summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore3
-rw-r--r--.gitlab-ci.yml2
-rw-r--r--configure.ac3
m---------gnulib0
-rw-r--r--lib/nettle/int/tls1-prf.c26
-rw-r--r--lib/nettle/int/tls1-prf.h1
-rw-r--r--lib/x509/time.c3
-rw-r--r--src/certtool-cfg.c3
-rw-r--r--src/common.c3
-rw-r--r--tests/Makefile.am7
-rwxr-xr-xtests/gnutls-cli-debug.sh2
11 files changed, 30 insertions, 23 deletions
diff --git a/.gitignore b/.gitignore
index 2b23292693..b721fee238 100644
--- a/.gitignore
+++ b/.gitignore
@@ -287,7 +287,8 @@ src/danetool
src/danetool-args.c
src/danetool-args.h
src/gaa.skel
-src/gl
+src/gl/*
+!src/gl/override
src/gnutls-cli
src/gnutls-cli-debug
src/gnutls-serv
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1c4160dcf2..095662bea8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ stages:
# name to allow expiration of old caches.
cache:
- key: "$CI_JOB_NAME-ver16"
+ key: "$CI_JOB_NAME-ver17"
paths:
- cache/
diff --git a/configure.ac b/configure.ac
index 5ab834ad62..e485699f30 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,7 +20,7 @@ dnl Process this file with autoconf to produce a configure script.
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
# USA
-AC_PREREQ(2.63)
+AC_PREREQ(2.64)
dnl when updating version also update LT_REVISION in m4/hooks.m4
AC_INIT([GnuTLS], [3.6.14], [bugs@gnutls.org])
@@ -523,6 +523,7 @@ if test "$gl_gcc_warnings" = yes; then
nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point
nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle)
nw="$nw -Wtype-limits" # Too many warnings in gnulib macros
+ nw="$nw -Warith-conversion" # Too compiler dependent
gl_MANYWARN_ALL_GCC([ws])
gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
diff --git a/gnulib b/gnulib
-Subproject fb64a78174042189f4d012cbd748d565f021cd6
+Subproject 46bdd627ff522193134d31bdfd3ac4e4fddb597
diff --git a/lib/nettle/int/tls1-prf.c b/lib/nettle/int/tls1-prf.c
index 6763d76cc9..19ca5d34dc 100644
--- a/lib/nettle/int/tls1-prf.c
+++ b/lib/nettle/int/tls1-prf.c
@@ -48,6 +48,7 @@ P_hash( void *mac_ctx,
nettle_hash_digest_func *digest,
size_t digest_size,
size_t seed_size, const uint8_t *seed,
+ size_t label_size, const char *label,
size_t dst_length,
uint8_t *dst)
{
@@ -60,6 +61,7 @@ P_hash( void *mac_ctx,
while(left > 0) {
if (started == 0) { /* A(0) */
+ update(mac_ctx, label_size, (const uint8_t *)label); /* hash label */
update(mac_ctx, seed_size, seed);
started = 1;
} else {
@@ -68,6 +70,7 @@ P_hash( void *mac_ctx,
digest(mac_ctx, digest_size, Atmp); /* store A(i) */
update(mac_ctx, digest_size, Atmp); /* hash A(i) */
+ update(mac_ctx, label_size, (const uint8_t *)label); /* hash label */
update(mac_ctx, seed_size, seed); /* hash seed */
if (left < (ssize_t)digest_size)
@@ -88,19 +91,15 @@ tls10_prf(size_t secret_size, const uint8_t *secret,
size_t seed_size, const uint8_t *seed,
size_t length, uint8_t *dst)
{
- int l_s, cseed_size = seed_size + label_size;
+ int l_s;
const uint8_t *s1, *s2;
struct hmac_md5_ctx md5_ctx;
struct hmac_sha1_ctx sha1_ctx;
uint8_t o1[MAX_PRF_BYTES];
- uint8_t cseed[MAX_SEED_SIZE];
- if (cseed_size > MAX_SEED_SIZE || length > MAX_PRF_BYTES)
+ if (length > MAX_PRF_BYTES)
return 0;
- memcpy(cseed, label, label_size);
- memcpy(&cseed[label_size], seed, seed_size);
-
l_s = secret_size / 2;
s1 = &secret[0];
s2 = &secret[l_s];
@@ -113,14 +112,14 @@ tls10_prf(size_t secret_size, const uint8_t *secret,
P_hash(&md5_ctx, (nettle_hash_update_func*)hmac_md5_update,
(nettle_hash_digest_func*)hmac_md5_digest,
MD5_DIGEST_SIZE,
- cseed_size, cseed, length, o1);
+ seed_size, seed, label_size, label, length, o1);
hmac_sha1_set_key(&sha1_ctx, l_s, s2);
P_hash(&sha1_ctx, (nettle_hash_update_func*)hmac_sha1_update,
(nettle_hash_digest_func*)hmac_sha1_digest,
SHA1_DIGEST_SIZE,
- cseed_size, cseed, length, dst);
+ seed_size, seed, label_size, label, length, dst);
memxor(dst, o1, length);
@@ -153,17 +152,8 @@ tls12_prf(void *mac_ctx,
size_t seed_size, const uint8_t *seed,
size_t length, uint8_t *dst)
{
- size_t cseed_size = seed_size + label_size;
- uint8_t cseed[MAX_SEED_SIZE];
-
- if (cseed_size > MAX_SEED_SIZE)
- return 0;
-
- memcpy(cseed, label, label_size);
- memcpy(&cseed[label_size], seed, seed_size);
-
P_hash(mac_ctx, update, digest, digest_size,
- cseed_size, cseed, length, dst);
+ seed_size, seed, label_size, label, length, dst);
return 1;
}
diff --git a/lib/nettle/int/tls1-prf.h b/lib/nettle/int/tls1-prf.h
index f5d9c82702..e79d1c8639 100644
--- a/lib/nettle/int/tls1-prf.h
+++ b/lib/nettle/int/tls1-prf.h
@@ -25,7 +25,6 @@
#include <nettle/nettle-meta.h>
-#define MAX_SEED_SIZE 200
#define MAX_PRF_BYTES 200
/* Namespace mangling */
diff --git a/lib/x509/time.c b/lib/x509/time.c
index fa10a91002..421138436a 100644
--- a/lib/x509/time.c
+++ b/lib/x509/time.c
@@ -245,6 +245,8 @@ time_t _gnutls_x509_generalTime2gtime(const char *ttime)
return time2gtime(ttime, year);
}
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-y2k"
/* tag will contain ASN1_TAG_UTCTime or ASN1_TAG_GENERALIZEDTime */
static int
gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsigned *tag)
@@ -285,6 +287,7 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, unsig
return 0;
}
+#pragma GCC diagnostic pop
static int
gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size)
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index fbbb4c6ab9..03358524d6 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -660,6 +660,8 @@ read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
free(lineptr);
}
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
/* The input_str should contain %d or %u to print the default.
*/
static int64_t read_int_with_default(const char *input_str, long def)
@@ -714,6 +716,7 @@ static int64_t read_int_with_default(const char *input_str, long def)
return l;
}
+#pragma GCC diagnostic pop
int64_t read_int(const char *input_str)
{
diff --git a/src/common.c b/src/common.c
index 9b0d385ca3..823a8a83fa 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1265,6 +1265,8 @@ void log_set(FILE *file)
logfile = file;
}
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-y2k"
/* This is very similar to ctime() but it does not force a newline.
*/
char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE])
@@ -1283,3 +1285,4 @@ char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE])
snprintf(out, SIMPLE_CTIME_BUF_SIZE, "[error]");
return out;
}
+#pragma GCC diagnostic pop
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0387bf7389..ec5ec3f505 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -607,6 +607,13 @@ else
TESTS_ENVIRONMENT += ENABLE_SSL3=0
endif
+if ENABLE_GOST
+TESTS_ENVIRONMENT += ENABLE_GOST=1
+else
+TESTS_ENVIRONMENT += ENABLE_GOST=0
+endif
+
+
if WANT_TEST_SUITE
LOG_COMPILER = $(VALGRIND)
diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh
index 3351764216..2a1738cc6e 100755
--- a/tests/gnutls-cli-debug.sh
+++ b/tests/gnutls-cli-debug.sh
@@ -207,7 +207,7 @@ if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then
echo "Checking output of gnutls-cli-debug for GOST-enabled server"
eval "${GETPORT}"
- launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY4} --x509certfile ${CERT4} >/dev/null 2>&1
+ launch_server $$ --echo --priority "NORMAL:+GOST" --x509keyfile ${KEY4} --x509certfile ${CERT4} >/dev/null 2>&1
PID=$!
wait_server ${PID}
View Lorry Controller Status