summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
NIIBE Yutaka [Thu, 17 Jan 2019 02:36:53 +0000 (11:36 +0900)]
Remove duplicated typedefs.
* src/ciphersuites.h (ciphersuite_t): Remove.
* src/context.h (x509_cert_t): Remove.
--
GnuPG-bug-id: 4305
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 13 Nov 2018 02:01:51 +0000 (11:01 +0900)]
build: Update m4/libgcrypt.m4.
* m4/libgcrypt.m4: Update libgcrypt master.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 13 Nov 2018 01:50:53 +0000 (10:50 +0900)]
ntbtls.m4: Prefer gpgrt-config to SYSROOT support.
* src/ntbtls.m4: Move SYSROOT support after checking GPGRT_CONFIG.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 13 Nov 2018 01:49:03 +0000 (10:49 +0900)]
build: Update autogen.rc.
* autogen.rc: Remove obsolete --with-gpg-error-prefix,
--with-ksba-prefix, and --with-libgcrypt-prefix options.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 8 Nov 2018 21:21:25 +0000 (06:21 +0900)]
ntbtls-cli: Use union to access hostent addr.
* src/ntbtls-cli.c (connect_server): Use union.
--
Unfortunately, the API of gethostbyname was designed in old style of
C. Modern compiler emits warnings for its access to h_addr of char *
on a machine of different alignment requirement for other
objects. (It should be defined as void *, in new style.)
As a workaround, we use union here.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 2 Nov 2018 03:17:07 +0000 (12:17 +0900)]
build: Update *.m4 files.
* m4/gpg-error.m4: Update to 2018-11-02.
* m4/ksba.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* src/ntbtls.m4: Add AC_MSG_NOTICE.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Mon, 29 Oct 2018 03:52:36 +0000 (12:52 +0900)]
build: Update *.m4 files.
* m4/gpg-error.m4: Update to 2018-10-29.
* m4/ksba.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* src/ntbtls.m4: Follow the change of gpgrt-config.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 26 Oct 2018 04:24:42 +0000 (13:24 +0900)]
Update ksba.m4 again.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 26 Oct 2018 01:53:11 +0000 (10:53 +0900)]
build: Update ksba.m4 and libgcrypt.m4.
* m4/ksba.m4: Update.
* m4/libgcrypt.m4: Update.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 26 Oct 2018 01:51:20 +0000 (10:51 +0900)]
ntbtls.m4: Better backward compatibility support.
* m4/gpg-error.m4: Update.
* src/ntbtls.m4: Don't assume ntbtls-config is newer.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 26 Oct 2018 00:46:07 +0000 (09:46 +0900)]
build: Relax build requirements.
* m4/gpg-error.m4: Update.
* m4/ksba.m4: Update.
* m4/libgcrypt.m4: Update.
* configure.ac (NEED_GPG_ERROR_VERSION): Don't require newer.
* src/ntbtls.m4: Don't require AM_PATH_GPG_ERROR. Use GPGRT_CONFIG
when it is confirmed that it is available and working well. Fall back
to detecting NTBTLS_CONFIG, if not.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 25 Oct 2018 01:42:37 +0000 (10:42 +0900)]
build: Require libgpg-error >= 1.33.
* configure.ac (NEED_GPG_ERROR_VERSION): Require >= 1.33.
* m4/gpg-error.m4: Update from libgpg-error 1.33.
* src/ntbtls.m4 (AM_PATH_GPG_ERROR): Required.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 08:12:26 +0000 (17:12 +0900)]
build: Fix ntbtls.pc.in.
* src/ntbtls.pc.in: Don't quote.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 07:42:48 +0000 (16:42 +0900)]
build: Fix ntbtls.m4.
* src/ntbtls.m4: Use --modversion to get the version.
--
Fixes-commit:
06e6d62dcaf6ecd08e16cc692a4bb4bc6acc9307
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 07:17:17 +0000 (16:17 +0900)]
build: Compatibility to pkg-config.
* src/ntbtls-config.in: Support --variable and --modversion.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 07:13:21 +0000 (16:13 +0900)]
build: Make ntbtls.m4 use gpg-error-config.
* src/ntbtls.m4: Use gpg-error-config.
--
With the option --with-ntbtls-prefix, it still uses ntbtls-config
script.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 07:06:38 +0000 (16:06 +0900)]
build: Provide ntbtls.pc, generated by configure.
* configure.ac (PACKAGE, VERSION): Remove.
Generate src/ntbtls.pc.
* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
(EXTRA_DIST): Add ntbtls.pc.in.
* src/ntbtls-config.in: Use @PACKAGE_VERSION@.
* src/ntbtls.pc.in: New.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 24 Oct 2018 06:40:57 +0000 (15:40 +0900)]
build: Update m4 scripts.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/ksba.m4: Update from libksba.
* m4/libgcrypt.m4: Update from libgcrypt.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 16 Oct 2018 05:22:38 +0000 (14:22 +0900)]
Update autogen.sh from libgpg-error.
* autogen.sh: Update.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Mon, 29 Jan 2018 09:54:51 +0000 (18:54 +0900)]
Fix wipemem.h for other architectures.
* src/wipemem.h (FASTWIPE_T): Defined.
--
GnuPG-bug-id: 3207
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Werner Koch [Tue, 19 Sep 2017 06:07:31 +0000 (08:07 +0200)]
Post release updates
--
Werner Koch [Tue, 19 Sep 2017 06:01:28 +0000 (08:01 +0200)]
Release 0.1.2
* configure.ac: Set LT version to C0/A0/R2.
Werner Koch [Mon, 18 Sep 2017 18:05:26 +0000 (20:05 +0200)]
Support the other two NIST curves and their Brainpool counterparts.
* src/ecdh.c (_ntbtls_ecdh_read_params): Add new curves.
* src/protocol-cli.c (write_supported_elliptic_curves_ext): Ditto.
--
GnuPG-bug-id: 3411
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Mon, 18 Sep 2017 20:02:07 +0000 (22:02 +0200)]
Print "handshake failure" debug msg for the the 2:40 alert.
* src/protocol.c (_ntbtls_read_record): Explain error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
Andre Heinecke [Fri, 17 Mar 2017 15:21:34 +0000 (16:21 +0100)]
Include KSBA includedir while compiling
* src/Makefile.am (AM_CFLAGS): Include libksba
--
This fixes the build if libksba's prefix differs from gpg-error's.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
Werner Koch [Thu, 16 Mar 2017 10:31:36 +0000 (11:31 +0100)]
Post release updates.
--
Werner Koch [Thu, 16 Mar 2017 10:24:55 +0000 (11:24 +0100)]
Release 0.1.1
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Thu, 16 Mar 2017 09:40:19 +0000 (10:40 +0100)]
Implement ECDHE-RSA key exchange.
* src/ecdh.c: New file.
* src/Makefile.am (libntbtls_la_SOURCES): Add new file.
* src/context.h (ecdh_context_t): New type.
(_ntbtls_handshake_params_s): Use new type for 'ecdh_ctx'.
* src/protocol.c (handshake_params_init): Init ECDH_CTX.
(handshake_params_deinit): Deinit ECDH_CTX.
(ssl_write_hello_request): Rename to write_hello_request. Change
caller.
* src/protocol-cli.c (write_supported_elliptic_curves_ext): Implement.
(write_cli_supported_point_formats_ext): Implement.
(write_client_hello): Call them.
(parse_supported_point_formats_ext): Implement.
(parse_server_ecdh_params): Implement.
(parse_signature_algorithm): Fix debug output.
(read_server_key_exchange): Improve debug output.
(write_client_key_exchange): Implement ECDHE key exchange.
* src/ciphersuites.c (_ntbtls_ciphersuite_list): Advertise ECDHE_RSA
key exchange.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Thu, 16 Mar 2017 09:30:05 +0000 (10:30 +0100)]
New debug macro for print a point value.
* src/debug.c (_ntbtls_debug_pnt): New.
* src/util.h (debug_pnt): New macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
Justus Winter [Wed, 8 Mar 2017 12:17:40 +0000 (13:17 +0100)]
build: Use macOS' compatibility macros to enable all features.
* configure.ac: On macOS, use the compatibility macros to expose every
feature of the libc. This is the equivalent of _GNU_SOURCE on GNU
libc.
--
Not defining this leads to compilation errors or superfluous warnings
on macOS.
GnuPG-bug-id: 2910
ed-off-by: Justus Winter <justus@gnupg.org>
Werner Koch [Thu, 23 Feb 2017 07:59:00 +0000 (08:59 +0100)]
Make ntbtls-cli work for W32.
* src/ntbtls-cli.c: Include errno.h.
(w32_cookie_read) [W32]: New.
(w32_write_server) [W32]: New.
(w32_cookie_write) [W32]: New.
(w32_cookie_functions) [W32]: New.
(connect_estreams) [W32]: Use es_fopencookie.
(main) [W32]: Init Winsock.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 21 Feb 2017 19:17:58 +0000 (20:17 +0100)]
Post release updates.
--
Werner Koch [Tue, 21 Feb 2017 18:55:58 +0000 (19:55 +0100)]
Release 0.1.0
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 21 Feb 2017 14:24:08 +0000 (15:24 +0100)]
Allow building for W32
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 21 Feb 2017 14:09:21 +0000 (15:09 +0100)]
Remove now superfluous functions from the public API.
* src/visibility.c (ntbtls_x509_cert_new): Remove
(ntbtls_x509_cert_release): Remove.
(ntbtls_x509_append_cert): Remove.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 21 Feb 2017 10:05:15 +0000 (11:05 +0100)]
New macro ntbtls_check_context.
* src/ntbtls.h.in (ntbtls_check_context): New macro.
* src/visibility.c (_ntbtls_check_context): New function.
* src/libntbtls.def, src/libntbtls.vers: Add _ntbtls_check_context.
* configure.ac (SIZEOF_UNSIGNED_LONG): Define.
* src/context.h (NTBTLS_CONTEXT_MAGIC): New constant.
(_ntbtls_context_s): New field 'magic'.
* src/debug.c (_ntbtls_debug_bug): Always print a message.
* src/protocol.c (_ntbtls_new): Set MAGIC.
(_ntbtls_release): Test MAGIC.
--
This macro allows to assert that a TLS context, which might have been
conveyed using an opaque pointer, is valid. The function does not
abort but merely logs and returns error.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 21 Feb 2017 08:47:39 +0000 (09:47 +0100)]
New function ntbtls_get_hostname.
* src/ntbtls.h.in (ntbtls_get_hostname): New.
* src/protocol.c (_ntbtls_get_hostname): New.
* src/visibility.c, src/visibility.h: Export ntbtls_get_hostname.
* src/libntbtls.def, src/libntbtls.vers: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Mon, 20 Feb 2017 19:37:11 +0000 (20:37 +0100)]
Implement wildcards for hostname checking.
* src/x509.c (count_labels): New.
(check_hostname): Implement wildcards.
--
We support wildcards in the CN and subjectAltNames. The wildcard
must be the first label and macthes only one label.
*.org - bad
*.example.org - good
*.foo.example.org - good
*x.example.org - bad
foo.*.example.org - bad
*.foo.example.org - good
The name *.example.org mactes for example
example.org
www.example.org
ftp.example.org
but not for example
ftp.foo.example.org
In general wildcard certifcates are a bad idea and should be avoided.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Mon, 20 Feb 2017 19:30:18 +0000 (20:30 +0100)]
ntbtls-cli: New option --head and use a default SNI.
* src/ntbtls-cli.c (opt_head): New var.
(simple_client): Request "HEAD".
(main): Add option --head. Use default SNI value.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Mon, 20 Feb 2017 16:21:10 +0000 (17:21 +0100)]
Implement hostname checking.
* src/x509.c (struct dn_array_s): New.
(release_dn_array): New.
(parse_dn_part): New.
(parse_dn): New.
(check_hostname): New.
(_ntbtls_x509_check_hostname): New.
* src/protocol.c (_ntbtls_read_certificate): Add hostname check.
--
The functions parse_dn and parse_dn_part are taken from current
gnupg/sm/certdump.c.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Mon, 20 Feb 2017 16:16:43 +0000 (17:16 +0100)]
New function ntbtls_set_log_handler
* src/ntbtls.h.in (ntbtls_log_handler_t): New type.
(ntbtls_set_log_handler): New.
* src/visibility.c (ntbtls_set_log_handler): New.
* src/visibility.h (ntbtls_set_log_handler): Mark visible.
* src/libntbtls.def: Add ntbtls_set_log_handler.
* src/libntbtls.vers: Add ntbtls_set_log_handler.
* src/debug.c (log_handler, log_handler_value): New vars.
(_ntbtls_set_log_handler): New.
(_ntbtls_set_debug): Do not re-set the prefix.
(_ntbtls_debug_msg): Divert to a log handler.
* src/util.c (_ntbtls_trim_trailing_spaces): New.
(ascii_toupper): New.
(_ntbtls_ascii_strcasecmp): New.
* src/util.h (spacep, digitp, alphap, alnump, hexdigitp): New macros.
(ascii_isspace): New macro.
(atoi_1, atoi_2, atoi_4, xtoi_1, xtoi_2, xtoi_4): New macros.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Sun, 19 Feb 2017 09:26:49 +0000 (10:26 +0100)]
Change verification API to use a callback.
* src/ntbtls.h.in: Include ksba.h.
(ntbtls_verify_cb_t): New type.
(ntbtls_set_ca_chain): Remove prototype.
(ntbtls_set_verify_cb): New.
(ntbtls_x509_get_peer_cert): New.
* src/visibility.c (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb): New.
(ntbtls_x509_get_peer_cert): New.
* src/visibility.h (ntbtls_set_ca_chain): Remove
(ntbtls_set_verify_cb): Mark visible.
(ntbtls_x509_get_peer_cert): Ditto.
* src/libntbtls.def (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.
* src/libntbtls.vers (ntbtls_set_ca_chain): Remove.
(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.
* src/context.h (_ntbtls_context_s: Remove 'ca_chain' and
'crl_chain'. Add 'verify_cb' and 'verify_cb_value'.
* src/protocol.c (_ntbtls_read_certificate): Call verify callback.
(session_deinit): Remove superfluous conditional.
(_ntbtls_set_ca_chain): Remove.
(_ntbtls_set_verify_cb): New.
* src/x509.c (x)509_cert_s): Remove fields 'fpr', 'is_self_signed',
and 'is_valid'.
(_ntbtls_x509_verify): Remove
(_ntbtls_x509_get_cert): Fix use of IDX.
(_ntbtls_x509_get_peer_cert): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Fri, 27 Jan 2017 16:06:29 +0000 (17:06 +0100)]
In debug mode write some infos about the certificates.
* src/debug.c (_ntbtls_debug_msg): Add hack to not print the final LF.
(_ntbtls_debug_crt): New.
* src/util.h (debug_crt): New macro.
* src/x509.c (x509_log_serial, x509_log_time): New.
(_ntbtls_x509_log_cert): New.
* src/protocol-cli.c (read_server_hello): Tweak debug levels.
* src/protocol.c (_ntbtls_read_certificate): Call debug_crt.
Signed-off-by: Werner Koch <wk@gnupg.org>
NIIBE Yutaka [Fri, 20 Jan 2017 04:13:02 +0000 (13:13 +0900)]
configure: Add check for sys/socket.
* configure.ac (gl_HEADER_SYS_SOCKET): Add.
* m4/sys_socket_h.m4: New from gnupg.
* src/Makefile.am (libntbtls_la_LIBADD, ntbtls_cli_LDADD): Fix.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 20 Jan 2017 03:28:35 +0000 (12:28 +0900)]
Fix ntbtls-cli.c for Windows.
* src/ntbtls-cli.c: Include files fix.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Fri, 20 Jan 2017 03:03:53 +0000 (12:03 +0900)]
Add src/versioninfo.rc.in.
* src/versioninfo.rc.in: New.
* src/Makefile.am (EXTRA_DIST): Add versioninfo.rc.in.
* configure.ac: Add versioninfo.rc output.
--
The file is copied from libassuan and edited.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 10:21:49 +0000 (19:21 +0900)]
Add missing m4/libtool.m4.
* m4/Makefile.am (EXTRA_DIST): Update.
* m4/libtool.m4: New.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 07:58:45 +0000 (16:58 +0900)]
Fix ciphersuite version check.
* src/ciphersuites.c (_ntbtls_ciphersuite_version_ok): Fix.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 07:34:45 +0000 (16:34 +0900)]
Release CA at ntbtls_release.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 06:36:50 +0000 (15:36 +0900)]
Rename ntbtls_x509_* to ntbtls_x509_cert_*.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 05:04:10 +0000 (14:04 +0900)]
Expose x509 certificate API.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 04:11:17 +0000 (13:11 +0900)]
Expose ntbtls_set_ca_chain API.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Thu, 19 Jan 2017 01:04:48 +0000 (10:04 +0900)]
Use hostname removing peer_cn.
* src/context.h (struct _ntbtls_context_s): Remove peer_cn field.
* src/protocol.c (_ntbtls_read_certificate): Use ->hostname.
--
This change reflects the change of mbedtls API:
bc2b771af4b67c900813e58e7c8c77d7907291c1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Wed, 18 Jan 2017 02:11:19 +0000 (11:11 +0900)]
Move pk_encrypt into pkglue.c.
* src/x509.c (_ntbtls_x509_pk_encrypt): Renaming and move to...
* src/pkglue.c (_ntbtls_pk_encrypt): Here. Use _ntbtls_x509_get_pk.
* src/protocol-cli.c (write_encrypted_pms): Follow the rename.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 17 Jan 2017 13:18:14 +0000 (22:18 +0900)]
Implement public key encryption in write_encrypted_pms.
* src/x509.c (ntbtls_x509_pk_encrypt): New.
* src/protocol-cli.c (write_encrypted_pms): Call
ntbtls_x509_pk_encrypt.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Mon, 16 Jan 2017 10:44:55 +0000 (19:44 +0900)]
Ignore non-fatal TLS_ALERT_MSG.
* src/protocol.c (_ntbtls_read_record): Skip to next message.
--
The bug is describe in MbedTLS:
https://tls.mbed.org/discussions/bug-report-issues/mishandling-of-non-fatal-alerts-client-side
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 13 Dec 2016 02:17:03 +0000 (11:17 +0900)]
Fix EOF handling.
* src/protocol.c (_ntbtls_fetch_input): Return GPG_ERR_EOF.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
NIIBE Yutaka [Tue, 13 Dec 2016 00:50:25 +0000 (09:50 +0900)]
Modify autogen.sh for git workflow.
* autogen.sh: Fix to check .git directory.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Werner Koch [Wed, 13 Jul 2016 17:13:23 +0000 (19:13 +0200)]
Small debug message improvement.
* src/protocol-cli.c (parse_signature_algorithm): Show algo names in
debug messages.
* src/util.h: Use the offical GPGRT_ATTR_PRINTF.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Wed, 13 Jul 2016 17:11:24 +0000 (19:11 +0200)]
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
* build-aux/config.guess: Update.
* build-aux/config.sub: Update.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Tue, 25 Aug 2015 19:32:19 +0000 (21:32 +0200)]
Make --disable-build-timestamp the default.
* configure.ac (BUILD_TIMESTAMP): Default to "<none>".
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch [Wed, 24 Jun 2015 10:23:13 +0000 (12:23 +0200)]
Change state handler names from parse_* to read_*.
Werner Koch [Wed, 24 Jun 2015 10:16:14 +0000 (12:16 +0200)]
Rework some debug messages
* src/protocol.c (_ntbtls_state2str): New.
* src/ntbtls-cli.c (simple_client): Send some headers.
Werner Koch [Tue, 23 Jun 2015 14:07:38 +0000 (16:07 +0200)]
Use buffer to int conversion macros and other cleanups.
* src/util.h (buf16_to_uint, buf16_to_size_t)
(buf24_to_size_t, buf32_to_u32): New. Use them where approriate.
* src/protocol.c (is_aead_mode): New. Use instead of explicit
conditionals.
(encrypt_buf, decrypt_buf): Add error checking.
* src/protocol-cli.c (parse_server_dh_params): Set lower limit to
1024.
(parse_server_psk_hint): Check length of length header.
Werner Koch [Tue, 23 Jun 2015 10:31:33 +0000 (12:31 +0200)]
Minor doc updates
--
Werner Koch [Sun, 28 Dec 2014 14:40:09 +0000 (15:40 +0100)]
Code cleanup of the server hello parser.
* src/protocol-cli.c (parse_server_hello): Use meaningful var name and
change strange loop construct.
Werner Koch [Sun, 28 Dec 2014 14:02:27 +0000 (15:02 +0100)]
Add Lucky Thirteen protection.
* src/protocol.c (decrypt_buf): Keep on hashing.
Werner Koch [Sun, 28 Dec 2014 14:01:24 +0000 (15:01 +0100)]
Use new error code GPG_ERR_REQUEST_TOO_LONG.
* src/protocol.c (_ntbtls_fetch_input): Change error code.
Werner Koch [Sun, 28 Dec 2014 12:36:03 +0000 (13:36 +0100)]
Add some comments.
* src/ntbtls-cli.c (main): Add option --help.
Werner Koch [Sun, 28 Dec 2014 12:35:22 +0000 (13:35 +0100)]
Remove unused code for stream modes.
* src/protocol.c (_ntbtls_derive_keys, encrypt_buf)
(decrypt_buf): Remove cipher_mode_stream branches.
Werner Koch [Fri, 3 Oct 2014 06:39:50 +0000 (08:39 +0200)]
Fix compiler warnings about ununsed functions.
--
Werner Koch [Fri, 3 Oct 2014 06:33:06 +0000 (08:33 +0200)]
Add NTBTLS_SAMETRHEAD flags
--
Werner Koch [Thu, 2 Oct 2014 13:05:52 +0000 (15:05 +0200)]
Update m4/ macros and improve ntbtls.m4.
--
Werner Koch [Thu, 2 Oct 2014 08:17:42 +0000 (10:17 +0200)]
Add ntbtls_set_hostname.
Werner Koch [Wed, 1 Oct 2014 16:24:32 +0000 (18:24 +0200)]
Make "make distcheck" work.
--
Werner Koch [Wed, 1 Oct 2014 16:11:44 +0000 (18:11 +0200)]
Add standard doc files
--
Werner Koch [Wed, 1 Oct 2014 16:10:33 +0000 (18:10 +0200)]
First data retrieved from a server.
--
$ ./ntbtls-cli --verbose zimmermann.mayfirst.org
ntbtls-cli: connected to 'zimmermann.mayfirst.org' port 443
ntbtls-cli: starting handshake
ntbtls-cli: handshake done
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Wed, 01 Oct 2014 15:37:59 GMT
....
Werner Koch [Mon, 29 Sep 2014 15:34:28 +0000 (17:34 +0200)]
More changes - first successful handshake.
* src/dhm.c: New.
* src/pkglue.c: New.
* src/util.c: New.
Werner Koch [Mon, 29 Sep 2014 14:16:25 +0000 (16:16 +0200)]
With lots of disabled code it does now build.
--
Werner Koch [Fri, 26 Sep 2014 10:32:19 +0000 (12:32 +0200)]
Add ciphersuites code from PolarSSL.
* src/ciphersuites.c: New. Change license from GPLv2+ to GPLv3+. Some
editorial changes.
* src/ciphersuites.h: New. Ditto.
--
Taken from the files ssl_cipersuites.[hc].
Werner Koch [Thu, 25 Sep 2014 15:11:52 +0000 (17:11 +0200)]
Replaced error codes by libgpg-error and other changes.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Snapshot of the current changes.
--
Werner Koch [Tue, 16 Sep 2014 10:50:22 +0000 (12:50 +0200)]
Remove most non-TLS-1.2 stuff and most configure options - part 2.
* src/protocol-cli.c, src/protocol-srv.c: Simplify.
--
We want a full featured TLS 1.2 only library. All these conditional
compilation stuff makes the code harder to read and test and thus we
include all features. If certain features are to be disabled, this
can be added as runtime options.
Werner Koch [Mon, 15 Sep 2014 07:58:23 +0000 (09:58 +0200)]
Add new header files and rename ssl_{tls,cli,srv}.c.
* src/util.h: New.
* src/ntbtls-int.h: New.
* src/ssl_tls.c: Rename to protocol.c.
* src/ssl_cli.c: Rename to protocol-cli.c.
* src/ssl_srv.c: Rename to protocol-srv.c.
* src/protocol.c, src/protocol-cli.c, src/protocol-srv.c: Change
license from GPLv2+ to GPLv3+. Replace most include files by
ntbtls-int.h.
(polarssl_zeroize): Remove. Change callers to use wipememory.
Werner Koch [Mon, 15 Sep 2014 07:50:52 +0000 (09:50 +0200)]
Add wipemem.h.
* src/wipemem.h: New.
--
The wipememory functions are based on code from Libgcrypt, commit
54df6fcd806f8c150cffe6cc09925bb8b638bb5b. To simplify things the
optimized version is only used if stdint.h and thus uint64_t is
available.
Werner Koch [Mon, 15 Sep 2014 07:06:36 +0000 (09:06 +0200)]
Add some build environment files.
Werner Koch [Mon, 15 Sep 2014 06:27:31 +0000 (08:27 +0200)]
Remove most non-TLS-1.2 stuff and most configure options.
Werner Koch [Fri, 12 Sep 2014 16:42:33 +0000 (18:42 +0200)]
Change indentation of all files.
--
Werner Koch [Fri, 12 Sep 2014 16:25:48 +0000 (18:25 +0200)]
Initial checking of some file from PolarSSL commit 1910aa7
--
Taken from development branch
1910aa78a3677f1bc2a6c6af61d08dc4cccd917a