[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-76-g3a7536e
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-76-g3a7536e |
Date: |
Sun, 04 Nov 2012 16:35:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3a7536e2e12597b4e2831dd07f5dfba94a747aa9
The branch, master has been updated
via 3a7536e2e12597b4e2831dd07f5dfba94a747aa9 (commit)
via 1fb6dfb37e249fcbfb3807aaa32db88e2d570502 (commit)
via c40b9845e723a9b405cccc501e5eeb440791c13c (commit)
via c17feb96403ad8bb827702bd5e52a7fb81a3e71b (commit)
from c7b89cd1fc7dd40c72b2c23bd7f4c125c3aeaed1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3a7536e2e12597b4e2831dd07f5dfba94a747aa9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 4 17:34:23 2012 +0100
verify all possible entries
commit 1fb6dfb37e249fcbfb3807aaa32db88e2d570502
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 4 17:31:10 2012 +0100
danetool doc fix
commit c40b9845e723a9b405cccc501e5eeb440791c13c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 4 17:22:39 2012 +0100
Added HMAC prefix to SRTP profiles and updated documentation.
commit c17feb96403ad8bb827702bd5e52a7fb81a3e71b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 4 13:01:01 2012 +0100
separate entries.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 5 ++-
lib/ext/srtp.c | 20 +++++-----
lib/includes/gnutls/gnutls.h.in | 16 ++++----
src/danetool-args.c | 14 +++---
src/danetool-args.def | 4 +-
src/danetool-args.h | 2 +-
src/danetool.c | 84 +++++++++++++++++++-------------------
7 files changed, 74 insertions(+), 71 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index b2b46de..624efb9 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -601,7 +601,10 @@ request.
The TLS protocol was extended in @xcite{RFC5764} to provide keying material to
the
Secure RTP (SRTP) protocol. The SRTP protocol provides an encapsulation of
encrypted
data that is optimized for voice data. With the SRTP TLS extension two peers
can
-negotiate keys using TLS or DTLS and obtain keying material for use with SRTP.
+negotiate keys using TLS or DTLS and obtain keying material for use with SRTP.
The
+available SRTP profiles are listed below.
+
address@hidden,Supported SRTP profiles}
To enable use the following functions.
diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
index 35e99fa..7cc41d8 100644
--- a/lib/ext/srtp.c
+++ b/lib/ext/srtp.c
@@ -61,23 +61,23 @@ typedef struct
static const srtp_profile_st profile_names[] = {
{
- "SRTP_AES128_CM_SHA1_80",
- GNUTLS_SRTP_AES128_CM_SHA1_80,
+ "SRTP_AES128_CM_HMAC_SHA1_80",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
16,14
},
{
- "SRTP_AES128_CM_SHA1_32",
- GNUTLS_SRTP_AES128_CM_SHA1_32,
+ "SRTP_AES128_CM_HMAC_SHA1_32",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
16,14
},
{
- "SRTP_NULL_SHA1_80",
- GNUTLS_SRTP_NULL_SHA1_80,
+ "SRTP_NULL_HMAC_SHA1_80",
+ GNUTLS_SRTP_NULL_HMAC_SHA1_80,
16,14
},
{
"SRTP_NULL_SHA1_32",
- GNUTLS_SRTP_NULL_SHA1_32,
+ GNUTLS_SRTP_NULL_HMAC_SHA1_32,
16,14
},
{
@@ -448,12 +448,12 @@ gnutls_srtp_set_profile_direct (gnutls_session_t session,
* This is a helper function to generate the keying material for SRTP.
* It requires the space of the key material to be pre-allocated (should be at
least
* 2x the maximum key size and salt size). The @client_key, @client_salt,
@server_key
- * and @server_salt are convenience datums that point inside the key material.
The may
+ * and @server_salt are convenience datums that point inside the key material.
They may
* be %NULL.
*
* Returns: On success the size of the key material is returned,
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not sufficient,
- * or a negative error code.
+ * otherwise, %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * sufficient, or a negative error code.
*
* Since 3.1.4
**/
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 505b992..565e5be 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -972,19 +972,19 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
/**
* gnutls_srtp_profile_t:
- * @GNUTLS_SRTP_AES128_CM_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
- * @GNUTLS_SRTP_AES128_CM_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
- * @GNUTLS_SRTP_NULL_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
- * @GNUTLS_SRTP_NULL_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
+ * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
+ * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
+ * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
+ * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
*
* Enumeration of different SRTP protection profiles.
*/
typedef enum
{
- GNUTLS_SRTP_AES128_CM_SHA1_80 = 0x0001,
- GNUTLS_SRTP_AES128_CM_SHA1_32 = 0x0002,
- GNUTLS_SRTP_NULL_SHA1_80 = 0x0005,
- GNUTLS_SRTP_NULL_SHA1_32 = 0x0006
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
+ GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
+ GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
} gnutls_srtp_profile_t;
int gnutls_srtp_set_profile (gnutls_session_t session,
diff --git a/src/danetool-args.c b/src/danetool-args.c
index d50d476..4eca21f 100644
--- a/src/danetool-args.c
+++ b/src/danetool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (danetool-args.c)
*
- * It has been AutoGen-ed November 1, 2012 at 07:45:47 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 4, 2012 at 05:31:43 PM by AutoGen 5.16
* From the definitions danetool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* danetool option static const strings
*/
-static char const danetool_opt_strs[2257] =
+static char const danetool_opt_strs[2260] =
/* 0 */ "danetool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -151,9 +151,9 @@ static char const danetool_opt_strs[2257] =
/* 2096 */ "address@hidden"
/* 2115 */ "\n\n\0"
/* 2118 */ "\n"
- "Tool generate DNS resource records for the DANE protocol.\n\0"
-/* 2178 */ "danetool @address@hidden"
-/* 2197 */ "danetool [options]\n"
+ "Tool to generate DNS resource records for the DANE protocol.\n\0"
+/* 2181 */ "danetool @address@hidden"
+/* 2200 */ "danetool [options]\n"
"danetool --help for usage instructions.\n";
/*
@@ -625,7 +625,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define zBugsAddr (danetool_opt_strs+2096)
#define zExplain (danetool_opt_strs+2115)
#define zDetail (danetool_opt_strs+2118)
-#define zFullVersion (danetool_opt_strs+2178)
+#define zFullVersion (danetool_opt_strs+2181)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -639,7 +639,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define danetool_full_usage (NULL)
-#define danetool_short_usage (danetool_opt_strs+2197)
+#define danetool_short_usage (danetool_opt_strs+2200)
#endif /* not defined __doxygen__ */
diff --git a/src/danetool-args.def b/src/danetool-args.def
index dc29c4f..e01dfdd 100644
--- a/src/danetool-args.def
+++ b/src/danetool-args.def
@@ -2,7 +2,7 @@ AutoGen Definitions options;
prog-name = danetool;
prog-title = "GnuTLS DANE tool";
prog-desc = "Generate DANE TLSA RR entries.";
-detail = "Tool generate DNS resource records for the DANE protocol.";
+detail = "Tool to generate DNS resource records for the DANE protocol.";
short-usage = "danetool [options]\ndanetool --help for usage
instructions.\n";
explain = "";
@@ -116,7 +116,7 @@ doc-section = {
ds-type = 'SEE ALSO';
ds-format = 'texi';
ds-text = <<-_EOT_
- p11tool (1)
+ certtool (1)
_EOT_;
};
diff --git a/src/danetool-args.h b/src/danetool-args.h
index dfab6bb..139727b 100644
--- a/src/danetool-args.h
+++ b/src/danetool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (danetool-args.h)
*
- * It has been AutoGen-ed November 1, 2012 at 07:45:46 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 4, 2012 at 05:31:43 PM by AutoGen 5.16
* From the definitions danetool-args.def
* and the template file options
*
diff --git a/src/danetool.c b/src/danetool.c
index a662296..1cf92ff 100644
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2012 Free Software Foundation, Inc.
*
* This file is part of GnuTLS.
*
@@ -213,62 +213,62 @@ size_t size;
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_hex_encode: %s", dane_strerror (ret));
- fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port,
proto, host, usage, type, match, buffer);
+ fprintf(outfile, "\nEntry %d:\n_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s
)\n", i+1, port, proto, host, usage, type, match, buffer);
printf("\nCertificate usage: %s\n", dane_cert_usage_name(usage));
printf("Certificate type: %s\n", dane_cert_type_name(type));
printf("Contents: %s\n", dane_match_type_name(match));
printf("Data: %s\n", buffer);
- }
-
- /* Verify the DANE data */
- if (cinfo->cert)
- {
- gnutls_x509_crt_t *clist;
- unsigned int clist_size, status;
-
- ret = gnutls_load_file(cinfo->cert, &file);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror (ret));
-
- ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file,
cinfo->incert_format, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s",
gnutls_strerror (ret));
-
- if (clist_size > 0)
+ /* Verify the DANE data */
+ if (cinfo->cert)
{
- gnutls_datum_t certs[clist_size];
- gnutls_datum_t out;
- unsigned int i;
+ gnutls_x509_crt_t *clist;
+ unsigned int clist_size, status;
- for (i=0;i<clist_size;i++)
- {
- ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER,
&certs[i]);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s",
gnutls_strerror (ret));
- }
-
- ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509,
- host, proto, port, 0, 0, &status);
+ ret = gnutls_load_file(cinfo->cert, &file);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror
(ret));
-
- ret = dane_verification_status_print(status, &out, 0);
+ error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror
(ret));
+
+ ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file,
cinfo->incert_format, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_verification_status_print: %s",
dane_strerror (ret));
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s",
gnutls_strerror (ret));
- printf("\nVerification: %s\n", out.data);
- gnutls_free(out.data);
-
- for (i=0;i<clist_size;i++)
+ if (clist_size > 0)
{
- gnutls_free(certs[i].data);
- gnutls_x509_crt_deinit(clist[i]);
+ gnutls_datum_t certs[clist_size];
+ gnutls_datum_t out;
+ unsigned int i;
+
+ for (i=0;i<clist_size;i++)
+ {
+ ret = gnutls_x509_crt_export2( clist[i],
GNUTLS_X509_FMT_DER, &certs[i]);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s",
gnutls_strerror (ret));
+ }
+
+ ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509,
+ host, proto, port, 0, 0, &status);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror
(ret));
+
+ ret = dane_verification_status_print(status, &out, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "dane_verification_status_print: %s",
dane_strerror (ret));
+
+ printf("\nVerification: %s\n", out.data);
+ gnutls_free(out.data);
+
+ for (i=0;i<clist_size;i++)
+ {
+ gnutls_free(certs[i].data);
+ gnutls_x509_crt_deinit(clist[i]);
+ }
+ gnutls_free(clist);
}
- gnutls_free(clist);
}
}
+
dane_query_deinit(q);
dane_state_deinit(s);
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_3-76-g3a7536e,
Nikos Mavrogiannopoulos <=