summaryrefslogtreecommitdiff
path: root/.gitignore
Commit message (Collapse)AuthorAgeFilesLines
* gnulib: update git submoduleDaiki Ueno2020-09-171-1/+2
| | | | | | | | | This brings in the build fixes of parse-datetime module: https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitignore: ignore more filesDaiki Ueno2020-06-151-1/+27
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gnulib: update git submoduleDaiki Ueno2020-05-291-1/+2
| | | | | | | | | | | This brings in the new fopen-gnu module and the RF_SENSITIVE flag for fread_file and read_file. This also adds the following changes to be consistent with the latest changes in Gnulib: - the callers of fread_file and read_file to be adjusted for the FLAGS argument - "attribute.h" needs to be used extensively Signed-off-by: Daiki Ueno <ueno@gnu.org>
* nettle: avoid manual backports of CFB8, CMAC, and XTSDaiki Ueno2020-05-041-1/+1
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* fips: check library soname during configuretmp-check-sonameDaiki Ueno2020-04-241-0/+2
| | | | | | | | | | | | Previously, we hard-coded the sonames of linked libraries for FIPS integrity checking. That required downstream packagers to manually adjust the relevant code in lib/fips.c, when a new interface version of the dependent libraries (nettle, gmp) becomes available and linked to libgnutls. This patch automates that process with the configure script. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp-no-auto-send-ticket' into 'master'Daiki Ueno2020-04-201-0/+1
|\ | | | | | | | | handshake-tls13: add session flag to disable sending session tickets See merge request gnutls/gnutls!1234
| * handshake-tls13: add session flag to disable sending session ticketstmp-no-auto-send-ticketDaiki Ueno2020-04-131-0/+1
| | | | | | | | | | | | | | | | | | While GnuTLS by default implicitly sends NewSessionTicket during handshake, application protocols like QUIC set a clear boundary between "in handshake" and "post handshake", and NST must be sent in the post handshake state. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | nettle: use new imported source files for GOST DSADmitry Baryshkov2020-04-141-1/+1
| | | | | | | | | | | | | | Provide GOST support using source files copied by script rather than manually crafted by me. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Compare DNs by comparing their string representationsPierre Ossman2020-04-031-0/+1
|/ | | | | | | | A binary comparison will not work in case the contents is the same but the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such variations are permitted so we need to handle them. Signed-off-by: Pierre Ossman <ossman@cendio.se>
* nettle: vendor in ChaCha20 implementation from nettleDaiki Ueno2020-03-191-0/+1
| | | | | | | This enables to use bundled ChaCha20 implementation if the system nettle doesn't have nettle_chacha_set_counter. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* keylogfile: generalize with a callbacktmp-keylog-hookDaiki Ueno2020-02-071-0/+1
| | | | | | | | | This refactors the keylogfile mechanism by adding a callback to get notified when a new secret is derived and installed. That way, consumers can implement custom logging feature per session, which is particularly useful in QUIC implementation. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* crypto-api: add generic crypto functions for KDFDaiki Ueno2020-02-041-0/+1
| | | | | | | | | | This exposes HKDF and PBKDF2 functions from the library. Instead of defining a single KDF interface as in PKCS #11, this patch defines 3 distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2 derivation, so that we can take advantage of compile time checking of necesssary parameters. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: vendor in Curve448 and Ed448 implementationDaiki Ueno2020-01-231-0/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tests: add test for revoked OCSP responsetmp-ocsp-revocationDaiki Ueno2020-01-101-0/+1
| | | | | | | This adds a test that exercises a failed handshake upon receipt of an OCSP response with the "revoked" status. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* crypto-api: add gnutls_aead_cipher_{en,de}cryptv2tmp-encryptv2Daiki Ueno2019-08-091-0/+1
| | | | | | | This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and gnutls_aead_cipher_decrypt(), that works on data buffers. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* iov: add iterator interface for giovec_tDaiki Ueno2019-08-091-0/+1
| | | | | | | This adds an iterator interface over giovec_t array, extracting a fixed sized block. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* pk: implement deterministic ECDSA/DSADaiki Ueno2019-08-081-0/+1
| | | | | | | This exposes the deterministic ECDSA/DSA functionality through the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* pkcs11: ignore login error when traversing tokensDaiki Ueno2019-07-111-0/+1
| | | | | | | | | | | | | | | If a token is a general access device, it is expected that login attempt to that token returns error: https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852 On the other hand, _pkcs11_traverse_tokens treats the error as fatal and stops iteration. This behavior prevents object search without token specifier if such tokens are registered in the system. Reported by Stanislav Zidek in https://bugzilla.redhat.com/show_bug.cgi?id=1705478 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls13/key_update: ignore multiple key updates instead of errortmp-keyupdate-fixesDaiki Ueno2019-06-051-0/+1
| | | | | | | | This fixes the multiple KeyUpdate messages handling in commit 65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is sent even if the limit doesn't exceed. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* server auth: disable TLS 1.3 if no signature algorithm is usableDaiki Ueno2019-05-201-0/+1
| | | | | | | | | | This is a server side counterpart of 005a4d04145707daad9588acedfdb5f6cd97c80c. Instead of signalling an error when no algorithm is usable in TLS 1.3, it downgrades the session to TLS 1.2 with a warning. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* ext/record_size_limit: distinguish sending and receiving limitstmp-record-sizesDaiki Ueno2019-05-141-0/+1
| | | | | | | | | | | | | | | | The previous behavior was that both sending and receiving limits are negotiated to be the same value. It was problematic when: - client sends a record_size_limit with a large value in CH - server sends a record_size_limit with a smaller value in EE - client updates the limit for both sending and receiving, upon receiving EE - server sends a Certificate message larger than the limit With this patch, each peer maintains the sending / receiving limits separately so not to confuse with the contradicting settings. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tests: make datefudge check robusterDaiki Ueno2019-04-191-0/+1
| | | | | | | | | When checking datefudge availability under cross-compiling environment with a binfmt wrapper, it is not sufficient to check against the host executable. This instead uses a test executable compiled for the target architecture. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* prf: add function to retrieve early keying materialDaiki Ueno2019-04-191-0/+1
| | | | | | | | | This adds a new function gnutls_prf_early, which shall be called in a handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test needs to be run in a datefudge wrapper as the early secrets depend on the current time (through PSK). Signed-off-by: Daiki Ueno <dueno@redhat.com>
* .gitignore: ignore tests/libpkcs11mock2.laNikos Mavrogiannopoulos2019-04-161-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: add post-handshake auth test using PKCS#11 tokenDaiki Ueno2019-04-071-0/+1
| | | | | | | This adds a test that exercise the client's auth rejection logic, using the RSA-PSS disabled PKCS #11 token. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Update ax_code_coverage.m4 to latest release of autoconf-archivetmp-update-ax-code-coverageTim Rühsen2019-02-221-0/+2
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* .gitignore: add test filesAlon Bar-Lev2019-01-271-2/+5
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: check record_size_limit is reset after resumptionDaiki Ueno2019-01-231-0/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* auto-generate the AUTHORS filetmp-authorsNikos Mavrogiannopoulos2019-01-191-0/+1
| | | | | | | | | The original file was unmaintained since long time. This is now auto-generated from the git shortlog, at release time. Relates: #606 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Remove auto-generated gnulib files from repoTim Rühsen2019-01-021-0/+2
| | | | | | | | Bootstrapping with latest gnulib updated both files, so they are obviously auto-generated files which do not belong into the repository. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Implemented support for raw public-key functionality (RFC7250).Tom Vrancken2018-12-151-0/+2
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* .gitignore: ignore more files and sort them alphabeticallyDaiki Ueno2018-11-241-77/+90
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* build: minor cleanup of mech-list.h generationtmp-autogen-bakDaiki Ueno2018-11-131-0/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* TLS 1.3: implement anti-replay measure using ClientHello recordingDaiki Ueno2018-11-121-0/+1
| | | | | | | This implements ClientHello recording outlined in section 8.2 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tests: add tests for early dataDaiki Ueno2018-11-121-0/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* .gitignore: updatedNikos Mavrogiannopoulos2018-09-141-1/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: introduced test for post-handshake auth + PSKNikos Mavrogiannopoulos2018-07-021-0/+1
| | | | | | Relates #489 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: added new test executablesNikos Mavrogiannopoulos2018-06-271-119/+212
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Update .gitignore files according to bootstrapDmitry Eremin-Solenikov2018-06-271-0/+1
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Add bootstrap + bootstrap.confTim Rühsen2018-06-141-290/+9
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* fuzzer: Initial check in for improved fuzzingTim Rühsen2017-08-161-0/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* .gitignore: ignore new testsNikos Mavrogiannopoulos2017-07-101-0/+30
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitignore: more files to ignoreNikos Mavrogiannopoulos2017-03-211-0/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitignore: more files to ignoreNikos Mavrogiannopoulos2017-03-131-58/+74
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: Added IDNA encoding/decoding fuzzying unitsNikos Mavrogiannopoulos2017-01-261-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* valgrind: support separate builddir for suppressions.valgrindAlon Bar-Lev2017-01-231-1/+0
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: update [ci skip]Alon Bar-Lev2017-01-051-1/+15
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: sort()Alon Bar-Lev2017-01-051-354/+354
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tools: use stamp files to allow parallel build of autogen filesNikos Mavrogiannopoulos2016-11-291-0/+1
| | | | | | | Autogen seems to output on the creates files gradually, something that makes 'make' believe that the command is complete prior to the output file being fully populated. The current approach uses stamp files to ensure that no incomplete files are used for compilation.
* more files to ignoreNikos Mavrogiannopoulos2016-11-231-0/+16
|
View Lorry Controller Status