| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Wget/Wget2 OSS-Fuzz builders use mini-gmp version of nettle. Check that
we do not break them occasionally.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
lib/nettle/curve448
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
Check that GnuTLS does not depend on Nettle/Hogweed internal symbols.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
This speeds up the Gitlab CI runners. E.g. measured timings of the
Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
Remove --disable-gost switch from the test using Nettle's master branch
as GnuTLS is now compatible again with nettle/master.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
There are shared windows runners in gitlab, that will fail
running our jobs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
| |
Otherwise the build process wouldn't be able to find -lgmp.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
| |
This is similar to the build/gnutls target in nettle's own gitlab CI.
The only difference is that this will build/test all branches of
GnuTLS against the master branch of nettle.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
| |
Some distributions might enable --enable-fips140-mode, without actually
enabling/enforcing FIPS at runtime. Catch issues in such configurations
(reported by Daiki Ueno).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
As it turns out, `set -e` doesn't work if one of the commands fail,
maybe except the last command.
Seen, tested and reproduced on Fedora28 image.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
This in addition to merging the two CI runs, it also attempts
to run the fuzz code under SHANI for CI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Suppressions are in devel/ubsan.supp.
Suppressions only work on recoverable checks.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
| |
That removes a lot of code that was not necessary in the gnutls test
suite.
Resolves: #884
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This should result to faster image loading for CI builds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This effectively reverts !400 and ensures that we no longer tolerate
invalid DER time. This complements the previous commit by Lili Quan
and ensures we provide the --disable-strict-der-time backwards compatibility
option.
Resolves: #207
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
This also includes --enable-local-libopts flag to make dist
to catch future regressions.
Resolves: #867
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The coverity run is subject to several restrictions by the service,
and thus it is not really useful in the main CI runs as it cannot reasonably
be run on MRs or master. As such we simplify the main CI file by moving the
coverity to the coverage sub-project and running it weekly.
The new location is at:
https://gitlab.com/gnutls/coverage
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
maint: Include Guile's M4 macros.
See merge request gnutls/gnutls!1061
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| | |
as well.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| | |
'configure'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|/
|
|
|
|
| |
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses issue on installed systems which have autogen but
use --enable-local-libopts. In these systems if the installed autogen
would not match the local libopts library version compilation would
fail because the auto-generated files depend on the corresponding to
autogen version libopts internals.
Resolves: #772
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
We do not use this variable as it is global and applies to all of
tests, applications and library, and when it is set it is usually due to
bugs in configure.ac.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This makes sure that we don't include the internal backport
if compiled with a version of nettle that includes that code.
We also exclude nettle/backport from the static analyzer's list
as it contains files outside our control (from nettle project).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That is, because there are no diffs to check.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This enables the integrity self-tests in FIPS140 test build.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
| |
This checks for unsafe uses of variables in our included threaded
tests.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
A bug made our CI cross builds fail.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
| |
This will include the TPM subsystem in the coverage report.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|