[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_11-98-g1c41ca1
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_11-98-g1c41ca1 |
|
Date: |
Sat, 14 Jan 2012 21:18:35 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1c41ca1a4290747a075d41e5260f68ebdb96ab20
The branch, ocsp has been updated
via 1c41ca1a4290747a075d41e5260f68ebdb96ab20 (commit)
via c7a40d27413e2818db4e275f8f9fb2370b39a912 (commit)
via 0ed881bd33f70f0bc211128a2ef1090952fa4337 (commit)
via 09a762252deeadf602e7592671b6c3ed3b4c1132 (commit)
via 48627d00df2c8e14f904912fba038074834e88b6 (commit)
via 8ecdd7f6304c89e4fc7d984d4d7c98d61790e120 (commit)
via fcb7734c8e2d390f13a8896cf5e8838ca6694d54 (commit)
via 3128d990f2cf142e70b97095564ee9e43f2239ff (commit)
via 3548a950551354f5cb367b08632d7ea81e4a62f1 (commit)
via ab06513726eebecd815ea0ed40fed2c5351b5e23 (commit)
via f76c914e10873b7bd74311a88e6f76f4a4c5ee82 (commit)
via 12010d79115a397dd257b258c35956567610b825 (commit)
via e22616adaae8205454cbd5df3f74e144976b2a6a (commit)
via 3bd122633647cd7f9e8e73c96c4779dd1b7a1549 (commit)
via 3cd8eb57f09f0b6db70bc6e49b92b6d621287851 (commit)
via f379890f2e62b3134d3909849595044eaa4b4c3a (commit)
via 92ce5034ada4aa57ab3cc4ff7ddce0eab3aaa2b0 (commit)
via d8f9b98c129223b3b6d04483dba62c6afe9c92f0 (commit)
via 88ee54096697f4efabdbd96fcda32397d4ab34e7 (commit)
from c2a7c3bd0f68d9dbbf90a3e4c68322bf10a1ad6e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1c41ca1a4290747a075d41e5260f68ebdb96ab20
Merge: c2a7c3b c7a40d2
Author: Simon Josefsson <address@hidden>
Date: Sat Jan 14 22:18:04 2012 +0100
Merge branch 'master' into ocsp
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
cfg.mk | 1 -
doc/alert-printlist.c | 3 +-
doc/cha-cert-auth.texi | 49 ++++++++++++++++++
doc/cha-cert-auth2.texi | 2 +-
doc/cha-gtls-app.texi | 64 +++++++++++++++++++++--
doc/cha-gtls-examples.texi | 9 +++
doc/cha-intro-tls.texi | 101 +------------------------------------
doc/cha-programs.texi | 15 ++++++
doc/errcodes.c | 58 ++++++++++++++-------
doc/examples/Makefile.am | 4 +-
doc/examples/print-ciphersuites.c | 52 +++++++++++++++++++
doc/gnutls.texi | 3 +
doc/scripts/gdoc | 16 +++---
doc/scripts/split-texi.pl | 13 +++--
doc/texinfo.css | 65 +++++++++++++++++++++---
gl/Makefile.am | 12 +----
gl/argp-parse.c | 5 +-
gl/inet_ntop.c | 12 ++++
gl/m4/gnulib-cache.m4 | 5 +--
gl/m4/gnulib-comp.m4 | 10 ----
gl/m4/ld-version-script.m4 | 15 ++++-
gl/m4/printf.m4 | 4 +-
gl/m4/stdlib_h.m4 | 3 +-
gl/m4/usleep.m4 | 35 -------------
gl/select.c | 4 +-
gl/stdlib.in.h | 66 +++++++++++++++++++++---
gl/tests/Makefile.am | 8 ---
gl/tests/ignore-value.h | 5 --
gl/tests/pipe.c | 2 +-
gl/tests/test-init.sh | 2 +-
gl/tests/test-usleep.c | 40 ---------------
gl/usleep.c | 58 ---------------------
lib/algorithms/ciphers.c | 13 +++--
lib/algorithms/mac.c | 26 ++++++----
lib/crypto-backend.h | 12 ++++
lib/gnutls_cipher_int.c | 15 ++++++
lib/gnutls_cipher_int.h | 1 +
lib/gnutls_hash_int.c | 14 +++++
lib/gnutls_hash_int.h | 1 +
lib/gnutls_pk.c | 4 +-
lib/includes/gnutls/gnutls.h.in | 6 +--
lib/nettle/cipher.c | 23 ++++++++
lib/nettle/mac.c | 35 +++++++++++++
maint.mk | 2 +-
src/udp-serv.c | 1 -
46 files changed, 529 insertions(+), 367 deletions(-)
create mode 100644 doc/examples/print-ciphersuites.c
delete mode 100644 gl/m4/usleep.m4
delete mode 100644 gl/tests/test-usleep.c
delete mode 100644 gl/usleep.c
diff --git a/.gitignore b/.gitignore
index e6a81be..0940614 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,6 +52,7 @@ doc/errcodes
doc/error_codes.texi
doc/examples/Makefile
doc/examples/Makefile.in
+doc/examples/print-ciphersuites
doc/examples/ex-cert-select
doc/examples/ex-cert-select-pkcs11
doc/examples/ex-client-psk
@@ -458,6 +459,7 @@ tests/*/out
tests/Makefile
tests/Makefile.in
tests/anonself
+tests/rsa-encrypt-decrypt
tests/certder
tests/certificate_set_x509_crl
tests/certuniqueid
diff --git a/cfg.mk b/cfg.mk
index ee607dd..fd3a1e6 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -124,7 +124,6 @@ web:
echo generating documentation for $(PACKAGE)
cd doc && $(SHELL) ../build-aux/gendocs.sh \
--html "--css-include=texinfo.css" \
- --texi2html \
-o ../$(htmldir)/manual/ $(PACKAGE) "$(PACKAGE_NAME)"
cd doc && cp *.png ../$(htmldir)/manual/html_node/
#cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/*
$(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd
../../../ && cp doc/doxygen/latex/refman.pdf
$(htmldir)/devel/doxygen/$(PACKAGE).pdf
diff --git a/doc/alert-printlist.c b/doc/alert-printlist.c
index 4d7ad38..fb6aef4 100644
--- a/doc/alert-printlist.c
+++ b/doc/alert-printlist.c
@@ -50,9 +50,8 @@ static void main_texinfo (void)
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
- printf ("Available alert messages:\n");
-
printf ("@multitable @columnfractions .55 .10 address@hidden:alerts}\n");
+ printf ("@headitem Alert @tab ID @tab Description\n");
for (i = 0; i<256;i++)
{
if (gnutls_alert_get_strname(i)==NULL) continue;
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 8dcb6e9..5253f5b 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -8,6 +8,55 @@ using a browser today. @acronym{GnuTLS} supports both
@acronym{X.509} certificates @xcite{PKIX} and @acronym{OpenPGP}
certificates using a common API.
+The key exchange algorithms supported by certificate authentication are
+shown in @ref{tab:key-exchange}.
+
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
+
address@hidden Key exchange @tab Description
+
address@hidden RSA @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+The certificate must allow the key to be used for encryption.
+
address@hidden RSA_EXPORT @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+In the EXPORT algorithm, the server signs temporary RSA parameters of
+512 bits --- which are considered weak --- and sends them to the
+client.
+
address@hidden DHE_RSA @tab
+The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The key in the certificate must allow the
+key to be used for signing. Note that key exchange algorithms which
+use ephemeral Diffie-Hellman parameters, offer perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden ECDHE_RSA @tab
+The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
+parameters which are sent to the peer. The key in the certificate must allow
+the key to be used for signing. It also offers perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden DHE_DSS @tab
+The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The certificate must contain DSA
+parameters to use this key exchange algorithm. DSA is the algorithm
+of the Digital Signature Standard (DSS).
+
address@hidden ECDHE_ECDSA @tab
+The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
+curve Diffie-Hellman parameters which are sent to the peer. The
+certificate must contain ECDSA parameters to use this key exchange
+algorithm.
+
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
+
@menu
* X.509 certificates::
* OpenPGP certificates::
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index 9abf1c8..27caf49 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -1040,7 +1040,7 @@ session, as shown in @ref{ex:pkcs11-client}. In addition
the following functions can be used to load PKCS #11 key and
certificates by specifying a PKCS #11 URL instead of a filename.
address@hidden,gnutls_certificate_set_x509_key_file}
address@hidden,gnutls_certificate_set_x509_key_file,gnutls_certificate_set_x509_simple_pkcs12_file}
@node The p11tool application
@subsection The p11tool application
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 406e6b3..1a9f08a 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -310,6 +310,53 @@ current session using @funcref{gnutls_credentials_set}.
* Anonymous credentials::
@end menu
+Each authentication method is associated with a key exchange method, and a
credentials type.
+The contents of the credentials is method-dependent, e.g. certificates
+for certificate authentication and should be initialized and associated
+with a session (see @funcref{gnutls_credentials_set}). A mapping of the key
exchange methods
+with the credential types is shown in @ref{tab:key-exchange-cred}.
+
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .25 .25 .2 .2
+
address@hidden Authentication method @tab Key exchange @tab Client credentials
@tab Server credentials
+
address@hidden Certificate
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
+
address@hidden Password and certificate
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
+
address@hidden Password
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
+
address@hidden Anonymous
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
+
address@hidden Pre-shared key
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
+
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
+
@node Certificate credentials
@subsection Certificates
@subsubheading Server certificate authentication
@@ -478,14 +525,14 @@ the hint, for example in the callback function, using
@node Anonymous credentials
@subsection Anonymous
+The key exchange methods for anonymous authentication
+might require Diffie-Hellman parameters to be generated by the server and
+associated with an anonymous credentials structure. Check
address@hidden generation} for more information.
The initialization functions for the credentials are shown below.
@showfuncD{gnutls_anon_allocate_server_credentials,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials}
-Note that the key exchange methods for anonymous authentication
-require Diffie-Hellman parameters to be generated by the server and
-associated with an anonymous credentials structure. Check
address@hidden generation} for more information.
@node Setting up the transport layer
@@ -682,6 +729,7 @@ Alerts messages may be sent to the peer using
@funcref{gnutls_alert_send}.
@node Priority Strings
@section Priority strings
address@hidden Priority strings
In order to specify cipher suite preferences on a TLS session
there are priority functions that accept a string
@@ -771,7 +819,6 @@ appended with an algorithm will remove this algorithm.
appended with an algorithm will add this algorithm.
@end table
-
@float Table,tab:prio-algorithms
@multitable @columnfractions .20 .70
@headitem Type @tab Keywords
@@ -879,7 +926,9 @@ will allow V1 CAs in chains.
@caption{Special priority string keywords.}
@end float
-
+Finally the ciphersuites enabled by any priority string can be
+listed using the @code{gnutls-cli} application (see @ref{The gnutls-cli
tool}),
+or by using the priority functions as in @ref{Listing the ciphersuites in a
priority string}.
@node Advanced and other topics
@section Advanced and other topics
@@ -947,6 +996,9 @@ Those keys should be associated with the GnuTLS session
using
@showfuncdesc{gnutls_session_ticket_key_generate}
@showfuncdesc{gnutls_session_resumption_requested}
+A server enabling both session tickets and a storage for session data
+would use session tickets when clients support it and the storage otherwise.
+
@node Parameter generation
@subsection Parameter generation
@cindex parameter generation
diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi
index bd6adb7..c08f9cd 100644
--- a/doc/cha-gtls-examples.texi
+++ b/doc/cha-gtls-examples.texi
@@ -246,6 +246,7 @@ This example is a very simple echo server using Datagram
TLS and
@menu
* Checking for an alert::
* X.509 certificate parsing example::
+* Listing the ciphersuites in a priority string::
@end menu
@node Checking for an alert
@@ -265,3 +266,11 @@ listed below. That program reads the peer's certificate,
and prints
information about it.
@verbatiminclude examples/ex-x509-info.c
+
address@hidden Listing the ciphersuites in a priority string
address@hidden Listing the ciphersuites in a priority string
+
+This is a small program to list the enabled ciphersuites by a
+priority string.
+
address@hidden examples/print-ciphersuites.c
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 6b1bb72..f0063bf 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -343,101 +343,6 @@ The available authentication methods in @acronym{GnuTLS}
follow.
@end itemize
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
-
address@hidden Key exchange @tab Description
-
address@hidden RSA @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-The certificate must allow the key to be used for encryption.
-
address@hidden RSA_EXPORT @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-In the EXPORT algorithm, the server signs temporary RSA parameters of
-512 bits --- which are considered weak --- and sends them to the
-client.
-
address@hidden DHE_RSA @tab
-The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The key in the certificate must allow the
-key to be used for signing. Note that key exchange algorithms which
-use ephemeral Diffie-Hellman parameters, offer perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden ECDHE_RSA @tab
-The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
-parameters which are sent to the peer. The key in the certificate must allow
-the key to be used for signing. It also offers perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden DHE_DSS @tab
-The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The certificate must contain DSA
-parameters to use this key exchange algorithm. DSA is the algorithm
-of the Digital Signature Standard (DSS).
-
address@hidden ECDHE_ECDSA @tab
-The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
-curve Diffie-Hellman parameters which are sent to the peer. The
-certificate must contain ECDSA parameters to use this key exchange
-algorithm.
-
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
-
-Each authentication method is associated with a key exchange method, shown
-in @ref{tab:key-exchange}, and a credentials type.
-The contents of the credentials is method-dependent, e.g. certificates
-for certificate authentication and should be initialized and associated
-with a session (see @funcref{gnutls_credentials_set}). A mapping of the key
exchange methods
-with the credential types is shown in @ref{tab:key-exchange-cred}.
-
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .25 .25 .2 .2
-
address@hidden Authentication method @tab Key exchange @tab Client credentials
@tab Server credentials
-
address@hidden Certificate
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
-
address@hidden Password and certificate
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
-
address@hidden Password
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
-
address@hidden Anonymous
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
-
address@hidden Pre-shared key
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
-
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
-
-
@node Client Authentication
@subsection Client authentication
@cindex client certificate authentication
@@ -533,10 +438,8 @@ To resume a TLS session the server normally store session
parameters. This
complicates deployment, and could be avoiding by delegating the storage
to the client. Because session parameters are sensitive they are encrypted
and authenticated with a key only known to the server and then sent to the
-client. The Session Ticket
-extension implements this idea, and it is documented in
-RFC 5077 @xcite{TLSTKT}.
-
+client. The Session Tickets in RFC 5077 @xcite{TLSTKT}, describe this
+idea, which is implemented in GnuTLS.
@node Safe renegotiation
@subsection Safe renegotiation
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index ece7049..23888e0 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -101,6 +101,21 @@ By keeping the @code{--pskusername} parameter and removing
the
@code{--pskkey} parameter, it will query only for the password during
the handshake.
address@hidden Listing the ciphersuites in a priority string
address@hidden Priority strings
+
address@hidden
+$ ./gnutls-cli --priority SECURE192 -l
+Cipher suites for SECURE192
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
+TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
+TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
+TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
+TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
+TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
address@hidden example
+
+
@node The gnutls-serv tool
@section The gnutls-serv tool
@cindex gnutls-serv
diff --git a/doc/errcodes.c b/doc/errcodes.c
index d00d25c..db0b5fc 100644
--- a/doc/errcodes.c
+++ b/doc/errcodes.c
@@ -50,16 +50,17 @@ compar (const void *_n1, const void *_n2)
static const char headers[] = "\\tablefirsthead{%\n"
"\\hline\n"
- "\\multicolumn{1}{|c}{Error code} &\n"
+ "\\multicolumn{1}{|c}{Code} &\n"
+ "\\multicolumn{1}{c}{Name} &\n"
"\\multicolumn{1}{c|}{Description} \\\\\n"
"\\hline}\n"
"\\tablehead{%\n"
"\\hline\n"
- "\\multicolumn{2}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
"\\hline}\n"
"\\tabletail{%\n"
"\\hline\n"
- "\\multicolumn{2}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
"\\hline}\n"
"\\tablelasttail{\\hline}\n"
"\\bottomcaption{The error codes table}\n\n";
@@ -75,14 +76,37 @@ main (int argc, char *argv[])
return 0;
}
+static char* escape_texi_string( const char* str, char* buffer, int
buffer_size)
+{
+int i = 0, j = 0;
+
+
+while( str[i] != 0 && j <buffer_size - 1) {
+ if (str[i]=='_') {
+ buffer[j++] = '_';
+ buffer[j++] = '@';
+ buffer[j++] = '-';
+ } else {
+ buffer[j++] = str[i];
+ }
+ i++;
+};
+
+buffer[j] = 0;
+
+return buffer;
+
+}
+
static int main_texinfo (void)
{
int i, j;
const char *desc;
const char *_name;
+ char buffer[500];
error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
- printf ("@table @code\n");
+ printf ("@multitable @columnfractions .15 .40 .37\n");
memset (names_to_sort, 0, sizeof (names_to_sort));
j = 0;
@@ -92,24 +116,16 @@ static int main_texinfo (void)
if (_name == NULL)
continue;
+ desc = gnutls_strerror (i);
+
+ printf ("@item %d @tab %s @tab %s\n", i, escape_texi_string(_name,
buffer,sizeof(buffer)), desc);
+
strcpy (names_to_sort[j].name, _name);
names_to_sort[j].error_index = i;
j++;
}
- qsort (names_to_sort, j, sizeof (error_name), compar);
-
- for (i = 0; i < j; i++)
- {
- _name = names_to_sort[i].name;
- desc = gnutls_strerror (names_to_sort[i].error_index);
- if (desc == NULL || _name == NULL)
- continue;
-
- printf ("@item %s:\n%s\n\n", _name, desc);
- }
-
- printf ("@end table\n");
+ printf ("@end multitable\n");
return 0;
}
@@ -123,6 +139,8 @@ while( str[i] != 0 && j <buffer_size - 1) {
if (str[i]=='_') {
buffer[j++] = '\\';
buffer[j++] = '_';
+ buffer[j++] = '\\';
+ buffer[j++] = '-';
} else if (str[i]=='#') {
buffer[j++] = '\\';
buffer[j++] = '#';
@@ -149,7 +167,7 @@ error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES
names */
puts( headers);
-printf("\\begin{supertabular}{|p{.52\\linewidth}|p{.40\\linewidth}|}\n");
+printf("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n");
memset( names_to_sort, 0, sizeof(names_to_sort));
j=0;
@@ -163,7 +181,7 @@ for (i=0;i>-MAX_CODES;i--)
j++;
}
-qsort( names_to_sort, j, sizeof(error_name), compar);
+//qsort( names_to_sort, j, sizeof(error_name), compar);
for (i=0;i<j;i++)
{
@@ -171,7 +189,7 @@ for (i=0;i<j;i++)
desc = gnutls_strerror( names_to_sort[i].error_index);
if (desc == NULL || _name == NULL) continue;
- printf( "{\\scriptsize{%s}} & %s", escape_string(_name, buffer1,
sizeof(buffer1)), escape_string(desc, buffer2, sizeof(buffer2)));
+ printf( "%d & {\\scriptsize{%s}} & %s", names_to_sort[i].error_index,
escape_string(_name, buffer1, sizeof(buffer1)), escape_string(desc, buffer2,
sizeof(buffer2)));
printf( "\\\\\n");
}
diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
index 56e57fa..7115e4b 100644
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -44,7 +44,7 @@ noinst_PROGRAMS = ex-client-resume ex-client-dtls
noinst_PROGRAMS += ex-cert-select ex-client-x509
if ENABLE_PKI
-noinst_PROGRAMS += ex-crq ex-serv-x509 ex-serv-dtls
+noinst_PROGRAMS += print-ciphersuites ex-crq ex-serv-x509 ex-serv-dtls
endif
if ENABLE_CXX
@@ -82,6 +82,6 @@ endif
noinst_LTLIBRARIES = libexamples.la
-libexamples_la_SOURCES = examples.h ex-alert.c ex-pkcs12.c \
+libexamples_la_SOURCES = examples.h ex-alert.c ex-pkcs12.c \
ex-session-info.c ex-x509-info.c ex-verify.c \
tcp.c udp.c ex-pkcs11-list.c verify.c
diff --git a/doc/examples/print-ciphersuites.c
b/doc/examples/print-ciphersuites.c
new file mode 100644
index 0000000..8bfdb2a
--- /dev/null
+++ b/doc/examples/print-ciphersuites.c
@@ -0,0 +1,52 @@
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gnutls/gnutls.h>
+
+static void
+print_cipher_suite_list (const char* priorities)
+{
+ size_t i;
+ int ret;
+ unsigned int idx;
+ const char *name;
+ const char *err;
+ unsigned char id[2];
+ gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+
+ if (priorities != NULL)
+ {
+ printf ("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i=0;;i++)
+ {
+ ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
+
+ name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL,
&version);
+
+ if (name != NULL)
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ }
+
+ return;
+ }
+}
+
+int main(int argc, char** argv)
+{
+ if (argc > 1)
+ print_cipher_suite_list (argv[1]);
+}
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index e538d09..a63e720 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -132,7 +132,10 @@ Documentation License''.
@end macro
@macro showenumdesc{ref,cap}
address@hidden Figure,\ref\
@include enums/\ref\
address@hidden
address@hidden float
@end macro
@contents
diff --git a/doc/scripts/gdoc b/doc/scripts/gdoc
index be0621a..f93342d 100755
--- a/doc/scripts/gdoc
+++ b/doc/scripts/gdoc
@@ -151,10 +151,10 @@ $type_env = "(\\\$[A-Za-z0-9_]+)";
$type_param, '" <tt><b>$1</b></tt>"' );
$blankline_html = "<p>";
-%highlights_texinfo = ( $type_param, '" address@hidden"',
- $type_constant, '"address@hidden"',
- $type_func, '"address@hidden"',
- $type_struct, '"address@hidden"',
+%highlights_texinfo = ( $type_param, '" address@hidden "',
+ $type_constant, '"address@hidden "',
+ $type_func, '"address@hidden "',
+ $type_struct, '"address@hidden "',
);
$blankline_texinfo = "";
@@ -376,9 +376,8 @@ sub output_enum_texinfo {
my $check;
my $type;
- print "address@hidden Table,$name\n";
-
- print "address@hidden";
+ print "address@hidden $name\n";
+ print "address@hidden address@hidden";
$check=0;
foreach $parameter (@{$args{'parameterlist'}}) {
@@ -394,8 +393,7 @@ sub output_enum_texinfo {
chomp $out;
print $out . "\n";
}
- print "address@hidden itemize\n";
- print "address@hidden float\n";
+ print "address@hidden table\n";
}
# output in html
diff --git a/doc/scripts/split-texi.pl b/doc/scripts/split-texi.pl
index a7ee518..325afaf 100755
--- a/doc/scripts/split-texi.pl
+++ b/doc/scripts/split-texi.pl
@@ -21,7 +21,7 @@ sub key_of_record {
my ($key) = $lines[$i];
if ($enum == 1) {
- while( !($key =~ m/address@hidden Table,(.*)$/) && ($i < 5)) { $i=$i+1;
$key = $lines[$i]; }
+ while( !($key =~ m/address@hidden(.*)\n/) && ($i < 5)) { $i=$i+1; $key =
$lines[$i]; }
} else {
while( !($key =~ m/^\\functionTitle\{(.*)\}/) && ($i < 5)) { $i=$i+1; $key
= $lines[$i]; }
}
@@ -30,19 +30,24 @@ sub key_of_record {
}
if ($enum == 1) {
- $/="address@hidden float"; # Records are separated by blank lines.
+ $/="address@hidden table"; # Records are separated by blank lines.
} else {
$/="\n\\end{function}"; # Records are separated by blank lines.
}
@records = <>; # Read in whole file, one record per array element.
+$/="\n";
+
mkdir $dir;
address@hidden = sort { key_of_record($a) cmp key_of_record($b) } @records;
+if ($enum == 0) {
+ @records = sort { key_of_record($a) cmp key_of_record($b) } @records;
+}
+
foreach (@records) {
$key = $_;
if ($enum == 1) {
- $key =~ m/address@hidden Table,(.*)/;
+ $key =~ m/address@hidden(.*)\n/;
$key = $1;
} else {
$key =~ m/\\functionTitle\{(.*)\}/;
diff --git a/doc/texinfo.css b/doc/texinfo.css
index 96df89e..14eb6f3 100644
--- a/doc/texinfo.css
+++ b/doc/texinfo.css
@@ -21,16 +21,16 @@ pre {
margin: 0 5%;
padding: 0.5em;
}
-pre.example {
- border: solid 1px;
- background: #eeeeff;
- padding-bottom: 1em;
-}
-pre.verbatim {
- border: solid 1px gray;
- background: white;
+pre.example,pre.verbatim {
padding-bottom: 1em;
+
+ border: solid #c2e0ff;
+ background: #f0faff;
+ border-width: 1px 1px 1px 5px;
+ margin: 1em auto;
+ width: 90%;
}
+
div.node {
margin: 0 -5% 0 -2%;
padding: 0.5em 0.5em;
@@ -42,3 +42,52 @@ dd, li {
padding-top: 0.1em;
padding-bottom: 0.1em;
}
+div.float {
+
+ margin-bottom: 0.5em;
+ text-align: center;
+}
+
+table {
+ text-align: left;
+ margin-left:auto;
+ margin-right:auto;
+ width: 50%;
+}
+
+th {
+ padding: 0;
+ color: #336699;
+ background-color: #c2e0ff;
+ border: solid #000000;
+ border-width: 0px;
+ margin: 1em auto;
+ text-align: center;
+ margin-left:auto;
+ margin-right:auto;
+}
+
+td {
+ padding: 0;
+ border: solid #000000;
+ background-color: #f0faff;
+ border-width: 0px;
+ margin: 1em auto;
+ text-align: left;
+ margin-left:auto;
+ margin-right:auto;
+ padding-left: 1em;
+}
+
+dl {
+ text-align: left;
+ margin-left:auto;
+ margin-right:auto;
+ width: 50%;
+
+ padding-left: 1em;
+ border: solid #c2e0ff;
+ background: #f0faff;
+ border-width: 1px 1px 1px 5px;
+ margin: 1em auto;
+}
diff --git a/gl/Makefile.am b/gl/Makefile.am
index ed4c9fd..5b60086 100644
--- a/gl/Makefile.am
+++ b/gl/Makefile.am
@@ -21,7 +21,7 @@
# the same distribution terms as the rest of that program.
#
# Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files accept alloca alphasort argp bind byteswap c-ctype close connect
error extensions freeaddrinfo func getaddrinfo getnameinfo getpass getsubopt
gettext gettime havelib inet_ntop inet_pton lib-msvc-compat lib-symbol-versions
listen maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in
pmccabe2html progname read-file recv recvfrom scandir select send sendto
setsockopt shutdown snprintf socket sockets socklen stdint strcase strverscmp
sys_socket sys_stat time_r timespec u64 unistd usleep valgrind-tests vasprintf
version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files accept alloca alphasort argp bind byteswap c-ctype close connect
error extensions func getaddrinfo getpass getsubopt gettext gettime havelib
inet_ntop inet_pton lib-msvc-compat lib-symbol-versions listen
maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in
pmccabe2html progname read-file recv recvfrom scandir select send sendto
setsockopt shutdown snprintf socket sockets socklen stdint strcase strverscmp
sys_socket sys_stat time_r timespec u64 unistd valgrind-tests vasprintf
version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
AUTOMAKE_OPTIONS = 1.5 gnits
@@ -1658,6 +1658,7 @@ stdlib.h: stdlib.in.h $(top_builddir)/config.status
$(CXXDEFS_H) \
-e 's|@''REPLACE_MKSTEMP''@|$(REPLACE_MKSTEMP)|g' \
-e 's|@''REPLACE_PTSNAME_R''@|$(REPLACE_PTSNAME_R)|g' \
-e 's|@''REPLACE_PUTENV''@|$(REPLACE_PUTENV)|g' \
+ -e 's|@''REPLACE_RANDOM_R''@|$(REPLACE_RANDOM_R)|g' \
-e 's|@''REPLACE_REALLOC''@|$(REPLACE_REALLOC)|g' \
-e 's|@''REPLACE_REALPATH''@|$(REPLACE_REALPATH)|g' \
-e 's|@''REPLACE_SETENV''@|$(REPLACE_SETENV)|g' \
@@ -2357,15 +2358,6 @@ EXTRA_DIST +=
$(top_srcdir)/build-aux/useless-if-before-free
## end gnulib module useless-if-before-free
-## begin gnulib module usleep
-
-
-EXTRA_DIST += usleep.c
-
-EXTRA_libgnu_la_SOURCES += usleep.c
-
-## end gnulib module usleep
-
## begin gnulib module vasnprintf
diff --git a/gl/argp-parse.c b/gl/argp-parse.c
index 39b8336..09558b4 100644
--- a/gl/argp-parse.c
+++ b/gl/argp-parse.c
@@ -154,8 +154,9 @@ argp_version_parser (int key, char *arg, struct argp_state
*state)
else if (argp_program_version)
fprintf (state->out_stream, "%s\n", argp_program_version);
else
- __argp_error (state, dgettext (state->root_argp->argp_domain,
- "(PROGRAM ERROR) No version known!?"));
+ __argp_error (state, "%s",
+ dgettext (state->root_argp->argp_domain,
+ "(PROGRAM ERROR) No version known!?"));
if (! (state->flags & ARGP_NO_EXIT))
exit (0);
break;
diff --git a/gl/inet_ntop.c b/gl/inet_ntop.c
index eeffcbe..ab3c1ff 100644
--- a/gl/inet_ntop.c
+++ b/gl/inet_ntop.c
@@ -38,6 +38,16 @@
/* Specification. */
#include <arpa/inet.h>
+/* Use this to suppress gcc's "...may be used before initialized" warnings.
+ Beware: The Code argument must not contain commas. */
+#ifndef IF_LINT
+# ifdef lint
+# define IF_LINT(Code) Code
+# else
+# define IF_LINT(Code) /* empty */
+# endif
+#endif
+
#if HAVE_DECL_INET_NTOP
# undef inet_ntop
@@ -167,6 +177,8 @@ inet_ntop6 (const unsigned char *src, char *dst, socklen_t
size)
words[i / 2] = (src[i] << 8) | src[i + 1];
best.base = -1;
cur.base = -1;
+ IF_LINT(best.len = 0);
+ IF_LINT(cur.len = 0);
for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++)
{
if (words[i] == 0)
diff --git a/gl/m4/gnulib-cache.m4 b/gl/m4/gnulib-cache.m4
index 74c1b39..2196a2b 100644
--- a/gl/m4/gnulib-cache.m4
+++ b/gl/m4/gnulib-cache.m4
@@ -27,7 +27,7 @@
# Specification in the form of a command-line invocation:
-# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests
--no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files accept
alloca alphasort argp bind byteswap c-ctype close connect error extensions
freeaddrinfo func getaddrinfo getnameinfo getpass getsubopt gettext gettime
havelib inet_ntop inet_pton lib-msvc-compat lib-symbol-versions listen
maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in
pmccabe2html progname read-file recv recvfrom scandir select send sendto
setsockopt shutdown snprintf socket sockets socklen stdint strcase strverscmp
sys_socket sys_stat time_r timespec u64 unistd usleep valgrind-tests vasprintf
version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
+# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests
--no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files accept
alloca alphasort argp bind byteswap c-ctype close connect error extensions func
getaddrinfo getpass getsubopt gettext gettime havelib inet_ntop inet_pton
lib-msvc-compat lib-symbol-versions listen maintainer-makefile manywarnings
memmem-simple minmax netdb netinet_in pmccabe2html progname read-file recv
recvfrom scandir select send sendto setsockopt shutdown snprintf socket sockets
socklen stdint strcase strverscmp sys_socket sys_stat time_r timespec u64
unistd valgrind-tests vasprintf version-etc version-etc-fsf vfprintf-posix
vprintf-posix vsnprintf warnings
# Specification in the form of a few gnulib-tool.m4 macro invocations:
gl_LOCAL_DIR([gl/override])
@@ -43,10 +43,8 @@ gl_MODULES([
connect
error
extensions
- freeaddrinfo
func
getaddrinfo
- getnameinfo
getpass
getsubopt
gettext
@@ -87,7 +85,6 @@ gl_MODULES([
timespec
u64
unistd
- usleep
valgrind-tests
vasprintf
version-etc
diff --git a/gl/m4/gnulib-comp.m4 b/gl/m4/gnulib-comp.m4
index fcf7b8d..c6f99cf 100644
--- a/gl/m4/gnulib-comp.m4
+++ b/gl/m4/gnulib-comp.m4
@@ -324,8 +324,6 @@ AC_DEFUN([gl_EARLY],
# Code from module unsetenv:
# Code from module unsetenv-tests:
# Code from module useless-if-before-free:
- # Code from module usleep:
- # Code from module usleep-tests:
# Code from module valgrind-tests:
# Code from module vasnprintf:
# Code from module vasnprintf-tests:
@@ -811,11 +809,6 @@ gl_TIME_MODULE_INDICATOR([time_r])
gl_TIMESPEC
AC_REQUIRE([AC_C_INLINE])
gl_UNISTD_H
-gl_FUNC_USLEEP
-if test $HAVE_USLEEP = 0 || test $REPLACE_USLEEP = 1; then
- AC_LIBOBJ([usleep])
-fi
-gl_UNISTD_MODULE_INDICATOR([usleep])
gl_VALGRIND_TESTS
gl_FUNC_VASNPRINTF
gl_FUNC_VASPRINTF
@@ -1278,7 +1271,6 @@ AC_DEFUN([gl_FILE_LIST], [
lib/timespec.h
lib/u64.h
lib/unistd.in.h
- lib/usleep.c
lib/vasnprintf.c
lib/vasnprintf.h
lib/vasprintf.c
@@ -1455,7 +1447,6 @@ AC_DEFUN([gl_FILE_LIST], [
m4/uintmax_t.m4
m4/ungetc.m4
m4/unistd_h.m4
- m4/usleep.m4
m4/valgrind-tests.m4
m4/vasnprintf.m4
m4/vasprintf.m4
@@ -1623,7 +1614,6 @@ AC_DEFUN([gl_FILE_LIST], [
tests/test-u64.c
tests/test-unistd.c
tests/test-unsetenv.c
- tests/test-usleep.c
tests/test-vasnprintf.c
tests/test-vasprintf.c
tests/test-vc-list-files-cvs.sh
diff --git a/gl/m4/ld-version-script.m4 b/gl/m4/ld-version-script.m4
index fd8c043..5ed93ef 100644
--- a/gl/m4/ld-version-script.m4
+++ b/gl/m4/ld-version-script.m4
@@ -1,4 +1,4 @@
-# ld-version-script.m4 serial 2
+# ld-version-script.m4 serial 3
dnl Copyright (C) 2008-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -26,6 +26,12 @@ AC_DEFUN([gl_LD_VERSION_SCRIPT],
save_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map"
cat > conftest.map <<EOF
+foo
+EOF
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+ [accepts_syntax_errors=yes], [accepts_syntax_errors=no])
+ if test "$accepts_syntax_errors" = no; then
+ cat > conftest.map <<EOF
VERS_1 {
global: sym;
};
@@ -34,8 +40,11 @@ VERS_2 {
global: sym;
} VERS_1;
EOF
- AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
- [have_ld_version_script=yes], [have_ld_version_script=no])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+ [have_ld_version_script=yes], [have_ld_version_script=no])
+ else
+ have_ld_version_script=no
+ fi
rm -f conftest.map
LDFLAGS="$save_LDFLAGS"
AC_MSG_RESULT($have_ld_version_script)
diff --git a/gl/m4/printf.m4 b/gl/m4/printf.m4
index 6d1fa54..d75aca0 100644
--- a/gl/m4/printf.m4
+++ b/gl/m4/printf.m4
@@ -1,4 +1,4 @@
-# printf.m4 serial 47
+# printf.m4 serial 48
dnl Copyright (C) 2003, 2007-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -1545,7 +1545,7 @@ dnl OpenBSD 3.9, 4.0 . . # # # # .
# . # . # . # .
dnl Cygwin 1.7.0 (2009) . . . # . . . ? . . . . . ?
. . . . . .
dnl Cygwin 1.5.25 (2008) . . . # # . . # . . . . . #
. . . . . .
dnl Cygwin 1.5.19 (2006) # . . # # # . # . # . # # #
. . . . . .
-dnl Solaris 11 2010-11 . . # # # . . # . . . # . .
. . . . . .
+dnl Solaris 11 2011-11 . . # # # . . # . . . # . .
. . . . . .
dnl Solaris 10 . . # # # . . # . . . # # .
. . . . . .
dnl Solaris 2.6 ... 9 # . # # # # . # . . . # # .
. . # . . .
dnl Solaris 2.5.1 # . # # # # . # . . . # . .
# # # # # #
diff --git a/gl/m4/stdlib_h.m4 b/gl/m4/stdlib_h.m4
index bcb4cb8..85f7126 100644
--- a/gl/m4/stdlib_h.m4
+++ b/gl/m4/stdlib_h.m4
@@ -1,4 +1,4 @@
-# stdlib_h.m4 serial 39
+# stdlib_h.m4 serial 40
dnl Copyright (C) 2007-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -101,6 +101,7 @@ AC_DEFUN([gl_STDLIB_H_DEFAULTS],
REPLACE_MKSTEMP=0; AC_SUBST([REPLACE_MKSTEMP])
REPLACE_PTSNAME_R=0; AC_SUBST([REPLACE_PTSNAME_R])
REPLACE_PUTENV=0; AC_SUBST([REPLACE_PUTENV])
+ REPLACE_RANDOM_R=0; AC_SUBST([REPLACE_RANDOM_R])
REPLACE_REALLOC=0; AC_SUBST([REPLACE_REALLOC])
REPLACE_REALPATH=0; AC_SUBST([REPLACE_REALPATH])
REPLACE_SETENV=0; AC_SUBST([REPLACE_SETENV])
diff --git a/gl/m4/usleep.m4 b/gl/m4/usleep.m4
deleted file mode 100644
index 07fa9e9..0000000
--- a/gl/m4/usleep.m4
+++ /dev/null
@@ -1,35 +0,0 @@
-# usleep.m4 serial 2
-dnl Copyright (C) 2009-2012 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-
-dnl This macro intentionally does not check for select or nanosleep;
-dnl both of those modules can require external libraries.
-AC_DEFUN([gl_FUNC_USLEEP],
-[
- AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
- dnl usleep was required in POSIX 2001, but dropped as obsolete in
- dnl POSIX 2008; therefore, it is not always exposed in headers.
- AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
- AC_CHECK_FUNCS_ONCE([usleep])
- AC_CHECK_TYPE([useconds_t], [],
- [AC_DEFINE([useconds_t], [unsigned int], [Define to an unsigned 32-bit
- type if <sys/types.h> lacks this type.])])
- if test $ac_cv_func_usleep = no; then
- HAVE_USLEEP=0
- else
- dnl POSIX allows implementations to reject arguments larger than
- dnl 999999, but GNU guarantees it will work.
- AC_CACHE_CHECK([whether usleep allows large arguments],
- [gl_cv_func_usleep_works],
- [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
-#include <unistd.h>
-]], [[return !!usleep (1000000);]])],
- [gl_cv_func_usleep_works=yes], [gl_cv_func_usleep_works=no],
- [gl_cv_func_usleep_works="guessing no"])])
- if test "$gl_cv_func_usleep_works" != yes; then
- REPLACE_USLEEP=1
- fi
- fi
-])
diff --git a/gl/select.c b/gl/select.c
index 8bcfef0..e933094 100644
--- a/gl/select.c
+++ b/gl/select.c
@@ -102,8 +102,8 @@ IsSocketHandle (HANDLE h)
static int
windows_poll_handle (HANDLE h, int fd,
- struct bitset *rbits,
- struct bitset *wbits,
+ struct bitset *rbits,
+ struct bitset *wbits,
struct bitset *xbits)
{
BOOL read, write, except;
diff --git a/gl/stdlib.in.h b/gl/stdlib.in.h
index ea1c1c3..0a439e1 100644
--- a/gl/stdlib.in.h
+++ b/gl/stdlib.in.h
@@ -58,7 +58,7 @@
# include <random.h>
# endif
-# if address@hidden@ || address@hidden@
+# if address@hidden@ || @REPLACE_RANDOM_R@ || address@hidden@
# include <stdint.h>
# endif
@@ -505,11 +505,21 @@ _GL_CXXALIASWARN (putenv);
#endif
#if @GNULIB_RANDOM_R@
-# if address@hidden@
+# if @REPLACE_RANDOM_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef random_r
+# define random_r rpl_random_r
+# endif
+_GL_FUNCDECL_RPL (random_r, int, (struct random_data *buf, int32_t *result)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (random_r, int, (struct random_data *buf, int32_t *result));
+# else
+# if address@hidden@
_GL_FUNCDECL_SYS (random_r, int, (struct random_data *buf, int32_t *result)
_GL_ARG_NONNULL ((1, 2)));
-# endif
+# endif
_GL_CXXALIAS_SYS (random_r, int, (struct random_data *buf, int32_t *result));
+# endif
_GL_CXXALIASWARN (random_r);
#elif defined GNULIB_POSIXCHECK
# undef random_r
@@ -520,13 +530,25 @@ _GL_WARN_ON_USE (random_r, "random_r is unportable - "
#endif
#if @GNULIB_RANDOM_R@
-# if address@hidden@
+# if @REPLACE_RANDOM_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef srandom_r
+# define srandom_r rpl_srandom_r
+# endif
+_GL_FUNCDECL_RPL (srandom_r, int,
+ (unsigned int seed, struct random_data *rand_state)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (srandom_r, int,
+ (unsigned int seed, struct random_data *rand_state));
+# else
+# if address@hidden@
_GL_FUNCDECL_SYS (srandom_r, int,
(unsigned int seed, struct random_data *rand_state)
_GL_ARG_NONNULL ((2)));
-# endif
+# endif
_GL_CXXALIAS_SYS (srandom_r, int,
(unsigned int seed, struct random_data *rand_state));
+# endif
_GL_CXXALIASWARN (srandom_r);
#elif defined GNULIB_POSIXCHECK
# undef srandom_r
@@ -537,15 +559,29 @@ _GL_WARN_ON_USE (srandom_r, "srandom_r is unportable - "
#endif
#if @GNULIB_RANDOM_R@
-# if address@hidden@
+# if @REPLACE_RANDOM_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef initstate_r
+# define initstate_r rpl_initstate_r
+# endif
+_GL_FUNCDECL_RPL (initstate_r, int,
+ (unsigned int seed, char *buf, size_t buf_size,
+ struct random_data *rand_state)
+ _GL_ARG_NONNULL ((2, 4)));
+_GL_CXXALIAS_RPL (initstate_r, int,
+ (unsigned int seed, char *buf, size_t buf_size,
+ struct random_data *rand_state));
+# else
+# if address@hidden@
_GL_FUNCDECL_SYS (initstate_r, int,
(unsigned int seed, char *buf, size_t buf_size,
struct random_data *rand_state)
_GL_ARG_NONNULL ((2, 4)));
-# endif
+# endif
_GL_CXXALIAS_SYS (initstate_r, int,
(unsigned int seed, char *buf, size_t buf_size,
struct random_data *rand_state));
+# endif
_GL_CXXALIASWARN (initstate_r);
#elif defined GNULIB_POSIXCHECK
# undef initstate_r
@@ -556,13 +592,25 @@ _GL_WARN_ON_USE (initstate_r, "initstate_r is unportable
- "
#endif
#if @GNULIB_RANDOM_R@
-# if address@hidden@
+# if @REPLACE_RANDOM_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef setstate_r
+# define setstate_r rpl_setstate_r
+# endif
+_GL_FUNCDECL_RPL (setstate_r, int,
+ (char *arg_state, struct random_data *rand_state)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (setstate_r, int,
+ (char *arg_state, struct random_data *rand_state));
+# else
+# if address@hidden@
_GL_FUNCDECL_SYS (setstate_r, int,
(char *arg_state, struct random_data *rand_state)
_GL_ARG_NONNULL ((1, 2)));
-# endif
+# endif
_GL_CXXALIAS_SYS (setstate_r, int,
(char *arg_state, struct random_data *rand_state));
+# endif
_GL_CXXALIASWARN (setstate_r);
#elif defined GNULIB_POSIXCHECK
# undef setstate_r
diff --git a/gl/tests/Makefile.am b/gl/tests/Makefile.am
index e7f83f3..772c9f9 100644
--- a/gl/tests/Makefile.am
+++ b/gl/tests/Makefile.am
@@ -1342,14 +1342,6 @@ EXTRA_DIST += test-unsetenv.c signature.h macros.h
## end gnulib module unsetenv-tests
-## begin gnulib module usleep-tests
-
-TESTS += test-usleep
-check_PROGRAMS += test-usleep
-EXTRA_DIST += test-usleep.c signature.h macros.h
-
-## end gnulib module usleep-tests
-
## begin gnulib module vasnprintf-tests
TESTS += test-vasnprintf
diff --git a/gl/tests/ignore-value.h b/gl/tests/ignore-value.h
index 92f2fbc..52919de 100644
--- a/gl/tests/ignore-value.h
+++ b/gl/tests/ignore-value.h
@@ -54,9 +54,4 @@
# define ignore_value(x) (({ __typeof__ (x) __x = (x); (void) __x; }))
# endif
-/* ignore_value works for scalars, pointers and aggregates;
- deprecate ignore_ptr. */
-static inline void _GL_ATTRIBUTE_DEPRECATED
-ignore_ptr (void *p) { (void) p; } /* deprecated: use ignore_value */
-
#endif
diff --git a/gl/tests/pipe.c b/gl/tests/pipe.c
index eb05f44..e7e4253 100644
--- a/gl/tests/pipe.c
+++ b/gl/tests/pipe.c
@@ -21,7 +21,7 @@
#include <unistd.h>
#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
-/* Native Woe32 API. */
+/* Native Windows API. */
/* Get _pipe(). */
# include <io.h>
diff --git a/gl/tests/test-init.sh b/gl/tests/test-init.sh
index 3368a99..c644609 100755
--- a/gl/tests/test-init.sh
+++ b/gl/tests/test-init.sh
@@ -63,7 +63,7 @@ EOF
sed 's/ .*//;/^@@/d' out > k && mv k out
# Compare against expected output only if compare is using diff -u.
- if (diff -u out out < /dev/null) > /dev/null 2>&1; then
+ if diff -u out out < /dev/null > /dev/null 2>&1; then
compare exp out || fail=1
fi
case $- in *x*) ;; *) test -s err && fail_ "err not empty: $(cat err)";; esac
diff --git a/gl/tests/test-usleep.c b/gl/tests/test-usleep.c
deleted file mode 100644
index 1e4cac1..0000000
--- a/gl/tests/test-usleep.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Test of usleep() function.
- Copyright (C) 2009-2012 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
-/* Written by Eric Blake <address@hidden>, 2009. */
-
-#include <config.h>
-
-#include <unistd.h>
-
-#include "signature.h"
-SIGNATURE_CHECK (usleep, int, (useconds_t));
-
-#include <time.h>
-
-#include "macros.h"
-
-int
-main (void)
-{
- time_t start = time (NULL);
- ASSERT (usleep (1000000) == 0);
- ASSERT (start < time (NULL));
-
- ASSERT (usleep (0) == 0);
-
- return 0;
-}
diff --git a/gl/usleep.c b/gl/usleep.c
deleted file mode 100644
index ea640bf..0000000
--- a/gl/usleep.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* Pausing execution of the current thread.
- Copyright (C) 2009-2012 Free Software Foundation, Inc.
- Written by Eric Blake <address@hidden>, 2009.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
-/* This file is _intentionally_ light-weight. Rather than using
- select or nanosleep, both of which drag in external libraries on
- some platforms, this merely rounds up to the nearest second if
- usleep() does not exist. If sub-second resolution is important,
- then use a more powerful interface to begin with. */
-
-#include <config.h>
-
-/* Specification. */
-#include <unistd.h>
-
-#include <errno.h>
-
-#ifndef HAVE_USLEEP
-# define HAVE_USLEEP 0
-#endif
-
-/* Sleep for MICRO microseconds, which can be greater than 1 second.
- Return -1 and set errno to EINVAL on range error (about 4295
- seconds), or 0 on success. Interaction with SIGALARM is
- unspecified. */
-
-int
-usleep (useconds_t micro)
-{
- unsigned int seconds = micro / 1000000;
- if (sizeof seconds < sizeof micro && micro / 1000000 != seconds)
- {
- errno = EINVAL;
- return -1;
- }
- if (!HAVE_USLEEP && micro % 1000000)
- seconds++;
- while ((seconds = sleep (seconds)) != 0);
-
-#undef usleep
-#if !HAVE_USLEEP
-# define usleep(x) 0
-#endif
- return usleep (micro % 1000000);
-}
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index f8e1469..788b27d 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -51,15 +51,15 @@ static const gnutls_cipher_entry algorithms[] = {
{"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0, 0},
{"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM,
AEAD_IMPLICIT_DATA_SIZE, 0, 1},
{"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM,
AEAD_IMPLICIT_DATA_SIZE, 0, 1},
- {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0},
- {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0, 0},
{"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
- {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1, 0},
- {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1, 0},
{"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
16, 0, 0},
{"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
16, 0, 0},
+ {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0},
+ {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0, 0},
+ {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1, 0},
+ {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1, 0},
#ifdef ENABLE_OPENPGP
{"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0, 0},
@@ -249,7 +249,10 @@ static gnutls_cipher_algorithm_t
supported_ciphers[MAX_ALGOS] = {0};
{
int i = 0;
- GNUTLS_CIPHER_LOOP (supported_ciphers[i++]=p->id);
+ GNUTLS_CIPHER_LOOP (
+ if (_gnutls_cipher_exists(p->id))
+ supported_ciphers[i++]=p->id;
+ );
supported_ciphers[i++]=0;
}
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 27b6ca4..e60555a 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -31,20 +31,21 @@ struct gnutls_hash_entry
const char *oid;
gnutls_mac_algorithm_t id;
size_t key_size; /* in case of mac */
+ unsigned placeholder; /* if set, then not a real MAC */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
static const gnutls_hash_entry hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0},
{0, 0, 0, 0}
};
@@ -157,7 +158,10 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] =
{ 0 };
{
int i = 0;
- GNUTLS_HASH_LOOP ( supported_macs[i++]=p->id);
+ GNUTLS_HASH_LOOP (
+ if (p->placeholder != 0 || _gnutls_hmac_exists(p->id))
+ supported_macs[i++]=p->id;
+ );
supported_macs[i++]=0;
}
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index a49b488..677d455 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -41,6 +41,10 @@
int (*auth) (void *ctx, const void *data, size_t datasize);
void (*tag) (void *ctx, void *tag, size_t tagsize);
void (*deinit) (void *ctx);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
} gnutls_crypto_cipher_st;
typedef struct
@@ -52,6 +56,10 @@
int (*output) (void *src_ctx, void *digest, size_t digestsize);
void (*deinit) (void *ctx);
int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const
void *text, size_t textsize, void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_mac_algorithm_t);
} gnutls_crypto_mac_st;
typedef struct
@@ -63,6 +71,10 @@
int (*output) (void *src_ctx, void *digest, size_t digestsize);
void (*deinit) (void *ctx);
int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize,
void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_digest_algorithm_t);
} gnutls_crypto_digest_st;
typedef struct gnutls_crypto_rnd
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 5814d51..1a5346b 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -34,6 +34,21 @@
goto cleanup; \
}
+/* Returns true(non-zero) or false(0) if the
+ * provided cipher exists
+ */
+int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
+{
+ const gnutls_crypto_cipher_st *cc;
+ int ret;
+
+ cc = _gnutls_get_crypto_cipher (cipher);
+ if (cc != NULL) return 1;
+
+ ret = _gnutls_cipher_ops.exists(cipher);
+ return ret;
+}
+
int
_gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key, const gnutls_datum_t * iv,
int enc)
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 301bce8..ce51588 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -100,6 +100,7 @@ _gnutls_cipher_deinit (cipher_hd_st * handle)
}
}
+int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
inline static unsigned int _gnutls_cipher_tag_len( cipher_hd_st * handle)
{
return handle->tag_size;
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index b316ece..be676b5 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -57,6 +57,7 @@ digest_length (int algo)
}
}
+
int
_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
{
@@ -207,6 +208,19 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const
void *key,
}
+/* Returns true(non-zero) or false(0) if the
+ * provided hash exists
+ */
+int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo)
+{
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ cc = _gnutls_get_crypto_mac (algo);
+ if (cc != NULL) return 1;
+
+ return _gnutls_mac_ops.exists (algo);
+}
+
int
_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen)
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 9780fff..83dea8d 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -58,6 +58,7 @@ typedef struct
} digest_hd_st;
/* basic functions */
+int _gnutls_hmac_exists(gnutls_mac_algorithm_t algorithm);
int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen);
int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index ef3bfc6..3529c1d 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
- * Free Software Foundation, Inc.
+ * Copyright (C) 2001-2012 Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -255,6 +254,7 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
if (plaintext->data[0] != 0 || plaintext->data[1] != btype)
{
gnutls_assert ();
+ _gnutls_free_datum (plaintext);
return GNUTLS_E_DECRYPTION_FAILED;
}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 296ca4a..22aba97 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1111,11 +1111,9 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
int status);
- int gnutls_certificate_set_x509_simple_pkcs12_file
- (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ int gnutls_certificate_set_x509_simple_pkcs12_file
(gnutls_certificate_credentials_t res, const char *pkcs12file,
gnutls_x509_crt_fmt_t type, const char *password);
- int gnutls_certificate_set_x509_simple_pkcs12_mem
- (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
+ int gnutls_certificate_set_x509_simple_pkcs12_mem
(gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
gnutls_x509_crt_fmt_t type, const char *password);
/* New functions to allow setting already parsed X.509 stuff.
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 83da473..245af21 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -101,6 +101,28 @@ static void _gcm_decrypt(void *_ctx, nettle_crypt_func f,
return gcm_aes_decrypt(_ctx, length, dst, src);
}
+static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
+{
+ switch (algo)
+ {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ case GNUTLS_CIPHER_3DES_CBC:
+ case GNUTLS_CIPHER_DES_CBC:
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
static int
wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
{
@@ -345,6 +367,7 @@ wrap_nettle_cipher_close (void *h)
gnutls_crypto_cipher_st _gnutls_cipher_ops = {
.init = wrap_nettle_cipher_init,
+ .exists = wrap_nettle_cipher_exists,
.setiv = wrap_nettle_cipher_setiv,
.setkey = wrap_nettle_cipher_setkey,
.encrypt = wrap_nettle_cipher_encrypt,
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 4a77895..d36c1d4 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -160,6 +160,22 @@ static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t
algo,
return 0;
}
+static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo)
+{
+ switch (algo)
+ {
+ case GNUTLS_MAC_MD5:
+ case GNUTLS_MAC_SHA1:
+ case GNUTLS_MAC_SHA224:
+ case GNUTLS_MAC_SHA256:
+ case GNUTLS_MAC_SHA384:
+ case GNUTLS_MAC_SHA512:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
static int
wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
{
@@ -279,6 +295,23 @@ wrap_nettle_hash_deinit (void *hd)
gnutls_free (hd);
}
+static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo)
+{
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ case GNUTLS_DIG_SHA1:
+ case GNUTLS_DIG_MD2:
+ case GNUTLS_DIG_SHA224:
+ case GNUTLS_DIG_SHA256:
+ case GNUTLS_DIG_SHA384:
+ case GNUTLS_DIG_SHA512:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx
*ctx)
{
switch (algo)
@@ -419,6 +452,7 @@ gnutls_crypto_mac_st _gnutls_mac_ops = {
.output = wrap_nettle_hmac_output,
.deinit = wrap_nettle_hmac_deinit,
.fast = wrap_nettle_hmac_fast,
+ .exists = wrap_nettle_hmac_exists,
};
gnutls_crypto_digest_st _gnutls_digest_ops = {
@@ -429,4 +463,5 @@ gnutls_crypto_digest_st _gnutls_digest_ops = {
.output = wrap_nettle_hash_output,
.deinit = wrap_nettle_hash_deinit,
.fast = wrap_nettle_hash_fast,
+ .exists = wrap_nettle_hash_exists,
};
diff --git a/maint.mk b/maint.mk
index 3e16b50..ad6aac7 100644
--- a/maint.mk
+++ b/maint.mk
@@ -838,7 +838,7 @@ sc_prohibit_cvs_keyword:
#
# This is a perl script that is expected to be the single-quoted argument
# to a command-line "-le". The remaining arguments are file names.
-# Print the name of each file that ends in exactly one newline byte.
+# Print the name of each file that does not end in exactly one newline byte.
# I.e., warn if there are blank lines (2 or more newlines), or if the
# last byte is not a newline. However, currently we don't complain
# about any file that contains exactly one byte.
diff --git a/src/udp-serv.c b/src/udp-serv.c
index af033fa..d6c3161 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -104,7 +104,6 @@ void udp_server(const char* name, int port, int mtu)
/* discard peeked data*/
recvfrom(sock, buffer, sizeof(buffer), 0, (struct
sockaddr*)&cli_addr, &cli_addr_size);
- usleep(100);
continue;
}
printf ("Accepted connection from %s\n",
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_11-98-g1c41ca1,
Simon Josefsson <=