Nikos Mavrogiannopoulos * lib/gnutls_int.h: Use the IANA assigned padding extension number. 2014-04-05 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: skip the test if softhsm doesn't exist 2014-04-05 Nikos Mavrogiannopoulos * .gitignore, tests/suite/testpkcs11: Use separate softhsm databases and config in tests to allow parallel runs. 2014-04-05 Nikos Mavrogiannopoulos * README-alpha: added softhsm dependency for testsuite 2014-04-05 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c, tests/suite/testpkcs11: Converted the PKCS #11 test suite to use softhsm That allows us running it in the normal test suite. 2014-04-05 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool.c, src/cli-args.def, src/cli.c, src/p11tool.c: Allow using the --provider parameter in gnutls-cli and certtool to specify a PKCS #11 module. 2014-04-05 Nikos Mavrogiannopoulos * tests/suite/pkcs11-chainverify.c: updated test to run in more systems. 2014-04-05 Nikos Mavrogiannopoulos * lib/pkcs11.c: set the same flags in the second search 2014-04-05 Nikos Mavrogiannopoulos * .gitignore: ignore the softhsm test suite files. 2014-04-05 Nikos Mavrogiannopoulos * tests/suite/testpkcs11: fixed bashisms 2014-04-05 Nikos Mavrogiannopoulos * tests/suite/certs/create-chain.sh: depend on bash for the create-chain script 2014-04-04 Nikos Mavrogiannopoulos * tests/mini-x509.c: Enhanced test to check that the correct number of certificates is received 2014-04-04 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: corrected check for sorted server certificate chain. 2014-04-04 Nikos Mavrogiannopoulos * lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag is specific to p11-kit trust modules. 2014-04-04 Nikos Mavrogiannopoulos * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform the certificate verification tests in PKCS #11-based verification using softhsm. 2014-04-04 Nikos Mavrogiannopoulos * lib/x509/verify.c: Perform time check when removing a certificate in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status(). 2014-04-04 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed certificate, and the self-signed isn't in our pkcs11 trusted list, make sure that we search for the non-self-signed as well. This affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS #11 trust module. 2014-04-04 Nikos Mavrogiannopoulos * lib/pkcs11.c: Allow manually loading a 'trusted' module. 2014-04-04 Nikos Mavrogiannopoulos * lib/gnutls_global.c: Do not try to deinitialize the PKCS #11 libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may crash. If the deinitialization of the PKCS #11 subsystem is required then, gnutls_pkcs11_deinit() must be explicitly called. 2014-04-04 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split test chains from chainverify program. 2014-04-03 Nikos Mavrogiannopoulos * configure.ac, tests/Makefile.am, tests/{key-id => key-tests}/Makefile.am, tests/{key-id => key-tests}/README, tests/{key-id => key-tests}/ca-gnutls-keyid.pem, tests/{key-id => key-tests}/ca-no-keyid.pem, tests/{key-id => key-tests}/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8, tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8, tests/{key-id => key-tests}/key-ca.pem, tests/{key-id => key-tests}/key-id, tests/{key-id => key-tests}/key-user.pem, tests/key-tests/pkcs8: Added self-test for PKCS #8 key conversion and reading 2014-04-03 Nikos Mavrogiannopoulos * tests/chainverify.c: the chainverify test ensures that there is no diverge between different verification functions. 2014-04-03 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: When verifying check for the same certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed certificate, and the self-signed isn't in our trusted list, make sure that we search for the non-self-signed in our list as well. This affects, gnutls_x509_trust_list_verify_crt() and makes its results identical to gnutls_x509_crt_list_verify(). 2014-04-03 Nikos Mavrogiannopoulos * README-alpha: mention test on smart card support 2014-04-03 Nikos Mavrogiannopoulos * README: Added make check to the make process in README 2014-04-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-03 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-common.c, src/certtool-common.h, src/certtool.c: changed the behavior in certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is output. The previous behavior of encrypting using an empty password can be replicated using --empty-password. 2014-04-03 Nikos Mavrogiannopoulos * src/certtool-args.def: Updated documentation on null-password and password options of certtool. 2014-04-02 Nikos Mavrogiannopoulos * tests/suite/testrandom: Added test to check verification with randomly generated certificates. 2014-04-02 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Combined the code to set CRL next update with certificate expiration date. 2014-04-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-02 Nikos Mavrogiannopoulos * src/certtool-cfg.c: corrected typo 2014-04-02 Nikos Mavrogiannopoulos * src/certtool-common.c: improved error message 2014-04-02 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: When a CRL serial number is not specified, generate a time-based one. 2014-04-02 Nikos Mavrogiannopoulos * doc/cha-shared-key.texi: doc update 2014-04-02 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c, lib/priority_options.gperf: Added priority string %DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in certificates. 2014-04-02 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Added verification flag to disable wildcard checking This adds the verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and gnutls_x509_crt_check_hostname2(), gnutls_openpgp_crt_check_hostname2().  2014-04-01 Nikos Mavrogiannopoulos * NEWS: doc update 2014-04-01 Nikos Mavrogiannopoulos * tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem, tests/cert-tests/complex-cert.pem, tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the SHA256 fingerprint output in certtool 2014-04-01 Nikos Mavrogiannopoulos * lib/x509/x509.c: doc update 2014-04-01 Nikos Mavrogiannopoulos * lib/x509/output.c: Print the SHA256 fingerprint of the certificate in addition to SHA1. 2014-03-30 Nikos Mavrogiannopoulos * lib/verify-tofu.c: doc update 2014-03-31 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: simplified gnutls_certificate_client_get_request_status() - no error is possible. 2014-03-31 Nikos Mavrogiannopoulos * lib/gnutls_record.c: doc update 2014-03-31 Nikos Mavrogiannopoulos * lib/gnutls_record.c: cleaned up documentation of gnutls_record_send() 2014-03-28 Nikos Mavrogiannopoulos * tests/chainverify.c: Added test for CVE-2014-0092 2014-03-28 Nikos Mavrogiannopoulos * tests/Makefile.am: removed reference to mini_xssl 2014-03-28 Nikos Mavrogiannopoulos * tests/chainverify.c: Added self checks for various verification profiles 2014-03-28 Nikos Mavrogiannopoulos * tests/mini-dtls-large.c: Added test for gnutls_record_cork() and uncork usage under DTLS. 2014-03-28 Nikos Mavrogiannopoulos * lib/gnutls_record.c: make gnutls_record_uncork() more DTLS friendly. 2014-03-27 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: using the SYSTEM priority string will fail if there is no system file 2014-03-27 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-03-27 Nikos Mavrogiannopoulos * NEWS: reformatted NEWS entries 2014-03-27 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c: The %COMPAT keyword no longer reduces security. Introduced the LEGACY keyword which will enable the settings used in GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where compatibility with weak or misconfigured servers is required. 2014-03-27 Nikos Mavrogiannopoulos * doc/manpages/Makefile.am: replaced wrong manpage generation parameter 2014-03-27 Nikos Mavrogiannopoulos * lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation 2014-03-26 Daniel Kahn Gillmor * README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of GnuTLS can be redistributed. Update the README to reflect this change. 2014-03-27 Nikos Mavrogiannopoulos * configure.ac: Fix patch version calculation when it contains non-numeric chars 2014-03-27 Nikos Mavrogiannopoulos * configure.ac: print RSA-EXPORT status 2014-03-23 Nikos Mavrogiannopoulos * lib/gnutls_str.c: use isascii instead of isprint for internationalized name detection 2014-03-26 Nikos Mavrogiannopoulos * m4/hooks.m4: bump so version 2014-03-26 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-common.c: fixes for 'medium' level 2014-03-26 Nikos Mavrogiannopoulos * lib/auth/dh_common.c: add a check for invalid DH parameters. 2014-03-26 Nikos Mavrogiannopoulos * tests/anonself.c, tests/dhepskself.c: Add checks in tests for the DHE prime and exponent size. 2014-03-26 Nikos Mavrogiannopoulos * doc/TODO: doc update 2014-03-21 Nikos Mavrogiannopoulos * tests/x509-extensions.c: fixed test to use the correct function names. 2014-03-21 Nikos Mavrogiannopoulos * lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are allowed (followed by at least two components), and are only taken into account into ascii strings. Non-ascii strings are compared byte-by-byte. That means that wildcards in the form bar*foo.example.com are no longer accepted, as well as wildcards of the form *.*.*.example.com. 2014-03-21 Nikos Mavrogiannopoulos * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: use commit suffix for functions that return a status code. 2014-03-20 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the RNG code. 2014-03-20 Nikos Mavrogiannopoulos * NEWS: doc update 2014-03-20 Nikos Mavrogiannopoulos * src/certtool-args.def: the longer e-mail caused crash in autogen's manpage generation 2014-03-20 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/cha-cert-auth.texi, doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h, lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed some of the newly introduced functions 2014-03-20 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: set the invalid flag when the owner is unexpected. 2014-03-19 Nikos Mavrogiannopoulos * lib/gnutls_str.c, lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Changed the behaviour in wildcard acceptance in certificates. Wildcards are only accepted when there are more than two domain components after the wildcard. This will prevent accepting certificates from CAs that issued '*.com', or 'www.*'. 2014-03-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-03-19 Nikos Mavrogiannopoulos * tests/x509-extensions.c: Added more key usage flags in the test for x509-extensions. 2014-03-19 Nikos Mavrogiannopoulos * tests/x509-extensions.c: x509-extensions test will fail if an unhandled extension is found. 2014-03-19 Nikos Mavrogiannopoulos * lib/Makefile.am: ship the gperf file and the generated one. 2014-03-19 Nikos Mavrogiannopoulos * .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update 2014-03-19 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: documented the new X.509 extension API 2014-03-19 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool can now write more than a single crl_dist_point. 2014-03-19 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/cert-tests/template-test.pem, tests/cert-tests/template-test.tmpl, tests/cert-tests/template-utf8.pem, tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c, tests/x509-extensions.c: Added unit tests for new API 2014-03-19 Nikos Mavrogiannopoulos * lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c, lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse similarly formatted extensions stored in other structures. In addition functions that simplify the extraction of extensions from known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API. 2014-03-14 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-28 Nikos Mavrogiannopoulos * lib/x509/extensions.c: Corrected error checking in _gnutls_x509_ext_gen_proxyCertInfo 2014-03-12 Nikos Mavrogiannopoulos * doc/TODO: doc update 2014-03-12 Nikos Mavrogiannopoulos * src/serv.c: initialize pointer 2014-03-12 Luis G.F * src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The reference is lost if an allocation error occured. Signed-off-by: Luis G.F 2014-03-11 Nikos Mavrogiannopoulos * src/certtool-cfg.c: use the number of seconds as serial in 32-bit systems 2014-03-11 Nikos Mavrogiannopoulos * lib/auth/cert.c: Only check PK compatibility in client side but also when using openpgp certs. 2014-03-11 Nikos Mavrogiannopoulos * lib/algorithms/kx.c: corrected initializer 2014-03-11 Nikos Mavrogiannopoulos * lib/auth/cert.c: shortend static function names. 2014-03-11 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify that the algorithm of the received certificate matches the expected. 2014-03-10 Nikos Mavrogiannopoulos * NEWS: doc update 2014-03-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-functions.texi, doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c, doc/manpages/Makefile.am, lib/Makefile.am, lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c, lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am, tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no resources to maintain an additional library. 2014-03-09 Nikos Mavrogiannopoulos * configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to enable linking with nettle-mini 2014-03-08 Nikos Mavrogiannopoulos * lib/x509/verify.c: re-enabled certificate verification 2014-03-08 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated under SSL 3.0, it will during MAC initialization. 2014-03-08 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c, lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c, lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c, lib/x509/x509.c: stricter type usage 2014-03-08 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c, lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions when needed 2014-03-08 Nikos Mavrogiannopoulos * lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c, lib/x509/key_encode.c, src/certtool-common.c: more fixes due to clang 2014-03-08 Nikos Mavrogiannopoulos * lib/x509/common.c: silence some warnings 2014-03-08 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c, lib/verify-tofu.c: clang warning fixes 2014-03-08 Nikos Mavrogiannopoulos * src/certtool-cfg.c: removed unused variables. 2014-03-07 Kevin Cernekee * src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/-args.def or else it will not be able to find the input file if GnuTLS is built out of tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by `all'. Stop. make[2]: Leaving directory `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target instead of using a GNU '%' pattern rule: https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee 2014-03-07 Kevin Cernekee * .gitignore, doc/Makefile.am: Fix build failures involving doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked with no input file and it will hang forever waiting for content from stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl <../src/invoke-gnutls-cli.texi >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \ rm -f ../src/invoke-gnutls-cli.texi Since these documents are @include'd by other documents, it is probably a good idea to make sure the targets are buildable in case they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place build, but incorrect for an out-of-tree build. They should use something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname, breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee 2014-03-07 Kevin Cernekee * README-alpha: README-alpha: Add gperf dependency for building from git Without gperf, priority-options.h does not get built and this results in a compile error. Signed-off-by: Kevin Cernekee 2014-03-07 Kevin Cernekee * src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee 2014-03-07 Nikos Mavrogiannopoulos * lib/x509/verify.c: more type separation 2014-03-07 Nikos Mavrogiannopoulos * src/Makefile.am: use psktool-args 2014-03-07 Nikos Mavrogiannopoulos * lib/x509/verify.c: more type separation 2014-03-07 Nikos Mavrogiannopoulos * lib/x509/verify.c: separated types for easier verification 2014-03-06 Kevin Cernekee * .gitignore, doc/manpages/Makefile.am, src/Makefile.am, src/psk.c, src/{psk-args.def => psktool-args.def}: Rename psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but currently invoke-psktool.texi is generated from psk-args.def. If we make psktool conform to the same convention as the other utilities, we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee 2014-03-06 Kevin Cernekee * doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in $(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee 2014-03-06 Nikos Mavrogiannopoulos * lib/openpgp/extras.c: Ensure failure when no base64 data have been read. Suggested by Ramkumar Chinchani. 2014-03-06 Nikos Mavrogiannopoulos * lib/Makefile.am: xssl compilation fix; patch by Colin Leroy 2014-03-05 Jason Spafford * lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string' parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com 2014-03-06 Nikos Mavrogiannopoulos * Makefile.am, symbols.last: Added symbol check prior to release (after discussion with Andreas Metzler) 2014-03-06 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: updated doc 2014-03-06 Nikos Mavrogiannopoulos * build-aux/test-driver, build-aux/ylwrap: updated build-aux files 2014-03-06 Nikos Mavrogiannopoulos * doc/Makefile.am: removed no-split as it causes issues in pdf building 2014-03-06 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4, gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h, gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c, gl/tests/test-bind.c, gl/tests/test-connect.c, gl/tests/test-inet_pton.c, gl/tests/test-sockets.c, gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from libgl 2014-03-05 Nick Alcock * configure.ac: Overridewq AUTOGEN under --enable-local-libopts only if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts unconditionally replaces the autogen-erated files with their distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not specified, autogen cannot be installed, and that the distributed copies necessarily exist. Neither assumption is always correct. e.g. someone building a 32-bit copy of GnuTLS from git with a copy of autogen on their system will have a 64-bit copy of libopts, and a working /usr/bin/autogen, but not a 32-bit libopts. Since building autogen depends on Guile, this is a rather heavyweight pile of gear to require. (You can force a successful build in this case, but it requires providing AUTOGEN=/usr/bin/autogen to make(1), which is distinctly inelegant.) So fix things so that if any of the distributed copies do not exist, we do not substitute AUTOGEN, so as to let any copy of autogen that configure found on the system do its job if necessary, while not forcing the user to link against the copy of libopts which came with that autogen. Signed-off-by: Nikos Mavrogiannopoulos 2014-03-05 Nikos Mavrogiannopoulos * configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c: session tickets can be disabled 2014-03-05 Nikos Mavrogiannopoulos * doc/examples/Makefile.am, lib/ext/cert_type.c, lib/ext/status_request.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c: increased code disabled from disable-ocsp and disable-openpgp options 2014-02-17 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/new_record_padding.c, lib/ext/new_record_padding.h, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/priority_options.gperf, src/cli-args.def, tests/mini-record-2.c, tests/mini-record-range.c, tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being removed. The gnutls_range API is kept in case length hiding is implemented in a different way at some point. 2014-03-05 Ludovic Courtès * doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile manual. 2014-03-04 Nikos Mavrogiannopoulos * m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler. 2014-03-04 Nikos Mavrogiannopoulos * doc/examples/Makefile.am: examples include both gnulibs 2014-03-04 Nikos Mavrogiannopoulos * src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c, src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4, src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4, src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4, src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h, src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl 2014-03-04 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c, gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4, gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4, gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c, gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh, gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh, gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c, gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c, gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c, gl/tests/test-getline.c: removed getpass from gl/ 2014-03-04 Nikos Mavrogiannopoulos * .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates 2014-03-04 Nikos Mavrogiannopoulos * src/Makefile.am: changes for new gnulib in src/ 2014-03-04 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: corrent error print in win32 2014-03-04 Nikos Mavrogiannopoulos * lib/fips.c, lib/system.c: Changes to account for the reduced included gnulib 2014-03-04 Nikos Mavrogiannopoulos * src/crywrap/crywrap.c: added missing declaration 2014-03-04 Nikos Mavrogiannopoulos * lib/gnutls_global.c: removed any dependencies to gnulib network stuff 2014-03-04 Nikos Mavrogiannopoulos * lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's insistence to replace strerror 2014-03-04 Nikos Mavrogiannopoulos * src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c, src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c, src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h, src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c, src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c, src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4, src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4, src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4, src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4, src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4, src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4, src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4, src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4, src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4, src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind, src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c, src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h, src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c, src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c, src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h, src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c, src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to src/gl 2014-03-04 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c, gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c, gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4, gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4, gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4, gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h, gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c, gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h, gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c, gl/tests/glthread/lock.c, gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c, gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c, gl/tests/test-close.c, gl/tests/test-dup2.c, gl/tests/test-ftruncate.c, gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c, gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c, gl/tests/test-listen.c, gl/tests/test-lstat.c, gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h, gl/tests/test-pathmax.c, gl/tests/test-perror.c, gl/tests/test-perror.sh, gl/tests/test-perror2.c, gl/tests/test-pipe.c, gl/tests/test-recv.c, gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c, gl/tests/test-select-in.sh, gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c, gl/tests/test-select.c, gl/tests/test-select.h, gl/tests/test-send.c, gl/tests/test-sendto.c, gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c, gl/tests/test-signal-h.c, gl/tests/test-stat.c, gl/tests/test-stat.h, gl/tests/test-strerror.c, gl/tests/test-strerror_r.c, gl/tests/test-symlink.c, gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed unused gnulib crap 2014-03-03 Nikos Mavrogiannopoulos * src/crywrap/crywrap.c: fixed more memory leaks in crywrap 2014-03-03 Nikos Mavrogiannopoulos * src/crywrap/crywrap.c: addressed memory leak in crywrap.c 2014-03-02 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: check the blacklist for certificates provided in gnutls_x509_trust_list_verify_named_crt(). 2014-03-02 Nikos Mavrogiannopoulos * configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected configure option. 2014-03-02 Nikos Mavrogiannopoulos * doc/cha-library.texi: rsa-export is no more 2014-03-02 Nikos Mavrogiannopoulos * doc/cha-library.texi: updated option for TPM 2014-03-02 Nikos Mavrogiannopoulos * cross.mk: updated 2014-03-02 Nikos Mavrogiannopoulos * src/common.h: replace select() on windows 2014-03-02 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: print message before failing when the pull timeout function isn't replaced. 2014-03-02 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with SHA1; suggested by Manuel Pégourié-Gonnard. 2014-03-01 Nikos Mavrogiannopoulos * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh, build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free, build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h, gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4, gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4, gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4, gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4, gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4, gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4, gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h, gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h, gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c, gl/tests/getpagesize.c, gl/tests/glthread/lock.c, gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c, gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h, gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c, gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c, gl/tests/test-base64.c, gl/tests/test-binary-io.c, gl/tests/test-bind.c, gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c, gl/tests/test-close.c, gl/tests/test-connect.c, gl/tests/test-dup2.c, gl/tests/test-errno.c, gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c, gl/tests/test-fgetc.c, gl/tests/test-float.c, gl/tests/test-fputc.c, gl/tests/test-fread.c, gl/tests/test-fseek.c, gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c, gl/tests/test-fstat.c, gl/tests/test-ftell.c, gl/tests/test-ftell3.c, gl/tests/test-ftello.c, gl/tests/test-ftello3.c, gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c, gl/tests/test-func.c, gl/tests/test-fwrite.c, gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c, gl/tests/test-getline.c, gl/tests/test-getpeername.c, gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c, gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c, gl/tests/test-init.sh, gl/tests/test-intprops.c, gl/tests/test-inttypes.c, gl/tests/test-ioctl.c, gl/tests/test-listen.c, gl/tests/test-lstat.c, gl/tests/test-lstat.h, gl/tests/test-memchr.c, gl/tests/test-netdb.c, gl/tests/test-netinet_in.c, gl/tests/test-open.c, gl/tests/test-open.h, gl/tests/test-pathmax.c, gl/tests/test-perror.c, gl/tests/test-perror2.c, gl/tests/test-pipe.c, gl/tests/test-read-file.c, gl/tests/test-recv.c, gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c, gl/tests/test-select.c, gl/tests/test-select.h, gl/tests/test-send.c, gl/tests/test-sendto.c, gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c, gl/tests/test-signal-h.c, gl/tests/test-snprintf.c, gl/tests/test-sockets.c, gl/tests/test-stat.c, gl/tests/test-stat.h, gl/tests/test-stdalign.c, gl/tests/test-stdbool.c, gl/tests/test-stddef.c, gl/tests/test-stdint.c, gl/tests/test-stdio.c, gl/tests/test-stdlib.c, gl/tests/test-strerror.c, gl/tests/test-strerror_r.c, gl/tests/test-string.c, gl/tests/test-strings.c, gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c, gl/tests/test-symlink.c, gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c, gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h, gl/tests/test-time.c, gl/tests/test-u64.c, gl/tests/test-unistd.c, gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh, gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c, gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk, src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c, src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4, src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4, src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4, src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4, src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4, src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h, src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h, src/gl/parse-datetime.h, src/gl/parse-datetime.y, src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c, src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c, src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c: updated gnulib 2014-02-28 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0 when they are available in TLS1.0 2014-02-28 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: The default priority is reset to NORMAL 2014-02-28 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Revert "the default priorities are reset to be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463. 2014-02-28 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: mention SHA384 as MAC option 2014-02-28 Nikos Mavrogiannopoulos * src/cli-args.def, src/serv-args.def: documented the defaults 2014-02-28 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: the default priorities are reset to be NORMAL. Reported by Manuel Pégourié-Gonnard. 2014-02-28 Nikos Mavrogiannopoulos * src/serv-args.def: Add required priorities 2014-02-27 Nikos Mavrogiannopoulos * lib/x509/verify.c: Preinitialize values; suggested by Sebastian Krahmer and Tomas Hoger. 2014-02-27 Nikos Mavrogiannopoulos * lib/x509/verify.c: added doc on is_issuer() checks 2014-02-26 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: removed not trusted message; reported by Michel Briand. 2014-02-26 Nikos Mavrogiannopoulos * tests/chainverify.c: updated for verification updates 2014-02-25 Nikos Mavrogiannopoulos * lib/x509/verify.c: Updated verification function 2014-02-22 Jens Lechtenboerger * src/cli-args.def, src/cli.c: New option --stricttofu for gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon certificate changes. I added the option --stricttofu that omits the question and fails instead. The contribution is in accordance to the "Developer's Certificate of Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger 2014-02-22 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: moved priorities check to the first call only. 2014-02-21 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: removed duplicate definition; reported by Dennis Philipps. 2014-02-21 Nikos Mavrogiannopoulos * doc/README.CODING_STYLE: updated coding style 2014-02-20 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-20 Nikos Mavrogiannopoulos * tests/cert-tests/template-nc.pem: added cert 2014-02-20 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: corrected check 2014-02-20 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout values 2014-02-20 Nikos Mavrogiannopoulos * tests/suite/testdane: updated 2014-02-20 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-20 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: When appending a name, ensure that we append to the end of the list. 2014-02-20 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: use gnutls_free() 2014-02-20 Nikos Mavrogiannopoulos * src/certtool-args.def: corrected email in texi 2014-02-20 Attila Molnar * lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add resistance against guessing usernames When a client tries to authenticate using an unknown username, instead of generating a random salt every time, generate the salt based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use the same seed after a restart. A random seed is generated for each newly allocated SRP server credentials structure, meaning that applications not using the new API to set the seed continue to work and gain limited advantage (because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar 2014-02-20 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: small artistic changes 2014-02-20 Nikos Mavrogiannopoulos * lib/x509/verify.c: check against the success value 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use bool types when needed. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/verify.c: ensure failure when parsing fails. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: allow ip address as constraint 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/verify.c: Added check for IPaddress 2014-02-19 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-19 Nikos Mavrogiannopoulos * tests/chainverify.c: Added tests for name constraints addition. 2014-02-19 Nikos Mavrogiannopoulos * src/certtool.c: better error printing 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/extensions.c: corrected empty name check 2014-02-19 Nikos Mavrogiannopoulos * tests/cert-tests/template-nc.pem, tests/cert-tests/template-nc.tmpl: Updated test for name constraints to include empty constraints names. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/output.c: pretty print empty DNSnames 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/name_constraints.c: _gnutls_x509_read_value() can now read empty values. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/extensions.c: Allow empty names. 2014-02-19 Nikos Mavrogiannopoulos * src/certtool-cfg.c: removed debugging 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/extensions.c: Added check for null 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: If alternative names are found, don't bother checking the DN. 2014-02-19 Nikos Mavrogiannopoulos * tests/suite/certs/create-chain.sh: Added tool to create a certificate chain 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/output.c: properly indent name constraints 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/x509.c: _gnutls_parse_general_name2() will return the expected data 2014-02-19 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c, tests/cert-tests/Makefile.am, tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test: certtool allows setting name constraints. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed false warnings 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/verify.c: simplify names 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c, lib/x509/verify.c: Verify name constraints. 2014-02-19 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/name_constraints.c: Added gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a certificate. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c, tests/name-constraints.c, tests/suppressions.valgrind: Added support for e-mail constraints. 2014-02-19 Nikos Mavrogiannopoulos * tests/name-constraints.c: Added more constraints tests for unsupported structures. 2014-02-19 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: Corrected check for present constraints in unsupported types. 2014-02-18 Nikos Mavrogiannopoulos * doc/examples/ex-ocsp-client.c: fix small leak 2014-02-18 Nikos Mavrogiannopoulos * src/ocsptool.c: When verifying a response and a signer isn't provided assume that the signer is the issuer. 2014-02-18 Nikos Mavrogiannopoulos * src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c, src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP check if it is available on the reply. 2014-02-18 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: properly deinitialize name constraints structure. 2014-02-18 Nikos Mavrogiannopoulos * doc/examples/ex-ocsp-client.c: Verify in example that the sent nonce matches the received nonce. Reported by Benny Baumann. 2014-02-18 Nikos Mavrogiannopoulos * tests/name-constraints.c: Added missing file 2014-02-17 Nikos Mavrogiannopoulos * lib/priority_options.gperf: priority string flag VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy 2014-02-18 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the handshake timers when gnutls_handshake() is called. 2014-02-18 Nikos Mavrogiannopoulos * tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to catch a timeout issue in handshake(). 2014-02-18 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: doc update 2014-02-18 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow multiple flags in gnutls_x509_crt_get_name_constraints() 2014-02-18 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: Do not deinitialize the constraints structure when reading the constraints fails. 2014-02-18 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c, lib/x509/output.c: Allow appending name constraints. 2014-02-18 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow setting a non-critical name-constraints extension. 2014-02-18 Nikos Mavrogiannopoulos * lib/x509/name_constraints.c: better checking of unsupported constraints. 2014-02-17 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-13 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c, lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h, tests/Makefile.am: Added support for name constraints X.509 extension. This allows to generate and read the name constraints extension, as well as check against the DNSNAME value. 2014-02-15 Nikos Mavrogiannopoulos * configure.ac: depend on p11-kit 0.20.0 or later 2014-02-15 Nikos Mavrogiannopoulos * tests/chainverify.c: changed names for clarity 2014-02-15 Nikos Mavrogiannopoulos * lib/gnutls_pcert.c: Corrected bug in gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if gnutls_x509_crt_list_import() would fail with the provided data. Reported by Dmitriy Anisimkov. 2014-02-14 Nikos Mavrogiannopoulos * tests/suppressions.valgrind: corrected suppressions file 2014-02-14 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h: do not mention GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation 2014-02-14 Nikos Mavrogiannopoulos * lib/gnutls_priority.c, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c, tests/chainverify.c: removed deprecated flag 2014-02-13 Nikos Mavrogiannopoulos * doc/latex/cover.tex: added Ted 2014-02-13 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests. 2014-02-13 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: set value to null after releasing 2014-02-13 Nikos Mavrogiannopoulos * tests/slow/keygen.c: generate keys in the acceptable sizes in FIPS140 mode 2014-02-13 Nikos Mavrogiannopoulos * tests/crq_key_id.c: generate 2048 bit keys in RSA mode 2014-02-13 Nikos Mavrogiannopoulos * lib/x509/x509.c, lib/x509/x509_int.h: Added _gnutls_parse_general_name2() 2014-02-13 Nikos Mavrogiannopoulos * lib/x509/common.c: ensure that _gnutls_x509_read_value works as documented. 2014-02-13 Nikos Mavrogiannopoulos * lib/x509/verify.c: ensure that the issuer in present in a trusted module. 2014-02-13 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag GNUTLS_PKCS11_TOKEN_TRUSTED_UINT 2014-02-13 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags(). 2014-02-13 Nikos Mavrogiannopoulos * lib/x509/verify.c: Use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only trusted modules are used. 2014-02-13 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h: Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a marked as trusted PKCS #11 module. The marking is done on p11-kit configuration. 2014-02-13 Nikos Mavrogiannopoulos * lib/pkcs11.c: mark trusted p11-kit modules as trusted. 2014-02-12 Marcus Meissner * src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket() for the ipv6 address fails, this loop would fail and abort the socket listen code. Signed-off-by: Nikos Mavrogiannopoulos 2014-02-12 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch. 2014-02-12 Nikos Mavrogiannopoulos * tests/chainverify.c: Added test for pathlen constraints. 2014-02-12 Nikos Mavrogiannopoulos * tests/chainverify.c: Added check for v1 intermediate CA certificate 2014-02-12 Nikos Mavrogiannopoulos * lib/x509/verify.c: Fix bug that prevented the rejection of v1 intermediate CA certificates. Reported by Suman Jana. 2014-02-12 Nikos Mavrogiannopoulos * lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function 2014-02-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-02-11 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer timestamps for serial numbers. 2014-02-10 Nikos Mavrogiannopoulos * maint.mk: updated indent cmd 2014-02-10 Nikos Mavrogiannopoulos * cfg.mk: corrected indent parameters 2014-02-10 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-cbc-x86-aesni.c, lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h: do not redefine the _gnutls_x86_cpuid_s symbol 2014-02-07 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the security levels of PFS, SECURE128 and SECURE192 keywords. 2014-02-07 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: reduced security levels of SECURE128 and SECURE192 strings. 2014-02-06 Nikos Mavrogiannopoulos * tests/mini-record-2.c: only test libz if it is available 2014-02-06 Nikos Mavrogiannopoulos * tests/mini-record-2.c: check errors from gnutls_priority_set_direct(). 2014-02-06 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: doc update 2014-02-06 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: increased the interval between reading /dev/urandom 2014-02-05 Nikos Mavrogiannopoulos * po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP. 2014-02-05 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c, src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass certtool option to allow asking for passwords even when in batch mode. 2014-02-05 Nikos Mavrogiannopoulos * src/certtool-common.c: use newlines in error printing 2014-02-03 Nikos Mavrogiannopoulos * lib/x509/verify.c: when using a PKCS #11 module for verification ensure that it has been marked a trusted module in p11-kit. 2014-02-03 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain p11-kit's P11_KIT_MODULE_TRUSTED flag. 2014-02-03 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: use macros to set the level. 2014-02-02 Nikos Mavrogiannopoulos * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated reference manual to remove individual indexes that were not working. 2014-02-02 Nikos Mavrogiannopoulos * tests/suite/ciphersuite/test-ciphersuites.sh: corrected test-ciphersuites.sh test 2014-02-02 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: consider the initial keyword set even when it's set to NONE. 2014-02-02 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: When two initial keywords are specified then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as SECURE256:+SECURE128. 2014-02-01 Nikos Mavrogiannopoulos * lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting multiple initial keywords in a priority string, the security level set is the one of the lowest security. 2014-02-01 Nikos Mavrogiannopoulos * lib/x509/verify.c: better wording 2014-02-01 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected bug in DH exponent size calculation. 2014-02-01 Nikos Mavrogiannopoulos * lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC extension. This is an extension that is defined to be sent by the client but there are servers that include it as well. Most other implementations tolerate this behavior so we do. 2014-02-01 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: corrected typo 2014-01-31 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version requirements for all ciphersuites that are not GCM. 2014-01-31 Nikos Mavrogiannopoulos * lib/nettle/pk.c: return proper error on RSA key generation failure 2014-01-31 Nikos Mavrogiannopoulos * lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c: allow a missing u 2014-01-31 Nikos Mavrogiannopoulos * lib/gnutls_hash_int.c: Added sanity check in hash_init() and mac_init(). 2014-01-31 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: use some kind of key continuity in the nonce RNG. 2014-01-30 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-30 Nikos Mavrogiannopoulos * lib/x509/privkey.c: when importing public keys set the correct algorithm. 2014-01-30 Nikos Mavrogiannopoulos * lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX by one byte 2014-01-30 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: corrected calculation 2014-01-30 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: corrected prototype 2014-01-29 Nikos Mavrogiannopoulos * lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c, lib/nettle/pk.c: Added FIPS184-4 RSA key generation. 2014-01-28 Nikos Mavrogiannopoulos * lib/gnutls_db.c, lib/libgnutls.map: rename function 2014-01-28 Nikos Mavrogiannopoulos * lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_db_get_cache_expiration() 2014-01-28 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag. 2014-01-28 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-28 Nikos Mavrogiannopoulos * lib/nettle/pk.c: removed unused variables 2014-01-28 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added gnutls_pubkey_verify_params() and gnutls_privkey_verify_params(). 2014-01-28 Nikos Mavrogiannopoulos * lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c, lib/x509/privkey.c: Allow verification of public and private parameters. 2014-01-28 Nikos Mavrogiannopoulos * lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying keys. 2014-01-27 Nikos Mavrogiannopoulos * tests/resume.c: Added check for gnutls_db_check_entry_time(). 2014-01-27 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-27 Nikos Mavrogiannopoulos * lib/gnutls_db.c: correctly read the magic number and timestamp; report and patch by Jonathan Roudiere 2014-01-27 Nikos Mavrogiannopoulos * doc/scripts/getfuncs-map.pl: updated for new functions 2014-01-27 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962 gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw 2014-01-27 Nikos Mavrogiannopoulos * lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in, lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512 2014-01-27 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported function needed for fips test 2014-01-27 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c: compile missing file 2014-01-27 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: indented 2014-01-27 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: eliminated memory leak when generating a privvate key using gnutls_privkey_generate(). 2014-01-27 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw, gnutls_privkey_import_rsa_raw 2014-01-27 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected usage of privkey 2014-01-26 Nikos Mavrogiannopoulos * tests/suite/eagain, tests/suite/mini-eagain2.c: changed port number 2014-01-26 Nikos Mavrogiannopoulos * lib/x509/common.c: optimized string search in _oid2str table. 2014-01-26 Nikos Mavrogiannopoulos * lib/x509/dn.c: copyright update 2014-01-26 Nikos Mavrogiannopoulos * lib/x509/common.c: fixed null pointer derefence when printing a name and an LDAP description isn't present for the OID 2014-01-26 Nikos Mavrogiannopoulos * doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map 2014-01-26 Nikos Mavrogiannopoulos * Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior to release verify that the exported functions in the .map file match the headers. 2014-01-26 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported missing functions 2014-01-26 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported function 2014-01-26 Nikos Mavrogiannopoulos * lib/nettle/Makefile.am, lib/nettle/rnd-common.c, lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in FIPS140 mode. 2014-01-26 Nikos Mavrogiannopoulos * tests/mini-global-load.c: removed non-working test for static linking. 2014-01-26 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: use two separate mutexes for nonce and main rng. 2014-01-26 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-26 Nikos Mavrogiannopoulos * tests/rng-fork.c: increased the number of bytes requested by the RNG 2014-01-26 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: The AES-CTR-based nonce random number generator was replaced with salsa20. 2014-01-26 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2014-01-26 Nikos Mavrogiannopoulos * lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c, lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI function prototypes. 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated the prototype of _gnutls_mpi_div 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui, _gnutls_mpi_mul_ui 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated prototype of _gnutls_mpi_powm 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h, lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c, lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c, lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated mpi_scan macros 2014-01-26 Nikos Mavrogiannopoulos * lib/nettle/pk.c: reduced warnings 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set, _gnutls_mpi_set_ui,, _gnutls_mpi_copy 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c, lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of _gnutls_mpi_modm 2014-01-26 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and added _gnutls_mpi_init_multi 2014-01-25 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: reduced the number of system calls made during the random generator lock. 2014-01-25 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority string by default in examples (not yet). 2014-01-25 Nikos Mavrogiannopoulos * cross.mk: updated 2014-01-25 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats to avoid becoming a bottleneck on processes with many threads. 2014-01-24 Nikos Mavrogiannopoulos * src/common.h: corrected push/pull function setting 2014-01-24 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g() 2014-01-24 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: do not impose limits to index 2014-01-24 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c: Fixes in the Shawe-Taylor prime generation routine. 2014-01-24 Nikos Mavrogiannopoulos * lib/nettle/int/provable-prime.c: cleanups 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: increased seed length 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/provable-prime.c: cleanups 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/provable-prime.c: indented code 2014-01-23 Nikos Mavrogiannopoulos * lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that _gnutls_pk_params_copy makes a full duplicate. 2014-01-23 Nikos Mavrogiannopoulos * lib/includes/gnutls/abstract.h, lib/nettle/pk.c, lib/x509/privkey.c: Added macros to allow specifying a subgroup for DSA. 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys. 2014-01-23 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw: Added gnutls_privkey_get_pk_rsa_raw: Added 2014-01-23 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported more internal functions 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA keys. 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: Split the generation of keypair from the generation of parameters. 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and _dsa_validate_dss_g, and other fixes in validation. 2014-01-23 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c: indented files 2014-01-22 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: corrected s check in _dsa_generate_dss_pq 2014-01-22 Nikos Mavrogiannopoulos * lib/nettle/int/dsa-keygen-fips186.c: fixed copyright 2014-01-22 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test vectors for the fixed implementation. 2014-01-22 Nikos Mavrogiannopoulos * lib/random.c: register FIPS140 random generator prior to initialization 2014-01-22 Nikos Mavrogiannopoulos * lib/libgnutls.map, lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number generator. 2014-01-20 Nikos Mavrogiannopoulos * lib/nettle/cipher.c: no point to fail on 3DES weak keys. 2014-01-20 Nikos Mavrogiannopoulos * lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes. 2014-01-20 Nikos Mavrogiannopoulos * lib/crypto-api.c: use a single context for all stream ciphers. 2014-01-20 Nikos Mavrogiannopoulos * lib/crypto-selftests.c: Added ARCFOUR-128 self test. 2014-01-20 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: always set subkey status 2014-01-20 Nikos Mavrogiannopoulos * tests/mini-dtls-record.c: small updates in mini-dtls-record 2014-01-20 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS 2014-01-20 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: simplified client hello generation 2014-01-19 Nikos Mavrogiannopoulos * lib/gnutls_int.h: %COMPAT implies %DUMBFW 2014-01-19 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization 2014-01-19 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: use a single buffer to generate the client hello. 2014-01-17 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-17 Nikos Mavrogiannopoulos * lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c, lib/random.c: The FIPS140 random number generator is enabled conditionally when required. 2014-01-17 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: removed duplicate function 2014-01-17 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng. 2014-01-17 Nikos Mavrogiannopoulos * lib/gnutls_global.c: use newline 2014-01-16 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: when freeing priority_cache make sure it is set to NULL 2014-01-16 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: Clarified version 2014-01-16 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h: gnutls_global_set_mem_functions was deprecated 2014-01-16 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded warning; all systems we support set this function. 2014-01-15 Nikos Mavrogiannopoulos * doc/Makefile.am: generate info documentation in a single file 2014-01-15 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in certificates is now replaced by the verification profiles. 2014-01-15 Nikos Mavrogiannopoulos * lib/gnutls_int.h: no need to set profile to LOW as it is already the default 2014-01-15 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY macro 2014-01-15 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-15 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: decreased certificate verification level to allow SHA1 as hash. 2014-01-15 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/x509/verify.c: When verifying a certificate's security level ensure that the hash is within the level 2014-01-15 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits() 2014-01-14 Nikos Mavrogiannopoulos * tests/cert-tests/complex-cert.pem: updated test for level rename 2014-01-14 Nikos Mavrogiannopoulos * tests/suppressions.valgrind: updated memxor3 suppression to cope with any usage of memxor3 2014-01-14 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: The correct priority will be used if SYSTEM is not specified. 2014-01-14 Nikos Mavrogiannopoulos * lib/x509/verify.c: do not immediately fail on verification failure due to insecure algorithm. 2014-01-14 Nikos Mavrogiannopoulos * tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use gnutls_priority_set_direct() to set a fixed priority string 2014-01-14 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: avoid allocation. 2014-01-14 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default priorities based on version number in examples, and add dependency on 3.1.0 2014-01-14 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, lib/gnutls_priority.c: changes in SYSTEM semantics to allow appending rules to the default policy. 2014-01-14 Nikos Mavrogiannopoulos * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used to read the priorities. That can be used to impose system specific policies. 2014-01-14 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Weak sec-param was replaced with Low. 2014-01-14 Nikos Mavrogiannopoulos * tests/sec-params.c: updated sec-params check 2014-01-14 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-01-14 Nikos Mavrogiannopoulos * NEWS, src/certtool-common.c, src/serv.c: more updates for the security param rename 2014-01-14 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added test to check the expected values of security parameters. 2014-01-14 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update 2014-01-14 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: security levels aligned to ENISA and other common practice recommendations. 2014-01-14 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h, lib/priority_options.gperf, lib/x509/verify.c: GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string. Also when setting a PROFILE explicitly as priority string the session security level is adjusted accordingly. 2014-01-13 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2014-01-13 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/gnutls_priority.c, lib/priority_options.gperf: Use gperf to find priority string options. 2014-01-13 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: verification profiles can be set individually as well. 2014-01-13 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc update 2014-01-13 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: increased the overall security level unless %COMPAT is specified. 2014-01-13 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate verification profiles when setting priority strings 2014-01-13 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c: Added certificate verification profiles. 2014-01-10 Nikos Mavrogiannopoulos * lib/x509/verify.c: simplified _gnutls_verify_certificate2(). 2014-01-10 Nikos Mavrogiannopoulos * lib/x509/verify.c: consistency changes. 2014-01-11 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact description. 2014-01-11 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-11 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the RDN sequence. This flag is for now only useful internally in gnutls. 2014-01-11 Nikos Mavrogiannopoulos * tests/x509dn.c: simplified x509dn 2014-01-11 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: doc update 2014-01-11 Nikos Mavrogiannopoulos * tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced set_pkcs12_cred test. 2014-01-09 Nikos Mavrogiannopoulos * NEWS, lib/pkcs11.c: doc update 2014-01-08 Daniel Kahn Gillmor * src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only servers Without this patch, a TLS 1.2-only server will not be properly investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key --x509certfile=server/x509.pem --priority 'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556 localhost Resolving 'localhost'... Connecting to '::1:5556'... Checking for SSL 3.0 support... no Checking whether %COMPAT is required... yes Checking for TLS 1.0 support... no Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.2 support... yes Checking whether we need to disable TLS 1.2... N/A Checking whether we need to disable TLS 1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0 dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos 2014-01-06 Nils Maier * lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first full packet before setting priv->expect_cstatus = 0, or else CERTIFCATE STATUS packets won't be processed in subsequent calls at all, leaving them in the buffer and therefore causing later connection aborts. Signed-off-by: Nikos Mavrogiannopoulos 2014-01-04 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when looking for a trusted certificate. 2014-01-04 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: simplified gnutls_certificate_set_x509_crl_file/mem. 2014-01-04 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: simplified gnutls_certificate_set_x509_trust_file/mem. 2014-01-04 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: use gnutls_strdup 2014-01-03 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-01 Nikos Mavrogiannopoulos * tests/Makefile.am: mini-record-2 movedto front. 2014-01-03 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: removed debugging 2014-01-03 Nikos Mavrogiannopoulos * lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust and distrust (blacklists). 2014-01-02 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists() 2014-01-02 Nikos Mavrogiannopoulos * lib/pkcs11.c: more sensible names in find data private structures. 2014-01-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-02 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if GNUTLS_PKCS11_ISSUER_ANY is not specified. 2014-01-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-02 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: unified PKCS#11 debug messages 2014-01-02 Nikos Mavrogiannopoulos * configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h, lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h: Updated PKCS #11 support for gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of importing all CAs. That way it allows verification on the spot without requiring the gnutls to restart in case of a blacklisted CA. 2014-01-02 Nikos Mavrogiannopoulos * NEWS: doc update 2014-01-01 Nikos Mavrogiannopoulos * src/p11tool-args.def: Added documentation for force autogen to generate correct texinfo code. 2013-12-31 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-30 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-29 Nikos Mavrogiannopoulos * tests/resume-dtls.c, tests/resume.c: resume tests will not block if they fail 2013-12-29 Nikos Mavrogiannopoulos * lib/gnutls_global.c: moved constructor definitions to macros to allow easier extensions to other systems. 2013-12-29 Nikos Mavrogiannopoulos * tests/rng-fork.c: perform the iteration check on both rngs. 2013-12-29 Nikos Mavrogiannopoulos * tests/suppressions.valgrind: Add suppression for nettle's memxor3 2013-12-29 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-29 Nikos Mavrogiannopoulos * tests/mini-dtls-record.c: updated 2013-12-29 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on the current size of the client hello. 2013-12-29 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c: doc update 2013-12-28 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c: do not pad when the client hello size is sufficiently small. 2013-12-28 Nikos Mavrogiannopoulos * lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw padding if the hello data are already too long. 2013-12-28 Nikos Mavrogiannopoulos * lib/Makefile.am: export only xssl symbols; small patch by Andreas Metzler. 2013-12-26 Gustavo Zacarias * src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias 2013-12-25 Nikos Mavrogiannopoulos * lib/nettle/pk.c: limit the size of the DH exponent 2013-12-25 Nikos Mavrogiannopoulos * lib/nettle/pk.c: unified constants 2013-12-25 Nikos Mavrogiannopoulos * tests/fips-test.c: Do not run the fips-test when not in fips mode 2013-12-25 Nikos Mavrogiannopoulos * lib/ext/session_ticket.c, lib/ext/status_request.c, lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h: simplified gnutls_handshake_alloc 2013-12-23 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: do not specify a default class when searching for objects to delete This fixed issue when trying to delete all the keys in a token by using the token URL. 2013-12-23 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login flag to force security office login to the card 2013-12-23 Nikos Mavrogiannopoulos * src/pkcs11.c: updated txt 2013-12-23 Nikos Mavrogiannopoulos * src/pkcs11.c: print warning when no token name is provided 2013-12-23 Nikos Mavrogiannopoulos * lib/x509/common.c: Added userPrincipalName 2013-12-23 Nikos Mavrogiannopoulos * libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the parameter is ignored. 2013-12-23 Nikos Mavrogiannopoulos * src/cli.c: corrected key ID size check 2013-12-23 Nikos Mavrogiannopoulos * configure.ac: Ported Alon's patch to correctly check for librt (et al.) This also makes clock_gettime() check independent of the FIPS140 option. 2013-12-22 Nikos Mavrogiannopoulos * src/p11tool-args.def: Added aliases list-privkeys and list-keys 2013-12-21 Nikos Mavrogiannopoulos * lib/system.c: undefine select as well in win32 2013-12-21 Nikos Mavrogiannopoulos * tests/mini-dtls-large.c, tests/mini-dtls-record.c, tests/mini-handshake-timeout.c: corrected some tests to operate silently under valgrind 2013-12-21 Nikos Mavrogiannopoulos * tests/mpi.c, tests/x509cert-tl.c: corrected leaks 2013-12-21 Nikos Mavrogiannopoulos * lib/system.c: do not use the gnulib wrappers in win32 2013-12-21 Nikos Mavrogiannopoulos * src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly set the gnulib functions for recv and send. 2013-12-21 Nikos Mavrogiannopoulos * lib/accelerated/x86/elf/cpuid-x86_64.s: updated 2013-12-21 Nikos Mavrogiannopoulos * tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some time. 2013-12-21 Nikos Mavrogiannopoulos * tests/x509cert-tl.c: corrected check 2013-12-21 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: removed debugging 2013-12-21 Nikos Mavrogiannopoulos * tests/pkcs12_s2k.c: corrected paths 2013-12-21 Nikos Mavrogiannopoulos * lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c: pkcs11_get_random was renamed 2013-12-21 Nikos Mavrogiannopoulos * lib/accelerated/x86/coff/aes-ssse3-x86.s, lib/accelerated/x86/coff/aes-ssse3-x86_64.s, lib/accelerated/x86/coff/aesni-x86.s, lib/accelerated/x86/coff/aesni-x86_64.s, lib/accelerated/x86/coff/cpuid-x86.s, lib/accelerated/x86/coff/cpuid-x86_64.s, lib/accelerated/x86/coff/e_padlock-x86.s, lib/accelerated/x86/coff/e_padlock-x86_64.s, lib/accelerated/x86/coff/ghash-x86_64.s, lib/accelerated/x86/coff/sha1-ssse3-x86.s, lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, lib/accelerated/x86/coff/sha256-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, lib/accelerated/x86/elf/aes-ssse3-x86.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/cpuid-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/ghash-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, lib/accelerated/x86/macosx/aes-ssse3-x86.s, lib/accelerated/x86/macosx/aes-ssse3-x86_64.s, lib/accelerated/x86/macosx/aesni-x86.s, lib/accelerated/x86/macosx/aesni-x86_64.s, lib/accelerated/x86/macosx/cpuid-x86.s, lib/accelerated/x86/macosx/cpuid-x86_64.s, lib/accelerated/x86/macosx/e_padlock-x86.s, lib/accelerated/x86/macosx/e_padlock-x86_64.s, lib/accelerated/x86/macosx/ghash-x86_64.s, lib/accelerated/x86/macosx/sha1-ssse3-x86.s, lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, lib/accelerated/x86/macosx/sha256-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected generated files 2013-12-21 Nikos Mavrogiannopoulos * cfg.mk: correctly generate asm sources 2013-12-21 Nikos Mavrogiannopoulos * cfg.mk: gnu note for stack only used in ELF 2013-12-21 Nikos Mavrogiannopoulos * lib/accelerated/x86/coff/openssl-cpuid-x86.s, lib/accelerated/x86/coff/openssl-cpuid-x86_64.s, lib/accelerated/x86/macosx/openssl-cpuid-x86.s, lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused files 2013-12-21 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/accelerated/Makefile.am, lib/accelerated/accelerated.c: Improved nettle check for registration of accelerated ciphers. 2013-12-21 Nikos Mavrogiannopoulos * lib/accelerated/x86/Makefile.am: use the correct sources in win32 systems 2013-12-20 Nikos Mavrogiannopoulos * lib/Makefile.am: simplified deps 2013-12-20 Nikos Mavrogiannopoulos * lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am 2013-12-18 Nikos Mavrogiannopoulos * tests/suite/testdane: updated danetool 2013-12-18 Nikos Mavrogiannopoulos * lib/algorithms/ecc.c: changed default to 256R1 2013-12-18 Nikos Mavrogiannopoulos * src/serv-args.def: doc update 2013-12-17 Nikos Mavrogiannopoulos * lib/Makefile.am: the accelerated library is depending on nettle being present 2013-12-17 Nikos Mavrogiannopoulos * src/certtool-args.def: doc update 2013-12-17 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: updated to account the file format p11-kit expects 2013-12-16 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-16 Nikos Mavrogiannopoulos * devel/openssl: restricted submodule to a specific version 2013-12-16 Nikos Mavrogiannopoulos * .gitignore, cfg.mk: bootstrap will initialize the submodules 2013-12-16 Nikos Mavrogiannopoulos * lib/accelerated/x86/coff/aes-ssse3-x86_64.s, lib/accelerated/x86/coff/aesni-x86_64.s, lib/accelerated/x86/coff/e_padlock-x86_64.s, lib/accelerated/x86/coff/ghash-x86_64.s, lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/macosx/aes-ssse3-x86_64.s, lib/accelerated/x86/macosx/aesni-x86_64.s, lib/accelerated/x86/macosx/e_padlock-x86_64.s, lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files 2013-12-16 Nikos Mavrogiannopoulos * .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl, devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl, devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl, devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl, devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl, devel/perlasm/openssl-cpuid-x86.pl.license, devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl, devel/perlasm/sha1-ssse3-x86_64.pl, devel/perlasm/sha256-ssse3-x86.pl, devel/perlasm/sha512-ssse3-x86.pl, devel/perlasm/sha512-ssse3-x86_64.pl, devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl, devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl, devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl using git submodule 2013-12-16 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-16 Nikos Mavrogiannopoulos * configure.ac, lib/system.c: Added configure option --with-default-blacklist-file This option allows to specify a file containing blacklisted certificates. 2013-12-16 Nikos Mavrogiannopoulos * lib/x509/verify-high.c, lib/x509/verify-high2.c: gnutls_x509_trust_list_remove_cas() and derivatives will utilize a black list. When a CA or certificate is removed from the trusted list, it is also added in a blacklist to ensure that it will not be accepted due to interdependency (e.g., it is a subordinate CA), or because it is not a CA. 2013-12-16 Nikos Mavrogiannopoulos * lib/x509/verify-high2.c: Corrected documentation for gnutls_x509_trust_list_add_trust_* 2013-12-16 Nikos Mavrogiannopoulos * lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed in gnutls_pkcs11_reinit. 2013-12-16 Nikos Mavrogiannopoulos * lib/nettle/mac.c: Avoid verbose logging 2013-12-15 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: use better definitions 2013-12-15 Nikos Mavrogiannopoulos * tests/mini-cert-status.c: doc update 2013-12-15 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-15 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers provided to crypto backend are ensured to be 16-byte aligned (except the ones provided by the user). That increases performance in several crypto accelerators. 2013-12-15 Nikos Mavrogiannopoulos * tests/mini-dtls-large.c: updated to correspond to new fail() 2013-12-15 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified _mbuffer_alloc 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-cbc-x86-aesni.c, lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86-aesni.c, lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c, lib/accelerated/x86/hmac-x86-ssse3.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h, lib/accelerated/x86/x86-common.c: reorganized source files. 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-gcm-x86-aesni.c, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when AESNI is available without PCLMUL, then use AES-NI in GCM. 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/accelerated/x86/aes-x86.c: addressed warning 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over AESNI 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/Makefile.am, lib/accelerated/x86/{hmac-x86.c => hmac-x86-ssse3.c}, lib/accelerated/x86/{sha-x86.c => sha-x86-ssse3.c}: use better names for files 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/hmac-padlock.c: zeroize keys 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/Makefile.am, lib/accelerated/x86/{aes-gcm-x86.c => aes-gcm-x86-pclmul.c}, lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c, lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When PCLMUL isn't available use the SSSE3 implementation of AES to optimize GCM. 2013-12-14 Nikos Mavrogiannopoulos * src/benchmark-tls.c: removed UMAC ciphersuites from benchmark 2013-12-14 Nikos Mavrogiannopoulos * src/benchmark-tls.c: removed the estream ciphersuites from benchmarks 2013-12-14 Nikos Mavrogiannopoulos * cfg.mk, devel/perlasm/aes-ssse3-x86.pl, devel/perlasm/aes-ssse3-x86.pl.license, devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aes-ssse3-x86_64.pl.license, devel/perlasm/aesni-x86.pl.license, devel/perlasm/aesni-x86_64.pl.license, devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license, devel/perlasm/cpuid-x86_64.pl.license, devel/perlasm/e_padlock-x86.pl.license, devel/perlasm/e_padlock-x86_64.pl.license, devel/perlasm/ghash-x86.pl.license, devel/perlasm/ghash-x86_64.pl.license, devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt, devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license, devel/perlasm/openssl-cpuid-x86.pl.license, devel/perlasm/ppc-xlate.pl.license, devel/perlasm/sha1-ssse3-x86.pl.license, devel/perlasm/sha1-ssse3-x86_64.pl.license, devel/perlasm/sha256-ssse3-x86.pl.license, devel/perlasm/sha512-ssse3-x86.pl.license, devel/perlasm/sha512-ssse3-x86_64.pl.license, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/coff/aes-ssse3-x86.s, lib/accelerated/x86/coff/aes-ssse3-x86_64.s, lib/accelerated/x86/coff/aesni-x86.s, lib/accelerated/x86/coff/aesni-x86_64.s, lib/accelerated/x86/coff/cpuid-x86.s, lib/accelerated/x86/coff/cpuid-x86_64.s, lib/accelerated/x86/coff/e_padlock-x86.s, lib/accelerated/x86/coff/e_padlock-x86_64.s, lib/accelerated/x86/coff/ghash-x86_64.s, lib/accelerated/x86/coff/sha1-ssse3-x86.s, lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, lib/accelerated/x86/coff/sha256-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, lib/accelerated/x86/elf/aes-ssse3-x86.s, lib/accelerated/x86/elf/aes-ssse3-x86_64.s, lib/accelerated/x86/elf/aesni-x86.s, lib/accelerated/x86/elf/aesni-x86_64.s, lib/accelerated/x86/elf/cpuid-x86.s, lib/accelerated/x86/elf/cpuid-x86_64.s, lib/accelerated/x86/elf/e_padlock-x86.s, lib/accelerated/x86/elf/e_padlock-x86_64.s, lib/accelerated/x86/elf/ghash-x86_64.s, lib/accelerated/x86/elf/sha1-ssse3-x86.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt, lib/accelerated/x86/macosx/aes-ssse3-x86.s, lib/accelerated/x86/macosx/aes-ssse3-x86_64.s, lib/accelerated/x86/macosx/aesni-x86.s, lib/accelerated/x86/macosx/aesni-x86_64.s, lib/accelerated/x86/macosx/cpuid-x86.s, lib/accelerated/x86/macosx/cpuid-x86_64.s, lib/accelerated/x86/macosx/e_padlock-x86.s, lib/accelerated/x86/macosx/e_padlock-x86_64.s, lib/accelerated/x86/macosx/ghash-x86_64.s, lib/accelerated/x86/macosx/sha1-ssse3-x86.s, lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, lib/accelerated/x86/macosx/sha256-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike Hamburg's SSSE3 AES implementation. 2013-12-14 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: doc update 2013-12-14 Nikos Mavrogiannopoulos * cfg.mk, devel/perlasm/openssl-cpuid-x86.pl, devel/perlasm/sha1-ssse3-x86.pl, devel/perlasm/sha1-ssse3-x86_64.pl, devel/perlasm/sha256-ssse3-x86.pl, devel/perlasm/sha512-ssse3-x86.pl, devel/perlasm/sha512-ssse3-x86_64.pl, lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/coff/{appro-aes-x86-coff.s => aesni-x86.s}, lib/accelerated/x86/coff/{appro-aes-x86-64-coff.s => aesni-x86_64.s}, lib/accelerated/x86/coff/{cpuid-x86-coff.s => cpuid-x86.s}, lib/accelerated/x86/coff/{cpuid-x86-64-coff.s => cpuid-x86_64.s}, lib/accelerated/x86/coff/{padlock-x86-coff.s => e_padlock-x86.s}, lib/accelerated/x86/coff/{padlock-x86-64-coff.s => e_padlock-x86_64.s}, lib/accelerated/x86/coff/{appro-aes-gcm-x86-64-coff.s => ghash-x86_64.s}, lib/accelerated/x86/coff/openssl-cpuid-x86.s, lib/accelerated/x86/coff/openssl-cpuid-x86_64.s, lib/accelerated/x86/coff/sha1-ssse3-x86.s, lib/accelerated/x86/coff/sha1-ssse3-x86_64.s, lib/accelerated/x86/coff/sha256-avx-x86_64.s, lib/accelerated/x86/coff/sha256-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86.s, lib/accelerated/x86/coff/sha512-ssse3-x86_64.s, lib/accelerated/x86/elf/{appro-aes-x86.s => aesni-x86.s}, lib/accelerated/x86/elf/{appro-aes-x86-64.s => aesni-x86_64.s}, lib/accelerated/x86/elf/{cpuid-x86-64.s => cpuid-x86_64.s}, lib/accelerated/x86/elf/{padlock-x86.s => e_padlock-x86.s}, lib/accelerated/x86/elf/{padlock-x86-64.s => e_padlock-x86_64.s}, lib/accelerated/x86/elf/{appro-aes-gcm-x86-64.s => ghash-x86_64.s}, lib/accelerated/x86/elf/sha1-ssse3-x86.s, lib/accelerated/x86/elf/sha1-ssse3-x86_64.s, lib/accelerated/x86/elf/sha256-avx-x86_64.s, lib/accelerated/x86/elf/sha256-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86.s, lib/accelerated/x86/elf/sha512-ssse3-x86_64.s, lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c, lib/accelerated/x86/macosx/{appro-aes-x86-macosx.s => aesni-x86.s}, lib/accelerated/x86/macosx/{appro-aes-x86-64-macosx.s => aesni-x86_64.s}, lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s, lib/accelerated/x86/macosx/cpuid-x86-macosx.s, lib/accelerated/x86/macosx/cpuid-x86.s, lib/accelerated/x86/macosx/cpuid-x86_64.s, lib/accelerated/x86/macosx/{padlock-x86-macosx.s => e_padlock-x86.s}, lib/accelerated/x86/macosx/{padlock-x86-64-macosx.s => e_padlock-x86_64.s}, lib/accelerated/x86/macosx/{appro-aes-gcm-x86-64-macosx.s => ghash-x86_64.s}, lib/accelerated/x86/macosx/openssl-cpuid-x86.s, lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s, lib/accelerated/x86/macosx/sha1-ssse3-x86.s, lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s, lib/accelerated/x86/macosx/sha256-avx-x86_64.s, lib/accelerated/x86/macosx/sha256-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86.s, lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s, lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA implementations 2013-12-14 Nikos Mavrogiannopoulos * lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h: Utilize the optimized SHA functions in Padlock HMAC. 2013-12-14 Nikos Mavrogiannopoulos * src/Makefile.am: use a single BUILT_SOURCES 2012-05-03 Patrick Pelletier * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi, doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c, lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def: minor phrasing improvements in docs 2013-12-14 Nikos Mavrogiannopoulos * src/Makefile.am: Added auto-generated files in BUILT_SOURCES 2013-12-13 Jared Wong * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i < line_size. All checks were being done where the line_size check was done last. This allows data to be read from one past teh end of the line buffer. In C, accessing data outside of an array is undefined behavior and may cause yet known problems. Additionally, the compiler may end up making some unreasonable assumptions under the pretense that the programmer is never wrong and would not access data outside of the array. 2013-12-13 Nikos Mavrogiannopoulos * src/libopts/m4/libopts.m4: Avoid conditional generation of Makefile 2013-12-12 Nikos Mavrogiannopoulos * lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well. 2013-12-12 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-12 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported function 2013-12-12 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked. 2013-12-12 Nikos Mavrogiannopoulos * Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided gnu-ism in Makefiles 2013-12-11 Nikos Mavrogiannopoulos * lib/gnutls_global.c: simplified logic 2013-12-11 Nikos Mavrogiannopoulos * lib/fips.c: Correctly detect the FIPS140-2 HMAC file. 2013-12-09 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the exported pkcs11 functions initialize PKCS #11. 2013-12-09 Nikos Mavrogiannopoulos * lib/pkcs11.c: fixes in PKCS #11 initialization 2013-12-09 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: provide imprecise time as gmt time. 2013-12-09 Nikos Mavrogiannopoulos * lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent auto-reinitialization. 2013-12-09 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: fully initialize the PKCS #11 subsystem only when it is needed to. 2013-12-09 Nikos Mavrogiannopoulos * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c, lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the full library if the system is not in FIPS mode. 2013-12-08 Nikos Mavrogiannopoulos * .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added check to verify that gnutls_global_init() is run on the library constructor. 2013-12-08 Nikos Mavrogiannopoulos * tests/global-init.c: converted to a simple check for gnutls_global_init() as gnutls_global_init2() will not be added. 2013-12-08 Nikos Mavrogiannopoulos * lib/pkcs11.c: call p11_kit_modules_load() with null argument. 2013-12-06 Nikos Mavrogiannopoulos * configure.ac: only use LT_INIT 2013-12-06 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-06 Nikos Mavrogiannopoulos * configure.ac: disable static library build by default 2013-12-05 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: gnutls_global_init2() is no longer exported. 2013-12-05 Nikos Mavrogiannopoulos * NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update 2013-12-05 Nikos Mavrogiannopoulos * lib/pkcs11.c: Added automatic reinitialization on fork() on the PKCS #11 subsystem. 2013-12-05 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h: PKCS #11 initialization is delayed until first use. 2013-12-04 Nikos Mavrogiannopoulos * NEWS: doc update 2013-12-04 Nikos Mavrogiannopoulos * lib/nettle/Makefile.am, lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: Use a DRBG-AES to generate nonces rather than the yarrow RNG. 2013-12-04 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: getpid() is conditionally used. 2013-12-04 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted auto-generated files 2013-12-04 Nikos Mavrogiannopoulos * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c, tests/fips-test.c: removed zombie mode, and no longer use fips140.h 2013-12-04 Nikos Mavrogiannopoulos * lib/includes/Makefile.am, lib/includes/gnutls/fips140.h, lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled to gnutls.h 2013-12-04 Nikos Mavrogiannopoulos * lib/fips.c: simplified func 2013-12-04 Nikos Mavrogiannopoulos * lib/crypto-api.c, lib/nettle/pk.c: corrected macros 2013-12-04 Nikos Mavrogiannopoulos * tests/rng-fork.c: Check whether the RNG can perform many iterations without error. 2013-12-04 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we exceed a number of iterations. 2013-12-04 Nikos Mavrogiannopoulos * lib/gnutls_global.c, lib/locks.h: do not deinitialize a static mutex to avoid any side-effects. 2013-11-30 Nikos Mavrogiannopoulos * lib/locks.h: re-initialize a deleted staticly initialized mutex 2013-11-30 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-30 Nikos Mavrogiannopoulos * lib/nettle/pk.c: Added hack for nettle's checks. 2013-11-30 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: adjusted parameters in normal level for DSA to match nettle's abilities. 2013-11-30 Nikos Mavrogiannopoulos * src/certtool.c: added newlines in error reporting 2013-11-30 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self tests when used from slow/cipher-test 2013-11-30 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-30 Nikos Mavrogiannopoulos * tests/global-init.c: updated test for the universal lib constructor 2013-11-30 Nikos Mavrogiannopoulos * lib/gnutls_global.c: removed deadlock from gnutls_global.c 2013-11-30 Nikos Mavrogiannopoulos * lib/fips.c, lib/gnutls_global.c: constructor and destructors were moved outside the FIPS140 mode. 2013-11-30 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even when not in FIPS140 mode. 2013-11-30 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c: fips140_simulate_error -> lib_simulate_error 2013-11-30 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: adjusted subgroup bits to be compatible with DSA requirements. 2013-11-30 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c, lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c, lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even when not in FIPS mode. 2013-11-30 Nikos Mavrogiannopoulos * : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c 2013-11-30 Nikos Mavrogiannopoulos * cross.mk: updated cross.mk 2013-11-30 Nikos Mavrogiannopoulos * src/common.c: removed usage of %zu. 2013-11-30 Nikos Mavrogiannopoulos * tests/mini-overhead.c: updated mini-overhead to account for the removal of salsa20+umac 2013-11-30 Nikos Mavrogiannopoulos * lib/system.h: Detect the presence of posix locks even without linked to libpthread. 2013-11-30 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests for camellia-gcm. 2013-11-30 Nikos Mavrogiannopoulos * configure.ac: remove bashism. 2013-11-29 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: doc update 2013-11-28 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API 2013-11-28 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: updated links in reference. Reported by Nico R. 2013-11-28 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API 2013-11-28 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: updated links in reference. Reported by Nico R. 2013-11-28 Nikos Mavrogiannopoulos * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: updated addresses and URLs. Reported by Nico R. 2013-11-28 Nikos Mavrogiannopoulos * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: updated addresses and URLs. Reported by Nico R. 2013-11-28 Nikos Mavrogiannopoulos * lib/fips.c, lib/gnutls_global.c: Added destructor and moved both *structors to fips.c 2013-11-28 Nikos Mavrogiannopoulos * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported by Ben de Graaff. 2013-11-28 Nikos Mavrogiannopoulos * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported by Ben de Graaff. 2013-11-28 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: Added ECDH known answer test. 2013-11-28 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for Diffie-Hellman key exchange. 2013-11-28 Nikos Mavrogiannopoulos * lib/nettle/pk.c: Added check to prevent generating a DH pubkey of 1. 2013-11-28 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c: compacted DH support files. 2013-11-28 Nikos Mavrogiannopoulos * lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as they are not needed. 2013-11-28 Nikos Mavrogiannopoulos * lib/x509/privkey.c: When checking the generated DSA params make sure that the data to be signed have the proper size. 2013-11-28 Nikos Mavrogiannopoulos * lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key functions. This allows handling DH key generation in the crypto backend files. 2013-11-28 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update 2013-11-28 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update 2013-11-28 Nikos Mavrogiannopoulos * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified DRBG-AES generator by using a counter (with an arbitrary initial value) as DT. 2013-11-28 Nikos Mavrogiannopoulos * lib/x509/privkey.c: Added pairwise constistency test on key generation. 2013-11-28 Nikos Mavrogiannopoulos * lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero 2013-11-27 Nikos Mavrogiannopoulos * doc/certtool.cfg: updated example certtool.cfg 2013-11-27 Nikos Mavrogiannopoulos * lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent a compiler optimizing out out calls. 2013-11-27 Nikos Mavrogiannopoulos * lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select DH and DSA key q size. 2013-11-27 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: corrected params for ULTRA level 2013-11-27 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-27 Nikos Mavrogiannopoulos * tests/mini-record-2.c: Re-run receiving tests on server side, to allow any valgrind errors to propagate to exit code. 2013-11-27 Nikos Mavrogiannopoulos * lib/fips.c: Perform an integrity check on all supporting libraries 2013-11-27 Nikos Mavrogiannopoulos * src/certtool.c: In FIPS mode the default cipher is AES. 2013-11-26 Nikos Mavrogiannopoulos * configure.ac: Do not link gnutls against librt unlress it is really necessary. 2013-11-26 Nikos Mavrogiannopoulos * configure.ac: checks FIPS-140 lib requirements, moved after clock_gettime() is checked for. 2013-11-25 Nikos Mavrogiannopoulos * lib/opencdk/armor.c: removed unused function 2013-11-25 Nikos Mavrogiannopoulos * lib/opencdk/pubkey.c: removed unused variable 2013-11-25 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, tests/mini-xssl.c, tests/pkcs12_simple.c: Skip tests that require the non-suiteb curves. 2013-11-25 Nikos Mavrogiannopoulos * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: _gnutls_privkey_decode_ecc_key() returns integers as error code to distinguish error conditions. 2013-11-25 Nikos Mavrogiannopoulos * configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1 curves). 2013-11-25 Nikos Mavrogiannopoulos * NEWS: updated 2013-11-25 Nikos Mavrogiannopoulos * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c, lib/nettle/pk.c, tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH parameter generator. 2013-11-25 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: removed unneeded newlines 2013-11-25 Nikos Mavrogiannopoulos * .gitignore: more files ignored 2013-11-25 Nikos Mavrogiannopoulos * configure.ac, lib/nettle/Makefile.am, lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h, lib/nettle/{ => int}/gcm-camellia.c, lib/nettle/{ => int}/gcm-camellia.h, lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls. 2013-11-25 Nikos Mavrogiannopoulos * tests/mini-record-2.c: Added deflate compression tests with AES-GCM in order to be tested in FIPS mode. 2013-11-25 Nikos Mavrogiannopoulos * lib/crypto-api.c: corrected comparison 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-api.c: Allow MD5 hash in zombie mode 2013-11-22 Nikos Mavrogiannopoulos * lib/gnutls_errors.h: fixed bug 2013-11-22 Nikos Mavrogiannopoulos * tests/Makefile.am: don't run openssl (md5) when in fips mode 2013-11-22 Nikos Mavrogiannopoulos * lib/fips.c, tests/fips-test.c: separate zombie mode from operational fips mode 2013-11-22 Nikos Mavrogiannopoulos * tests/fips-test.c: modified to account for zombie mode 2013-11-22 Nikos Mavrogiannopoulos * lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing in openssl keys. 2013-11-22 Nikos Mavrogiannopoulos * lib/x509/privkey_openssl.c: beautified table 2013-11-22 Nikos Mavrogiannopoulos * NEWS: added new functions 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: eliminated memory leak on PK self check. 2013-11-22 Nikos Mavrogiannopoulos * lib/gnutls_errors.c, lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c: Added gnutls_global_init2(). This allows initializing gnutls in a constructor in FIPS140 mode 2013-11-22 Nikos Mavrogiannopoulos * lib/fips.c: Added an audit message in self test failure 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error messages. 2013-11-22 Nikos Mavrogiannopoulos * lib/fips.c: binary integrity self test moved to end 2013-11-22 Nikos Mavrogiannopoulos * lib/gnutls_errors.h: simplified debugging levels. 2013-11-22 Nikos Mavrogiannopoulos * lib/x509_b64.c: silence some errors 2013-11-22 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: updated 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c: Better handling of FIPS140-2 initialization 2013-11-22 Nikos Mavrogiannopoulos * lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to determine which curves are available. 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c: gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140-2 mode. 2013-11-22 Nikos Mavrogiannopoulos * lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in FIPS mode. 2013-11-22 Nikos Mavrogiannopoulos * lib/nettle/pk.c: when using the rng() with a void option use the FIPS state to indicate errors. 2013-11-22 Nikos Mavrogiannopoulos * tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c, tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c, tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c: Restrict the number of tests run on FIPS140-2 mode. 2013-11-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In FIPS140-2 mode disable non-conformant ciphers, MAC and hash algorithms. 2013-11-20 Nikos Mavrogiannopoulos * lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c: Use nettle for the generation of DH group parameters. 2013-11-20 Nikos Mavrogiannopoulos * lib/nettle/pk.c: no need to memset. It should have been initialized. 2013-11-20 Nikos Mavrogiannopoulos * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem, tests/cert-tests/ca-no-pathlen.pem, tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do not involve the security level into the certificate comparisons. 2013-11-20 Nikos Mavrogiannopoulos * lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and DH keys. 2013-11-20 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: restricted combinations of security parameters in FIPS mode. 2013-11-19 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: removed the initialized static variable. 2013-11-19 Nikos Mavrogiannopoulos * lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c: Corrected _rnd_get_event(). 2013-11-19 Nikos Mavrogiannopoulos * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c, lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c: Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace _gnutls_mpi_mod(). 2013-11-18 Nikos Mavrogiannopoulos * tests/rng-fork.c: In rng_fork test all random generators. 2013-11-18 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: comments updated to conform to the modified version. 2013-11-18 Nikos Mavrogiannopoulos * lib/nettle/rnd-fips.c: removed external test functions 2013-11-15 Nikos Mavrogiannopoulos * .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c, lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c, lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported libgcrypt's AES-based DRBG. 2013-11-14 Nikos Mavrogiannopoulos * lib/nettle/Makefile.am, lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality of nettle's RNG. 2013-11-13 Nikos Mavrogiannopoulos * lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always overwritten 2013-11-13 Nikos Mavrogiannopoulos * lib/x509/privkey_pkcs8.c: corrected typo 2013-11-13 Nikos Mavrogiannopoulos * lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold keys. 2013-11-13 Nikos Mavrogiannopoulos * lib/x509/privkey_openssl.c: more keys are zeroized 2013-11-13 Nikos Mavrogiannopoulos * m4/hooks.m4: require libtasn1 3.4 2013-11-13 Nikos Mavrogiannopoulos * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/element.h, lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c, lib/minitasn1/structure.h, lib/minitasn1/version.c: updated libtasn1 version 2013-11-13 Nikos Mavrogiannopoulos * lib/nettle/pk.c: use the most appropriate nettle function 2013-11-13 Nikos Mavrogiannopoulos * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c, lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c, lib/x509/privkey_pkcs8.c: better naming for free_datum functions. 2013-11-13 Nikos Mavrogiannopoulos * lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp buffers of private keys. 2013-11-13 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize ECC secret scalars and points. 2013-11-12 Nikos Mavrogiannopoulos * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c, lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c, lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c, lib/nettle/mac.c: Added zeroization of keys in several parts within gnutls. 2013-11-12 Nikos Mavrogiannopoulos * lib/gnutls_dh.c: doc update 2013-11-12 Nikos Mavrogiannopoulos * lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization primitives. 2013-11-12 Nikos Mavrogiannopoulos * lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified _gnutls_mpi_release() 2013-11-12 Nikos Mavrogiannopoulos * NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h, lib/includes/Makefile.am, lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c, tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization and added a self test for it. 2013-11-11 Nikos Mavrogiannopoulos * lib/fips.c, lib/fips.h: Added binary integrity test 2013-11-11 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support for fips states. This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h 2013-11-11 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, tests/slow/cipher-test.c: indented code 2013-11-11 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-08 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, tests/slow/Makefile.am, tests/slow/cipher-test.c: Self checks are conditionally included in the library. 2013-11-08 Nikos Mavrogiannopoulos * lib/crypto-selftests-pk.c: Added pair-wise consistency tests for RSA, DSA and ECDSA. 2013-11-08 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow specifying an explicit curve. 2013-11-08 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added gnutls_privkey_generate(). 2013-11-07 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/crypto-selftests-pk.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA key usage. 2013-11-07 Nikos Mavrogiannopoulos * lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in, tests/slow/cipher-test.c: Added option to run all available self tests per category in a single run. 2013-11-07 Nikos Mavrogiannopoulos * lib/crypto-selftests.c, tests/slow/cipher-test.c: completed self-tests by adding digest and MAC tests. 2013-11-06 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, tests/slow/cipher-test.c: Added self tests 2013-11-27 Nikos Mavrogiannopoulos * configure.ac: check for alternative unbound root key files. 2013-11-26 Nikos Mavrogiannopoulos * lib/debug.c: increased buffers 2013-11-26 Nikos Mavrogiannopoulos * lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s, lib/accelerated/x86/coff/appro-aes-x86-64-coff.s, lib/accelerated/x86/coff/padlock-x86-64-coff.s, lib/accelerated/x86/coff/padlock-x86-coff.s, lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s, lib/accelerated/x86/elf/appro-aes-x86-64.s, lib/accelerated/x86/elf/padlock-x86-64.s, lib/accelerated/x86/elf/padlock-x86.s, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s, lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s, lib/accelerated/x86/macosx/padlock-x86-64-macosx.s, lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated auto-generated asm files. This fixes a valgrind complaint when AES-NI is in use. 2013-11-26 Nikos Mavrogiannopoulos * devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl, devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl, devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl, devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl, devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl, devel/perlasm/x86nasm.pl: updated perlasm files 2013-11-26 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am: Do not link gnutls against librt unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am 2013-11-24 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites 2013-11-24 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-11-24 Nikos Mavrogiannopoulos * configure.ac: updated e-mail address 2013-11-24 Nikos Mavrogiannopoulos * doc/manpages/Makefile.am: use $shell() 2013-11-24 Nikos Mavrogiannopoulos * Makefile.am, src/args-std.def: handle centrally more variables 2013-11-24 Nikos Mavrogiannopoulos * configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated manpage generation (and information stored to it). 2013-11-24 Nikos Mavrogiannopoulos * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed auto-generated doc files. 2013-11-24 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c: certtool's --verify option if not supplied with a CA list, will use the system's CA list. 2013-11-24 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h: cast the expiration time to time_t 2013-11-24 Nikos Mavrogiannopoulos * lib/x509/x509_write.c: doc update 2013-11-24 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check for the 'no well defined' expiration time. 2013-11-23 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/{tests => }/strerror-override.c, gl/{tests => }/strerror-override.h, gl/{tests => }/strerror.c, gl/tests/Makefile.am: Added strerror module. 2013-11-23 Nikos Mavrogiannopoulos * lib/nettle/egd.c: better use of errno 2013-11-23 Nikos Mavrogiannopoulos * doc/latex/epub.tex, doc/latex/gnutls.tex, doc/scripts/mytexi2latex: use eurosym package for euro symbol 2013-11-23 Nikos Mavrogiannopoulos * configure.ac: Corrected check of usage of local libopts when autogen isn't present 2013-11-23 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-dn-err.tmpl, tests/cert-tests/template-test: Verify failure of DN parsing in a wrong DN. 2013-11-23 Nikos Mavrogiannopoulos * lib/gnutls_compress.c: disallow any compression in DTLS 2013-11-22 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c: mini-deflate was combined with mini-record-2 2013-11-22 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_record.h: Corrected bug which affected compressed records. Less space was provided for decryption than the required causing disconnection issues when compression was used. The issue was pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with max_decrypted_size() and max_record_recv_size(). 2013-11-22 Nikos Mavrogiannopoulos * lib/ext/session_ticket.c: check return code of gnutls_rnd(). 2013-11-22 Nikos Mavrogiannopoulos * lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt session tickets. 2013-11-21 Nikos Mavrogiannopoulos * cross.mk: updated cross.mk 2013-11-21 Nikos Mavrogiannopoulos * lib/system.c: fixed for win32 2013-11-21 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: added assert to trace errors. 2013-11-21 Nikos Mavrogiannopoulos * cross.mk: updated 2013-11-21 Nikos Mavrogiannopoulos * src/Makefile.am: link all programs with libgnu_gpl to avoid conflicts from header files. 2013-11-21 Nikos Mavrogiannopoulos * src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h: Added progname module which is used by error(). 2013-11-21 Nikos Mavrogiannopoulos * src/socket.c: safer usage of strerror 2013-11-21 Nikos Mavrogiannopoulos * doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable 2013-11-21 Nikos Mavrogiannopoulos * src/Makefile.am, src/libopts/Makefile.am: use libtool to generate libopts 2013-11-21 Nikos Mavrogiannopoulos * src/Makefile.am: corrected libopts patch 2013-11-21 Nikos Mavrogiannopoulos * src/gl/error.c: removed unneed line 2013-11-21 Nikos Mavrogiannopoulos * .gitignore: ignore xssl manpages 2013-11-19 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in secure128 level. 2013-11-17 Nikos Mavrogiannopoulos * Makefile.am: generate ChangeLog after doc/ is checked. 2013-11-17 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles 2013-11-17 Nikos Mavrogiannopoulos * doc/scripts/getfuncs.pl: made more clever to ignore inline function body. 2013-11-17 Nikos Mavrogiannopoulos * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed auto-generated files 2013-11-16 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2013-11-16 Nikos Mavrogiannopoulos * lib/libgnutls.map: exported gnutls_est_record_overhead_size 2013-11-16 Nikos Mavrogiannopoulos * lib/gnutls_global.c: do not add newline (it's already in the printed string) 2013-11-16 Nikos Mavrogiannopoulos * lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log function is not updated if it is already set. 2013-11-16 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2013-11-16 Nikos Mavrogiannopoulos * NEWS: updated 2013-11-16 Nikos Mavrogiannopoulos * configure.ac: bumped version 2013-11-16 Nikos Mavrogiannopoulos * cfg.mk: updated glimport 2013-11-16 Nikos Mavrogiannopoulos * cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/certtool-args.def: doc update 2013-11-16 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem, tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test: Added self checks for new date reading functionality 2013-11-16 Nikos Mavrogiannopoulos * .gitignore, src/Makefile.am, src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added activation_date and expiration_date options to certtool template file. 2013-11-16 Nikos Mavrogiannopoulos * .gitignore, Makefile.am, build-aux/ylwrap, configure.ac, src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c, src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4, src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4, src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4, src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4, src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4, src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4, src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h, src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h, src/gl/parse-datetime.h, src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c, src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c, src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c, src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c: Added a gnulib with GPL components for use by applications. 2013-11-16 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def: corrected bug reporting address. 2013-11-16 Nikos Mavrogiannopoulos * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check for overflows when setting time and allow a time of -1. 2013-11-16 Nikos Mavrogiannopoulos * lib/x509/common.c, tests/cert-tests/Makefile.am, tests/cert-tests/template-overflow.pem, tests/cert-tests/template-overflow.tmpl, tests/cert-tests/template-overflow2.pem, tests/cert-tests/template-overflow2.tmpl, tests/cert-tests/template-test: Dates and time that would overflow the GeneralTime are also truncated. We may need to revise that around 9999 CE. 2013-11-16 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: force serialized generation of invoke-*texi, to avoid autogen issue. 2013-11-16 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/x509_write.c: An expiration time of (time_t)-1 will set to the no well-defined expiration date value. 2013-11-15 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: correctly set the ciphersuite when the set_premaster interface is used. 2013-11-15 Nikos Mavrogiannopoulos * lib/gnutls_state.c: check for a valid blocksize prior to entering loop 2013-11-15 Nikos Mavrogiannopoulos * lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL if set to a number will enable logging to stderr. 2013-11-13 Nikos Mavrogiannopoulos * tests/suite/testcompat, tests/suite/testcompat-main: corrected issue with a not-yet-valid certificate 2013-11-13 Nikos Mavrogiannopoulos * src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6 addresses. 2013-11-13 Nikos Mavrogiannopoulos * src/serv.c: simplified function 2013-11-13 Nikos Mavrogiannopoulos * tests/suite/testcompat, tests/suite/testcompat-main: hacks to work with fedora's openssl 2013-11-13 Nikos Mavrogiannopoulos * configure.ac: print whether the local libopts or libtasn1 are being used. 2013-11-13 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/base64.c, gl/{tests => }/intprops.h, gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, maint.mk: Added intprops module (which is needed by newer libtasn1 versions) 2013-11-12 Nikos Mavrogiannopoulos * lib/gnutls_int.h: use the bool expression instead of unsigned int:1. 2013-11-12 Nikos Mavrogiannopoulos * lib/gnutls_global.c: doc update 2013-11-11 Nikos Mavrogiannopoulos * lib/system.h: define GNUTLS_PATH_MAX globally. 2013-11-11 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: doc update 2013-11-10 Nikos Mavrogiannopoulos * tests/suite/testcompat: do not run on clippled versions of openssl 2013-11-10 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/extensions.c: simplified functions. 2013-11-10 Nikos Mavrogiannopoulos * tests/suite/ciphersuite/test-ciphers.js, tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite test 2013-11-10 Nikos Mavrogiannopoulos * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c, lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in several functions. 2013-11-10 Nikos Mavrogiannopoulos * tests/utils.c: always exit when fail is called. 2013-11-10 Nikos Mavrogiannopoulos * configure.ac: reduced the stack size warning size. 2013-11-10 Nikos Mavrogiannopoulos * doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update 2013-11-10 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-10 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority string option. This works around issues when connecting behind some firewalls. 2013-11-10 Nikos Mavrogiannopoulos * tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by Andreas Metzler. 2013-11-10 Nikos Mavrogiannopoulos * doc/invoke-p11tool.texi, src/p11tool-args.def: doc update 2013-11-10 Nikos Mavrogiannopoulos * NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead of GNUTLS_PKCS11_PIN. 2013-11-10 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-10 Nikos Mavrogiannopoulos * doc/invoke-p11tool.texi: doc update 2013-11-10 Nikos Mavrogiannopoulos * tests/suite/pkcs11-certs/ca-tmpl, tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key, tests/suite/pkcs11-certs/client-tmpl, tests/suite/pkcs11-certs/client.crt, tests/suite/pkcs11-certs/client.key, tests/suite/pkcs11-certs/server-tmpl, tests/suite/pkcs11-certs/server.crt, tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added test suite for PKCS #11 cards (not executed automatically). 2013-11-10 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with self-signed certificates present in the chain 2013-11-10 Nikos Mavrogiannopoulos * configure.ac: simplified checks 2013-11-10 Nikos Mavrogiannopoulos * src/common.c, src/p11tool-args.def: Allow getting the PIN from the GNUTLS_PKCS11_PIN environment variable. 2013-11-09 Nikos Mavrogiannopoulos * doc/TODO: updated 2013-11-09 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-09 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: When importing a certificate PKCS #11 try to import the whole chain. This affects gnutls_certificate_set_x509_key_file*(). 2013-11-09 Nikos Mavrogiannopoulos * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added export-chain option to p11tool 2013-11-09 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h, lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer. The latter function allows to obtain the issuer of a certificate stored in a token. While traversing tokens, use the URL provided by the user, to avoid looking for objects in unrelated tokens. 2013-11-09 Nikos Mavrogiannopoulos * configure.ac: test before copy 2013-11-09 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt() 2013-11-09 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl, lib/includes/gnutls/gnutls.h.in: Improvements in the detection of function prototypes to account for the new indentation. 2013-11-09 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update 2013-11-09 Nikos Mavrogiannopoulos * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h, lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h, lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved indentation in headers. 2013-11-09 Nikos Mavrogiannopoulos * Makefile.am, configure.ac: stribute the autogen'erated files as .bak and enable them only if local libopts is being used. 2013-11-08 Nikos Mavrogiannopoulos * doc/alert-printlist.c, doc/common.c, doc/common.h, doc/errcodes.c, doc/examples/ex-alert.c, doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c, doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c, doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c, doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c, doc/examples/ex-x509-info.c, doc/examples/examples.h, doc/examples/print-ciphersuites.c, doc/examples/tcp.c, doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c, extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h, extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h, lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h, lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h, lib/algorithms.h, lib/algorithms/cert_types.c, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c, lib/algorithms/protocols.c, lib/algorithms/publickey.c, lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c, lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h, lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h, lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c, lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h, lib/ext/server_name.c, lib/ext/server_name.h, lib/ext/session_ticket.c, lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/ext/status_request.c, lib/ext/status_request.h, lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, lib/gnutls_compress.c, lib/gnutls_compress.h, lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_session_pack.c, lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h, lib/gnutls_supplemental.c, lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h, lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h, lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h, lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/element.h, lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c, lib/minitasn1/structure.h, lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c, lib/nettle/egd.h, lib/nettle/gcm-camellia.c, lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c, lib/opencdk/read-packet.c, lib/opencdk/seskey.c, lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/write-packet.c, lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c, lib/random.h, lib/system.c, lib/system.h, lib/system_override.c, lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify-high.h, lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h, lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h, src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c, src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c, src/certtool-common.h, src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c, src/common.c, src/common.h, src/crywrap/crywrap.c, src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c, src/inline_cmds.h, src/list.h, src/ocsptool-common.c, src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c, src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c, src/socket.h, src/srptool.c, src/tests.c, src/tests.h, src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c, tests/certder.c, tests/certificate_set_x509_crl.c, tests/certuniqueid.c, tests/chainverify-unsorted.c, tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c, tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c, tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c, tests/mini-deflate.c, tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c, tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c, tests/mini-eagain.c, tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c, tests/mini-loss-time.c, tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-record-range.c, tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c, tests/mini-termination.c, tests/mini-x509-2.c, tests/mini-x509-callbacks.c, tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c, tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c, tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c, tests/rng-fork.c, tests/rsa-encrypt-decrypt.c, tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c, tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c, tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h, tests/suite/ecore/src/include/Eina.h, tests/suite/ecore/src/include/eina_accessor.h, tests/suite/ecore/src/include/eina_array.h, tests/suite/ecore/src/include/eina_benchmark.h, tests/suite/ecore/src/include/eina_binshare.h, tests/suite/ecore/src/include/eina_config.h, tests/suite/ecore/src/include/eina_convert.h, tests/suite/ecore/src/include/eina_counter.h, tests/suite/ecore/src/include/eina_cpu.h, tests/suite/ecore/src/include/eina_error.h, tests/suite/ecore/src/include/eina_file.h, tests/suite/ecore/src/include/eina_fp.h, tests/suite/ecore/src/include/eina_hamster.h, tests/suite/ecore/src/include/eina_hash.h, tests/suite/ecore/src/include/eina_inlist.h, tests/suite/ecore/src/include/eina_iterator.h, tests/suite/ecore/src/include/eina_lalloc.h, tests/suite/ecore/src/include/eina_list.h, tests/suite/ecore/src/include/eina_log.h, tests/suite/ecore/src/include/eina_magic.h, tests/suite/ecore/src/include/eina_main.h, tests/suite/ecore/src/include/eina_matrixsparse.h, tests/suite/ecore/src/include/eina_mempool.h, tests/suite/ecore/src/include/eina_module.h, tests/suite/ecore/src/include/eina_quadtree.h, tests/suite/ecore/src/include/eina_rbtree.h, tests/suite/ecore/src/include/eina_rectangle.h, tests/suite/ecore/src/include/eina_safety_checks.h, tests/suite/ecore/src/include/eina_sched.h, tests/suite/ecore/src/include/eina_str.h, tests/suite/ecore/src/include/eina_strbuf.h, tests/suite/ecore/src/include/eina_stringshare.h, tests/suite/ecore/src/include/eina_tiler.h, tests/suite/ecore/src/include/eina_trash.h, tests/suite/ecore/src/include/eina_types.h, tests/suite/ecore/src/include/eina_unicode.h, tests/suite/ecore/src/include/eina_ustrbuf.h, tests/suite/ecore/src/include/eina_ustringshare.h, tests/suite/ecore/src/lib/Ecore.h, tests/suite/ecore/src/lib/Ecore_Getopt.h, tests/suite/ecore/src/lib/ecore.c, tests/suite/ecore/src/lib/ecore_anim.c, tests/suite/ecore/src/lib/ecore_app.c, tests/suite/ecore/src/lib/ecore_events.c, tests/suite/ecore/src/lib/ecore_exe.c, tests/suite/ecore/src/lib/ecore_getopt.c, tests/suite/ecore/src/lib/ecore_glib.c, tests/suite/ecore/src/lib/ecore_idle_enterer.c, tests/suite/ecore/src/lib/ecore_idle_exiter.c, tests/suite/ecore/src/lib/ecore_idler.c, tests/suite/ecore/src/lib/ecore_job.c, tests/suite/ecore/src/lib/ecore_main.c, tests/suite/ecore/src/lib/ecore_pipe.c, tests/suite/ecore/src/lib/ecore_poll.c, tests/suite/ecore/src/lib/ecore_private.h, tests/suite/ecore/src/lib/ecore_signal.c, tests/suite/ecore/src/lib/ecore_thread.c, tests/suite/ecore/src/lib/ecore_time.c, tests/suite/ecore/src/lib/ecore_timer.c, tests/suite/ecore/src/lib/eina_accessor.c, tests/suite/ecore/src/lib/eina_array.c, tests/suite/ecore/src/lib/eina_benchmark.c, tests/suite/ecore/src/lib/eina_binshare.c, tests/suite/ecore/src/lib/eina_chained_mempool.c, tests/suite/ecore/src/lib/eina_convert.c, tests/suite/ecore/src/lib/eina_counter.c, tests/suite/ecore/src/lib/eina_cpu.c, tests/suite/ecore/src/lib/eina_error.c, tests/suite/ecore/src/lib/eina_file.c, tests/suite/ecore/src/lib/eina_fp.c, tests/suite/ecore/src/lib/eina_hamster.c, tests/suite/ecore/src/lib/eina_hash.c, tests/suite/ecore/src/lib/eina_inlist.c, tests/suite/ecore/src/lib/eina_iterator.c, tests/suite/ecore/src/lib/eina_lalloc.c, tests/suite/ecore/src/lib/eina_list.c, tests/suite/ecore/src/lib/eina_log.c, tests/suite/ecore/src/lib/eina_magic.c, tests/suite/ecore/src/lib/eina_main.c, tests/suite/ecore/src/lib/eina_matrixsparse.c, tests/suite/ecore/src/lib/eina_mempool.c, tests/suite/ecore/src/lib/eina_module.c, tests/suite/ecore/src/lib/eina_private.h, tests/suite/ecore/src/lib/eina_quadtree.c, tests/suite/ecore/src/lib/eina_rbtree.c, tests/suite/ecore/src/lib/eina_rectangle.c, tests/suite/ecore/src/lib/eina_safety_checks.c, tests/suite/ecore/src/lib/eina_sched.c, tests/suite/ecore/src/lib/eina_share_common.c, tests/suite/ecore/src/lib/eina_share_common.h, tests/suite/ecore/src/lib/eina_str.c, tests/suite/ecore/src/lib/eina_strbuf.c, tests/suite/ecore/src/lib/eina_strbuf_common.c, tests/suite/ecore/src/lib/eina_strbuf_common.h, tests/suite/ecore/src/lib/eina_stringshare.c, tests/suite/ecore/src/lib/eina_tiler.c, tests/suite/ecore/src/lib/eina_unicode.c, tests/suite/ecore/src/lib/eina_ustrbuf.c, tests/suite/ecore/src/lib/eina_ustringshare.c, tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h, tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c, tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: reindented code 2013-11-08 Nikos Mavrogiannopoulos * lib/pkcs11.c: doc update 2013-11-08 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in gnutls_x509_privkey_generate() allow specifying an explicit curve. 2013-11-07 Daniel Kahn Gillmor * src/certtool-args.def, src/certtool-common.c, src/certtool-common.h, src/certtool.c: enable --outder for certtool --dh-info "certool --dh-info --outder" produces PEM-encoded output without this patch. 2013-11-07 Daniel Kahn Gillmor * src/certtool-args.def, src/certtool-common.c: enable --inder for certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters without this patch. 2013-11-06 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-06 Nikos Mavrogiannopoulos * doc/manpages/tpmtool.1: doc update 2013-11-06 Nikos Mavrogiannopoulos * lib/gnutls_errors.c: doc update 2013-11-06 Nikos Mavrogiannopoulos * configure.ac: use srcdir as prefix 2013-11-06 Nikos Mavrogiannopoulos * configure.ac: removed unneeded command 2013-11-06 Nikos Mavrogiannopoulos * configure.ac: print the flags used for libopts 2013-11-06 Nikos Mavrogiannopoulos * configure.ac: delete libopts generated files if system libopts is being used 2013-11-06 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h: separated the TLS IV size and the cipher IV size. 2013-11-06 Nikos Mavrogiannopoulos * configure.ac, src/libopts/Makefile.am: fixes in libopts compilation 2013-11-06 Nikos Mavrogiannopoulos * Makefile.am: make sure that .def files will be re-read on the compiling system. 2013-11-05 Nikos Mavrogiannopoulos * src/libopts/ag-char-map.h, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h, src/libopts/compat/strchr.c, src/libopts/configfile.c, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/m4/libopts.m4, src/libopts/option-value-type.c, src/libopts/option-value-type.h, src/libopts/option-xat-attribute.c, src/libopts/option-xat-attribute.h, src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/streqvcmp.c, src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts 5.18.2 2013-11-05 Nikos Mavrogiannopoulos * src/certtool-cfg.c: better logging 2013-11-05 Nikos Mavrogiannopoulos * lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN parsing. 2013-11-05 Nikos Mavrogiannopoulos * lib/x509/x509_dn.c: removed debugging info 2013-11-05 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: do not set any default level 2013-11-05 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: Assign very weak level to priority string NONE only. 2013-11-05 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi: doc update 2013-11-05 Nikos Mavrogiannopoulos * .gitignore: ignore auto-generated files 2013-11-05 Nikos Mavrogiannopoulos * src/libopts/Makefile.am, src/libopts/ag-char-map.h, src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts.c, src/libopts/autoopts.h, src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c, src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c, src/libopts/m4/libopts.m4, src/libopts/makeshell.c, src/libopts/option-value-type.c, src/libopts/option-value-type.h, src/libopts/option-xat-attribute.c, src/libopts/option-xat-attribute.h, src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c, src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c, src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18 2013-11-05 Nikos Mavrogiannopoulos * src/certtool-args.c, src/certtool-args.h, src/cli-args.c, src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h, src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c, src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h, src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h, src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c, src/tpmtool-args.h: removed autogenerated files 2013-11-05 Nikos Mavrogiannopoulos * configure.ac, src/Makefile.am: If autogen and libopts are present then use the system's libopts. 2013-11-04 Daniel Kahn Gillmor * src/args-std.def, src/certtool-args.def, src/cli-args.def, src/danetool-args.def, src/psk-args.def, src/srptool-args.def: argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered documentation places two dots (for example "specify a password file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is committed to git will probably will also need to be refreshed (or removed from git entirely and generated from the definitions during build, which might be cleaner). 2013-11-01 Daniel Kahn Gillmor * src/tests.c: fix DHE parameter output for gnutls-cli-debug --verbose gnutls_handshake() was failing during test_dhe_group, with an error of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos 2013-11-02 Nikos Mavrogiannopoulos * src/benchmark-tls.c, tests/mini-deflate.c, tests/mini-eagain-dtls.c, tests/mini-eagain.c, tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c, tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in server side. 2013-11-02 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print a warning as it is the same as not setting it. Reported by Daniel Kahn Gillmor. 2013-11-02 Nikos Mavrogiannopoulos * NEWS: doc update 2013-11-02 Nikos Mavrogiannopoulos * src/certtool.c: Do not print private key parameters when exporting an encrypted private key. 2013-11-01 Nikos Mavrogiannopoulos * src/common.c: conditionally use ALPN. Reported by Jaak Ristioja. 2013-05-21 Stef Walter * configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later. 2013-10-31 Nikos Mavrogiannopoulos * cross.mk: updated win32 makefile 2013-10-31 Nikos Mavrogiannopoulos * tests/cert-tests/pem-decoding: win32 fix 2013-10-31 Nikos Mavrogiannopoulos * src/pkcs11.c: include proper header file for uint8_t 2013-10-31 Nikos Mavrogiannopoulos * NEWS: released 3.2.6 2013-10-31 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: corrected example 2013-10-31 Nikos Mavrogiannopoulos * lib/gnutls_record.c: debug_log -> record_log 2013-10-30 Nikos Mavrogiannopoulos * lib/gnutls_record.c: Duplicate messages moved from audit log to debug log. There are networks where this is extremely common. 2013-10-30 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions 2013-10-30 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi, doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi: replaced ':' in anchor names (texinfo doesn't like it). 2013-10-30 Nikos Mavrogiannopoulos * doc/cha-upgrade.texi: doc update 2013-10-30 Nikos Mavrogiannopoulos * lib/pkcs11_write.c: simplified code 2013-10-30 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2013-10-29 Nikos Mavrogiannopoulos * build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4, gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4, gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4, gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h, gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/getdtablesize.c, gl/tests/inttypes.in.h, gl/tests/macros.h, gl/tests/strerror-override.h, gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c, gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib. 2013-10-29 Nikos Mavrogiannopoulos * libdane/dane.c: Removed unused parameter. 2013-10-29 Nikos Mavrogiannopoulos * tests/suite/testdane: Better DANE test output. 2013-10-29 Nikos Mavrogiannopoulos * libdane/dane.c: reindented code 2013-10-29 Nikos Mavrogiannopoulos * libdane/dane.c: Reorganized main loop in dane_raw_tlsa 2013-10-29 Nikos Mavrogiannopoulos * src/danetool.c: Added proper newlines to errors. 2013-10-29 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update 2013-10-29 Nikos Mavrogiannopoulos * lib/accelerated/cryptodev.c: corrected typo 2013-10-26 Nikos Mavrogiannopoulos * .gitignore, tests/suite/Makefile.am, tests/suite/ciphersuite/README, tests/suite/ciphersuite/registry-ciphers.js, tests/suite/ciphersuite/registry-ciphers.xslt, tests/suite/ciphersuite/scan-gnutls.sh, tests/suite/ciphersuite/test-ciphers.js, tests/suite/ciphersuite/test-ciphersuites.sh, tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test 2013-10-26 Nikos Mavrogiannopoulos * tests/mini-handshake-timeout.c: Added a proper termination of session to avoid issues with premature termination. 2013-10-26 Nikos Mavrogiannopoulos * configure.ac, tests/dtls/Makefile.am: we now explicitly check for librt. 2013-10-26 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/dsa/Makefile.am, tests/dtls/Makefile.am, tests/ecdsa/Makefile.am, tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am, tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am, tests/pkcs8-decode/Makefile.am, tests/rsa-md5-collision/Makefile.am, tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am, tests/slow/Makefile.am, tests/srp/Makefile.am, tests/suite/Makefile.am, tests/userid/Makefile.am: use the same environment in all tests 2013-10-26 Nikos Mavrogiannopoulos * tests/cert-tests/pem-decoding: removed unneeded diff option 2013-10-26 Nikos Mavrogiannopoulos * tests/cert-tests/aki, tests/cert-tests/dane, tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now a parameter allowing to override it. 2013-10-26 Nikos Mavrogiannopoulos * tests/Makefile.am: LC_ALL is set to C to have predictable outputs in tests. 2013-10-26 Nikos Mavrogiannopoulos * tests/mini-handshake-timeout.c: simplified test 2013-10-26 Nikos Mavrogiannopoulos * NEWS: updated doc 2013-10-26 Nikos Mavrogiannopoulos * lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and DSA-SHA1. 2013-10-26 Nikos Mavrogiannopoulos * doc/invoke-p11tool.texi: p11tool text updated. 2013-10-26 Nikos Mavrogiannopoulos * doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c, doc/examples/print-ciphersuites.c: removed warnings 2013-10-26 Nikos Mavrogiannopoulos * src/cli.c: removed warnings 2013-10-26 Nikos Mavrogiannopoulos * NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules via trousers is now enabled by default. 2013-10-26 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-26 Nikos Mavrogiannopoulos * src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h, src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option --generate-random to p11tool. 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures. 2013-10-24 Wolfgang Meyer zu Bergsten * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11 tokens Signed-off-by: Wolfgang Meyer zu Bergsten 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/publickey.c: Added new fallback OID for RSA certificates. 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Corrected number in GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to this ciphersuite. However {0xC0,0x8D} should be a typo as it is used by another ciphersuite in the same document. 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Corrected the naming of several PSK ciphersuites 2013-10-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name were renamed to ARCFOUR_128 2013-10-25 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384. 2013-10-25 Nikos Mavrogiannopoulos * NEWS: updated doc 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: Increased minimum acceptable DH key to 767 bits. 2013-10-25 Nikos Mavrogiannopoulos * tests/priorities.c: updated priorities for new ciphersuites 2013-10-25 Nikos Mavrogiannopoulos * cross.mk: updated 2013-10-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-25 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 2013-10-25 Nikos Mavrogiannopoulos * tests/chainverify.c: Applied small patch by Jeremie Courreges-Anglas to avoid usage of error(). 2013-10-24 Alon Bar-Lev * src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev Signed-off-by: Nikos Mavrogiannopoulos 2013-10-23 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2 or better to TLS1.0 or later. 2013-10-23 Nikos Mavrogiannopoulos * lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into the default priority levels, and prioritized GCM over CBC everywhere. 2013-10-23 Christian Grothoff * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized from a source other than libunbound/DNS, as then the DNSSEC root key would not be used anyway. Worse, if we failed to read the DNSSEC root key, this would create a failure even though for applications that do not use DNSSEC (but do use DANE/TLSA) such a failure would be totally harmless. 2013-10-23 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi, doc/manpages/Makefile.am, doc/scripts/mytexi2latex, src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small changes prior to release 2013-10-23 Nikos Mavrogiannopoulos * tests/priorities.c: corrected ciphersuite numbers in priorities 2013-10-23 Nikos Mavrogiannopoulos * libdane/dane.c: corrected libdane doc 2013-10-23 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: Added description for umac 2013-10-23 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped version 2013-10-22 Nikos Mavrogiannopoulos * lib/nettle/cipher.c, lib/nettle/gcm-camellia.c, lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context. 2013-10-22 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: rearrangement 2013-10-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Removed the _WITH_ from ciphersuites names. 2013-10-22 Nikos Mavrogiannopoulos * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/gcm-camellia.c, lib/nettle/gcm-camellia.h: Added Camellia with GCM 2013-10-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia ciphersuites from RFC6367. 2013-10-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added HMAC-based Camellia ciphersuites from RFC6367. 2013-10-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256. 2013-10-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added more ciphersuites from RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384, GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384, GNUTLS_RSA_PSK_AES_128_GCM_SHA256, GNUTLS_RSA_PSK_AES_256_GCM_SHA384, GNUTLS_RSA_PSK_AES_128_CBC_SHA256, GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256, GNUTLS_RSA_PSK_NULL_SHA384. 2013-10-21 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: Added new ciphersuites from RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384 and GNUTLS_DH_ANON_AES_256_GCM_SHA384. 2013-10-21 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-21 Nikos Mavrogiannopoulos * src/certtool-cfg.c: corrected type of path_len 2013-10-21 Nikos Mavrogiannopoulos * libdane/libdane.map: exported symbols 2013-10-21 Nikos Mavrogiannopoulos * NEWS, libdane/dane.c: small fixes 2013-10-21 Christian Grothoff * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding dane_verify_crt_raw to allow direct verification of a certificate chain against a dane_query_t (for example, as provided by the new dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos 2013-10-21 Nikos Mavrogiannopoulos * m4/hooks.m4: bumped dane library version 2013-10-21 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-21 Christian Grothoff * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding dane_raw_tlsa to allow initialization of dane_query_t from DANE records based on external DNS resolutions. Also fixing a buffer overflow. Signed-off-by: Nikos Mavrogiannopoulos 2013-10-17 Daniel Kahn Gillmor * lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in, tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem, tests/cert-tests/complex-cert.pem, tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c: Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some places (e.g. in the output of "certtool -i"), and "Public Key ID" in other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos 2013-10-19 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added gnutls_certificate_get_crt_raw() to return the raw certificate as present in the credentials structure. 2013-10-10 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected length calculation 2013-10-09 Ludovic Courtès * guile/modules/gnutls/build/priorities.scm, guile/src/core.c: guile: Fix possible stack overflows. 2013-10-09 Nikos Mavrogiannopoulos * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c, src/srptool.c: Corrected possible buffer overruns in included programs and examples. Corrected possible buffer overruns in included programs and examples. Reported by Pedro Ribeiro . 2013-10-05 Nikos Mavrogiannopoulos * NEWS: corrected typo 2013-10-04 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-04 Nikos Mavrogiannopoulos * doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h: autogen'ed files update 2013-10-04 Attila Molnar * src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 1 Oct 2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when an invalid group parameter index is given If no group with the given index was found in the password conf file srptool crashed instead of reporting the error because the return value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar 2013-10-04 Attila Molnar * src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 1 Oct 2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar 2013-10-04 Nikos Mavrogiannopoulos * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def, src/cli-args.h: doc update 2013-10-04 Nikos Mavrogiannopoulos * NEWS: doc update 2013-10-04 Nikos Mavrogiannopoulos * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h: autogen'ed files update 2013-10-03 Raj Raman * src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline command infrastructure in gnutls-cli Signed-off-by: Raj Raman 2013-10-03 Nikos Mavrogiannopoulos * tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of error() 2013-10-03 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-10-02 Nikos Mavrogiannopoulos * lib/tpm.c: include config.h in tpm.c 2013-10-01 Nikos Mavrogiannopoulos * doc/TODO: updated 2013-10-01 Nikos Mavrogiannopoulos * po/it.po.in: Sync with TP. 2013-09-30 Nikos Mavrogiannopoulos * NEWS: doc update 2013-09-30 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: define subgroup bits for the weak and export parameters, to allow DH group generation. 2013-09-30 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: document the version macros 2013-09-30 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: doc update 2013-09-30 Nikos Mavrogiannopoulos * src/tests.c: verbose is everywhere unsigned 2013-09-23 Nikos Mavrogiannopoulos * NEWS: doc update 2013-09-17 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: removed limitation as this has been resolved 2013-09-17 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update 2013-09-12 Nikos Mavrogiannopoulos * doc/TODO: doc update 2013-09-11 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: doc update 2013-09-15 Ludovic Courtès * guile/src/Makefile.am: guile: Use intermediary files when generating code. 2013-09-15 Ludovic Courtès * guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler . 2013-09-10 Tobias Polzer * lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos 2013-09-09 Nikos Mavrogiannopoulos * src/Makefile.am: libopts is linked prior to libgnu to solve issue in win32. Initial patch by Tomasz Gajewski. 2013-09-08 Nikos Mavrogiannopoulos * tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in() and gnutls_handshake_get_last_out() for correctness. 2013-09-08 Nikos Mavrogiannopoulos * src/tests.c: Ignore non-fatal handshake alerts. 2013-09-06 Nikos Mavrogiannopoulos * tests/suite/mini-record-timing.c: silence warning about return code 2013-09-05 Nikos Mavrogiannopoulos * lib/gnutls_cipher_int.c: updates in record packet encoding. 2013-09-05 Nikos Mavrogiannopoulos * tests/mini-record-2.c: Test the null cipher as well. 2013-09-04 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: added comments 2013-09-02 Nikos Mavrogiannopoulos * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h, gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h: Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857. 2013-09-02 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool-extras.c, src/certtool.c, src/danetool.c, src/ocsptool-common.c, src/ocsptool.c, src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using gnulib's error() 2013-09-01 Nikos Mavrogiannopoulos * tests/record-sizes.c: record-sizes can only work properly with a stream cipher. 2013-09-01 Nikos Mavrogiannopoulos * lib/gnutls_int.h: corrected max_user_send_size() for DTLS. 2013-09-01 Nikos Mavrogiannopoulos * tests/mini-record-2.c: test for excessive records being correctly send 2013-09-01 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int() accepts the actual pad rather than the intended data. Corrections in sending records with %NEW_PADDING. 2013-09-01 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-09-01 Nikos Mavrogiannopoulos * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h, gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h: updated gnulib 2013-09-01 Nikos Mavrogiannopoulos * tests/suite/testdane: removed dane.nox.su from the good list 2013-09-01 Nikos Mavrogiannopoulos * lib/gnutls_global.c: explicitly initialize the log functions 2013-08-31 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-record-2.c: Added test to send variable packet sizes. 2013-08-31 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: doc update 2013-08-31 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: simplified pad calculation 2013-08-31 Nikos Mavrogiannopoulos * doc/cha-shared-key.texi: mention RSA-PSK 2013-08-31 Nikos Mavrogiannopoulos * lib/auth/rsa_psk.c: author update 2013-08-31 Nikos Mavrogiannopoulos * lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c: Improvements in RSA-PSK. 2013-08-31 Nikos Mavrogiannopoulos * NEWS, m4/hooks.m4: released 3.2.4 2013-08-30 Nikos Mavrogiannopoulos * lib/auth/Makefile.am: added missing file 2013-08-30 Nikos Mavrogiannopoulos * lib/auth/rsa_psk.c: indented code 2013-08-30 Nikos Mavrogiannopoulos * NEWS: doc update 2013-08-30 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for RSA-PSK key exchange. 2013-08-30 Nikos Mavrogiannopoulos * lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c: Optimizations in RSA-PSK by removing unneeded code. 2013-06-29 Frank Morgner * lib/algorithms.h, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c, lib/algorithms/publickey.c, lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c, lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in e3c245b951530a92fc610a130faf167a37461073 f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20 2013-08-30 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: arcfour is restored in the top of the performance priority. 2013-08-29 Nikos Mavrogiannopoulos * tests/mini-cert-status.c: removed unused function 2013-08-29 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-cert-status.c: Added test to verify the correct operation of gnutls_certificate_server_set_request(). 2013-08-29 Nikos Mavrogiannopoulos * NEWS: doc update 2013-08-29 Nikos Mavrogiannopoulos * lib/gnutls_int.h: Corrected gnutls_certificate_server_set_request(). 2013-08-27 Nikos Mavrogiannopoulos * po/vi.po.in: Sync with TP. 2013-08-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-08-25 Nikos Mavrogiannopoulos * tests/resume.c: Try 3 resumption attempts and try also session db and ticket. 2013-08-25 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: only register current session when not resuming 2013-08-25 Nikos Mavrogiannopoulos * lib/gnutls_db.c: do not duplicate tests for null. 2013-08-25 Nikos Mavrogiannopoulos * src/serv.c: remove ifdefs for session tickets 2013-08-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-08-25 Nikos Mavrogiannopoulos * lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by Nicolai Stange. 2013-08-18 Stefan Bühler * lib/algorithms/ciphersuites.c, tests/priorities.c: add some RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges 2013-08-18 Stefan Bühler * tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c, tests/mini-alpn.c, tests/mini-deflate.c, tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c, tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c, tests/mini-eagain.c, tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c, tests/mini-loss-time.c, tests/mini-overhead.c, tests/mini-record-range.c, tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-termination.c, tests/mini-x509-2.c, tests/mini-x509-callbacks.c, tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c, tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c, tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c, tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c, tests/srp/mini-srp.c, tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c: fix transport parameter casts in tests 2013-08-24 Andreas Metzler * tests/sha2/sha2: Clean up after test. 2013-08-24 Nikos Mavrogiannopoulos * tests/cert-tests/pem-decoding: Corrected access of temp file. Reported by Thomas Witt. 2013-08-24 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: No longer recommend the use of RC4 2013-08-24 Nikos Mavrogiannopoulos * lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h, lib/gnutls_priority.c: AES-GCM is preferred always 2013-08-05 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-08-05 Nikos Mavrogiannopoulos * NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c, src/certtool.c, src/cli-debug.c, src/cli.c, src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c, src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c, src/srptool.c, src/tpmtool.c: included programs no longer depend on GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion in the library. 2013-08-05 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-08-05 Nikos Mavrogiannopoulos * cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dup2.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c, gl/inet_pton.c, gl/isnan.c, gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4, gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4, gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4, gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4, gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4, gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4, gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4, gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h, gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c, gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h, gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c, gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c, gl/strchrnul.valgrind, gl/strdup.c, gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h, gl/tests/Makefile.am, gl/{ => tests}/dosname.h, gl/{ => tests}/fpucw.h, gl/tests/infinity.h, gl/{ => tests}/intprops.h, gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind, gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c, gl/{ => tests}/strerror-override.c, gl/{ => tests}/strerror-override.h, gl/{ => tests}/strerror.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c, gl/tests/test-dirent.c, gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c, gl/tests/test-frexp.h, gl/tests/test-frexpl.c, gl/tests/test-fseterr.c, gl/tests/test-getopt.c, gl/tests/test-getopt.h, gl/tests/test-getopt_long.h, gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h, gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c, gl/tests/test-math.c, gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output, gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c, gl/tests/test-signbit.c, gl/tests/test-sleep.c, gl/tests/test-strchrnul.c, gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c, gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh, gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh, gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh, gl/tests/unsetenv.c, gl/time.in.h, gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, src/certtool.c, src/cli-debug.c, src/cli.c, src/danetool.c, src/ocsptool-common.c, src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c, src/srptool.c, src/tpmtool.c: gnulib only contains lgplv2 modules 2013-08-05 Nikos Mavrogiannopoulos * po/de.po.in, po/vi.po.in: Sync with TP. 2013-08-03 Nikos Mavrogiannopoulos * src/pkcs11.c: removed unused code 2013-08-03 Nikos Mavrogiannopoulos * src/pkcs11.c: Do not try to parse arbitrary objects as certificates. 2013-08-03 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: don't ignore errors when copying resumption values 2013-08-03 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: mention that new padding is currently a gnutls extension 2013-08-03 Nikos Mavrogiannopoulos * configure.ac, src/libopts/makeshell.c: do not require localtime 2013-08-03 Nikos Mavrogiannopoulos * cross.mk: added mkdir 2013-08-02 Nikos Mavrogiannopoulos * lib/gnutls_constate.c: inverse check for cipher ok and priority. 2013-08-01 Nikos Mavrogiannopoulos * lib/gnutls_record.c: documented parameters 2013-07-31 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: no need to keep separate priority lists for export ciphersuites (they are no longer available). 2013-07-31 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS priority string option. 2013-07-30 Nikos Mavrogiannopoulos * NEWS: released 3.2.3 2013-07-29 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-29 Nikos Mavrogiannopoulos * lib/gnutls_record.c: allow empty fragments with padding. 2013-07-29 Nikos Mavrogiannopoulos * tests/record-sizes-range.c: corrected test 2013-07-29 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/record-sizes-range.c: Added test for the range functionality. 2013-07-29 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead calculation in AEAD ciphers. 2013-07-29 Nikos Mavrogiannopoulos * configure.ac: Correctly report unicode status in win32 API 2013-07-29 Nikos Mavrogiannopoulos * lib/Makefile.am: correctly link with librt when needed. 2013-07-29 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, lib/system.c: link with libiconv when needed. 2013-07-29 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-29 Nikos Mavrogiannopoulos * build-aux/snippet/unused-parameter.h, configure.ac, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf, gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf, gl/iconv_open-solaris.gperf, gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4, gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4, gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c, gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c, gl/tests/test-iconv-utf.c, gl/tests/test-locale.c, gl/tests/test-localename.c, gl/tests/test-setlocale1.c, gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c, gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c, gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c, gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib components. This removes the gnulib iconv, and uses libc or libiconv if needed. 2013-07-28 Nikos Mavrogiannopoulos * NEWS: released 3.2.3pre0 2013-07-28 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions 2013-07-28 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2013-07-28 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_record.h: use common macros to calculate the overhead. 2013-07-28 Nikos Mavrogiannopoulos * lib/ext/new_record_padding.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake function is now called before epoch change. This allows enabling certain features, such as the new record padding, prior to exchanging finished messages. 2013-07-28 Nikos Mavrogiannopoulos * tests/record-sizes.c: test sending and receiving the maximum allowed TLS buffer size. 2013-07-28 Nikos Mavrogiannopoulos * configure.ac: corrected guile-site-dir option. Patch by Steve Erhart. 2013-07-27 Nikos Mavrogiannopoulos * lib/gnutls_record.h: Do not count pad and MAC as received data. 2013-07-26 Nikos Mavrogiannopoulos * lib/gnutls_record.c: simplified decrypted data allocation. 2013-07-26 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-26 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h: small optimizations. 2013-07-26 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility mode allow for larger record sizes than the maximum. 2013-07-26 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/{mini.c => record-sizes.c}: Updated mini test. 2013-07-25 Nikos Mavrogiannopoulos * src/libopts/ag-char-map.h: Applied Bruce Korb's fix on unacceptable chars. 2013-07-25 Nikos Mavrogiannopoulos * src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88. 2013-07-25 Nikos Mavrogiannopoulos * tests/priorities.c: test also the number of ciphers. 2013-07-25 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added helper functions to export the available ciphers in a priority structure 2013-07-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-25 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/priorities.c: Added a test that checks whether the priorities behave as expected (depends on the supported ciphersuite numbers) 2013-07-25 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: When adding a bulk of priorities make sure they don't replace the whole list. Reported by Stefan Buehler. 2013-07-25 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: doc update 2013-07-25 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: updated doc 2013-07-24 Nikos Mavrogiannopoulos * src/libopts/ag-char-map.h: Ignore non-ascii characters in configuration file. This is a quick fix for http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html 2013-07-23 Nikos Mavrogiannopoulos * Makefile.am: make sure that the .info files are as new as the pdfs and html. 2013-07-19 Nikos Mavrogiannopoulos * doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509 server example updated to include OCSP stapling 2013-07-16 Matt Whitlock * lib/gnutls_buffers.c: avoid leaking a buffer element when _gnutls_stream_read returns 0 2013-07-19 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: doc update 2013-07-17 Stefan Bühler * lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1" misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and might lead to invalid memory accesses as the loop won't stop until it finds either the algorithm identifier or 0. 2013-07-17 Adam Sampson * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c, tests/pskself.c, tests/resume-dtls.c, tests/resume.c, tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair on _WIN32. socketpair isn't provided on Windows, so these tests should just exit 77. Note that resume-dtls.c already had a guard like this -- I've rewritten it to match the others, but socketpair (presumably!) isn't the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson 2013-07-16 Adam Sampson * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c, tests/pskself.c, tests/resume-dtls.c, tests/resume.c, tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP connections. Besides simplifying the code, this also makes it possible to run "make check" in parallel -- previously this didn't work because several tests were trying to bind the same port. Signed-off-by: Adam Sampson 2013-07-16 Adam Sampson * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c, tests/pskself.c, tests/resume-dtls.c, tests/resume.c, tests/x509dn.c, tests/x509self.c: Detect socket() error responses correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson 2013-07-16 Adam Sampson * doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output format, and applied the replacements in the order that "keys" returned for the hash. However, not all orders are safe -- and now that Perl 5.18 randomises hash order per-process, it only worked sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a @code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a @code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a #gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a @code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a @code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will always be done in the intended order. Signed-off-by: Adam Sampson 2013-07-15 Nikos Mavrogiannopoulos * tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c, tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under reliable transports to avoid unexpected packet loss. 2013-07-15 Nikos Mavrogiannopoulos * lib/Makefile.am: Link with librt when needed. Reported by Joern Clausen. 2013-07-15 Nikos Mavrogiannopoulos * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need for the additional version variable. 2013-07-14 Nikos Mavrogiannopoulos * cross.mk: updated w32 makefile 2013-07-14 Nikos Mavrogiannopoulos * build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c, gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4, gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4, gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h, gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c, gl/tests/ignore-value.h, gl/tests/malloca.c, gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c, gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c, gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk: updated gnulib 2013-07-14 Nikos Mavrogiannopoulos * NEWS: released 3.2.2 2013-07-13 Nikos Mavrogiannopoulos * lib/gnutls_global.c: doc update 2013-07-13 Nikos Mavrogiannopoulos * lib/includes/gnutls/gnutls.h.in: typo fix 2013-07-13 Nikos Mavrogiannopoulos * src/common.c: gnutls-cli -l prints the supported digest algorithms as well. 2013-07-13 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: corrected return value. 2013-07-13 Nikos Mavrogiannopoulos * configure.ac: Check for nanosleep in librt, when not in libc. Reported by Joern Clausen. 2013-07-12 Nikos Mavrogiannopoulos * lib/gnutls_int.h: corrected typo 2013-07-12 Nikos Mavrogiannopoulos * README-alpha: updated 2013-07-11 Nikos Mavrogiannopoulos * lib/gnutls_int.h: try to reduce memory in internal structure 2013-07-11 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, tests/mini-x509-callbacks.c: Allow hooks to be called before or after generation/receiving. 2013-07-11 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function, to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba. 2013-07-11 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-10 Gustavo Zacarias * lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build failures. Signed-off-by: Gustavo Zacarias 2013-07-10 Nikos Mavrogiannopoulos * lib/algorithms/mac.c: doc update 2013-07-10 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-10 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-10 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: make sure that the hook function is always called. 2013-07-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: New functions added 2013-07-09 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-07-09 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: When resuming a session send only the mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by Peter Dettman. 2013-07-09 Nikos Mavrogiannopoulos * lib/ext/srtp.c: corrected typo 2013-07-09 Nikos Mavrogiannopoulos * NEWS: doc update 2013-07-09 Nikos Mavrogiannopoulos * lib/ext/srtp.c: Include MKI size in size calculations for the extension. This prevents a parsing error when MKI is being used. Reported by Gábor Tatárka. 2013-07-09 Nikos Mavrogiannopoulos * src/benchmark.h: Fix for NetBSD systems that do not have CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner. 2013-07-06 Nikos Mavrogiannopoulos * src/certtool.c: make sure that a valid number of days is entered 2013-07-05 Nikos Mavrogiannopoulos * doc/DCO.txt: Added DCO 2013-07-04 Nikos Mavrogiannopoulos * lib/libgnutls.map: added new functions 2013-07-04 Nikos Mavrogiannopoulos * tests/mini-dtls-hello-verify.c: simplified structure 2013-07-04 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: corrected issue in client hello verify. 2013-07-04 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/mac.c, lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in: Added helper functions for digests. 2013-07-04 Stef Walter * lib/pkcs11.c: pkcs11: Use the correct attribute length for CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches are done with the attribute byte values, we need to get the length exactly right. Signed-off-by: Nikos Mavrogiannopoulos 2013-07-03 Nikos Mavrogiannopoulos * tests/mini-x509-callbacks.c: updated for new callback format 2013-07-03 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: corrected typo 2013-07-03 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-07-03 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: doc update 2013-07-03 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: when removing a cipher priority, make sure the order is kept 2013-06-30 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in: gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size 2013-07-01 Nikos Mavrogiannopoulos * lib/crypto-api.c: doc update 2013-06-29 Nikos Mavrogiannopoulos * po/eo.po.in, po/fi.po.in: Sync with TP. 2013-06-28 Ludovic Courtès * guile/src/core.c: guile: Keep a weak reference on objects aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where the C object beneath CRED keeps a pointer to the C object beneath DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos . 2013-06-28 Ludovic Courtès * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather than `fileno'. This has no practical impact, but it's a better way to express that we don't want the file descriptors closed behind our back. 2013-06-26 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT 2013-06-26 Nikos Mavrogiannopoulos * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: documented private extensions 2013-06-26 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply only to post-processing or generation of messages. 2013-06-19 Nikos Mavrogiannopoulos * lib/gnutls_record.c: documented dtls behavior. 2013-06-19 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU 2013-06-19 Nikos Mavrogiannopoulos * tests/mini-dtls-large.c: make sure that no DTLS MTU size can exceed 2^14. 2013-06-19 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b. 2013-06-19 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets 2013-06-18 Nikos Mavrogiannopoulos * po/cs.po.in: Sync with TP. 2013-06-15 Nikos Mavrogiannopoulos * lib/gnutls_dh_primes.c: check for zero values when import DH parameters. 2013-06-15 Nikos Mavrogiannopoulos * po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in: Sync with TP. 2013-06-14 Nikos Mavrogiannopoulos * NEWS: doc update 2013-06-14 Nikos Mavrogiannopoulos * NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, tests/mini-x509-callbacks.c: Added gnutls_handshake_set_hook_function() to allow hooks on arbitrary handshake messages. 2013-06-13 Nikos Mavrogiannopoulos * doc/announce.txt: added BCC to avoid forgetting it in the future 2013-06-11 Nikos Mavrogiannopoulos * doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update 2013-06-11 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c, lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: avoid the introduction of a new function to disable replay protection. 2013-06-10 Nikos Mavrogiannopoulos * tests/suite/testcompat-main: changed port to avoid conflicts 2013-06-10 Nikos Mavrogiannopoulos * tests/mini-overhead.c: small update 2013-06-10 Nikos Mavrogiannopoulos * src/cli.c: removed unused var 2013-06-10 Nikos Mavrogiannopoulos * src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool auto-gen'ed files 2013-06-10 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_record_overhead_size() and Added gnutls_record_overhead_size2(). 2013-06-10 Nikos Mavrogiannopoulos * lib/gnutls_state.c: doc update 2013-06-10 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay protection can now be disabled. 2013-06-10 Nikos Mavrogiannopoulos * lib/gnutls_state.c: doc update 2013-06-10 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added gnutls_cipher_get_tag_size(). 2013-06-10 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map: Added gnutls_certificate_set_trust_list(). 2013-06-10 Nikos Mavrogiannopoulos * lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_sig.c: explicit tests for non-null version 2013-06-08 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo 2013-06-08 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-06-08 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat timeout documentation; reported by Sebastien Decugis. 2013-06-07 Nikos Mavrogiannopoulos * build-aux/ar-lib: updated file 2013-06-07 Nikos Mavrogiannopoulos * tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files 2013-06-07 Nikos Mavrogiannopoulos * build-aux/test-driver, configure.ac: require automake 1.12.2 for guile. 2013-06-07 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: SECURE -> SECURE128 2013-06-06 Nikos Mavrogiannopoulos * guile/tests/priorities.scm: corrected priority strings 2013-06-06 Martin Storsjo * extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am, lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am, lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am, lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included implicitly via gnutls_int.h, if the nettle include directories aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos 2013-06-06 Martin Storsjo * src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config include and lib paths Signed-off-by: Nikos Mavrogiannopoulos 2013-06-06 Ludovic Courtès * guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by Automake 1.12+. 2013-06-03 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies to libcrypto.la 2013-06-03 Nikos Mavrogiannopoulos * lib/nettle/Makefile.am: correctly place cflags 2013-06-03 Nikos Mavrogiannopoulos * doc/cha-shared-key.texi: discourage usage of anonymous authentication 2013-06-02 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update 2013-06-02 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am, m4/hooks.m4: Directly link to gmp library. Based on original patch by Alon Bar-Lev . 2013-06-02 Nikos Mavrogiannopoulos * cross.mk: updated cross.mk 2013-06-02 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding, tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several updates for tests to run under win32 2013-06-02 Nikos Mavrogiannopoulos * lib/system.c: null terminate strings in windows 2013-06-02 Nikos Mavrogiannopoulos * cross.mk: updated makefile 2013-06-02 Nikos Mavrogiannopoulos * tests/pkcs12-decode/pkcs12: fix windows extension 2013-06-02 Nikos Mavrogiannopoulos * tests/pkcs1-padding/Makefile.am: avoid running tests which require datefudge in windows 2013-06-02 Nikos Mavrogiannopoulos * src/cli.c: avoid struct sigaction in win32 2013-06-02 Nikos Mavrogiannopoulos * tests/cert-tests/pem-decoding: Avoid comparing the expiration date to prevent false positive error in 32-bit systems. 2013-06-02 Nikos Mavrogiannopoulos * tests/cert-tests/pathlen: Revert "Avoid comparing the expiration date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00. 2013-06-02 Nikos Mavrogiannopoulos * tests/cert-tests/pathlen: Avoid comparing the expiration date to prevent false positive error in 32-bit systems. 2013-06-01 Nikos Mavrogiannopoulos * NEWS: updated 2013-06-01 Nikos Mavrogiannopoulos * doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates 2013-06-01 Nikos Mavrogiannopoulos * NEWS: updated from 3.2.1 2013-06-01 Nikos Mavrogiannopoulos * configure.ac: check for suse's CA bundle file 2013-05-31 Nikos Mavrogiannopoulos * lib/openpgp/privkey.c: call cleanup and deinit on the correct number of parameters 2013-05-31 Nikos Mavrogiannopoulos * lib/gnutls_pk.c: avoid calling clear on null values 2013-05-30 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use pkg-config to detect nettle 2013-05-30 Nikos Mavrogiannopoulos * tests/mini-xssl.c: ignore sigpipe 2013-05-29 Nikos Mavrogiannopoulos * lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic curves even when using SSL 3.0. This works around a bug on openssl in certain Debian systems. 2013-05-29 Nikos Mavrogiannopoulos * po/LINGUAS, po/eo.po.in: Sync with TP. 2013-05-29 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-05-29 Nikos Mavrogiannopoulos * tests/mini-xssl.c: updated xssl. 2013-05-29 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: doc update 2013-05-29 Nikos Mavrogiannopoulos * tests/mini-overhead.c: document sizes 2013-05-29 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: more precise calculation of overhead 2013-05-29 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS. 2013-05-29 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: doc update 2013-05-25 Nikos Mavrogiannopoulos * NEWS: doc update 2013-05-25 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-05-29 Nikos Mavrogiannopoulos * lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in: revert prototype move 2013-05-29 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am: doc update 2013-05-28 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory copy on decryption. 2013-05-28 Nikos Mavrogiannopoulos * lib/gnutls_cipher_int.h: corrected likely() 2013-05-27 Nikos Mavrogiannopoulos * tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use various ciphers in tests. 2013-05-27 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: doc update 2013-05-26 Nikos Mavrogiannopoulos * tests/mini-dtls-record.c: avoid delays by using a reliable transport layer. 2013-05-26 Nikos Mavrogiannopoulos * .gitignore: removed test file from repository 2013-05-26 Nikos Mavrogiannopoulos * tests/mini-record.c: avoid delays by using a reliable transport layer. 2013-05-26 Nikos Mavrogiannopoulos * lib/algorithms/ciphers.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory copy at encryption. 2013-05-26 Nikos Mavrogiannopoulos * lib/nettle/pk.c: eliminated unused variable 2013-05-25 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in(). Report by Mann Ern Kang. 2013-05-25 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: simplified code by passing an mbuffer. 2013-05-25 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name 2013-05-25 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: always set hash length 2013-05-25 Nikos Mavrogiannopoulos * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c: corrected bug with _gnutls_dsa_q_to_hash() usage introduced previously 2013-05-25 Nikos Mavrogiannopoulos * lib/abstract_int.h, lib/algorithms.h, lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c, lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c, lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS protocol version properties. 2013-05-25 Nikos Mavrogiannopoulos * lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c, lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/algorithms/mac.c, lib/algorithms/protocols.c, lib/algorithms/sign.c, lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am, lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c, lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: simplified access to cipher and mac properties to reduce wasted cycles. 2013-05-25 Nikos Mavrogiannopoulos * extra/gnutls_openssl.c: modified openssl compat API to use the exported API 2013-05-25 Nikos Mavrogiannopoulos * lib/libgnutls.map: no longer export internal hash functions 2013-05-25 Nikos Mavrogiannopoulos * tests/mini-dtls-hello-verify.c: removed memory leak 2013-05-24 Nikos Mavrogiannopoulos * lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions 2013-05-24 Nikos Mavrogiannopoulos * lib/gnutls_mbuffers.c: avoid calloc 2013-05-21 Nikos Mavrogiannopoulos * lib/gnutls_record.c: fixes in record version checking 2013-05-21 Nikos Mavrogiannopoulos * src/cli.c: use sigaction instead of signal in gnutls-cli 2013-05-21 Nikos Mavrogiannopoulos * src/cli.c: Revert "break the loop when a SIGALRM has been received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b. 2013-05-21 Nikos Mavrogiannopoulos * src/libopts/m4/libopts.m4: relax check on requirement on headers for libopts. Reported by Mark Brand. 2013-05-20 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-05-20 Nikos Mavrogiannopoulos * lib/gnutls_record.c: Improved record version checks 2013-05-20 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for hello verify message 2013-05-19 Nikos Mavrogiannopoulos * lib/nettle/mac.c: fail on wrong key sizes 2013-05-19 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_dtls.c: corrected record overhead calculations 2013-05-19 Nikos Mavrogiannopoulos * lib/gnutls_record.c: more detailed error 2013-05-19 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: corrected resumption check 2013-05-19 Nikos Mavrogiannopoulos * NEWS: updated doc 2013-05-19 Nikos Mavrogiannopoulos * lib/gnutls_record.c: Allow record layer packets with version less than the negotiated. Allowing such records avoids issue in DTLS client hello request verification. 2013-05-19 Nikos Mavrogiannopoulos * lib/gnutls.pc.in: removed undefined variable 2013-05-19 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: gnutls_session_set_id() was added 2013-05-18 Nikos Mavrogiannopoulos * src/cli.c: break the loop when a SIGALRM has been received 2013-05-18 Nikos Mavrogiannopoulos * src/libopts/m4/libopts.m4: configure proceeds if regex library isn't found 2013-05-17 Nikos Mavrogiannopoulos * lib/gnutls_str.c: documented function behavior 2013-05-16 Nikos Mavrogiannopoulos * lib/gnutls_str.c: corrected typo 2013-05-16 Nikos Mavrogiannopoulos * lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c, lib/opencdk/sig-check.c, lib/x509/common.c, lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c, lib/xssl.c, libdane/dane.c: several updates 2013-05-11 Nikos Mavrogiannopoulos * src/danetool.c: print message on certificate verification 2013-05-11 Nikos Mavrogiannopoulos * NEWS: doc update 2013-05-11 Nikos Mavrogiannopoulos * tests/cert-tests/pem-decoding: more verbose messages 2013-05-10 Tim Kosse * tests/eagain-common.h: When retrying gnutls_record_send due to GNUTLS_E_AGAIN, also try passing null data and length. Tests will fail after this patch until next patch is applied that fixes a bug in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos 2013-05-10 Tim Kosse * lib/gnutls_record.c: If gnutls_record_send fails with GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos 2013-05-10 Nikos Mavrogiannopoulos * doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas Metzler 2013-05-10 Nikos Mavrogiannopoulos * NEWS: released 3.2.0 2013-05-10 Nikos Mavrogiannopoulos * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi: simplified node referencing and add NEW_PADDING in doc 2013-05-10 Nikos Mavrogiannopoulos * m4/hooks.m4: increased revision 2013-05-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/manpages/Makefile.am: doc update 2013-05-10 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/ciphersuites.c: Added more options for salsa20 ciphers 2013-05-10 Nikos Mavrogiannopoulos * src/libopts/m4/libopts.m4: applied libregex patch 2013-05-08 Nikos Mavrogiannopoulos * cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s, lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s, lib/accelerated/x86/macosx/appro-aes-x86-macosx.s, lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s, lib/accelerated/x86/macosx/cpuid-x86-macosx.s, lib/accelerated/x86/macosx/padlock-x86-64-macosx.s, lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style comments to compile in old MacOSX systems. Reported by Ryan Schmidt. 2013-05-05 Nikos Mavrogiannopoulos * doc/cha-auth.texi: doc update 2013-05-05 Nikos Mavrogiannopoulos * lib/ext/alpn.c: clarified doc 2013-05-05 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: updated for new autogen 2013-05-05 Nikos Mavrogiannopoulos * tests/mini-alpn.c: updated for new api 2013-05-05 Nikos Mavrogiannopoulos * tests/dtls/dtls-stress.c: updated path 2013-05-05 Nikos Mavrogiannopoulos * src/cli.c: corrected API usage. 2013-05-05 Nikos Mavrogiannopoulos * lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c, lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support for the NO_APPLICATION_PROTOCOL alert for ALPN. 2013-05-05 Nikos Mavrogiannopoulos * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c, src/common.c: Improved ALPN support in gnutls-cli 2013-05-05 Nikos Mavrogiannopoulos * src/certtool-args.c, src/certtool-args.h, src/cli-args.c, src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h, src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c, src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h, src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h, src/srptool-args.c, src/srptool-args.h: updated libopts generated files. 2013-05-05 Nikos Mavrogiannopoulos * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3, src/libopts/Makefile.am, src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h, src/libopts/autoopts.c, src/libopts/autoopts.h, src/libopts/autoopts/options.h, src/libopts/autoopts/project.h, src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c, src/libopts/check.c, src/libopts/compat/compat.h, src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c, src/libopts/compat/strchr.c, src/libopts/compat/strdup.c, src/libopts/compat/windows-config.h, src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c, src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c, src/libopts/libopts.c, src/libopts/load.c, src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c, src/libopts/nested.c, src/libopts/numeric.c, src/libopts/option-value-type.c, src/libopts/option-value-type.h, src/libopts/option-xat-attribute.c, src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c, src/libopts/parse-duration.h, src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c, src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c, src/libopts/stack.c, src/libopts/streqvcmp.c, src/libopts/text_mmap.c, src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: updated libopts to autogen 5.17.3 2013-05-05 Nikos Mavrogiannopoulos * src/cli-args.def, src/cli.c: Added --alpn option to cli 2013-05-03 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-05-03 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/mac.c: Added umac-128 2013-05-02 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the key purpose in certificate requests 2013-05-02 Nikos Mavrogiannopoulos * tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is disabled. Reported by Linus Nordberg. 2013-05-02 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo. reported by Etan Reisner. 2013-05-01 Nikos Mavrogiannopoulos * tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c: updated include files 2013-05-01 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: simplified code 2013-05-01 Nikos Mavrogiannopoulos * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c, gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib 2013-05-01 Nikos Mavrogiannopoulos * tests/anonself.c, tests/certder.c, tests/certificate_set_x509_crl.c, tests/certuniqueid.c, tests/chainverify-unsorted.c, tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c, tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c, tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c, tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c, tests/mini-eagain.c, tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c, tests/mini-loss-time.c, tests/mini-record-range.c, tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c, tests/mini-termination.c, tests/mini-x509-2.c, tests/mini-x509-callbacks.c, tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c, tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c, tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c, tests/pskself.c, tests/resume-dtls.c, tests/resume.c, tests/rng-fork.c, tests/rsa-encrypt-decrypt.c, tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c, tests/srp/mini-srp.c, tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c, tests/utils.h, tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c, tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When running tests disable PKCS #11 support to avoid detecting memory leaks from PKCS #11 libraries. 2013-05-01 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: doc update 2013-04-28 Nikos Mavrogiannopoulos * tests/dtls/Makefile.am: link explicitly to librt 2013-04-28 Nikos Mavrogiannopoulos * NEWS: updated 2013-04-28 Nikos Mavrogiannopoulos * NEWS: doc update 2013-04-28 Nikos Mavrogiannopoulos * .gitignore, build-aux/config.rpath, build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/gettime.c, gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4, gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4, gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c, gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c, lib/system.h, src/benchmark-cipher.c, src/benchmark.c, src/benchmark.h, tests/suite/Makefile.am, tests/suite/mini-record-timing.c: Avoid linking the library on librt. 2013-04-27 Stef Walter * tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos 2013-04-27 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem, tests/cert-tests/pem-decoding: Added test for escaping rules. 2013-04-27 Stef Walter * lib/x509/common.c: Add the standard description OID to those recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos 2013-04-27 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/dn.c: Always escape printable strings the LDAP way, and avoid escaping hex encoded values. Report and initial patch from Stef Walter. 2013-04-27 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h: Do not include null terminator in DN string. When printing an unknown DN string as hex do not include the null terminator. Reported by Stef Walter. 2013-04-27 Nikos Mavrogiannopoulos * configure.ac: Link against pthread only when pthread_mutex_lock isn't in libc 2013-04-27 Nikos Mavrogiannopoulos * lib/accelerated/x86/sha-padlock.c: initialize the digest after output on padlock. 2013-04-27 Nikos Mavrogiannopoulos * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c, src/pkcs11.c: read_yesno() accepts a default value. By default certificates are marked as ok for signing and encryption. 2013-04-27 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license 2013-04-27 Nikos Mavrogiannopoulos * lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h, lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability from hashes 2013-04-27 Nikos Mavrogiannopoulos * lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h, lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset separately. It is implied by nettle's output function. 2013-04-27 Nikos Mavrogiannopoulos * lib/crypto-api.c: updated documentation 2013-04-24 Nikos Mavrogiannopoulos * src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c, src/benchmark.h: updated benchmark output 2013-04-23 Nikos Mavrogiannopoulos * doc/TODO: updated TODO list 2013-04-17 Nikos Mavrogiannopoulos * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the pass argument on PKCS #11 keys. 2013-04-16 Nikos Mavrogiannopoulos * lib/accelerated/x86/hmac-padlock.c, lib/accelerated/x86/sha-padlock.c: corrected memory leak in padlock_hash_fast() 2013-04-14 Nikos Mavrogiannopoulos * doc/cha-intro-tls.texi: mention about experimental protocols 2013-04-14 Nikos Mavrogiannopoulos * src/benchmark-tls.c: nettle 2.7 is required 2013-04-13 Nikos Mavrogiannopoulos * doc/cha-crypto.texi: doc update 2013-04-13 Nikos Mavrogiannopoulos * doc/cha-crypto.texi: Added documentation on public key API. 2013-04-13 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority string VERS-DTLS-ALL 2013-04-13 Nikos Mavrogiannopoulos * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c, m4/hooks.m4: nettle 2.7 is required 2013-04-13 Nikos Mavrogiannopoulos * NEWS: corrected doc 2013-04-12 Nikos Mavrogiannopoulos * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c, m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27 2013-04-12 Nikos Mavrogiannopoulos * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c, src/benchmark-tls.c: Added ESTREAM salsa20 cipher. 2013-04-11 Nikos Mavrogiannopoulos * lib/nettle/mac.c: better naming of functions 2013-04-11 Nikos Mavrogiannopoulos * lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new implementation 2013-04-10 Nikos Mavrogiannopoulos * README: added note about LGPLv3 2013-04-10 Nikos Mavrogiannopoulos * lib/system_override.c: doc update 2013-04-10 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: use unlikely 2013-04-10 Nikos Mavrogiannopoulos * NEWS: documented update 2013-04-10 Nikos Mavrogiannopoulos * configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am, lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c, lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am, tests/mini-alpn.c: Added support for the ALPN extension. 2013-04-10 Nikos Mavrogiannopoulos * lib/gnutls_constate.c: removed unused variables 2013-04-09 Nikos Mavrogiannopoulos * src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT checks 2013-04-08 Nikos Mavrogiannopoulos * README: updated 2013-04-08 Nikos Mavrogiannopoulos * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi, doc/cha-tokens.texi, lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_certificate_set_x509_key_mem2() and gnutls_certificate_set_x509_key_file2() 2013-04-08 Nikos Mavrogiannopoulos * doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi, lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc updates 2013-04-07 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h: removed TLS export key generation 2013-04-07 Nikos Mavrogiannopoulos * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am, lib/algorithms.h, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c, lib/algorithms/publickey.c, lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c, lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_priority.c, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c, lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the RSA-EXPORT ciphersuites. 2013-04-07 Nikos Mavrogiannopoulos * NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added support for DTLS 1.2 2013-04-07 Nikos Mavrogiannopoulos * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: deprecated gnutls_privkey_sign_raw_data() 2013-04-07 Nikos Mavrogiannopoulos * doc/TODO: updated 2013-04-06 Nikos Mavrogiannopoulos * lib/gnutls_range.c: updates in range handling code. 2013-04-06 Nikos Mavrogiannopoulos * tests/Makefile.am, tests/mini-record-range.c: Added test for record ranges. 2013-04-06 Nikos Mavrogiannopoulos * lib/auth/ecdhe.c: Set the curve priority to calling derive. 2013-04-05 Nikos Mavrogiannopoulos * lib/nettle/pk.c: reduce the number of temp variables in ECDH 2013-04-04 Nikos Mavrogiannopoulos * src/common.c: print the signatures used. 2013-04-04 Nikos Mavrogiannopoulos * lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_sign_algorithm_get_client() 2013-04-03 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat implementation to match the rest of the library 2013-04-03 Nikos Mavrogiannopoulos * doc/cha-internals.texi: updated text 2013-04-03 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: gnutls_pong() returns zero on success. 2013-04-02 Nikos Mavrogiannopoulos * lib/ext/heartbeat.h: removed function that didn't exist 2013-04-02 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat 2013-04-02 Nikos Mavrogiannopoulos * tests/mini-dtls-heartbeat.c: Check all error conditions. 2013-04-02 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by Joke de Buhr). 2013-04-02 Nikos Mavrogiannopoulos * NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c, lib/nettle/ecc_projective_check_point.c, lib/nettle/ecc_projective_dbl_point_3.c, lib/nettle/ecc_projective_isneutral.c, lib/nettle/ecc_projective_negate_point.c, lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c, lib/nettle/init.c, lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c, lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve code from gnutls. Use nettle's implementation. 2013-04-02 Nikos Mavrogiannopoulos * src/serv.c: corrected issue in ecccertfile option 2013-04-02 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: make a short list of the available PK algorithms 2013-03-28 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign and verification flags to operate in RSA raw mode (as used in TLS). 2013-03-27 Nikos Mavrogiannopoulos * lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow for a wrong version in the RSA PMS. 2013-03-27 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c: convert gnutls versions to TLS major-minor in a single function. 2013-03-24 Nikos Mavrogiannopoulos * devel/perlasm/license-gnutls.txt, lib/accelerated/x86/coff/cpuid-x86-64-coff.s, lib/accelerated/x86/coff/cpuid-x86-coff.s, lib/accelerated/x86/elf/cpuid-x86-64.s, lib/accelerated/x86/elf/cpuid-x86.s, lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s, lib/accelerated/x86/macosx/cpuid-x86-macosx.s, lib/ext/status_request.h, lib/gnutlsxx.cpp, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/verify-high.h: changed license headers to 2.1. Reported by Andreas Metzler. 2013-03-24 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-23 Nikos Mavrogiannopoulos * doc/manpages/Makefile.am: updated copyright 2013-03-23 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c, lib/crypto-api.c, lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size() 2013-03-22 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-22 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: doc update 2013-03-22 Nikos Mavrogiannopoulos * doc/cha-internals.texi: corrected file location 2013-03-21 Nikos Mavrogiannopoulos * tests/openpgp-auth.c: use return instead of exit 2013-03-21 Nikos Mavrogiannopoulos * lib/auth/cert.c: use the proper defines 2013-03-21 Nikos Mavrogiannopoulos * NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. 2013-03-21 Nikos Mavrogiannopoulos * tests/openpgp-auth.c: openpgp-auth tests gnutls_openpgp_set_recv_key_function() as well. 2013-03-21 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_sig.c: correct issue with the (deprecated) external key signing and TLS 1.2 2013-03-19 Nikos Mavrogiannopoulos * src/benchmark.c: use clock_gettime when we can 2013-03-19 Nikos Mavrogiannopoulos * src/benchmark-cipher.c: removed R20 2013-03-19 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c, src/benchmark-tls.c: Salsa20R20 -> Salsa20 2013-03-19 Nikos Mavrogiannopoulos * lib/libgnutls.map, tests/gc.c: use the exported variant of _gnutls_hmac_fast(). 2013-03-19 Nikos Mavrogiannopoulos * NEWS, lib/accelerated/cryptodev.c, lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/algorithms/mac.c, lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c, lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4, src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can now be used for other MAC algorithms, like UMAC. UMAC-96 and UMAC-128 were conditionally added. 2013-03-17 Nikos Mavrogiannopoulos * src/benchmark-tls.c: use RSA ciphersuite to compare ciphers. 2013-03-17 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: corrected bug in stream ciphers and added new cipher to the new padding format. 2013-03-17 Nikos Mavrogiannopoulos * NEWS, lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c, src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites. 2013-03-17 Nikos Mavrogiannopoulos * lib/pkcs11.c: search only for slots with tokens and avoid caching to prevent issues with multiple threads. 2013-03-16 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-16 Nikos Mavrogiannopoulos * doc/cha-tokens.texi, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added gnutls_privkey_status() 2013-03-16 Nikos Mavrogiannopoulos * lib/pkcs11.c: avoid internal error 2013-03-16 Nikos Mavrogiannopoulos * lib/pkcs11.c: use correct type for rv 2013-03-16 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-16 Nikos Mavrogiannopoulos * lib/pkcs11.c: scan slots on PKCS #11 providers only when needed, not on initialization. 2013-03-15 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c: doc update 2013-03-15 Nikos Mavrogiannopoulos * doc/cha-library.texi: documented the new configure options 2013-03-15 Nikos Mavrogiannopoulos * NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private key parameters are overwritten with zeros on deinitialization. 2013-03-15 Nikos Mavrogiannopoulos * doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib: doc updates 2013-03-15 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: simplified text 2013-03-15 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2013-03-14 Nikos Mavrogiannopoulos * NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi, lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h, lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added gnutls_privkey_sign_raw_data() 2013-03-14 Nikos Mavrogiannopoulos * lib/gnutls_pcert.c: simplified code 2013-03-14 Nikos Mavrogiannopoulos * src/serv.c: gnutls-serv may run without certificate, but will issue a warning 2013-03-14 Nikos Mavrogiannopoulos * src/serv.c: gnutls-serv issues an error if no certificate and key pair was set. 2013-03-14 Nikos Mavrogiannopoulos * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1 2013-03-13 Nikos Mavrogiannopoulos * lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added several ifdefs to avoid using disabled code. 2013-03-12 Daniel Kahn Gillmor * doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for *_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509 "Key Identifiers" in GnuTLS' found either at http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674 2013-03-12 Nikos Mavrogiannopoulos * NEWS, doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc() 2013-03-11 Nikos Mavrogiannopoulos * configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c, lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/{ecdh_common.c => ecdhe.c}, lib/auth/{ecdh_common.h => ecdhe.h}, lib/auth/rsa_export.c, lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c, lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c, m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE. 2013-03-11 Nikos Mavrogiannopoulos * src/serv.c: removed unneeded code 2013-03-10 Nikos Mavrogiannopoulos * src/cli.c: When requesting DANE data resolve a service name into a port number. Reported by James Cloos. 2013-03-08 Nikos Mavrogiannopoulos * NEWS: removed 2013-03-08 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update 2013-03-08 Nikos Mavrogiannopoulos * lib/x509/dn.c: avoid duplicate memory allocation in _gnutls_x509_get_dn() 2013-03-08 Nikos Mavrogiannopoulos * tests/cert-tests/dane-test.rr: The default dane output is type 03 now. 2013-03-08 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: simplified 2013-03-08 Nikos Mavrogiannopoulos * lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return proper also when loading a private key. 2013-03-08 Nikos Mavrogiannopoulos * lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER -> GNUTLS_TPMKEY_FMT_RAW 2013-03-08 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c: return unimplemented feature on encounter of a known but unsupported url 2013-03-07 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, src/danetool-args.c, src/danetool-args.def, src/danetool-args.h, src/danetool.c: updates in danetool 2013-03-07 Nikos Mavrogiannopoulos * Makefile.am, configure.ac: Added configure option to disable the build of tests. 2013-03-07 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: updated example template. 2013-03-07 Nikos Mavrogiannopoulos * tests/suite/ecore/src/lib/Ecore.h: updated 2013-03-07 Nikos Mavrogiannopoulos * lib/x509_b64.c: corrected allocation size 2013-03-07 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: simplified text 2013-03-06 Nikos Mavrogiannopoulos * configure.ac: Fixes in cpu and cross-compilation detection 2013-03-06 Nikos Mavrogiannopoulos * lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn(). 2013-03-06 Nikos Mavrogiannopoulos * lib/system.c: check revocation prior to reading local certs. 2013-03-06 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: deinitialize the certificate 2013-03-05 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-05 Nikos Mavrogiannopoulos * configure.ac: When cross compiling do not check for ca certificates. 2013-03-05 Nikos Mavrogiannopoulos * configure.ac: auto-detect CA certificates only if with-default-trust-store-file is not provided. 2013-03-05 Nikos Mavrogiannopoulos * lib/system.c: corrected parameters. 2013-03-05 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c, tests/x509cert-tl.c: Added functions that remove certificates from a trust list. 2013-03-05 Nikos Mavrogiannopoulos * libdane/includes/gnutls/dane.h: updated doc 2013-03-05 Nikos Mavrogiannopoulos * lib/system.c: Check for revoked certs in android and do not add. Suggested by David Woodhouse. 2013-03-05 Nikos Mavrogiannopoulos * lib/system.c: corrected add_system_trust() in the unsupported system case. 2013-03-05 Nikos Mavrogiannopoulos * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several optimizations on certificate comparisons including DN. This speeds up CA certificate loading, and certificate verification. 2013-03-05 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: Revert "When making the hash list of the CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14. 2013-03-05 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-05 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: When making the hash list of the CAs avoid calling get_raw_*_dn() which is very costly. 2013-03-05 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c, lib/x509/x509_int.h: Added new functions to get the LDAP DN in an allocated buffer. 2013-03-05 Nikos Mavrogiannopoulos * src/cli.c: Removed unused code. 2013-03-05 Daniel Kahn Gillmor * lib/x509/x509_write.c: fix description of id_size parameter 2013-03-05 Nikos Mavrogiannopoulos * lib/system.c: handle the interesting variance between directories 2013-03-04 Nikos Mavrogiannopoulos * lib/system.c: test for ANDROID or __ANDROID__ 2013-03-04 Nikos Mavrogiannopoulos * build-aux/ar-lib: updated 2013-03-04 Nikos Mavrogiannopoulos * configure.ac: call gl_EARLY earlier, and add AM_PROG_AR. 2013-03-04 Nikos Mavrogiannopoulos * lib/gnutls.pc.in: corrected link 2013-03-03 Nikos Mavrogiannopoulos * configure.ac: removed Werror from automake rules 2013-03-03 Nikos Mavrogiannopoulos * doc/Makefile.am: Added flag 2013-03-03 Nikos Mavrogiannopoulos * .gitignore, ChangeLog: removed 2013-03-03 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation of programs that cannot be. 2013-03-03 Nikos Mavrogiannopoulos * lib/system.c: more simplifications to gnutls_x509_trust_list_add_system_trust() 2013-03-03 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-03 Nikos Mavrogiannopoulos * lib/system.c: corrected reading from directory. 2013-03-03 Nikos Mavrogiannopoulos * lib/system.c: gnutls_x509_trust_list_add_system_trust() was made to work in android 4.x. 2013-03-02 Nikos Mavrogiannopoulos * NEWS: updated 2013-03-02 Nikos Mavrogiannopoulos * lib/system.c: More cleanups in gnutls_x509_trust_list_add_system_trust() 2013-03-02 Nikos Mavrogiannopoulos * configure.ac: Select CPU optimizations based on target cpu rather than the host. 2013-03-02 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/system.c: some simplifications in gnutls_x509_trust_list_add_system_trust() 2013-03-01 Nikos Mavrogiannopoulos * NEWS, src/certtool.c: Use ARCFOUR cipher by default to be compatible with devices like android that don't support AES 2013-03-01 Nikos Mavrogiannopoulos * NEWS, doc/invoke-danetool.texi, libdane/dane.c, libdane/includes/gnutls/dane.h, src/danetool-args.c, src/danetool-args.def, src/danetool-args.h, src/danetool.c, tests/suite/Makefile.am, tests/suite/testdane: Added verify flags for DANE to enforce verification and restrict it to a field. 2013-03-01 Nikos Mavrogiannopoulos * .gitignore, ChangeLog: added empty ChangeLog 2013-03-01 Nikos Mavrogiannopoulos * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh, build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h, build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free, build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h, gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c, gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettime.c, gl/gettimeofday.c, gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c, gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4, gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4, gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4, gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4, gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4, gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4, gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4, gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4, gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4, gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4, gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4, gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4, gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4, gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h, gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c, gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h, gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c, gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c, gl/tests/glthread/lock.c, gl/tests/glthread/lock.h, gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h, gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c, gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c, gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c, gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c, gl/tests/test-alloca-opt.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c, gl/tests/test-arpa_inet.c, gl/tests/test-base64.c, gl/tests/test-binary-io.c, gl/tests/test-bind.c, gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c, gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c, gl/tests/test-close.c, gl/tests/test-connect.c, gl/tests/test-dirent.c, gl/tests/test-dup2.c, gl/tests/test-environ.c, gl/tests/test-errno.c, gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c, gl/tests/test-fgetc.c, gl/tests/test-float.c, gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c, gl/tests/test-fread.c, gl/tests/test-frexp.c, gl/tests/test-frexp.h, gl/tests/test-frexpl.c, gl/tests/test-fseek.c, gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c, gl/tests/test-fseterr.c, gl/tests/test-fstat.c, gl/tests/test-ftell.c, gl/tests/test-ftell3.c, gl/tests/test-ftello.c, gl/tests/test-ftello3.c, gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c, gl/tests/test-func.c, gl/tests/test-fwrite.c, gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdelim.c, gl/tests/test-getline.c, gl/tests/test-getopt.c, gl/tests/test-getopt.h, gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c, gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c, gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c, gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c, gl/tests/test-init.sh, gl/tests/test-intprops.c, gl/tests/test-inttypes.c, gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h, gl/tests/test-listen.c, gl/tests/test-locale.c, gl/tests/test-localename.c, gl/tests/test-lstat.c, gl/tests/test-lstat.h, gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c, gl/tests/test-math.c, gl/tests/test-memchr.c, gl/tests/test-netdb.c, gl/tests/test-netinet_in.c, gl/tests/test-open.c, gl/tests/test-open.h, gl/tests/test-pathmax.c, gl/tests/test-perror.c, gl/tests/test-perror2.c, gl/tests/test-pipe.c, gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c, gl/tests/test-read-file.c, gl/tests/test-recv.c, gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c, gl/tests/test-select.c, gl/tests/test-select.h, gl/tests/test-send.c, gl/tests/test-sendto.c, gl/tests/test-setenv.c, gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c, gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c, gl/tests/test-signal-h.c, gl/tests/test-signbit.c, gl/tests/test-sleep.c, gl/tests/test-snprintf.c, gl/tests/test-sockets.c, gl/tests/test-stat.c, gl/tests/test-stat.h, gl/tests/test-stdalign.c, gl/tests/test-stdbool.c, gl/tests/test-stddef.c, gl/tests/test-stdint.c, gl/tests/test-stdio.c, gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c, gl/tests/test-strerror.c, gl/tests/test-strerror_r.c, gl/tests/test-string.c, gl/tests/test-strings.c, gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c, gl/tests/test-symlink.c, gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c, gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h, gl/tests/test-sysexits.c, gl/tests/test-time.c, gl/tests/test-u64.c, gl/tests/test-unistd.c, gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh, gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c, gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh, gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c, gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c, gl/tests/unistr/test-u8-mbtoucr.c, gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h, gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c, gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk: updated gnulib 2013-02-27 Nikos Mavrogiannopoulos * lib/libgnutls.map: Added gnutls_pkcs11_privkey_status 2013-02-27 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/invoke-certtool.texi, doc/manpages/Makefile.am: updated 2013-02-27 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2013-02-27 Nikos Mavrogiannopoulos * lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_session_pack.c: small optimizations in session storage 2013-02-27 Nikos Mavrogiannopoulos * lib/gnutls_state.c: no need to memset during session deinit. 2013-02-26 Nikos Mavrogiannopoulos * NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation after fork(). 2013-02-26 Nikos Mavrogiannopoulos * lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_session_pack.c: Small fixes. 2013-02-25 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_status(). 2013-02-24 Nikos Mavrogiannopoulos * lib/x509/verify.c: doc update 2013-02-24 Nikos Mavrogiannopoulos * libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h: when verifying a DANE CA constraint make sure that the provided chain is actually a chain. 2013-02-24 Nikos Mavrogiannopoulos * libdane/dane.c: doc update 2013-02-21 Nikos Mavrogiannopoulos * doc/cha-tokens.texi: mention enable-in in p11-kit config. 2013-02-20 Jaak Ristioja * lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be reasonable to include them in GnuTLS even if PSK support is disabled. Signed-off-by: Nikos Mavrogiannopoulos 2013-02-19 Nikos Mavrogiannopoulos * lib/pkcs11.c: print info on reinitializor error. 2013-02-19 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: Documented the DANE situation in gnutls. Suggested by Gabor Toth. 2013-02-18 Nikos Mavrogiannopoulos * NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize all modules. 2013-02-18 Nikos Mavrogiannopoulos * lib/pkcs11.c: return proper error 2013-02-18 Nikos Mavrogiannopoulos * NEWS: updated 2013-02-18 Nikos Mavrogiannopoulos * src/serv.c: use set_int when needed 2013-02-18 Nikos Mavrogiannopoulos * lib/ext/session_ticket.c, lib/gnutls_datum.c, lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c, lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use gnutls_realloc_fast everywhere. Suggested by David Woodhouse. 2013-02-17 Nikos Mavrogiannopoulos * lib/auth/rsa.c: better cleanup on error on export case 2013-02-17 Nikos Mavrogiannopoulos * lib/x509/x509.c: corrected parsing issue in XMPP data when in a subject alternative name 2013-02-16 Nikos Mavrogiannopoulos * doc/cha-tokens.texi, lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up the PIN calling in TPM 2013-02-16 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c, doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c, lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience functions to avoid ugly casting in simple programs. 2013-02-15 Nikos Mavrogiannopoulos * doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be more explicit in DTLS examples to account for LARGE_PACKET error 2013-02-16 Daniel Kahn Gillmor * lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use 2013-02-13 Nikos Mavrogiannopoulos * NEWS: documented fix 2013-02-13 Nikos Mavrogiannopoulos * lib/libgnutls.map: corrected export of functions 2013-02-13 Nikos Mavrogiannopoulos * NEWS: documented fix 2013-02-13 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data() 2013-02-13 Nikos Mavrogiannopoulos * lib/x509/verify-high.c: reduced hash table size 2013-02-12 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c: doc update 2013-02-12 Nikos Mavrogiannopoulos * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const 2013-02-12 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c, lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random -> gnutls_handshake_set_random 2013-02-12 Nikos Mavrogiannopoulos * lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms 2013-02-12 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_handshake_set_server_random 2013-02-12 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: properly set close-on-exec. 2013-02-11 Nikos Mavrogiannopoulos * doc/examples/ex-serv-anon.c: avoid ptrdiff_t 2013-02-10 Nikos Mavrogiannopoulos * NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz. 2013-02-10 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS 2013-02-10 Nikos Mavrogiannopoulos * tests/Makefile.am: removed duplicate 2013-02-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates 2013-02-10 Nikos Mavrogiannopoulos * tests/Makefile.am: slow tests moved at the end of the suite 2013-02-10 Nikos Mavrogiannopoulos * lib/gnutls_buffers.c: simplified cleaning-up in _gnutls_stream_read and _gnutls_dgram_read 2013-02-10 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected extract_digest_info 2013-02-10 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client side the verify callback is always being called. 2013-02-10 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: further relaxed security levels 2013-01-29 Jaak Ristioja * Makefile.am, configure.ac: Add option to disable generation of any documentation for GnuTLS. 2013-01-29 Jaak Ristioja * Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am: Prevent libdane pkgconfig stuff from being installed if libdane support is disabled. 2013-02-10 Nikos Mavrogiannopoulos * NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8 2013-02-09 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and documented fix. 2013-02-09 Nikos Mavrogiannopoulos * lib/algorithms/secparams.c: reduced the very weak DH level to 768 bits to not reject popular sites that operate on that level. 2013-02-09 Nikos Mavrogiannopoulos * lib/auth/dh_common.c: added debugging message to indicate the number of bits. 2013-02-09 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: Do not call the certificate verification callback if certificates are ignored. 2013-02-08 Nikos Mavrogiannopoulos * lib/gnutls_record.c: avoid memset on the whole record header length 2013-02-07 Nikos Mavrogiannopoulos * NEWS, lib/x509/privkey.c: fixed issue in gnutls_x509_privkey_import2() 2013-02-05 Nikos Mavrogiannopoulos * doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib, lib/tpm.c: reference TPMURI 2013-02-05 Nikos Mavrogiannopoulos * lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc 2013-02-05 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected typo 2013-02-05 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work with arbitrary key sizes. 2013-02-04 Nikos Mavrogiannopoulos * lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added a magic number in front session DB data. 2013-02-04 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand. 2013-02-04 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_cipher.c: update 2013-02-04 Nikos Mavrogiannopoulos * tests/cert-tests/ca-no-pathlen.pem: test update 2013-02-04 Nikos Mavrogiannopoulos * doc/cha-functions.texi, doc/manpages/Makefile.am: update 2013-02-04 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c: updated doc 2013-02-04 Nikos Mavrogiannopoulos * NEWS: updated 2013-02-04 Nikos Mavrogiannopoulos * doc/invoke-gnutls-cli.texi: doc update 2013-02-04 Nikos Mavrogiannopoulos * lib/gnutls_range.c: document limitation 2013-01-24 Alfredo Pironti * lib/gnutls_range.c: Make sure we don't fail if writing gets interrupted 2013-02-04 Nikos Mavrogiannopoulos * tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't included. 2013-02-04 Nikos Mavrogiannopoulos * NEWS: documented fix 2013-02-04 Nikos Mavrogiannopoulos * NEWS: postpone the change 2013-02-04 Nikos Mavrogiannopoulos * COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8. 2013-02-04 Nikos Mavrogiannopoulos * tests/suite/mini-record-timing.c: updated test 2013-02-04 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a timing attack in TLS CBC record parsing. 2013-02-04 Nikos Mavrogiannopoulos * NEWS: updated 2013-02-04 Nikos Mavrogiannopoulos * lib/gnutls_extensions.c, lib/gnutls_record.c: only register heartbeat if it is enabled. 2013-02-04 Nikos Mavrogiannopoulos * COPYING.LESSER: license is again LGPLv2.1 2013-02-04 Nikos Mavrogiannopoulos * configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h, m4/hooks.m4: updated heartbeat code, and made it optional. 2013-02-04 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo 2013-02-03 Nikos Mavrogiannopoulos * lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c, lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use LGPLv2.1 in the files their author's agreed to. 2013-02-03 Nikos Mavrogiannopoulos * lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA to specify trusted CA certificates. 2013-02-02 Nikos Mavrogiannopoulos * NEWS: added new func 2013-02-01 Nikos Mavrogiannopoulos * lib/gnutls_session_pack.c: corrected session resumption 2013-02-01 Nikos Mavrogiannopoulos * lib/gnutls_db.c: simplified DB storing 2013-02-01 Nikos Mavrogiannopoulos * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: Applied disable SNI patch from Daniel. 2013-02-01 Nikos Mavrogiannopoulos * lib/gnutls_db.c: remove function is not required to add or retrieve from db. 2013-02-01 Nikos Mavrogiannopoulos * lib/abstract_int.h, lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c, lib/accelerated/x86/aes-gcm-padlock.c, lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/hmac-padlock.c, lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h, lib/algorithms.h, lib/algorithms/cert_types.c, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c, lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c, lib/algorithms/protocols.c, lib/algorithms/publickey.c, lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c, lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c, lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h, lib/ext/new_record_padding.c, lib/ext/new_record_padding.h, lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h, lib/ext/server_name.c, lib/ext/server_name.h, lib/ext/session_ticket.c, lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h, lib/gnutls_compress.c, lib/gnutls_compress.h, lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h, lib/gnutls_session.c, lib/gnutls_session_pack.c, lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h, lib/gnutls_supplemental.c, lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c, lib/nettle/ecc_projective_check_point.c, lib/nettle/ecc_projective_dbl_point_3.c, lib/nettle/ecc_projective_isneutral.c, lib/nettle/ecc_projective_negate_point.c, lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c, lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c, lib/opencdk/read-packet.c, lib/opencdk/seskey.c, lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/write-packet.c, lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c, lib/random.h, lib/system.c, lib/system.h, lib/system_override.c, lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1 in the files their author's agreed to. 2013-01-31 Nikos Mavrogiannopoulos * lib/gnutls_db.c, lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_db_check_entry_time(). 2013-01-31 Nikos Mavrogiannopoulos * lib/gnutls_db.c: deprecated problematic function 2013-01-31 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9. 2013-01-31 Nikos Mavrogiannopoulos * lib/includes/gnutls/xssl.h: corrected typo 2013-01-30 Nikos Mavrogiannopoulos * lib/gnutls_record.c: uncork doesn't do anything when the session is already in flush mode 2013-01-29 Nikos Mavrogiannopoulos * .gitignore, doc/.gitignore: more files to ignore 2013-01-29 Nikos Mavrogiannopoulos * doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update 2013-01-29 Nikos Mavrogiannopoulos * NEWS, configure.ac, m4/hooks.m4: bumped version 2013-01-29 Nikos Mavrogiannopoulos * doc/latex/cover.tex: Added Alfredo 2013-01-29 Nikos Mavrogiannopoulos * doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex: updated doc for XSSL 2013-01-29 Nikos Mavrogiannopoulos * doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c: Added XSSL client examples. 2013-01-29 Nikos Mavrogiannopoulos * lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed compilation of mini-xssl. 2013-01-29 Nikos Mavrogiannopoulos * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes 2013-01-29 Nikos Mavrogiannopoulos * NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library 2013-01-29 Nikos Mavrogiannopoulos * NEWS: updated text 2013-01-29 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: Comment out new padding until it is standardized or at least approved by the WG. 2013-01-29 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/doc.mk: fix xssl 2013-01-29 Nikos Mavrogiannopoulos * src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried connections to multiple hosts. gnutls-cli-debug was trying to connect to all possible IP addresses of the host and failed if any was unavailable. Now it tries sequentially and accepts the first that is working. Reported by Daniel Kahn Gillmor. 2013-01-28 Nikos Mavrogiannopoulos * NEWS: updated 2013-01-28 Nikos Mavrogiannopoulos * .gitignore, NEWS: updated NEWS 2013-01-27 Nikos Mavrogiannopoulos * lib/crypto-api.c: Fix AEAD out-of-place decryption 2013-01-27 Nikos Mavrogiannopoulos * tests/suite/mini-record-timing.c: updated test 2013-01-27 Nikos Mavrogiannopoulos * NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c, lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/{sbuf.h => xssl.h}, lib/libgnutls.map, lib/{sbuf.c => xssl.c}, lib/{sbuf.h => xssl.h}, lib/{sbuf_getline.c => xssl_getline.c}, tests/Makefile.am, tests/mini-sbuf.c, tests/mini-xssl.c: Added new interface. 2013-01-27 Nikos Mavrogiannopoulos * lib/gnutls_handshake.c: propagate the error of the verify callback. 2013-01-27 Nikos Mavrogiannopoulos * lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates in the sbuf API. 2013-01-27 Nikos Mavrogiannopoulos * NEWS, lib/crypto-backend.h, lib/gnutls_state.c, lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c, lib/random.h: Added gnutls_rnd_refresh(). 2013-01-27 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c: Keep the legacy dh_prime_bits. 2013-01-26 Nikos Mavrogiannopoulos * lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c, lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface. 2013-01-26 Nikos Mavrogiannopoulos * NEWS: updated news 2013-01-26 Nikos Mavrogiannopoulos * NEWS, lib/nettle/rnd.c: No need to cache events with the current behavior. 2013-01-26 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c: use nonces instead of random data 2013-01-26 Nikos Mavrogiannopoulos * tests/mini-sbuf.c: free all resources 2013-01-26 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: nonces update the internal rng state much slower. 2013-01-26 Nikos Mavrogiannopoulos * NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in: Instead of setting directly the number of DH bits, set a security parameter per session. 2013-01-26 Nikos Mavrogiannopoulos * NEWS, lib/auth/dh_common.c, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c: The minimum DH prime bits are now set by the priority strings (that means they are increased for the SECURE strings). 2013-01-26 Nikos Mavrogiannopoulos * configure.ac: warnings doesn't imply Werror 2013-01-26 Nikos Mavrogiannopoulos * doc/TODO: updated 2013-01-26 Nikos Mavrogiannopoulos * lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id() if not openpgp. 2013-01-26 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: optimized random generator. 2013-01-26 Nikos Mavrogiannopoulos * configure.ac: check for getpid(). 2013-01-26 Nikos Mavrogiannopoulos * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c: _dtls_timespec_sub_ms -> timespec_sub_ms 2013-01-25 Nikos Mavrogiannopoulos * lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls. 2013-01-25 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: reduced calls to getpid 2013-01-25 Nikos Mavrogiannopoulos * lib/nettle/rnd.c: use the more precise gettime() instead of gettimeofday(). 2013-01-25 Nikos Mavrogiannopoulos * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: gnutls_range_split accepts pointers as arguments. 2013-01-24 Alfredo Pironti * NEWS, doc/Makefile.am, lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make gnutls_range_split available from the GnuTLS API 2013-01-24 Alfredo Pironti * .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message - Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos 2013-01-25 Nikos Mavrogiannopoulos * lib/auth/psk.h: Some fix when disable-psk-authentication is specified. Based on patch by Jaak Ristioja. 2013-01-25 Nikos Mavrogiannopoulos * lib/x509/x509_dn.c: rewritten DN parsing code. 2013-01-25 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem, tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test: test the DN functionality of certtool. 2013-01-25 Nikos Mavrogiannopoulos * tests/cert-tests/dane: dane test no longer fails if danetool isn't compiled 2013-01-25 Nikos Mavrogiannopoulos * lib/system.c, lib/tpm.c, lib/x509/common.c, lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale dependent versions of isxxx functions. 2013-01-24 Nikos Mavrogiannopoulos * lib/sbuf.c: allow writes of more than the maximum record data. 2013-01-24 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and gnutls_uncork(). 2013-01-23 Nikos Mavrogiannopoulos * NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c, tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline(). 2013-01-23 Nikos Mavrogiannopoulos * NEWS, doc/invoke-gnutls-cli.texi: doc updates 2013-01-23 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h: Small changes and a sanity check 2013-01-23 Nikos Mavrogiannopoulos * lib/x509/ocsp_output.c, lib/x509/output.c: print static strings without a printf-like function. 2013-01-23 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c, src/socket.h: Updated ranges patch. 2013-01-22 Alfredo Pironti * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi, doc/invoke-gnutls-cli.texi, lib/Makefile.am, lib/ext/new_record_padding.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h, lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c, src/socket.h, tests/mini-record.c: GnuTLS Length Hiding patch. - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when possible. - Update documentation Signed-off-by: Nikos Mavrogiannopoulos 2013-01-22 Nikos Mavrogiannopoulos * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: changed function name to gnutls_session_force_valid. 2013-01-22 Martin Storsjo * lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as well This is required when linking as static libraries on linux, for -lrt. Signed-off-by: Nikos Mavrogiannopoulos 2013-01-22 Nikos Mavrogiannopoulos * lib/gnutls_priority.c: set a default error position. 2013-01-22 Nikos Mavrogiannopoulos * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added gnutls_session_clear_invalid 2013-01-21 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs for sbuf API. 2013-01-21 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added gnutls_record_set_timeout(). 2013-01-21 Nikos Mavrogiannopoulos * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer. 2013-01-21 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi: Updated doc 2013-01-21 Nikos Mavrogiannopoulos * src/certtool-common.c: corrected C parameter generation. 2013-01-21 Nikos Mavrogiannopoulos * configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated Libs.private with all the required libraries 2013-01-21 Martin Storsjo * lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to use libiconv. Signed-off-by: Nikos Mavrogiannopoulos 2013-01-21 Martin Storsjo * lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building shared libraries. Currently, if building with --disable-shared on OS X, the build fails with: CCLD gnutls-serv Undefined symbols for architecture x86_64: "__gnutls_file_mutex", referenced from: _gnutls_global_deinit in libgnutls.a(gnutls_global.o) _gnutls_global_init in libgnutls.a(gnutls_global.o) ld: symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy the undefined reference to _gnutls_file_mutex.o in gnutls_global.o unless gnutls_global.o (or any other object file in the link) also calls functions that pulls in verify-tofu.o. Since gnutls_global.o always is linked in, but verify-tofu.o can be left out unless someone calls the functions in it, defining the mutex in gnutls_global.c makes sense and simplifies the dependencies. Signed-off-by: Nikos Mavrogiannopoulos 2013-01-21 Nikos Mavrogiannopoulos * src/Makefile.am, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool-common.c, src/certtool-common.h, src/certtool.c, src/dh.c: Added --cprint option to certtool 2013-01-20 Nikos Mavrogiannopoulos * doc/README.CODING_STYLE: updated coding style 2013-01-20 Alon Bar-Lev * src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev Signed-off-by: Nikos Mavrogiannopoulos 2013-01-20 Nikos Mavrogiannopoulos * .gitignore, tests/suite/Makefile.am, tests/suite/mini-record-timing.c: Added program to estimate the timings in different record paddings. 2013-01-18 Nikos Mavrogiannopoulos * doc/invoke-danetool.texi, libdane/dane.c, libdane/includes/gnutls/dane.h, src/danetool-args.c, src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added --insecure flag to danetool. 2013-01-17 Nikos Mavrogiannopoulos * src/certtool.c, tests/cert-tests/template-test.pem, tests/cert-tests/template-utf8.pem: modified certtool order of DN elements. 2013-01-17 Nikos Mavrogiannopoulos * tests/mini-sbuf.c: properly deinitialized sbuf 2013-01-17 Nikos Mavrogiannopoulos * tests/mini-dtls-record.c: initialize buffer before sending. 2013-01-17 Nikos Mavrogiannopoulos * NEWS, tests/dn2.c: corrected test for new names and updated news. 2013-01-17 Nikos Mavrogiannopoulos * NEWS, libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4, src/danetool-args.c, src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added options to specify a DLV file. Suggested by Paul Wouters. 2013-01-17 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn(). 2013-01-15 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi: updated certtool doc 2013-01-15 Nikos Mavrogiannopoulos * NEWS, doc/TODO, doc/cha-cert-auth2.texi, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h, lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added functions to directly set the DN in a certificate or request from an RFC4514 string. 2013-01-15 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2013-01-15 Nikos Mavrogiannopoulos * NEWS, doc/cha-gtls-app.texi, lib/Makefile.am, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c, tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist buffering during transmission. Added the gnutls_sbuf_t structure and accompanying functions to enable buffering in sending application data. 2013-01-15 Nikos Mavrogiannopoulos * libdane/dane-params.c: corrected copyright. 2013-01-07 Nikos Mavrogiannopoulos * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR. 2013-01-07 Nikos Mavrogiannopoulos * lib/nettle/egd.c: Corrected issue when an EGD device was not found. Reported by Joshua Phillips. 2013-01-06 Nikos Mavrogiannopoulos * cfg.mk: Added config rule 2013-01-06 Nikos Mavrogiannopoulos * doc/examples/ex-client-x509.c: doc fix 2013-01-05 Nikos Mavrogiannopoulos * lib/x509/pkcs12.c: doc fix 2013-01-05 Nikos Mavrogiannopoulos * lib/pkcs11.c: small updates 2013-01-05 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: update 2013-01-05 Nikos Mavrogiannopoulos * lib/x509/crq.c: simplified naming 2013-01-05 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: update 2013-01-05 Nikos Mavrogiannopoulos * lib/ext/status_request.c, lib/gnutls_dh_primes.c, lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since 2013-01-05 Nikos Mavrogiannopoulos * doc/latex/gnutls.tex: added babel (not sure why) 2013-01-05 Nikos Mavrogiannopoulos * doc/reference/gnutls-docs.sgml: updated for 3.1 2013-01-03 Nikos Mavrogiannopoulos * lib/nettle/pk.c: corrected error code 2013-01-03 Nikos Mavrogiannopoulos * cross.mk: updated makefile 2013-01-03 Nikos Mavrogiannopoulos * configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist 2013-01-02 Nikos Mavrogiannopoulos * NEWS: documented updates 2013-01-02 Nikos Mavrogiannopoulos * lib/gnutls_record.c: corrected typo 2013-01-02 Nikos Mavrogiannopoulos * lib/libgnutls.map: updated exported function name 2012-12-19 Nikos Mavrogiannopoulos * NEWS: updated 2012-12-19 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, lib/ext/new_record_padding.c, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed to RANDOM_PADDING 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: corrected compression. 2012-12-19 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h: removed utf8 chars 2012-12-19 Nikos Mavrogiannopoulos * doc/latex/gnutls.tex: updates in output 2012-12-19 Nikos Mavrogiannopoulos * tests/mini-record.c: Added checks for new record padding format. 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new record packets. 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use padding also if in DTLS. 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: some simplifications 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu calculation 2012-12-19 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: simplified decryption 2012-12-19 Nikos Mavrogiannopoulos * lib/ext/new_record_padding.c: removed debugging 2012-12-18 Nikos Mavrogiannopoulos * lib/debug.c, lib/debug.h, lib/ext/Makefile.am, lib/ext/new_record_padding.c, lib/ext/new_record_padding.h, lib/gnutls_cipher.c, lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added a new record padding mechanism. It is negotiated via an extension and record data are now formatted as: ciphered-struct { opaque pad<0..2^16-1> opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is always 0 modulo the block size in block ciphers to avoid any need for additional padding. Added extension to negotiate new record padding. 2012-12-27 Nikos Mavrogiannopoulos * .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added test for duplicate packet detection in DTLS. 2012-12-27 Nikos Mavrogiannopoulos * lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding window implementation. 2012-12-27 Nikos Mavrogiannopoulos * lib/gnutls_record.c: Termination when expecting an alert is handled gracefully in DTLS. 2013-01-02 Nikos Mavrogiannopoulos * NEWS: living in the past 2013-01-02 Nikos Mavrogiannopoulos * NEWS, m4/hooks.m4: bumped library version 2013-01-02 Nikos Mavrogiannopoulos * NEWS: updated news 2013-01-02 Nikos Mavrogiannopoulos * doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am, lib/tpm.c: If trousers is not present define the TPM functions but have them return GNUTLS_E_UNIMPLEMENTED_FEATURE. 2013-01-02 Nikos Mavrogiannopoulos * configure.ac: tpm support is disabled by default 2013-01-02 Nikos Mavrogiannopoulos * doc/TODO: updated 2013-01-01 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: updated autogen'ed files. 2012-12-31 Nikos Mavrogiannopoulos * doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am, doc/latex/gnutls.tex: doc updates 2012-12-31 Nikos Mavrogiannopoulos * libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff is LGPL version 2.1 or later 2012-12-29 Nikos Mavrogiannopoulos * THANKS: updated thanks file 2012-12-29 Nikos Mavrogiannopoulos * README-alpha: updated git2cl link 2012-12-29 Nikos Mavrogiannopoulos * doc/cha-auth.texi: corrected typos 2012-12-29 Nikos Mavrogiannopoulos * doc/cha-auth.texi: updated in auth chapter 2012-12-29 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi, doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of the authentication chapter. 2012-12-29 Nikos Mavrogiannopoulos * doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods chapter 2012-12-28 Nikos Mavrogiannopoulos * doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c, doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: better code in client and server examples 2012-12-28 Nikos Mavrogiannopoulos * NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding stricter. Reported by Kikuchi Masashi. 2012-12-28 Nikos Mavrogiannopoulos * lib/gnutls_record.c: corrected typo 2012-12-27 Nikos Mavrogiannopoulos * lib/gnutls_record.c: Termination when expecting an alert is handled gracefully in DTLS. 2012-12-27 Nikos Mavrogiannopoulos * NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling. 2012-12-21 Nikos Mavrogiannopoulos * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop unecessary function in examples 2012-12-20 Martin Storsjo * lib/ext/srtp.c: Don't match further SRTP profiles after one match has been found This makes SRTP profile matching more straightforward and intuitive, when the first matching SRTP profile will be the one selected, not the last one as before. Signed-off-by: Nikos Mavrogiannopoulos 2012-12-20 Martin Storsjo * lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos 2012-12-19 Nikos Mavrogiannopoulos * README: updated 2012-12-19 Nikos Mavrogiannopoulos * tests/suite/testcompat: corrected datefudge test 2012-12-18 Martin Storsjo * lib/system_override.c: Fix docs for gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t. Signed-off-by: Nikos Mavrogiannopoulos 2012-12-16 Nikos Mavrogiannopoulos * lib/x509/x509_write.c: doc update 2012-12-16 Nikos Mavrogiannopoulos * configure.ac: bumped version 2012-12-16 Nikos Mavrogiannopoulos * tests/suite/mini-eagain2.c: added config.h 2012-12-16 Nikos Mavrogiannopoulos * configure.ac: corrected wording 2012-12-16 Nikos Mavrogiannopoulos * build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c, gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4, gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4, gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4, gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h, gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h, gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c, gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h, gl/vasnprintf.c, maint.mk: updated gnulib 2012-12-15 Nikos Mavrogiannopoulos * tests/suite/Makefile.am: corrected test 2012-12-15 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: certtool --generate-request option conflicts with --infile. Suggested by Daniel Black. 2012-12-12 Nikos Mavrogiannopoulos * NEWS: doc fix 2012-12-12 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, doc/manpages/Makefile.am, doc/manpages/tpmtool.1: use ECHO_N 2012-12-12 Nikos Mavrogiannopoulos * tests/suite/Makefile.am: do not build ecore in macosx 2012-12-06 Nikos Mavrogiannopoulos * README, README-alpha: updated urls 2012-12-06 Nikos Mavrogiannopoulos * doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex, lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c, tests/pkcs12_simple.c: corrected copyright notices 2012-11-29 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: updated documentation. 2012-11-28 Nikos Mavrogiannopoulos * lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL input. 2012-11-28 Nikos Mavrogiannopoulos * lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in gnutls_x509_crq_get_challenge_password 2012-12-05 Nikos Mavrogiannopoulos * lib/x509/crq.c: doc update 2012-11-28 Nikos Mavrogiannopoulos * doc/invoke-p11tool.texi, src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h: updated documentation 2012-12-03 Nikos Mavrogiannopoulos * lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c, tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys 2012-12-04 Nikos Mavrogiannopoulos * NEWS: document fix 2012-12-04 Nikos Mavrogiannopoulos * lib/gnutls_cipher.c: Corrected bugs in record parsing. Corrected bugs in record padding parsing. Reported by Kenny Patterson and Nadhem Alfardan. 2012-12-01 Nikos Mavrogiannopoulos * NEWS: documented fixes 2012-11-30 Nikos Mavrogiannopoulos * lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright 2012-12-01 Ludovic Courtès * guile/src/Makefile.am: guile: Fix dependencies to be parallel-safe. 2012-11-28 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: Revert "do not document low-level functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363. 2012-11-27 Nikos Mavrogiannopoulos * README: mention dependencies in readme 2012-11-27 Nikos Mavrogiannopoulos * cfg.mk: update @VERSION@ -> actual version on the web manual 2012-11-27 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: doc update 2012-11-27 Nikos Mavrogiannopoulos * cfg.mk: simplified generation of documentation 2012-11-27 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name 2012-11-27 Nikos Mavrogiannopoulos * doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates 2012-11-26 Nikos Mavrogiannopoulos * src/socket.c: corrected socket loop. Based on patch by Mantas Mikulenas. 2012-11-26 Simon Josefsson * lib/minitasn1/coding.c, lib/minitasn1/decoding.c, lib/minitasn1/element.c, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update minitasn1 to version 3.1. 2012-11-26 Simon Josefsson * .gitignore, build-aux/snippet/unused-parameter.h, doc/gendocs_template, maint.mk: Update gnulib tools. Add missing unused-parameter.h template. 2012-11-26 Nikos Mavrogiannopoulos * NEWS: updated 2012-11-26 Nikos Mavrogiannopoulos * src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h: gnutls-cli will try to cannot to all possible returned addresses. 2012-11-26 Nikos Mavrogiannopoulos * doc/TODO: updated todo list 2012-11-26 Nikos Mavrogiannopoulos * NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers. 2012-11-26 Nikos Mavrogiannopoulos * src/libopts/usage.c: Added hack to print the parameters correctly in windows. 2012-11-26 Nikos Mavrogiannopoulos * lib/x509/x509.c: updated 2012-11-25 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: repeat the tests to avoid accidental failures 2012-11-25 Nikos Mavrogiannopoulos * lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514 conforming) 2012-11-25 Nikos Mavrogiannopoulos * lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types. 2012-11-25 Nikos Mavrogiannopoulos * lib/x509/common.c: UniversalString (UTF-32) is handled as non-printable for now. 2012-11-25 Nikos Mavrogiannopoulos * doc/TODO: updated todo list 2012-11-25 Nikos Mavrogiannopoulos * lib/x509/common.c: Allow for bit strings that are not a multiple of 8. 2012-11-24 Nikos Mavrogiannopoulos * NEWS, cross.mk: updated 2012-11-24 Nikos Mavrogiannopoulos * m4/hooks.m4: require libtasn1 3.1 or later 2012-11-24 Nikos Mavrogiannopoulos * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c, lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c, tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems to use the new libtasn1 APIs. 2012-11-24 Nikos Mavrogiannopoulos * NEWS: released 3.1.5 2012-11-24 Nikos Mavrogiannopoulos * .gitignore: more files to ignore 2012-11-24 Nikos Mavrogiannopoulos * lib/x509/common.c: corrected placeOfBirth DN parsing. 2012-11-24 Nikos Mavrogiannopoulos * lib/gnutls_global.c: no need to release struct 2012-11-24 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: do not document low-level functions 2012-11-24 Nikos Mavrogiannopoulos * lib/nettle/ecc_mulmod_cached.c: set cache to null after deinitialization 2012-11-23 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: fixed test 2012-11-21 Nikos Mavrogiannopoulos * .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open-aix.gperf, gl/iconv_open-aix.h, gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h, gl/iconv_open-irix.gperf, gl/iconv_open-irix.h, gl/iconv_open-osf.gperf, gl/iconv_open-osf.h, gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h, gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c, gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c, gl/tests/test-iconv-utf.c, gl/tests/test-locale.c, gl/tests/test-localename.c, gl/tests/test-setlocale1.c, gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c, gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c, gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c, gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the UCS2->UTF8 convertion in systems that is not provided. 2012-11-21 Nikos Mavrogiannopoulos * lib/pkix_asn1_tab.c: use the old type for compatibility 2012-11-21 Nikos Mavrogiannopoulos * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated libtasn1 version 2012-11-21 Nikos Mavrogiannopoulos * configure.ac, m4/hooks.m4: bumped version 2012-11-21 Nikos Mavrogiannopoulos * lib/system.c: simplified UTF-8 encoding. 2012-11-21 Nikos Mavrogiannopoulos * NEWS, doc/invoke-danetool.texi, src/Makefile.am, src/danetool-args.c, src/danetool-args.def, src/danetool-args.h, src/danetool.c: danetool is being built even without libgnutls-dane. The --check functionality is not operational though. It can only generate tlsa records. 2012-11-21 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/template-test, tests/cert-tests/template-utf8.pem, tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate generation. 2012-11-21 Nikos Mavrogiannopoulos * lib/x509/dn.c: removed redundant check 2012-11-21 Nikos Mavrogiannopoulos * NEWS, doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated parameters 2012-11-21 Nikos Mavrogiannopoulos * lib/x509/x509.c: update 2012-11-21 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi, lib/x509/x509.c: doc update 2012-11-21 Nikos Mavrogiannopoulos * doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_write.c: doc update 2012-11-20 Nikos Mavrogiannopoulos * lib/x509/x509_write.c: enforce the 200 character limit. 2012-11-20 Nikos Mavrogiannopoulos * NEWS, lib/system.c: improved iconv support. 2012-11-20 Nikos Mavrogiannopoulos * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem, tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: updated for new output 2012-11-20 Nikos Mavrogiannopoulos * NEWS: news update 2012-11-20 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/cha-gtls-app.texi, doc/invoke-certtool.texi, doc/manpages/Makefile.am, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/x509/output.c, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool-common.c, src/certtool-common.h, src/certtool.c, src/tpmtool.c: Several updates in certificate/public key printing. * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an easier to parse format. * Added gnutls_pubkey_import_x509_crq() to convert a certificate request to a public key. * Added gnutls_pubkey_print() to simplify public key printing. * certtool's pubkey-info can be combined with --load-request. * Added --numbers option to certtool which prints big numbers in an easier to parser format. 2012-11-20 Nikos Mavrogiannopoulos * build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/{tests => }/dup2.c, gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4, gl/select.c, gl/stdlib.in.h, gl/strerror-override.c, gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/fcntl.in.h, gl/tests/test-fcntl-h.c, gl/tests/test-iconv.c, gl/tests/test-select.h, lib/system.c, m4/hooks.m4, maint.mk: use gnulib to detect iconv. 2012-11-20 Nikos Mavrogiannopoulos * NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for either iconv or libiconv. 2012-11-20 Nikos Mavrogiannopoulos * src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c: simplified parsing 2012-11-20 Nikos Mavrogiannopoulos * lib/x509/output.c: print header only on the first policy 2012-11-20 Nikos Mavrogiannopoulos * NEWS, doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: certtool is able to set certificate policies via a template 2012-11-20 Nikos Mavrogiannopoulos * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy() 2012-11-19 Nikos Mavrogiannopoulos * lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/x509.c: doc update 2012-11-19 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/manpages/Makefile.am, lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c: another rename 2012-11-19 Nikos Mavrogiannopoulos * lib/system.c: corrected win32 UCS2 conversion. 2012-11-19 Nikos Mavrogiannopoulos * NEWS, doc/Makefile.am, doc/manpages/Makefile.am, lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c, lib/x509/x509.c: simplified naming 2012-11-19 Nikos Mavrogiannopoulos * NEWS: documented update 2012-11-19 Nikos Mavrogiannopoulos * lib/x509/x509.c: mention the extension OID 2012-11-19 Nikos Mavrogiannopoulos * tests/cert-tests/aki-cert.pem, tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse 2.5.29.32. 2012-11-19 Nikos Mavrogiannopoulos * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle visiblestring. 2012-11-19 Nikos Mavrogiannopoulos * tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem, tests/cert-tests/pem-decoding: Added simple check for bmpstring decoding. 2012-11-19 Nikos Mavrogiannopoulos * lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested) 2012-11-19 Nikos Mavrogiannopoulos * lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as non-printable (fallback to previous behavior). 2012-11-19 Nikos Mavrogiannopoulos * lib/x509/x509.c: doc update 2012-11-18 Nikos Mavrogiannopoulos * NEWS: documented updates 2012-11-18 Nikos Mavrogiannopoulos * configure.ac: check for iconv 2012-11-18 Nikos Mavrogiannopoulos * lib/system.c, lib/x509/common.c: map the whole ascii set 2012-11-18 Nikos Mavrogiannopoulos * lib/x509/common.c: Handle BMPString in DNs. 2012-11-18 Nikos Mavrogiannopoulos * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c, lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c, lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse the certificate policies extention. Added gnutls_x509_crt_get_policy() etc. In addition several updated in the handling of strings in X.509 structures. 2012-11-17 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi, doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc updates 2012-11-16 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: updated doc 2012-11-16 Nikos Mavrogiannopoulos * NEWS: documented update 2012-11-16 Nikos Mavrogiannopoulos * NEWS: updated 2012-11-15 Nikos Mavrogiannopoulos * tests/cert-tests/template-test: Added small text 2012-11-15 Tim Kosse * doc/examples/Makefile.am: print-ciphersuites was a very useful too for debugging this. Now it is even built. Signed-off-by: Nikos Mavrogiannopoulos 2012-11-15 Tim Kosse * lib/gnutls_priority.c: Don't read past the last list entry in _add_priority, doing so adds algorithms that shouldn't be added and can even lead to a segfault. Signed-off-by: Nikos Mavrogiannopoulos 2012-11-14 Nikos Mavrogiannopoulos * src/danetool.c: tried to beautify output of danetool 2012-11-14 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: corrected description. 2012-11-14 Nikos Mavrogiannopoulos * lib/gnutls_cert.c: corrected typo 2012-11-12 Nikos Mavrogiannopoulos * NEWS: doc update 2012-11-12 Nikos Mavrogiannopoulos * src/pkcs11.c: optimizations in list import 2012-11-12 Nikos Mavrogiannopoulos * lib/pkcs11.c: When listing all objects of a type, restrict their class to the specified. 2012-11-12 Nikos Mavrogiannopoulos * src/pkcs11.c: Added some help on failure. 2012-11-12 Nikos Mavrogiannopoulos * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11_find_object made static. 2012-11-12 Nikos Mavrogiannopoulos * src/certtool-common.c, src/certtool-common.h, src/certtool.c, src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits() does not always warn. 2012-11-12 Nikos Mavrogiannopoulos * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when generating a PKCS #11 private key print the public key. 2012-11-11 Nikos Mavrogiannopoulos * NEWS, doc/invoke-certtool.texi, src/certtool-args.c, src/certtool-args.def, src/certtool-args.h, src/certtool.c: The pubkey-info option can be combined with the load-privkey to extract the public key of a private key. 2012-11-11 Nikos Mavrogiannopoulos * doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c, doc/examples/verify.c: corrected verification examples 2012-11-10 Nikos Mavrogiannopoulos * doc/TODO: removed OCSP extension from TODO 2012-11-09 Diego Elio Pettenò * tests/cert-tests/Makefile.am: build: only run the dane cert test if dane is enabled. This fixes a test failure when disabling dane support. Signed-off-by: Diego Elio Pettenò Signed-off-by: Nikos Mavrogiannopoulos 2012-11-10 Nikos Mavrogiannopoulos * Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am, tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem, tests/cert-tests/dane: last changes for release. 2012-11-10 Nikos Mavrogiannopoulos * doc/Makefile.am, doc/invoke-gnutls-cli.texi, doc/manpages/Makefile.am, src/common.c: updated 2012-11-09 Nikos Mavrogiannopoulos * lib/gnutls_x509.c: Corrected indication of OCSP check failure. 2012-11-09 Nikos Mavrogiannopoulos * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The status-request option was eliminated. Check OCSP only when the status response in the handshake was invalid. 2012-11-09 Nikos Mavrogiannopoulos * AUTHORS, NEWS: Added Martin 2012-11-09 Nikos Mavrogiannopoulos * src/certtool-args.c, src/certtool-args.h, src/cli-args.c, src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h, src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c, src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h, src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h, src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c, src/tpmtool-args.h: updated 2012-11-08 Nikos Mavrogiannopoulos * doc/invoke-certtool.texi, doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi, doc/invoke-psktool.texi, doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove @cindex from the invoke-* files. 2012-11-08 Nikos Mavrogiannopoulos * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: doc updates 2012-11-08 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi: doc update 2012-11-08 Nikos Mavrogiannopoulos * NEWS, lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow easier marking of insecure algorithms. 2012-11-07 Nikos Mavrogiannopoulos * lib/gnutls_compress.c: removed debugging 2012-11-07 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are tolerated. 2012-11-07 Nikos Mavrogiannopoulos * NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in: Removed GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP parsing errors. 2012-11-07 Nikos Mavrogiannopoulos * doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update 2012-11-07 Nikos Mavrogiannopoulos * gnutls-cli-debug uses server name indication. ----- Copyright (C) 2005-2012 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted provided the copyright notice and this notice are preserved.