From INVALID.NOREPLY at gnu.org Fri Dec 2 09:37:10 2011 From: INVALID.NOREPLY at gnu.org (Simon Josefsson) Date: Fri, 02 Dec 2011 08:37:10 +0000 Subject: [sr #107896] gnutls 3.0.8 fails to compile with clang In-Reply-To: <20111130-123829.sv76013.65986@savannah.gnu.org> References: <20111130-123829.sv76013.65986@savannah.gnu.org> Message-ID: <20111202-083710.sv7213.95360@savannah.gnu.org> Update of sr #107896 (project gnutls): Assigned to: None => jas _______________________________________________________ Follow-up Comment #1: Interesting -- I'll forward this to the gnulib list. /Simon _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Tue Dec 6 11:28:53 2011 From: INVALID.NOREPLY at gnu.org (Jeff Allen) Date: Tue, 06 Dec 2011 10:28:53 +0000 Subject: [sr #107901] core dump in certtool Message-ID: <20111206-102852.sv86385.83244@savannah.gnu.org> URL: Summary: core dump in certtool Project: GnuTLS Submitted by: jra Submitted on: Tue 06 Dec 2011 10:28:52 AM GMT Category: Included programs Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: None _______________________________________________________ Details: I made certtool core dump doing this: certtool -s --load-privkey cli.key < /dev/null Generating a self signed certificate... Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Country name (2 chars): Organization name: Organizational unit name: Locality name: State or province name: Common name: UID: This field should not be used in new certificates. E-mail: Enter the certificate's serial number in decimal (default: 1323166846): Segmentation fault There is something wrong with its input validation. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Dec 9 10:47:48 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 09 Dec 2011 09:47:48 +0000 Subject: [sr #107901] core dump in certtool In-Reply-To: <20111206-102852.sv86385.83244@savannah.gnu.org> References: <20111206-102852.sv86385.83244@savannah.gnu.org> Message-ID: <20111209-094747.sv0.7959@savannah.gnu.org> Follow-up Comment #1, sr #107901 (project gnutls): Please report bugs on the latest releases. In any case redirecting the /dev/null to certtool is not a valid action. You can use templates to avoid interaction. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Dec 9 15:04:13 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 09 Dec 2011 14:04:13 +0000 Subject: [sr #107901] core dump in certtool In-Reply-To: <20111209-094747.sv0.7959@savannah.gnu.org> References: <20111206-102852.sv86385.83244@savannah.gnu.org> <20111209-094747.sv0.7959@savannah.gnu.org> Message-ID: <20111209-140412.sv0.30620@savannah.gnu.org> Follow-up Comment #2, sr #107901 (project gnutls): Segfaulting is not a valid action. Just sayin'... _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Dec 9 18:53:06 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 09 Dec 2011 17:53:06 +0000 Subject: [sr #107901] core dump in certtool In-Reply-To: <20111209-140412.sv0.30620@savannah.gnu.org> References: <20111206-102852.sv86385.83244@savannah.gnu.org> <20111209-094747.sv0.7959@savannah.gnu.org> <20111209-140412.sv0.30620@savannah.gnu.org> Message-ID: <20111209-195306.sv707.83843@savannah.gnu.org> Update of sr #107901 (project gnutls): Status: None => Invalid Assigned to: None => nmav Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #3: Well you've read only part of my message. You are not using the latest certtool, please report bugs on the latest releases. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From simon at josefsson.org Mon Dec 12 13:23:40 2011 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 12 Dec 2011 13:23:40 +0100 Subject: Patch for GnuTLS 2.10.2 In-Reply-To: <5339305745501B43BA62C95698C4746B0128573F@bs-hermes.int.bardenheuer.de> References: <5339305745501B43BA62C95698C4746B0128573F@bs-hermes.int.bardenheuer.de> Message-ID: <1323692620.26540.3.camel@latte.josefsson.org> Hi Alexander. I'm redirecting this to gnutls-devel since the gnutls-commit list is a list for automatic postings only. Thank you for the contribution -- to include it however we need some paperwork to transfer the copyright. Please fill out and follow the instructions in this form: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/request-assign.future If you only want to assign this contribution and not any future ones, there is this form: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/request-assign.changes /Simon m?n 2011-12-12 klockan 12:13 +0100 skrev Alexander.von-Klinski at bardenheuer.de: > Dear all at the list, > > Dear Simon, > > > > On behalf of our client and in the name of my colleague who did the > job I would like to contribute a modification of the GnuTLS 2.10.2 > where we added a RSA-PSK key exchange. > > > > Find attached the new source files auth_rsa.h and auth_rsa_psk.c, the > gnutls.diff and the log files from validation. > > See also the info from below. > > The diff must be performed with patch -p1 -c -l -R < gnutls.diff > > > > Hopefully someone will pick up our work and will find the right place > for it. > > Feedback is welcome? > > > > > > Best regards, > > > > Alexander von Klinski > > Alexander von Klinski > > Gesch?ftsstellenleiter Berlin > Vice President ? Mobile Computing & eID > > Bardenheuer GmbH (ALTEN Group) > Am Borsigturm 11 > D - 13507 Berlin > > Tel: +49 (0)30 - 43 09 45 9 - 0 > Fax: +49 (0)30 - 43 09 45 9 - 9 > Mobil: +49 (0)172- 388 75 06 > > E-Mail: alexander.von-klinski at bardenheuer.de > Web: http://www.bardenheuer.de > > Gesch?ftsf?hrer: Reiner Bardenheuer und Yves-Antoine Brun > Registergericht: M?nchen > Registriernummer: HRB 107560 > Umsatzsteuer-Identifikationsnummer: DE 1670 1468 5 > > > > --- > > > > Intention to extend GnuTLS 2.10.2 was the need for RSA-PSK key > exchange. > > > The implementation is based on the descriptions in RFC 5246 and RFC > 4279 respectively. > > > > To implement the new functionality the following files were added: > - .../lib/auth_rsa.h > - .../lib/auth_rsa_psk.c > > > > > > To integrate the new functionality into the existing GnuTLS the > following files were modified: > - .../lib/Makefile.am > - .../lib/Makefile.in > - .../lib/auth_psk.c > - .../lib/auth_psk.h > - .../lib/auth_rsa.c > - .../lib/gnutls_algorithms.c > - .../lib/gnutls_priority.c > - .../lib/gnutls_state.c > - .../lib/includes/gnutls/gnutls.h.in > > > > > > For testing purposes client and server were used as they are built in > the context of the GnuTLS build process. > > > > > > The client was called this way: > gnutls-cli 127.0.0.1 -p 5556 -d 9 --priority NORMAL: > +RSA-PSK:-RSA:-DHE-RSA:-DHE-PSK:-PSK:-DHE-DSS --pskusername > --pskkey --insecure > > > > > > The server was called this way: > gnutls-serv --echo -p 5556 -d 9 --priority NORMAL: > +RSA-PSK:-RSA:-DHE-RSA:-DHE-PSK:-PSK:-DHE-DSS --x509cafile > --x509keyfile --x509certfile --pskpasswd > > > > > > In the client respectively server logs (see attachments) it can be > seen that the correct key exchange algorithm and cipher suite were > used. > > > > > > --------------------------------------------------------------------------------------------------- > > > > > > *** new/lib/Makefile.am 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/Makefile.am 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 60,66 **** > auth_srp_sb64.c auth_srp_rsa.c > > PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c > > OPRFI_COBJECTS = ext_oprfi.c > > --- 60,66 ---- > auth_srp_sb64.c auth_srp_rsa.c > > PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c > > OPRFI_COBJECTS = ext_oprfi.c > > *************** > *** 103,109 **** > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h auth_rsa.h > > # Separate so we can create the documentation > > --- 103,109 ---- > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h > > # Separate so we can create the documentation > > *** new/lib/Makefile.in 2011-10-31 11:12:46.000000000 +0100 > --- old/lib/Makefile.in 2010-09-30 08:43:01.000000000 +0200 > *************** > *** 180,192 **** > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h auth_rsa.h gnutls_record.c \ > ! gnutls_compress.c debug.c gnutls_cipher.c gnutls_buffers.c \ > ! gnutls_handshake.c gnutls_num.c gnutls_errors.c \ > ! gnutls_algorithms.c gnutls_dh.c gnutls_kx.c gnutls_priority.c \ > ! gnutls_hash_int.c gnutls_cipher_int.c gnutls_session.c \ > ! gnutls_db.c x509_b64.c auth_anon.c gnutls_extensions.c \ > ! gnutls_auth.c gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \ > gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \ > gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \ > pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \ > --- 180,192 ---- > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h gnutls_record.c gnutls_compress.c \ > ! debug.c gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c \ > ! gnutls_num.c gnutls_errors.c gnutls_algorithms.c gnutls_dh.c \ > ! gnutls_kx.c gnutls_priority.c gnutls_hash_int.c \ > ! gnutls_cipher_int.c gnutls_session.c gnutls_db.c x509_b64.c \ > ! auth_anon.c gnutls_extensions.c gnutls_auth.c \ > ! gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \ > gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \ > gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \ > pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \ > *************** > *** 200,207 **** > crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \ > gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \ > auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c \ > ! ext_session_ticket.c gnutls.asn pkix.asn libgnutls.map > am__objects_1 = > am__objects_2 = ext_oprfi.lo > @ENABLE_OPRFI_TRUE at am__objects_3 = $(am__objects_2) > --- 200,207 ---- > crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \ > gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \ > auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c ext_session_ticket.c \ > ! gnutls.asn pkix.asn libgnutls.map > am__objects_1 = > am__objects_2 = ext_oprfi.lo > @ENABLE_OPRFI_TRUE at am__objects_3 = $(am__objects_2) > *************** > *** 227,233 **** > am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \ > auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo > am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \ > ! auth_dhe_psk.lo gnutls_psk_netconf.lo auth_rsa_psk.lo > am__objects_7 = ext_session_ticket.lo > am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \ > $(am__objects_5) $(am__objects_6) $(am__objects_7) > --- 227,233 ---- > am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \ > auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo > am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \ > ! auth_dhe_psk.lo gnutls_psk_netconf.lo > am__objects_7 = ext_session_ticket.lo > am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \ > $(am__objects_5) $(am__objects_6) $(am__objects_7) > *************** > *** 995,1001 **** > auth_srp_sb64.c auth_srp_rsa.c > > PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c > > OPRFI_COBJECTS = ext_oprfi.c > SESSION_TICKET_COBJECTS = ext_session_ticket.c > --- 995,1001 ---- > auth_srp_sb64.c auth_srp_rsa.c > > PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \ > ! auth_dhe_psk.c gnutls_psk_netconf.c > > OPRFI_COBJECTS = ext_oprfi.c > SESSION_TICKET_COBJECTS = ext_session_ticket.c > *************** > *** 1032,1038 **** > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h auth_rsa.h > > > # Separate so we can create the documentation > --- 1032,1038 ---- > gnutls_helper.h auth_psk.h auth_psk_passwd.h \ > gnutls_supplemental.h ext_oprfi.h crypto.h random.h \ > ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \ > ! ext_safe_renegotiation.h > > > # Separate so we can create the documentation > *************** > *** 1168,1174 **** > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_psk_passwd.Plo at am__quote@ > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_rsa.Plo at am__quote@ > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_rsa_export.Plo at am__quote@ > - @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_rsa_psk.Plo at am__quote@ > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_srp.Plo at am__quote@ > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_srp_passwd.Plo at am__quote@ > @AMDEP_TRUE@@am__include@ > @am__quote at ./$(DEPDIR)/auth_srp_rsa.Plo at am__quote@ > --- 1168,1173 ---- > *** new/lib/auth_psk.c 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/auth_psk.c 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 38,45 **** > --- 38,49 ---- > > int _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** > data); > int _gnutls_gen_psk_client_kx (gnutls_session_t, opaque **); > + > int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t); > > + int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * > data, > + size_t _data_size); > + > const mod_auth_st psk_auth_struct = { > "PSK", > NULL, > *** new/lib/auth_psk.h 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/auth_psk.h 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 69,80 **** > > int > _gnutls_set_psk_session_key (gnutls_session_t session, > gnutls_datum_t * psk2); > - int > - _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** > data); > - int > - _gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** > data); > - int > - _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data, > size_t _data_size); > #else > # define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR > #endif /* ENABLE_PSK */ > --- 69,74 ---- > *** new/lib/auth_rsa.c 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/auth_rsa.c 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 42,48 **** > #include > #include > #include > - #include > > int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **); > int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t); > --- 42,47 ---- > *************** > *** 66,72 **** > > /* This function reads the RSA parameters from peer's certificate; > */ > ! int > _gnutls_get_public_rsa_params (gnutls_session_t session, > bigint_t params[MAX_PUBLIC_PARAMS_SIZE], > int *params_len) > --- 65,71 ---- > > /* This function reads the RSA parameters from peer's certificate; > */ > ! static int > _gnutls_get_public_rsa_params (gnutls_session_t session, > bigint_t params[MAX_PUBLIC_PARAMS_SIZE], > int *params_len) > *************** > *** 147,153 **** > > /* This function reads the RSA parameters from the private key > */ > ! int > _gnutls_get_private_rsa_params (gnutls_session_t session, > bigint_t ** params, int *params_size) > { > --- 146,152 ---- > > /* This function reads the RSA parameters from the private key > */ > ! static int > _gnutls_get_private_rsa_params (gnutls_session_t session, > bigint_t ** params, int *params_size) > { > *** new/lib/gnutls_algorithms.c 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/gnutls_algorithms.c 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 51,57 **** > {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, > GNUTLS_CRD_CERTIFICATE}, > {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, > {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, > - {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE}, > {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, > {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, > {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, > --- 51,56 ---- > *************** > *** 91,97 **** > {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, > {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, > {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, > - {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, > {0, 0, 0} > }; > > --- 90,95 ---- > *************** > *** 273,279 **** > extern mod_auth_st srp_auth_struct; > extern mod_auth_st psk_auth_struct; > extern mod_auth_st dhe_psk_auth_struct; > - extern mod_auth_st rsa_psk_auth_struct; > extern mod_auth_st srp_rsa_auth_struct; > extern mod_auth_st srp_dss_auth_struct; > > --- 271,276 ---- > *************** > *** 306,312 **** > {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0}, > {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, > 1 /* needs DHE params */ , 0}, > - {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0, 0}, > #endif > {0, 0, 0, 0, 0} > }; > --- 303,308 ---- > *************** > *** 328,334 **** > #ifdef ENABLE_PSK > GNUTLS_KX_PSK, > GNUTLS_KX_DHE_PSK, > - GNUTLS_KX_RSA_PSK, > #endif > 0 > }; > --- 324,329 ---- > *************** > *** 397,406 **** > #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 } > #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 } > > - #define GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x92 } > - #define GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x93 } > - #define GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x94 } > - #define GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x95 } > > /* SRP (rfc5054) > */ > --- 392,397 ---- > *************** > *** 562,585 **** > GNUTLS_MAC_SHA1, GNUTLS_TLS1, > GNUTLS_VERSION_MAX), > > - /* RSA-PSK */ > - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1, > - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK, > - GNUTLS_MAC_SHA1, GNUTLS_TLS1, > - GNUTLS_VERSION_MAX), > - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1, > - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK, > - GNUTLS_MAC_SHA1, GNUTLS_TLS1, > - GNUTLS_VERSION_MAX), > - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1, > - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, > - GNUTLS_MAC_SHA1, GNUTLS_TLS1, > - GNUTLS_VERSION_MAX), > - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1, > - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, > - GNUTLS_MAC_SHA1, GNUTLS_TLS1, > - GNUTLS_VERSION_MAX), > - > /* SRP */ > GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, > GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, > --- 553,558 ---- > *** new/lib/gnutls_priority.c 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/gnutls_priority.c 2010-09-26 15:34:09.000000000 +0200 > *************** > *** 221,227 **** > GNUTLS_KX_DHE_DSS, > GNUTLS_KX_PSK, > GNUTLS_KX_DHE_PSK, > - GNUTLS_KX_RSA_PSK, > GNUTLS_KX_SRP_RSA, > GNUTLS_KX_SRP_DSS, > GNUTLS_KX_SRP, > --- 221,226 ---- > *************** > *** 237,243 **** > GNUTLS_KX_DHE_DSS, > GNUTLS_KX_PSK, > GNUTLS_KX_DHE_PSK, > - GNUTLS_KX_RSA_PSK, > GNUTLS_KX_SRP_RSA, > GNUTLS_KX_SRP_DSS, > GNUTLS_KX_SRP, > --- 236,241 ---- > *************** > *** 254,260 **** > GNUTLS_KX_DHE_PSK, > GNUTLS_KX_SRP_RSA, > GNUTLS_KX_SRP_DSS, > - GNUTLS_KX_RSA_PSK, > GNUTLS_KX_RSA, > GNUTLS_KX_PSK, > GNUTLS_KX_SRP, > --- 252,257 ---- > *** new/lib/gnutls_state.c 2011-10-21 16:22:54.000000000 +0200 > --- old/lib/gnutls_state.c 2010-08-01 22:37:50.000000000 +0200 > *************** > *** 1240,1247 **** > kx = > _gnutls_cipher_suite_get_kx_algo (&session-> > security_parameters.current_cipher_suite); > ! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK > ! || kx == GNUTLS_KX_RSA_PSK) > return 1; > > return 0; > --- 1240,1246 ---- > kx = > _gnutls_cipher_suite_get_kx_algo (&session-> > security_parameters.current_cipher_suite); > ! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK) > return 1; > > return 0; > *** new/lib/includes/gnutls/gnutls.h.in 2011-10-21 16:22:52.000000000 > +0200 > --- old/lib/includes/gnutls/gnutls.h.in 2010-08-01 22:37:50.000000000 > +0200 > *************** > *** 134,140 **** > * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm. > * @GNUTLS_KX_PSK: PSK key-exchange algorithm. > * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm. > - * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm. > * > * Enumeration of different key exchange algorithms. > */ > --- 134,139 ---- > *************** > *** 150,157 **** > GNUTLS_KX_SRP_RSA = 7, > GNUTLS_KX_SRP_DSS = 8, > GNUTLS_KX_PSK = 9, > ! GNUTLS_KX_DHE_PSK = 10, > ! GNUTLS_KX_RSA_PSK = 11 > } gnutls_kx_algorithm_t; > > /** > --- 149,155 ---- > GNUTLS_KX_SRP_RSA = 7, > GNUTLS_KX_SRP_DSS = 8, > GNUTLS_KX_PSK = 9, > ! GNUTLS_KX_DHE_PSK = 10 > } gnutls_kx_algorithm_t; > > /** > > From INVALID.NOREPLY at gnu.org Tue Dec 13 01:08:49 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Tue, 13 Dec 2011 00:08:49 +0000 Subject: [sr #107850] gnutls 3.0.4 fails to compile on VIA C7 unless --disable-hardware-acceleration is provided In-Reply-To: <20111023-223605.sv0.78012@savannah.gnu.org> References: <20111023-114612.sv0.97001@savannah.gnu.org> <20111023-151617.sv707.70116@savannah.gnu.org> <20111023-223605.sv0.78012@savannah.gnu.org> Message-ID: <20111213-020849.sv707.33354@savannah.gnu.org> Update of sr #107850 (project gnutls): Status: None => Done Assigned to: None => nmav Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Tue Dec 13 23:23:52 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 13 Dec 2011 23:23:52 +0100 Subject: gnutls 3.0.9 Message-ID: <4EE7D078.6090007@gnutls.org> Hello, I've just released gnutls 3.0.9. This release optimizes several parts of gnutls, more prominent being optimizations in Diffie-Hellman and elliptic curve Diffie-Hellman key exchange. Moreover servers can now enforce their priority for ciphersuites. * Version 3.0.9 (released 2011-12-13) ** certtool: Added new parameter --dh-info. ** certtool: -l option was overloaded so if combined with --priority it will only list the ciphersuites that are enabled by the given priority string. ** libgnutls: Added new priority string %SERVER_PRECEDENCE, which changes the ciphersuite selection procedure. If specified the server priorities will be used for selection instead of the client's. ** libgnutls: Optimizations in Diffie-Hellman parameters generation and key exchange. ** libgnutls: When session tickets are negotiated and used in a session, a server will not store that session data into its cache. ** libgnutls: Added the SECP192R1 curve. ** libgnutls: Added gnutls_priority_get_cipher_suite_index() to allow listing the ciphersuites enabled in a priority structure. It outputs an index to be used in gnutls_get_cipher_suite_info(). ** libgnutls: Optimizations in the elliptic curve code --timing attacks resistant code is only used in ECDSA private key operations. ** doc: man pages for API functions generation was fixed and are now added again in the distribution. ** API and ABI modifications: GNUTLS_ECC_CURVE_SECP192R1: New curve definition gnutls_priority_get_cipher_suite_index: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From . The list of GNU mirrors can be found at and a list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.9.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.9.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.9.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.9.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.9.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.9.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From toralf.foerster at gmx.de Sat Dec 17 14:27:47 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Sat, 17 Dec 2011 14:27:47 +0100 Subject: gnutls 3.0.9 fails test phase under Gentoo Message-ID: <201112171427.48150.toralf.foerster@gmx.de> Hello, under an almost stable Gentoo there's one error realted to DSA, I attached the build log here. -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -------------- next part -------------- A non-text attachment was scrubbed... Name: net-libs:gnutls-3.0.9:20111217-100224.log.gz Type: application/x-gzip Size: 49285 bytes Desc: not available URL: From ametzler at downhill.at.eu.org Sat Dec 17 16:05:55 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 17 Dec 2011 16:05:55 +0100 Subject: implicit declaration of function 'scm_c_issue_deprecation_warning' Message-ID: <20111217150555.GA3682@downhill.g.la> Hello, building 3.0.x triggers an implicit-function-declaration warning in the guile code. (The respective warning is present in 3.0.0 to 3.0.9) ----------------------------------------- make[5]: Entering directory `/tmp/GNUTLS/gnutls-3.0.9/guile/src' \ # source='core.c' object='guile_gnutls_v_2_la-core.lo' libtool=yes /bin/bash ../../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. -I../../lib/includes -I../../lib/includes -I../../extra/includes -I../.. -I. -Wno-strict-prototypes -I../../gl -I../../gl -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c -o guile_gnutls_v_2_la-core.lo `test -f 'core.c' || echo './'`core.c libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. -I../../lib/includes -I../../lib/includes -I../../extra/includes -I../.. -I. -Wno-strict-prototypes -I../../gl -I../../gl -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c core.c -fPIC -DPIC -o .libs/guile_gnutls_v_2_la-core.o In file included from core.c:506:0: priorities.i.c: In function 'scm_gnutls_set_session_cipher_priority_x': priorities.i.c:11:3: warning: implicit declaration of function 'scm_c_issue_deprecation_warning' [-Wimplicit-function-declaration] ----------------------------------------- cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From toralf.foerster at gmx.de Sat Dec 17 16:58:03 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Sat, 17 Dec 2011 16:58:03 +0100 Subject: gnutls-3.0.9 fails DSA test Message-ID: <201112171658.04020.toralf.foerster@gmx.de> Hello, this is the result, when I run "make check" on the native gnu-tls directory rather than within the Gentoo sandbox : $> ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share -- sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --htmldir=/usr/share/doc/gnutls-3.0.9/html --disable-static --enable-cxx --disable- gtk-doc --disable-gtk-doc-pdf --disable-guile --enable-nls --without-p11-kit --with-zlib ... $>make check ... make[3]: Entering directory `/home/tfoerste/devel/gnutls-3.0.9/tests/dsa' Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ./../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ./../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From ametzler at downhill.at.eu.org Sun Dec 18 15:50:54 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 18 Dec 2011 15:50:54 +0100 Subject: build-failure with no IPv6 available at runtime Message-ID: <20111218145054.GA1988@downhill.g.la> ----- Forwarded message from Pino Toscano ----- Message-ID: <20111218142339.18834.96560.reportbug at localhost.localdomain> Package: gnutls28 Version: 3.0.9-2 Severity: important Tags: patch Hi, if the current kernel (be it Linux compiled without it, or Hurd with no inet6 translator setup) does not provide support for IPv6, two tests, - dsa/testdsa - openpgp-certs/testcerts will fail. This is because gnutls-serv queries (in src/serv.c, listen_socket()) getaddrinfo() to known all the available addresses for the specified port, returning even those which cannot be configured (and for which socket() will fail with EAFNOSUPPORT). At least on Hurd, the returned list from getaddrinfo() had two elements, first the AF_INET and then AF_INET6, and given that the return value of the last execution of socket() returns -1, that is the return value of the whole listen_socket(), even if the AF_INET socket has been correctly setup. My solution is adding the AI_ADDRCONFIG flag to the hints for getaddrinfo(), so it returns only addresses which can be configured. (See also [1].) This should allow gnutls-serv to listen to both IPv4 and IPv6 if both are available in the system, or just IPv4 if IPv6 cannot be used. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/getaddrinfo.html Thanks, -- Pino -------------- next part -------------- A non-text attachment was scrubbed... Name: getaddrinfo_flags.diff Type: text/x-diff Size: 339 bytes Desc: not available URL: From nmav at gnutls.org Sun Dec 18 19:37:33 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 18 Dec 2011 19:37:33 +0100 Subject: build-failure with no IPv6 available at runtime In-Reply-To: <20111218145054.GA1988@downhill.g.la> References: <20111218145054.GA1988@downhill.g.la> Message-ID: <4EEE32ED.2030403@gnutls.org> On 12/18/2011 03:50 PM, Andreas Metzler wrote: > ----- Forwarded message from Pino Toscano ----- [...] > My solution is adding the AI_ADDRCONFIG flag to the hints for > getaddrinfo(), so it returns only addresses which can be configured. > (See also [1].) This should allow gnutls-serv to listen to both IPv4 > and IPv6 if both are available in the system, or just IPv4 if IPv6 > cannot be used. Thanks. Applied. From nmav at gnutls.org Sun Dec 18 19:40:07 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 18 Dec 2011 19:40:07 +0100 Subject: gnutls-3.0.9 fails DSA test In-Reply-To: <201112171658.04020.toralf.foerster@gmx.de> References: <201112171658.04020.toralf.foerster@gmx.de> Message-ID: <4EEE3387.9010208@gnutls.org> On 12/17/2011 04:58 PM, Toralf F?rster wrote: > Hello, > > this is the result, when I run "make check" on the native gnu-tls directory rather than within the Gentoo sandbox : > > $> ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share -- > sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --htmldir=/usr/share/doc/gnutls-3.0.9/html --disable-static --enable-cxx --disable- > gtk-doc --disable-gtk-doc-pdf --disable-guile --enable-nls --without-p11-kit --with-zlib [...] > Failure: > ./../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs Hello, Could it be related to: http://lists.gnu.org/archive/html/gnutls-devel/2011-12/msg00011.html That is would the patch at [0] solve the issue you see? regards, Nikos [0]. http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=3f5986af3abc524198e18687e865131a6cde57e9 From James.Heit at UNISYS.com Mon Dec 19 21:19:39 2011 From: James.Heit at UNISYS.com (Heit, James R) Date: Mon, 19 Dec 2011 14:19:39 -0600 Subject: TLS 1.2 Signature Algorithms ClientHello extension Message-ID: Hello, I have been working on the implementation of the TLS 1.2 protocol. TLS 1.2 requires servers to handle the Signature Algorithms extension to the ClientHello handshake message. My reading of RFC 5246 (7.4.1.4.1.) indicates that if client presents the extension (it can be omitted) it should include all hash/signature algorithm pairs the client is willing to process. While running the latest version of FileZilla, which uses GnuTLS 2.10.4, the only proposed Signature Algorithm is {SHA512,RSA}. If I stick with the RFC, the handshake will fail, as my {SHA1,RSA} signed certificate is not in the list. I'm not saying Microsoft is always right (in this case I think they are), but IE8/Win7 sends 7 Signature Algorithms in the extension: {SHA256,RSA},{SHA384,RSA},{SHA1,RSA},{SHA256,ECDSA},{SHA384,ECDSA},{SHA1,ECDSA},{SHA1,DSA}. Thanks and looking forward to your response. Jim Heit James Heit | Principal Engineer | OSD Networking Unisys | 2470 Highcrest Road, Roseville, MN, USA | 1-651-635-7739 | Net2 524-7739 [cid:image001.gif at 01CCBE58.04833950] THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 2511 bytes Desc: image001.gif URL: From nmav at gnutls.org Sat Dec 24 11:11:00 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 24 Dec 2011 12:11:00 +0200 Subject: TLS 1.2 Signature Algorithms ClientHello extension In-Reply-To: References: Message-ID: On Mon, Dec 19, 2011 at 10:19 PM, Heit, James R wrote: > Hello,**** > > I have been working on the implementation of the TLS 1.2 protocol. TLS > 1.2 requires servers to handle the Signature Algorithms extension to the > ClientHello handshake message. My reading of RFC 5246 (7.4.1.4.1.) > indicates that if client presents the extension (it can be omitted) it > should include all hash/signature algorithm pairs the client is willing to > process. While running the latest version of FileZilla, which uses GnuTLS > 2.10.4, the only proposed Signature Algorithm is {SHA512,RSA}. If I stick > with the RFC, the handshake will fail, as my {SHA1,RSA} signed certificate > is not in the list.**** > > I?m not saying Microsoft is always right (in this case I think they are), > but IE8/Win7 sends 7 Signature Algorithms in the extension: > {SHA256,RSA},{SHA384,RSA},{SHA1,RSA},{SHA256,ECDSA},{SHA384,ECDSA},{SHA1,ECDSA},{SHA1,DSA}. > Hello, This is a configuration issue. Filezilla for some reason unknown to me only enables 256-bit ciphersuites and signature algorithms. If you use gnutls-cli with your server you'll see that gnutls sends all options. regards, Nikos -------------- next part -------------- An HTML attachment was scrubbed... URL: From code at funwithsoftware.org Wed Dec 28 11:00:05 2011 From: code at funwithsoftware.org (Patrick Pelletier) Date: Wed, 28 Dec 2011 02:00:05 -0800 Subject: suggested doc & comment improvements for gnutls Message-ID: <2FF568D6-F418-424F-93EC-985ECC7E7D94@funwithsoftware.org> Hi, I've been reading through the gnutls manual and code, and I've found a few typos and phrases that sounded awkward, as well as a few minor factual errors. (Like the fact that entropy is refreshed every 20 minutes, not every minute.) Here's a diff of the changes I made to the manual and the comments in the code. Let me know if there's a better way to submit this, such as by pushing it to Github so you could pull it down from there. Thanks, --Patrick diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 32c806e..12ef7e4 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -130,10 +130,10 @@ The random generator of the cryptographic back- end, is not thread safe and requi mutex locks which are setup by @acronym{GnuTLS}. Applications can either call @funcref{gnutls_global_init} which will initialize the default operating system provided locks (i.e. @code{pthreads} on GNU/Linux and - at code{CriticalSection} on Windows), or specify manually the locking system using + at code{CriticalSection} on Windows), or manually specify the locking system using the function @funcref{gnutls_global_set_mutex} before calling @funcref{gnutls_global_init}. -Setting manually mutexes is recommended -only to applications that have full control of the underlying libraries. If this +Setting mutexes manually is recommended +only for applications that have full control of the underlying libraries. If this is not the case, the use of the operating system defaults is recommended. An example of non-native thread usage is shown below. @@ -305,7 +305,7 @@ current session using @funcref{gnutls_credentials_set}. When using certificates the server is required to have at least one certificate and private key pair. Clients may not hold such -a pair, but a server could require it. On this section we discuss +a pair, but a server could require it. In this section we discuss general issues applying to both client and server certificates. The next section will elaborate on issues arising from client authentication only. @@ -617,7 +617,7 @@ fatal for the protocol or can be ignored. @showfuncdesc{gnutls_error_is_fatal} -In DTLS it is adviceable to use the extended receive +In DTLS it is advisable to use the extended receive function shown below, because it allows the extraction of the sequence number. This is required in DTLS because messages may arrive out of order. @@ -861,7 +861,7 @@ even it was requested. That is to prevent temporal session keys from becoming long-term keys. Also note that as a client you must enable, using the priority functions, at least the algorithms used in the last session. -It is highly recommended clients to enable the session ticket extension using +It is highly recommended for clients to enable the session ticket extension using @funcref{gnutls_session_ticket_enable_client} in order to allow resumption with servers that do not store any state. diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi index 7ce4ee1..7fa92af 100644 --- a/doc/cha-gtls-examples.texi +++ b/doc/cha-gtls-examples.texi @@ -188,7 +188,7 @@ server. Here it is separate for simplicity. @node Echo Server with anonymous authentication @subsection Echo Server with anonymous authentication -This example server support anonymous authentication, and could be +This example server supports anonymous authentication, and could be used to serve the example client for anonymous authentication. @verbatiminclude examples/ex-serv-anon.c diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index 81eb8e6..d7ec167 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -250,7 +250,7 @@ parsing incoming extension data (both in the client and server). The @funcintref{_foobar_send_params} function is responsible for sending extension data (both in the client and server). -If you receive length fields that doesn't match, return +If you receive length fields that don't match, return @code{GNUTLS_E_ at -UNEXPECTED_@-PACKET_ at -LENGTH}. If you receive invalid data, return @code{GNUTLS_E_ at -RECEIVED_@-ILLEGAL_ at -PARAMETER}. You can use other error codes from the list in @ref{Error codes}. Return 0 on success. diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 198844f..f8e1469 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -43,7 +43,7 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry; * View first: "The order of encryption and authentication for * protecting communications" by Hugo Krawczyk - CRYPTO 2001 * - * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well. + * Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well. */ static const gnutls_cipher_entry algorithms[] = { {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0, 0}, @@ -203,7 +203,7 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm) /** * gnutls_cipher_get_id: - * @name: is a MAC algorithm name + * @name: is a cipher algorithm name * * The names are compared in a case insensitive way. * diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 6d6b04c..e59c8fd 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -162,7 +162,7 @@ gnutls_protocol_get_id (const char *name) * * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc. * - * This function is not threat safe. + * This function is not thread safe. * * Returns: a (0)-terminated list of #gnutls_protocol_t integers * indicating the available protocols. diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index ba6c7d5..456e3a1 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -127,7 +127,7 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) * Convert a #gnutls_sec_param_t value to a string. * * Returns: a pointer to a string that contains the name of the - * specified public key algorithm, or %NULL. + * specified security level, or %NULL. * * Since: 2.12.0 **/ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 75638b9..66d0a9f 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -129,7 +129,7 @@ gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc, * sending the names of it would just consume bandwidth without providing * information to client. * - * CA names are used by servers to advertize the CAs they support to + * CA names are used by servers to advertise the CAs they support to * clients. **/ void diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index c157843..f041821 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -253,7 +253,7 @@ calc_enc_length (gnutls_session_t session, int data_size, #define MAX_PREAMBLE_SIZE 16 /* generates the authentication data (data to be hashed only - * and are not to be send). Returns their size. + * and are not to be sent). Returns their size. */ static inline int make_preamble (opaque * uint64_data, opaque type, int length, diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 5e07b04..ed91fe7 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -76,8 +76,8 @@ gnutls_db_set_remove_function (gnutls_session_t session, * @session: is a #gnutls_session_t structure. * @store_func: is the function * - * Sets the function that will be used to store data from the resumed - * sessions database. This function must remove 0 on success. + * Sets the function that will be used to store data in the resumed + * sessions database. This function must return 0 on success. * * The first argument to @store_func will be null unless * gnutls_db_set_ptr() has been called. @@ -124,7 +124,7 @@ gnutls_db_get_ptr (gnutls_session_t session) * @seconds: is the number of seconds. * * Set the expiration time for resumed sessions. The default is 3600 - * (one hour) at the time writing this. + * (one hour) at the time of this writing. **/ void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds) @@ -138,7 +138,7 @@ gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds) * @session_entry: is the session data (not key) * * Check if database entry has expired. This function is to be used - * when you want to clear unnesessary session which occupy space in + * when you want to clear unnecessary sessions which occupy space in * your backend. * * Returns: Returns %GNUTLS_E_EXPIRED, if the database entry has diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 010e614..e874abb 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -130,7 +130,7 @@ gnutls_global_set_log_level (int level) * @realloc_func: A realloc function * @free_func: The function that frees allocated data. Must accept a NULL pointer. * - * This is the function were you set the memory allocation functions + * This is the function where you set the memory allocation functions * gnutls is going to use. By default the libc's allocation functions * (malloc(), free()), are used by gnutls, to allocate both sensitive * and not sensitive data. This function is provided to set the @@ -184,7 +184,7 @@ static int _gnutls_init = 0; * Note that this function will also initialize the underlying crypto * backend, if it has not been initialized before. * - * This function increment a global counter, so that + * This function increments a global counter, so that * gnutls_global_deinit() only releases resources when it has been * called as many times as gnutls_global_init(). This is useful when * GnuTLS is used by more than one library in an application. This diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index bf75919..805bed5 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2324,7 +2324,7 @@ cleanup: * * The non-fatal errors such as %GNUTLS_E_AGAIN and * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which - * should be later be resumed. Call this function again, until it + * should be resumed later. Call this function again, until it * returns 0; cf. gnutls_record_get_direction() and * gnutls_error_is_fatal(). * diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 8ac89a5..0a79b67 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -285,7 +285,7 @@ static const int kx_priority_export[] = { static const int kx_priority_secure[] = { /* The ciphersuites that offer forward secrecy take - * precendance + * precedence */ GNUTLS_KX_ECDHE_ECDSA, GNUTLS_KX_ECDHE_RSA, @@ -396,7 +396,7 @@ static const int cipher_priority_export[] = { }; static const int comp_priority[] = { - /* compression should be explicitely requested to be enabled */ + /* compression should be explicitly requested to be enabled */ GNUTLS_COMP_NULL, 0 }; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index d1b9561..712ba1d 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -725,9 +725,9 @@ gnutls_openpgp_send_cert (gnutls_session_t session, * * If status is non zero, this function will order gnutls not to send * the rdnSequence in the certificate request message. That is the - * server will not advertize it's trusted CAs to the peer. If status + * server will not advertise its trusted CAs to the peer. If status * is zero then the default behaviour will take effect, which is to - * advertize the server's trusted CAs. + * advertise the server's trusted CAs. * * This function has no effect in clients, and in authentication * methods other than certificate with X.509 certificates. diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 248c8a0..edf80c0 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -22,7 +22,7 @@ */ /* This file contains certificate authentication functions to be exported in the - * API and did not fit elsewhere. + * API which did not fit elsewhere. */ #include @@ -42,7 +42,7 @@ * @session: is a #gnutls_session_t structure. * @bits: is the number of bits * - * This function sets the number of bits, for use in an Diffie-Hellman + * This function sets the number of bits, for use in a Diffie-Hellman * key exchange. This is used both in DH ephemeral and DH anonymous * cipher suites. This will set the minimum size of the prime that * will be used for the handshake. @@ -313,7 +313,7 @@ mpi_buf2bits (gnutls_datum_t * mpi_buf) * This function will return the bits of the prime used in the last * Diffie-Hellman key exchange with the peer. Should be used for both * anonymous and ephemeral Diffie-Hellman. Note that some ciphers, - * like RSA and DSA without DHE, does not use a Diffie-Hellman key + * like RSA and DSA without DHE, do not use a Diffie-Hellman key * exchange, and then this function will return 0. * * Returns: The Diffie-Hellman bit strength is returned, or 0 if no diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index 3f611f1..792d65c 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -116,7 +116,7 @@ do_device_source (int init) && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - /* More than a minute since we last read the device */ + /* More than 20 minutes since we last read the device */ uint8_t buf[DEVICE_READ_SIZE_MAX]; if (!CryptGenRandom (device_fd, (DWORD) read_size, buf)) @@ -250,7 +250,7 @@ do_device_source_urandom (int init) if ((device_fd > 0) && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - /* More than a minute since we last read the device */ + /* More than 20 minutes since we last read the device */ uint8_t buf[DEVICE_READ_SIZE_MAX]; uint32_t done; @@ -312,7 +312,7 @@ do_device_source_egd (int init) && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - /* More than a minute since we last read the device */ + /* More than 20 minutes since we last read the device */ uint8_t buf[DEVICE_READ_SIZE_MAX]; uint32_t done; From code at funwithsoftware.org Wed Dec 28 12:16:18 2011 From: code at funwithsoftware.org (Patrick Pelletier) Date: Wed, 28 Dec 2011 03:16:18 -0800 Subject: suggested doc & comment improvements for gnutls In-Reply-To: <2FF568D6-F418-424F-93EC-985ECC7E7D94@funwithsoftware.org> References: <2FF568D6-F418-424F-93EC-985ECC7E7D94@funwithsoftware.org> Message-ID: <170D9FA6-DCBE-4E22-BC37-176519BF1DAD@funwithsoftware.org> Ugh, it looks like my mail client mangled that diff rather horribly. So, here is a pull-request that references my doc-fixes branch on github. Sorry about the trouble. --Patrick The following changes since commit e943839de12ca459e298136af445f697de07d300: Nikos Mavrogiannopoulos (1): Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. are available in the git repository at: git://github.com/ppelleti/gnutls.git doc-fixes Patrick Pelletier (1): minor doc and comment fixes doc/cha-gtls-app.texi | 12 ++++++------ doc/cha-gtls-examples.texi | 2 +- doc/cha-internals.texi | 2 +- lib/algorithms/ciphers.c | 4 ++-- lib/algorithms/protocols.c | 2 +- lib/algorithms/secparams.c | 2 +- lib/gnutls_cert.c | 2 +- lib/gnutls_cipher.c | 2 +- lib/gnutls_db.c | 8 ++++---- lib/gnutls_global.c | 4 ++-- lib/gnutls_handshake.c | 2 +- lib/gnutls_priority.c | 4 ++-- lib/gnutls_state.c | 4 ++-- lib/gnutls_ui.c | 6 +++--- lib/nettle/rnd.c | 6 +++--- 15 files changed, 31 insertions(+), 31 deletions(-) On Dec 28, 2011, at 2:00 AM, Patrick Pelletier wrote: > Hi, > > I've been reading through the gnutls manual and code, and I've found > a few typos and phrases that sounded awkward, as well as a few minor > factual errors. (Like the fact that entropy is refreshed every 20 > minutes, not every minute.) > > Here's a diff of the changes I made to the manual and the comments > in the code. Let me know if there's a better way to submit this, > such as by pushing it to Github so you could pull it down from there. > > Thanks, > > --Patrick From nmav at gnutls.org Wed Dec 28 14:57:39 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 28 Dec 2011 15:57:39 +0200 Subject: suggested doc & comment improvements for gnutls In-Reply-To: <2FF568D6-F418-424F-93EC-985ECC7E7D94@funwithsoftware.org> References: <2FF568D6-F418-424F-93EC-985ECC7E7D94@funwithsoftware.org> Message-ID: On Wed, Dec 28, 2011 at 12:00 PM, Patrick Pelletier wrote: > Hi, > I've been reading through the gnutls manual and code, and I've found a few > typos and phrases that sounded awkward, as well as a few minor factual > errors. ?(Like the fact that entropy is refreshed every 20 minutes, not > every minute.) > Here's a diff of the changes I made to the manual and the comments in the > code. ?Let me know if there's a better way to submit this, such as by > pushing it to Github so you could pull it down from there. Very nice work thank you! I've applied your patch through github, but sending the output files of format-patch is also ok (and even better). best regards, Nikos From siva.ityouth at gmail.com Thu Dec 29 17:07:36 2011 From: siva.ityouth at gmail.com (siva reddy) Date: Thu, 29 Dec 2011 08:07:36 -0800 (PST) Subject: Source Code for Sign and Encrypt the message Message-ID: <33050816.post@talk.nabble.com> Is GNU PG source code available in Java..If so could you please share the source code for sign and encrypt for the message. Any help greatly appreciated... Have A Nice Day..... -- View this message in context: http://old.nabble.com/Source-Code-for-Sign-and-Encrypt-the-message-tp33050816p33050816.html Sent from the GnuPG - Gnutls - Dev mailing list archive at Nabble.com. From n.mavrogiannopoulos at gmail.com Fri Dec 30 23:55:26 2011 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Sat, 31 Dec 2011 00:55:26 +0200 Subject: gnutls for win32 Message-ID: Hello all and best wishes for new year, I've put pre-built win32 dlls and the other gnutls applications for 3.0.9 in [0]. I've managed to automate the procedure, so it could be that next releases (at least the major ones) will have the corresponding windows dlls released as well. regards, Nikos [0]. http://homes.esat.kuleuven.be/~nikos/gnutls-win32/