diff options
author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-06-15 09:26:49 +0000 |
---|---|---|
committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-06-15 09:26:49 +0000 |
commit | 5c7ec5abb8947795b35b18a91eaaf097ebff4d06 (patch) | |
tree | 5b7baaa0a10991aa52cb2f2fb24ed0b618a46f8a | |
parent | 19684cc408a44cf2993a3d59a9cb651072166b8e (diff) | |
parent | a6682109440d8ba1163c4e207e41833c7962dcd6 (diff) | |
download | gnutls-5c7ec5abb8947795b35b18a91eaaf097ebff4d06.tar.gz |
Merge branch 'tmp-enum' into 'master'
build: minor fixes
See merge request gnutls/gnutls!1287
-rw-r--r-- | .gitignore | 28 | ||||
-rw-r--r-- | .gitlab-ci.yml | 2 | ||||
-rw-r--r-- | lib/algorithms.h | 13 | ||||
-rw-r--r-- | lib/algorithms/sign.c | 2 | ||||
-rw-r--r-- | lib/crypto-api.c | 4 | ||||
-rw-r--r-- | lib/hash_int.c | 2 | ||||
-rw-r--r-- | lib/nettle/pk.c | 8 | ||||
-rw-r--r-- | lib/tls-sig.c | 4 | ||||
-rw-r--r-- | lib/tls13-sig.c | 4 | ||||
-rw-r--r-- | lib/tls13/finished.c | 2 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 4 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 2 | ||||
-rw-r--r-- | src/certtool.c | 6 | ||||
-rw-r--r-- | tests/slow/hash-large.c | 2 |
14 files changed, 61 insertions, 22 deletions
diff --git a/.gitignore b/.gitignore index 88c4d33b68..2b23292693 100644 --- a/.gitignore +++ b/.gitignore @@ -344,6 +344,7 @@ tests/atfork tests/auto-verify tests/base64 tests/base64-raw +tests/buffer tests/cert tests/cert-key-exchange tests/cert-status @@ -353,6 +354,7 @@ tests/certificate_set_x509_crl tests/certuniqueid tests/chainverify tests/chainverify-unsorted +tests/cipher-alignment tests/cipher-test tests/client tests/client-fastopen @@ -376,6 +378,7 @@ tests/cve-2009-1416 tests/dane tests/dane-strcodes tests/datefudge-check +tests/dh-compute tests/dh-params tests/dhepskself tests/dhex509self @@ -386,6 +389,7 @@ tests/dtls-client-with-seccomp tests/dtls-etm tests/dtls-handshake-versions tests/dtls-max-record +tests/dtls-pthread tests/dtls-record-check tests/dtls-rehandshake-anon tests/dtls-rehandshake-cert @@ -402,9 +406,11 @@ tests/dtls1.0-cert-key-exchange tests/dtls1.2-cert-key-exchange tests/dtls10-cert-key-exchange tests/dtls12-cert-key-exchange +tests/dtls_hello_random_value tests/duplicate-extensions tests/eagain tests/eagain-auto-auth +tests/ecdh-compute tests/empty_retrieve_function tests/fallback-scsv tests/finished @@ -414,6 +420,7 @@ tests/fips-test tests/gc tests/global-init tests/global-init-override +tests/gnutls-ids tests/gnutls-strcodes tests/gnutls_ext_raw_parse tests/gnutls_ext_raw_parse_dtls @@ -454,6 +461,7 @@ tests/key-usage-ecdhe-rsa tests/key-usage-rsa tests/keygen tests/keylog-env +tests/keylog-func tests/libpkcs11mock1.la tests/libpkcs11mock2.la tests/libutils.la @@ -521,6 +529,8 @@ tests/mini-x509-ipaddr tests/mini-x509-kx tests/mini-x509-rehandshake tests/mini-xssl +tests/missingissuer +tests/missingissuer_aia tests/moredn tests/mpi tests/multi-alerts @@ -537,6 +547,7 @@ tests/ocsp tests/ocsp-filename-memleak tests/ocsp-resp tests/oids +tests/openconnect-dtls12 tests/openpgp-auth tests/openpgp-auth2 tests/openpgp-callback @@ -617,6 +628,7 @@ tests/privkey-keygen tests/privkey-verify-broken tests/psk-file tests/pskself +tests/pskself2 tests/pubkey-import-export tests/random-art tests/rawpk-api @@ -643,6 +655,8 @@ tests/resume-with-previous-stek tests/resume-with-record-size-limit tests/resume-with-stek-expiration tests/resume-x509 +tests/rfc7633-missing +tests/rfc7633-ok tests/rng-fork tests/rng-no-onload tests/rng-op-key @@ -693,6 +707,7 @@ tests/set_x509_key_file_ocsp_multi tests/set_x509_key_file_ocsp_multi2 tests/set_x509_key_mem tests/set_x509_key_utf8 +tests/set_x509_ocsp_multi_cli tests/set_x509_ocsp_multi_invalid tests/set_x509_ocsp_multi_pem tests/set_x509_ocsp_multi_unknown @@ -705,10 +720,12 @@ tests/sign-md5-rep tests/sign-pk-api tests/sign-verify tests/sign-verify-data +tests/sign-verify-data-newapi tests/sign-verify-deterministic tests/sign-verify-ed25519-rfc8080 tests/sign-verify-ext tests/sign-verify-ext4 +tests/sign-verify-newapi tests/simple tests/slow/cipher-api-test tests/slow/cipher-compat @@ -722,6 +739,8 @@ tests/slow/hash-large tests/slow/keygen tests/slow/mac-override tests/softhsm-*.db/ +tests/softhsm-neg-no-key.config +tests/softhsm-post-handshake-with-cert-pkcs11.config tests/spki tests/spki-abstract tests/srp @@ -767,7 +786,10 @@ tests/suite/testpkcs11.debug tests/suite/testtpm.sh tests/suite/tlslite tests/suite/x509paths/X509tests +tests/system-override-hash +tests/system-override-sig tests/system-prio-file +tests/time tests/tls-client-with-seccomp tests/tls-crt_type-neg tests/tls-etm @@ -777,6 +799,7 @@ tests/tls-force-etm tests/tls-max-record tests/tls-neg-ext-key tests/tls-neg-ext4-key +tests/tls-pthread tests/tls-record-size-limit tests/tls-record-size-limit-asym tests/tls-rehandshake-anon @@ -827,6 +850,7 @@ tests/tls13-rehandshake-cert tests/tls13-resume-psk tests/tls13-resume-x509 tests/tls13-server-kx-neg +tests/tls13-without-timeout-func tests/tls13/anti_replay tests/tls13/change_cipher_spec tests/tls13/cookie @@ -837,6 +861,7 @@ tests/tls13/key_share tests/tls13/key_update tests/tls13/key_update_multiple tests/tls13/multi-ocsp +tests/tls13/no-auto-send-ticket tests/tls13/no-psk-exts tests/tls13/ocsp-client tests/tls13/post-handshake-with-cert @@ -851,7 +876,7 @@ tests/tls13/psk-dumbfw tests/tls13/psk-ext tests/tls13/supported_versions tests/tls13/tls12-no-tls13-exts -tests/tls13/no-auto-send-ticket +tests/tls_hello_random_value tests/tlsext-decoding tests/tlsfeature-crt tests/tlsfeature-ext @@ -871,6 +896,7 @@ tests/x509-dn tests/x509-dn-decode tests/x509-dn-decode-compat tests/x509-extensions +tests/x509-server-verify tests/x509-verify-with-crl tests/x509_altname tests/x509cert diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 86b2d589fb..628dd367b1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: # name to allow expiration of old caches. cache: - key: "$CI_JOB_NAME-ver15" + key: "$CI_JOB_NAME-ver16" paths: - cache/ diff --git a/lib/algorithms.h b/lib/algorithms.h index 9cdb3abf7a..7a051b6365 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -174,11 +174,24 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e) return e->key_size; } +inline static gnutls_digest_algorithm_t +_gnutls_mac_to_dig(gnutls_mac_algorithm_t mac) +{ + if (unlikely(mac >= GNUTLS_MAC_AEAD)) + return GNUTLS_DIG_UNKNOWN; + + return (gnutls_digest_algorithm_t)mac; +} + +#define MAC_TO_DIG(mac) _gnutls_mac_to_dig(mac) + /* Functions for digests. */ #define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid #define _gnutls_digest_get_name _gnutls_mac_get_name #define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len +#define DIG_TO_MAC(dig) (gnutls_mac_algorithm_t)(dig) + /* Security against pre-image attacks */ inline static int _gnutls_digest_is_secure(const mac_entry_st * e) { diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 0d8d1a89c9..2728a54478 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -797,7 +797,7 @@ _gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign) if (unlikely(se == NULL)) return 0; - me = mac_to_entry(se->hash); + me = hash_to_entry(se->hash); if (unlikely(me == NULL)) return 0; diff --git a/lib/crypto-api.c b/lib/crypto-api.c index adef4bee7b..bd600ef166 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -588,7 +588,7 @@ int gnutls_hash_init(gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); *dig = gnutls_malloc(sizeof(digest_hd_st)); @@ -684,7 +684,7 @@ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, const void *ptext, size_t ptext_len, void *digest) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); return _gnutls_hash_fast(algorithm, ptext, ptext_len, digest); diff --git a/lib/hash_int.c b/lib/hash_int.c index 8c528d5f90..59eddeba37 100644 --- a/lib/hash_int.c +++ b/lib/hash_int.c @@ -80,7 +80,7 @@ int _gnutls_digest_exists(gnutls_digest_algorithm_t algo) { const gnutls_crypto_digest_st *cc = NULL; - if (is_mac_algo_forbidden(algo)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algo))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); cc = _gnutls_get_crypto_digest(algo); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index ccf403b007..57a8560ede 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -917,7 +917,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) { gnutls_assert(); _gnutls_debug_log @@ -987,7 +987,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_ecdsa_compute_k(k, curve_id, pk_params->params[ECC_K], - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1056,7 +1056,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_dsa_compute_k(k, pub.q, TOMPZ(priv), - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1312,7 +1312,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 779e02c18f..7d2b04323e 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -160,7 +160,7 @@ _gnutls_handshake_sign_data10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); @@ -788,7 +788,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c index e15d8305e2..b14390e353 100644 --- a/lib/tls13-sig.c +++ b/lib/tls13-sig.c @@ -104,7 +104,7 @@ _gnutls13_handshake_verify_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len, prefix); @@ -186,7 +186,7 @@ _gnutls13_handshake_sign_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length, tmp); diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c index 35ab87f9af..68eab993ea 100644 --- a/lib/tls13/finished.c +++ b/lib/tls13/finished.c @@ -45,7 +45,7 @@ int _gnutls13_compute_finished(const mac_entry_st *prf, if (ret < 0) return gnutls_assert_val(ret); - ret = gnutls_hash_fast(prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(prf->id), handshake_hash_buffer->data, handshake_hash_buffer->length, ts_hash); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index cdb284026a..2dc0823905 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1098,7 +1098,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) return _gnutls_asn2err(result); } - algo = gnutls_oid_to_digest(oid); + algo = DIG_TO_MAC(gnutls_oid_to_digest(oid)); if (algo == GNUTLS_MAC_UNKNOWN) { unknown_mac: gnutls_assert(); @@ -1970,7 +1970,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, *oid = (char*)tmp.data; } - algo = gnutls_oid_to_digest((char*)tmp.data); + algo = DIG_TO_MAC(gnutls_oid_to_digest((char*)tmp.data)); if (algo == GNUTLS_MAC_UNKNOWN || mac_to_entry(algo) == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 98669e8879..0ff55ba04b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2277,7 +2277,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, /* If we add any attribute we should add them all */ /* Add hash */ digest_size = _gnutls_hash_get_algo_len(me); - ret = gnutls_hash_fast(me->id, data->data, data->size, digest); + ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, digest); if (ret < 0) { gnutls_assert(); return ret; diff --git a/src/certtool.c b/src/certtool.c index 0e24ac8281..6bdfe376b1 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1426,9 +1426,9 @@ static void cmd_parser(int argc, char **argv) if (HAVE_OPT(VERIFY_PROFILE)) { if (strcasecmp(OPT_ARG(VERIFY_PROFILE), "none")) { - cinfo.verification_profile = GNUTLS_PROFILE_UNKNOWN; + cinfo.verification_profile = (gnutls_sec_param_t)GNUTLS_PROFILE_UNKNOWN; } else { - cinfo.verification_profile = gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); + cinfo.verification_profile = (gnutls_sec_param_t)gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); } } else if (!HAVE_OPT(VERIFY_ALLOW_BROKEN)) { if (HAVE_OPT(VERIFY_CHAIN) || HAVE_OPT(VERIFY)) { @@ -2956,7 +2956,7 @@ void generate_pkcs12(common_info_st * cinfo) } if (cinfo->hash != GNUTLS_DIG_UNKNOWN) - mac = cinfo->hash; + mac = (gnutls_mac_algorithm_t)cinfo->hash; else mac = GNUTLS_MAC_SHA1; diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c index 33dc1df0da..71312ef369 100644 --- a/tests/slow/hash-large.c +++ b/tests/slow/hash-large.c @@ -139,7 +139,7 @@ void doit(void) /* SHA1 */ err = - gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size, + gnutls_hash_fast(GNUTLS_DIG_SHA1, buf, size, digest); if (err < 0) fail("gnutls_hash_fast(SHA1) failed: %d\n", err); |