[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls annotated tag, gnutls_2_11_3, created. gnutls_2_11_3
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls annotated tag, gnutls_2_11_3, created. gnutls_2_11_3 |
|
Date: |
Thu, 14 Oct 2010 13:24:14 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=bdbd6e55b61e817e3dfae634fa0a9144d5009f13
The annotated tag, gnutls_2_11_3 has been created
at bdbd6e55b61e817e3dfae634fa0a9144d5009f13 (tag)
tagging c238f7f49e396b0aed83d1040ecbf5bc03ec65db (commit)
replaces gnutls_2_9_10
tagged by Simon Josefsson
on Thu Oct 14 15:23:59 2010 +0200
- Log -----------------------------------------------------------------
2.11.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iOoEAAECADQFAky3BHAtFIAAAAAAFQAPcGthLWFkZHJlc3NAZ251cGcub3JnamFz
QGV4dHVuZG8uY29tAAoJEO2iHpS1ZXFv6jAE/jFTHdQdSCfY4sVKs85+D2CEeviD
lryz1d7wqVHneXxyVkzC9YbD+ZWzHjs/Oc79VCTXfmRmpH5BulaERF3LXJ46oVPg
we2v4laQ5zHoaUzbVt9GxhUt32FrUSg7FI0EQ1CXVKyMFdbhyCQLDMyl2CbcD6yq
piukot4H95Pn6ZPcaJ+J1C/IikFVwpFl9bJ3OL4yTtVvpPyHfnAQXjHeTME=
=uUkJ
-----END PGP SIGNATURE-----
Brad Hards (2):
As identified in a previous mail, I've added support for accessing /
displaying
Show which option is the default for command line tools.
Jonathan Bastien-Filiatrault (44):
Add version check functions for selectable PRF and extension handling.
Add version check function for explicit IV.
Add version check functions for non-minimal padding.
Add version check function for selectable signature/hash certificate
algorithms.
Remove hardcoded version checks in gnutls_handshake.c.
Remove hardcoded version checks in gnutls_sig.c.
Remove hardcoded version checks in gnutls_cipher.c.
Remove hardcoded version check in gnutls_state.c.
Remove hardcoded version checks in auth_cert.c.
Do not rely on version ordering; use switch..case instead.
Add gnutls_mbuffers.{c,h} with some basic mbuffer operations.
Add dump_bytes function.
Extract a simple_write function from _gnutls_io_write_buffered.
Change type of internals.record_send_buffer to a mbuffer.
Simplify _gnutls_io_write_buffered and _gnutls_io_write_flush with
mbuffers.
Pass datums to mbuffers by address instead of by value.
Modify slightly the contract of _gnutls_io_write_buffered as suggested
Remove yet another address@hidden instance of redundant hexadecimal
dumping.
Cleanup of the remaining internals.record_send_buffer mess.
Remove the prototype for the non-existant function
_gnutls_io_write_buffered2.
Use a datum for ciphered data in _gnutls_send_int.
Make LEVEL and LEVEL_EQ macros safer.
Now that LEVEL and LEVEL_EQ are fixed, use less lines.
Harmonize read and write function names.
GNUify some missed GNUification.
Prepare for mbuffer allocation by the caller.
Allocate data buffer with mbuffer_st structure as suggested by Nikos.
Remove now useless _gnutls_mbuffer_enqueue{,copy} functions.
Avoid pointer warning.
Fix interrupted write braino.
Simplify handshake send buffer logic.
Make _gnutls_handshake_io_send_int accept a mbuffer_st.
Use mbuffers for handshake synthesis.
Adapt session ticket support to mbuffer API.
mbuffers: Document the internal mbuffer API.
mbuffers: Make _mbuffer_remove_bytes return a meaningful error code.
mbuffers: fix wrong size calculation.
mbuffers: Add mbuffer_linearize.
Parenthesize size calculations.
mbuffers: make _gnutls_io_read_buffered use mbuffers.
mbuffers: Add _mbuffer_xfree operation.
Fully mbufferize _gnutls_read and _gnutls_read_buffered.
Add gnutls_assert_val idiom.
Explicit symmetric cipher state versionning.
Ludovic Courtès (1):
Add an OpenPGP authentication unit test.
Micah Anderson (1):
Add new extended key usage ipsecIKE
Nikos Mavrogiannopoulos (283):
Corrected typo. Reported by Clint Adams.
Emulate old gnutls behavior regarding safe renegotiation if the
priority_* functions are not called.
Because we want to differentiate the behavior of server
Documented behavioral change.
Ignore parsing of ciphersuite or extensions when safe renegotiation is
disabled.
Better checks in loops.
Use correct hashing algorithms for DSA with q over 160 bits.
Added INITIAL_SAFE_RENEGOTIATION and other small updates.
Documented the defaults.
Splitted safe renegotiation capabilities to
Corrected case where handshake data were received during a session. It
now stores them for future use by a gnutls_handshake(). Reported by Peter
Hendrickson <address@hidden>.
Added a forgoten by god OID for RSA. Warn using the actual OID
Optimized the check_if_same().
Added initial PKCS #11 support. Certtool can now print lists of
certificates
Added ability to export certificates from PKCS #11 tokens.
Added several helper functions, to allow printing of tokens.
ignore unrelated to gnutls files.
Added gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are
Deprecated the sign callback.
Corrections to properly handle token removal and insert.
Documented that it was initially based on neon pkcs11 and got ideas from
pkcs11-helper library.
Added documentation for most of the new functions.
Use the new callback function.
Updated self tests and examples to avoid using deprecated functions such
as
Corrections in openpgp private key usage.
Added initial example.
Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
Only send termination request to avoid stalling on servers that do not
reply.
Documented that gnutls_global_init calls gnutls_pkcs11_init.
The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
gnome-keyring's
privkey.h -> abstract.h
Added operations to sign CRLs, certificates and requests with an abstract
key and thus with a PKCS #11 key as well.
Corrected bug in DSA signature generation.
Documented that the --file options in gnutls-cli and gnutls-serv can
accept a PKCS #11 URL.
Added support for libnettle backend. This uses gmp for big number
operations.
Export all symbols from C++ library. This library doesn't contain any
Added gnutls_pkcs11_token_get_flags() to distinguish between hardware and
soft tokens.
Added gnutls_pubkey_t abstract type to handle public keys. It can
currently
Tried to document recent changes.
Ignore files that should be ignored.
Added gnutls_pubkey_import_pkcs11(), gnutls_pubkey_import_rsa_raw(),
Added gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
Added initial PKCS #11 support. Certtool can now print lists of
certificates
Added ability to export certificates from PKCS #11 tokens.
Added several helper functions, to allow printing of tokens.
Added gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are
Corrections to properly handle token removal and insert.
Documented that it was initially based on neon pkcs11 and got ideas from
pkcs11-helper library.
Added documentation for most of the new functions.
Updated self tests and examples to avoid using deprecated functions such
as
Corrections in openpgp private key usage.
The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
gnome-keyring's
privkey.h -> abstract.h
Added operations to sign CRLs, certificates and requests with an abstract
key and thus with a PKCS #11 key as well.
Corrected bug in DSA signature generation.
Added support for libnettle backend. This uses gmp for big number
operations.
Added gnutls_pkcs11_token_get_flags() to distinguish between hardware and
soft tokens.
Added gnutls_pubkey_t abstract type to handle public keys. It can
currently
Tried to document recent changes.
Added gnutls_pubkey_import_pkcs11(), gnutls_pubkey_import_rsa_raw(),
Added gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
Added support to copy certificates and private keys to tokens.
Documentation updates. Separated big gnutls.texi to chapter to allow
easier
Added some sanity checks.
Corrected nicely hidden bug that caused accesses to uninitialized
variables
More fixes.
Common code for calculation of RSA exp1 and exp2. Also update the openpgp
Added documentation on abstract types.
Noted that there things to be done.
Removed finished items.
Added missing file.
Added a modified pakchois library (to open arbitrary pkcs11 modules).
Removed debugging print.
Simplified internal API. The only question that remains now is how to
handle
Added blinding in RSA. Correct broken private keys on import. Nettle
Corrected coefficient and exp[12] values in key.
Increased log level of several messages.
Added 2048 bit DSA key
Added sketch for PKCS #11 usage.
Added bibliographic reference to PKCS #11.
make example more compact by removing error checking.
make sure all lines fit in page.
Always use included pakchois.
Added support for SHA224 and SHA256 in DSA.
Added gnutls_sec_param_to_pk_bits() et al. to allow select bit
Fixed issue with AES.
Correction in RSA encryption.
More AES stuff (still doesn't work).
Corrected certificate callback.
Document that the generator is the generator of the subgroup and not the
group.
Generate dh-params also used --sec-param.
documentation updates
Fixed nettle detection and AES.
Added support for EV certificate attributes.
The recognition of DN elements is now self contained. It does not need
entries in pkix.asn.
exported gnutls_rnd().
avoid calling gcrypt directly.
Corrected to support new EV_ values.
No need for those OIDs any more.
LocalKeyId and XmppAddr were incorporated.
removed more stuff.
Allow DSA with other than SHA1 algorithms in TLS.
Added debugging
Added again _gnutls_dump_mpi() to assist in debugging.
Do not bother with MODPATH. We don't use it.
Fixup to compile with nettle
Some pakchois fixes.
Only print output if something fails
Print exp1 and exp2 if they are available.
Print information on failure.
Corrected for new output of --print-certificate-info
reduced log level to a sane one
use --sec-param to generate privkey.
Nettle library can now parse the PGP integers. Except for SHA-224/384/512
Print debugging information on error.
Test the DSA with SHA256 as well.
Several fixes after big rebase.
Added gnutls_pubkey_get_preferred_hash_algorithm() and
gnutls_x509_crt_get_preferred_hash_algorithm()
Added gnutls_x509_crq_get_preferred_hash_algorithm().
The get_preferred_hash_algorithm() functions have now an extra argument
to indicate
Added missing files.
Remove the correct file
Ignore more files.
Use GCRYCTL_ENABLE_QUICK_RANDOM when using libgcrypt.
Corrected prefered hash algorithm return value on RSA.
Some other changes to mbuffers to make gnutls (a bit more) agnostic on
their internal structure.
Merged with master.
Several fixes for the broken rebase.
Provider unref must be done after all sessions have been closed.
Added Jonathan.
More fixes for the rebase.
Removed several comments that pointed to Alon's implementation comments.
We use inline C comments to generate documentation (not doxygen).
Added new calls to pakchois to open an absolute filename.
corrected tests.
Register the md5 handler if gcrypt is in fips mode once
gnutls_global_init_extra() is called.
Properly handle fork() case.
The gnutls_string code was simplified and integrated with the buffer to
avoid
Simplified and made more safe the packing of data for session storage.
Extensions use
Combined the max ticket length with the maximum extension data length.
Removed unused functions.
Appending data in mbuffers is now cheaper by avoiding realloc, at the cost
Do not warn multiple times for the deprecation of --bits.
Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224 for
DSA.
For Private key operations new sessions are opened when are needed. This
makes the usage of the PKCS11 API thread safe. The only drawback is the
requirement to enter PIN on every operation.
Added option to the PKCS11 PIN callback to save PIN if the token is being
used
Added more gnutls errors to map closer to PKCS11 actual errors.
Send correct token name to callback.
Allow listing of private keys only. Certtool has now the
--pkcs11-list-privkeya option.
Greatly simplified the internal hash/hmac and cipher functions.
documented some of the changes
Removed the no longer needed "active" variable.
Explicitely terminate cryptodev sessions.
Allow setting debug level via cmd.
Applied patch by Andreas Metzler
Only save PIN if login was successful.
corrected text on AES
Added gnutls_sec_param_to_pk_bits() discussion.
Corrected example with %COMPAT.
Removed links for discussion of the COMPAT topic. I don't think they
should be in the documentation.
Some updates on renegotiation text
Some updates in the PKCS11 text.
version is 2.11.0
Fixes in new extensions code that relate to SSL 3.0.
Corrections in the new session packing code. Saving absolute positions in
buffers is no
Corrected some tests. Added test to check whether the %COMPAT option is
Added news entry for EV-certificates.
When verifying certificates use the same algorithm whether the
DO_NOT_ALLOW_SAME
removed OPRFI from makefile.
removed OPRFI extension functions.
MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
When generating private key allow usage of --pkcs-cipher flag.
Fail on error.
Modified the cacertrsamd5 short-cut. The test was checking whether
Added gnutls_global_set_mutex() to allow setting
use 2.11.0 everywhere
Corrected writing and reading order of security parameters.
Added AES-128 to block ciphers.
Allow flags when importing objects from PKCS11 URLs. The only flag
supported
Indented code.
Combined object flags. No implicit login any more. Login has to be
specified with a flag
When copying a private key the sensitive flag can be set or not. This
allows
Moved locking code to special file.
Initialization of crypto libraries moved outside main gnutls code.
simplified locking code. Locking functions always exist but are dummies
if no
commented obscure HANDSHAKE_MAC_TYPE_10 and HANDSHAKE_MAC_TYPE_12.
Correctly deinitialize crypto API handles.
Include abstract.h in releases.
bumped library version
corrected lock usage.
Do not allow setting NULL lock functions
More uses of gnutls_certificate_free_ca_names
removed unneeded function.
Reverted the SAVE_PIN approach in PIN callback. The new approach will be
to provide
PIN callback supplies the token URL. The callback function in common.c
corrected library version
Print values in a human-readable format and do the calculations in fixed
Allow encryption and decryption that are not in-place only.
Added missing files
Read from /dev/urandom every 20 minutes.
The included pakchois will use gnutls locks and will use a portable
Locks were converted to be in align with posix locks to easier wrap
around them.
only warn if dlopen or pthreads are not found.
Fixed to compile under mingw32.
Corrected locking usage in nettle's random subsystem.
Added a windows version of the RNG.
Use double to count bytes.
Changed the default pkcs-cipher to AES-128. Allowed specifying the
3des-pkcs12
Do not crash if input is redirected from /dev/null.
Use the same "e" for RSA as libgcrypt. It's the fastest choice.
corrected typo
Example with export ciphersuites was removed.
ex-rfc2818 is now a functional program demonstrating the verification
procedure.
Removed old reference.
Support scattered write using writev(). This takes
system specific functions were moved to system.c
gnutls-serv: Do not print CR/LF if received, but instead print LF only.
Corrected the lowat behavior. Documented that it will be deprecated in
Added support for EGD daemon in nettle's RNG. It is used if /dev/urandom
fixed
Added blinding to RSA decryption AND signing. Will stay there until it is
moved to nettle itself.
Added RSA with SHA224.
Added SIG_RSA_MD5_OID as an indicator of RSA. Some microsoft products
were using it. Reported by Mads Kiilerich.
Added option for certtool to print certificate public key.
updated NEWS
ignore html errors otherwise make dist doesn't work.
added missing file key-subca-dsa.pem
HMAC-MD5 deprecated according to ECRYPT II yearly report (2009-2010)
recommendations.
Updated documentation and gnutls_pk_params_t mappings to ECRYPT II
recommendations.
Follow ECRYPT II recommendations.
Simplified documentation.
Better handling of security parameters to key sizes matching (via a
single table). Added
Fix DSA key values to avoid generating normal and reporting them as low.
use RSA-SHA1 as an indicator of RSA certificates.
Corrected wrong descriptions of security levels.
Added GNUTLS_PK_DH to differentiate in the generation of parameters with
PK_DSA
gnutls_x509_privkey_import() will fallback to
gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to
decode the key.
Do not trust fbase64_decode to return 0 on success.
NULL MAC renamed to MAC-NULL
When signature algorithms extension is not received allow SHA1 and SHA256.
Added RSA_NULL_SHA1 and SHA256 ciphersuites.
Modified the example to work in TLS 1.2.
When scanning for terminator character for PKCS #11 URLs ignore escaped
\;.
Added Camellia-128/256, SHA-224/384/512 and support for DSA2 when using
nettle.
Define HAVE_GCRYPT when using gcrypt. nettle is no longer marked as
unsupported.
mini-eagain will fail with EAGAIN error one every two attempts. That is
to remove probabilities.
oldstate var removed.
libnettle is the default crypto library.
Added Sjoerd.
Revert "When scanning for terminator character for PKCS #11 URLs ignore
escaped \;."
By default lowat is set to zero.
prevent a memory leak in the unique_id functions.
When the %COMPAT flag is specified, larger records that would otherwise
violate the TLS spec, are accepted.
PKCS#11 URL support updated to conform to draft-pechanec-pkcs11uri-02.
updated NEWS.
Be liberal in the PEM decoding. That is spaces and tabs are being skipped.
Documented changes.
Added 3 levels of details in PKCS #11 URLs.
updated for 2.11.1
updated revision
indented some code
Corrected bug in wrap_nettle_pk_fixup that was importing DSA keys are RSA
ones.
documented change
fflush stdout and stderr before the call to setbuf. This fixes issue in
solaris where lines dissappeared from output. Reported and suggested fix by
Knut Anders Hatlen.
No longer use is_fatal() during handshake. Explicitely treat
changed the fatality level of some errors.
cipher,mac and digest priorities moved to crypto.c
IMED_RET parameters are easier to grasp.
cleanup of TODO list. Removed very old entries, entries already fixed and
added new ones.
Corrected advertizing issue for session tickets.
Added some comments and removed unused code.
--pkcs11-* in certtool was renamed to --p11-*.
Use more informative logging for extensions.
Corrected bugs when restoring extensions during session resumtion.
Corrected behavior on failure (don't crash).
treat absence of parameters the same as having them disabled.
updated
Added Micah
Updated cryptodev code to support the linux cryptodev extensions.
Applied patch on IKE extension by Micah Anderson
Applied last patch of Micah Anderson on IKE status.
removed unneeded code.
Revert "Applied last patch of Micah Anderson on IKE status."
bumped version
Simon Josefsson (70):
Chmod +x.
Bump versions.
Also bump libgnutls-extra version.
Add 2.8.x NEWS entries.
Prepare 2.10.0 release notes.
Remove.
Update my key.
Update my OpenPGP key.
Update URL.
Mention shared library map file and GTK-DOC guidelines.
Remove debug code.
Add section on safe renegotiation.
Add.
Add.
Improve renegotiation debug messages.
Fix typo.
Improve text, based on suggestions from Tomas Hoger <address@hidden>.
tests: Add mini-x509 self-test.
Protect against infloops.
tests: Add small X.509 rehandshake test.
tests: Add first self-test of safe renegotiation extension.
Also test gnutls_safe_renegotiation_status API.
tests: Add another safe renegotiation self tests.
tests: Add srn3 to test inverse of what srn1 is testing.
Remove gnutls_safe_negotiation_set_initial and
gnutls_safe_renegotiation_set.
Add more safe renegotiation self test.
Add more rengotiation self tests.
Add test of self renegotiation APIs.
Change GNU TLS into GnuTLS.
Change GNUTLS into GnuTLS.
Doc fix.
Doc fixes.
Add.
Readd lost fix from Nikos.
Readd lost fix from Nikos.
Fix self test.
Fix node/section usage.
Also build PDF manual.
Support GTK-DOC PDF file.
Add.
Add.
Doc fix.
Doc fix.
Update gnulib files, use valgrind-tests module, fix syntax-check problems.
Add.
Update.
Update gnulib files.
Minor fix.
gnutls-cli: Make --starttls work again.
Use silent build rules.
We also require GNU make.
Generated.
Add pkcs11-vision rules.
Doc fix.
Re-add old NEWS entries.
Generated.
Avoid fixed size buffers (now handles the big >100 SAN cert).
Fix warning.
Make pkcs8-decode test work on Windows.
Remove spurious comma.
Remove spurious comma.
Don't return from void functions.
Avoid bashism.
Mention new APIs.
Fix compiler warnings.
Fix some syntax-check errors.
Indent (using GNU indent 2.2.11).
Bump versions.
Version 2.11.3.
Generated.
Sjoerd Simons (3):
Add state for flushing the handshake buffer
Check whether the error is fatal in more cases
Remember the amount of user data we're sending out
-----------------------------------------------------------------------
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls annotated tag, gnutls_2_11_3, created. gnutls_2_11_3,
Simon Josefsson <=