[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-69-g4dcb805
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-69-g4dcb805 |
|
Date: |
Wed, 18 Jan 2012 18:56:45 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4dcb8057054b748d3affff99323bb9d42a88c64e
The branch, master has been updated
via 4dcb8057054b748d3affff99323bb9d42a88c64e (commit)
via b2172d5aff8c7f18352fd6a3d2c17755b8f1eaf2 (commit)
via 2ed79fc10959551ec998052e9fc293a1e97279aa (commit)
via 5780af89e13da06a44b61f6215c03283cf660474 (commit)
via 55cafc084c03c70830e4da83a5167e6f15bbe0dd (commit)
via 37e86de195d6c24bb349e0213dd528c5ceb89688 (commit)
via c3bc5634e570a58ad7e3cb6fdadcd3a67bf090ea (commit)
from f02628b3c9577e9a5a1fcaa87bdd2759fbd7011c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4dcb8057054b748d3affff99323bb9d42a88c64e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Jan 18 19:57:45 2012 +0100
GNUTLS_E_NO_PRIORITIES_WERE_SET is also returned by gnutls_priority_set_*
This allows to warn when an incomplete set of priorities is specified.
Reported by Yaroslav Stavnichiy.
commit b2172d5aff8c7f18352fd6a3d2c17755b8f1eaf2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 17 19:47:12 2012 +0100
introduced GNUTLS_E_NO_PRIORITIES_WERE_SET.
commit 2ed79fc10959551ec998052e9fc293a1e97279aa
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 15 23:04:07 2012 +0100
more documentation updates.
commit 5780af89e13da06a44b61f6215c03283cf660474
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 15 22:57:48 2012 +0100
added more information to internals''
commit 55cafc084c03c70830e4da83a5167e6f15bbe0dd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 15 22:44:33 2012 +0100
better print supported algorithms.
commit 37e86de195d6c24bb349e0213dd528c5ceb89688
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 17 20:32:33 2012 +0100
Added gnutls_certificate_set_x509_key_file in a comment.
commit c3bc5634e570a58ad7e3cb6fdadcd3a67bf090ea
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 15 12:39:10 2012 +0100
added boilerplate
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
doc/cha-gtls-app.texi | 18 ++++++++--------
doc/cha-internals.texi | 13 +++++++++--
doc/examples/ex-client-x509.c | 7 ++++++
doc/examples/ex-pkcs11-list.c | 2 +
doc/examples/print-ciphersuites.c | 2 +
doc/printlist.c | 39 +++++++++++++++++++------------------
doc/texinfo.css | 2 +-
lib/gnutls_errors.c | 2 +
lib/gnutls_handshake.c | 5 ++++
lib/gnutls_priority.c | 7 ++++++
lib/includes/gnutls/gnutls.h.in | 1 +
src/cli.c | 7 ++++-
13 files changed, 74 insertions(+), 34 deletions(-)
diff --git a/NEWS b/NEWS
index 1373bcf..76fa241 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ See the end for copying conditions.
** certtool: --outder option now works for private
and public keys as well.
+** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
+to warn when no or insufficient priorities were set.
+
** libgnutls: Corrected an alignment issue in ECDH
key generation which prevented some keys from being
correctly aligned in rare circumstances.
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 1a9f08a..644e2b5 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -141,11 +141,11 @@ non-native thread usage is shown below.
@example
#include <gnutls.h>
-/* Other thread packages
- */
-
int main()
@{
+ /* When the system mutexes are not to be used
+ * gnutls_global_set_mutex() must be called explicitly
+ */
gnutls_global_set_mutex (mutex_init, mutex_deinit,
mutex_lock, mutex_unlock);
gnutls_global_init();
@@ -744,17 +744,17 @@ keyword, additional algorithm keywords and special
keywords.
@multitable @columnfractions .20 .70
@headitem Keyword @tab Description
@item PERFORMANCE @tab
-All the "secure" ciphersuites are enabled,
+All the known to be secure ciphersuites are enabled,
limited to 128 bit ciphers and sorted by terms of speed
-performance.
+performance. The message authenticity security level is of 64 bits or more.
@item NORMAL @tab
-Means all "secure" ciphersuites. The 256-bit ciphers are
-included as a fallback only. The ciphers are sorted by security
-margin.
+Means all the known to be secure ciphersuites. The ciphers are sorted by
security
+margin, although the 256-bit ciphers are included as a fallback only.
+The message authenticity security level is of 64 bits or more.
@item SECURE128 @tab
-Means all "secure" ciphersuites that offer a
+Means all known to be secure ciphersuites that offer a
security level 128-bit or more and a message authenticity
security level of 80 bits or more.
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index 649144e..8eebd97 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -339,12 +339,19 @@ cryptographic operations as in @ref{fig:crypto-layers}.
The TLS layer uses a cryptographic provider layer, that will in turn either
use the default crypto provider -- a software crypto library, or use an
external
-crypto provider, if available.
+crypto provider, if available in the local system. The reason of handling
+the external cryptographic provider in GnuTLS and not delegating it to
+the cryptographic libraries, is that none of the supported cryptographic
+libraries support @code{/dev/crypto} or CPU-optimized cryptography in
+an efficient way.
@subheading Cryptographic library layer
The Cryptographic library layer, currently supports only
-libnettle. Other cryptographic libraries might be supported
-in the future.
+libnettle. Older versions of GnuTLS used to support libgcrypt,
+but it was switched with nettle mainly for performance address@hidden
address@hidden://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.}
+and secondary because it is a simpler library to use.
+In the future other cryptographic libraries might be supported as well.
@subheading External cryptography provider
Systems that include a cryptographic co-processor, typically come with
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index c82df65..0ea151d 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -40,6 +40,13 @@ int main (void)
*/
gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback);
+
+ /* If client holds a certificate it can be set using the following:
+ *
+ gnutls_certificate_set_x509_key_file (xcred,
+ "cert.pem", "key.pem",
+ GNUTLS_X509_FMT_PEM);
+ */
/* Initialize TLS session
*/
diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c
index 650ccf8..35ef196 100644
--- a/doc/examples/ex-pkcs11-list.c
+++ b/doc/examples/ex-pkcs11-list.c
@@ -1,3 +1,5 @@
+/* This example code is placed in the public domain. */
+
#include <config.h>
#include <gnutls/gnutls.h>
#include <gnutls/pkcs11.h>
diff --git a/doc/examples/print-ciphersuites.c
b/doc/examples/print-ciphersuites.c
index 8bfdb2a..7b91c3b 100644
--- a/doc/examples/print-ciphersuites.c
+++ b/doc/examples/print-ciphersuites.c
@@ -1,3 +1,5 @@
+/* This example code is placed in the public domain. */
+
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/doc/printlist.c b/doc/printlist.c
index 3335c97..d52b5c8 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -51,9 +51,9 @@ static void main_texinfo (void)
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
- printf ("Available cipher suites:\n");
-
+ printf ("@heading Ciphersuites\n");
printf ("@multitable @columnfractions .60 .20 .20\n");
+ printf("@headitem Ciphersuite name @tab TLS ID @tab Since\n");
for (i = 0; (name = gnutls_cipher_suite_info
(i, id, &kx, &cipher, &mac, &version)); i++)
{
@@ -69,95 +69,96 @@ static void main_texinfo (void)
{
const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
- printf ("\n\nAvailable certificate types:address@hidden");
+ printf ("address@hidden Certificate types\n");
+ printf ("@table @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_certificate_type_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_protocol_t *p = gnutls_protocol_list ();
- printf ("\nAvailable protocols:address@hidden");
+ printf ("address@hidden address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_protocol_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
- printf ("\nAvailable ciphers:address@hidden");
+ printf ("address@hidden address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_cipher_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
- printf ("\nAvailable MAC algorithms:address@hidden");
+ printf ("address@hidden MAC address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_mac_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
- printf ("\nAvailable key exchange methods:address@hidden");
+ printf ("address@hidden Key exchange address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_kx_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
- printf ("\nAvailable public key algorithms:address@hidden");
+ printf ("address@hidden Public key address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_pk_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
- printf ("\nAvailable public key signature algorithms:address@hidden");
+ printf ("address@hidden Public key signature address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_sign_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
{
const gnutls_compression_method_t *p = gnutls_compression_list ();
- printf ("\nAvailable compression methods:address@hidden");
+ printf ("address@hidden Compression address@hidden @code\n");
for (; *p; p++)
{
printf ("@item %s\n", gnutls_compression_get_name (*p));
}
- printf ("@end itemize\n");
+ printf ("@end table\n");
}
}
static const char headers[] = "\\tablefirsthead{%\n"
"\\hline\n"
- "Ciphersuite name & TLS ID & since\\\\\n"
+ "Ciphersuite name & TLS ID & Since\\\\\n"
"\\hline}\n"
"\\tablehead{%\n"
"\\hline\n"
diff --git a/doc/texinfo.css b/doc/texinfo.css
index 14eb6f3..ce3d130 100644
--- a/doc/texinfo.css
+++ b/doc/texinfo.css
@@ -88,6 +88,6 @@ dl {
padding-left: 1em;
border: solid #c2e0ff;
background: #f0faff;
- border-width: 1px 1px 1px 5px;
+ border-width: 5px 1px 1px 1px;
margin: 1em auto;
}
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 72209ab..d228cc3 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -51,6 +51,8 @@ static const gnutls_error_entry error_algorithms[] = {
ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ ERROR_ENTRY (N_("No or insufficient priorities were set."),
+ GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
ERROR_ENTRY (N_("The cipher type is unsupported."),
GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
ERROR_ENTRY (N_("The certificate and the given key do not match."),
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index a304551..b002122 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2344,6 +2344,11 @@ gnutls_handshake (gnutls_session_t session)
{
int ret;
record_parameters_st *params;
+
+ /* sanity check. Verify that there are priorities setup.
+ */
+ if (session->internals.priorities.protocol.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next,
¶ms);
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 1c2964e..29fc363 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -576,6 +576,13 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
session->internals.priorities.protocol.
priority[0]);
+ if (session->internals.priorities.protocol.algorithms == 0 ||
+ session->internals.priorities.cipher.algorithms == 0 ||
+ session->internals.priorities.mac.algorithms == 0 ||
+ session->internals.priorities.kx.algorithms == 0 ||
+ session->internals.priorities.compression.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
return 0;
}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 0f4aa04..2af7ae5 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1811,6 +1811,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
#define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
#define GNUTLS_E_ILLEGAL_PARAMETER -325
+#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/src/cli.c b/src/cli.c
index bde68eb..722f85f 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -545,6 +545,7 @@ static gnutls_session_t
init_tls_session (const char *hostname)
{
const char *err;
+ int ret;
gnutls_session_t session;
@@ -558,9 +559,11 @@ init_tls_session (const char *hostname)
gnutls_init (&session, GNUTLS_CLIENT);
- if (gnutls_priority_set_direct (session, info.priorities, &err) < 0)
+ if ((ret = gnutls_priority_set_direct (session, info.priorities, &err)) < 0)
{
- fprintf (stderr, "Syntax error at: %s\n", err);
+ if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at:
%s\n", err);
+ else
+ fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
exit (1);
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-69-g4dcb805,
Nikos Mavrogiannopoulos <=