summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'wip/dueno/release-3.7.3' into 'master'3.7.3Daiki Ueno2022-01-187-72/+61
|\ | | | | | | | | Release 3.7.3 See merge request gnutls/gnutls!1517
| * Release 3.7.3Daiki Ueno2022-01-185-70/+56
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * tests: privkey-keygen: fix memory leakDaiki Ueno2022-01-181-0/+1
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2Daiki Ueno2022-01-171-2/+4
|/ | | | | | | | | | | | This function previously used gnutls_x509_trust_list_get_issuer without GNUTLS_TL_GET_COPY flag, which is required when the function is called from multi-threaded application and PKCS #11 trust store is in use. Reported and the change suggested by Remi Gacogne in: https://gitlab.com/gnutls/gnutls/-/issues/1277 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/fips-module-version' into 'master'Daiki Ueno2022-01-1710-2/+161
|\ | | | | | | | | fips: add mechanism to embed FIPS module name in the library See merge request gnutls/gnutls!1508
| * cli: add --list-config optionDaiki Ueno2022-01-172-1/+15
| | | | | | | | | | | | | | With this option gnutls-cli prints the build-time configuration of the library, retrieved through gnutls_get_library_config. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * fips: add build option to embed FIPS module info in library configDaiki Ueno2022-01-172-0/+28
| | | | | | | | | | | | | | | | This adds a couple of configure options, --with-fips140-module-name and --with-fips140-module-version, which packagers can use to embed FIPS module information in the library. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * global: add API to retrieve library configuration at run timeDaiki Ueno2022-01-167-0/+53
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * configure.ac: emit feature summary as C macroDaiki Ueno2022-01-161-1/+65
|/ | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/build-fixes3' into 'master'Daiki Ueno2022-01-169-9/+22
|\ | | | | | | | | Minor build fixes for 3.7.3 release (part 2) See merge request gnutls/gnutls!1516
| * tests: suppress GCC -fanalyzer warningsDaiki Ueno2022-01-162-1/+4
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitignore: ignore more filesDaiki Ueno2022-01-161-0/+3
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: avoid overriding noinst_PROGRAMSDaiki Ueno2022-01-161-4/+3
| | | | | | | | | | | | In src, we now have two helper programs: systemkey and dumpcfg. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * build: hide maintainer tool invocation behind AM_V_GENDaiki Ueno2022-01-165-4/+12
|/ | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/remove-autogen' into 'master'Daiki Ueno2022-01-15181-27632/+6480
|\ | | | | | | | | | | | | remove autogen dependency Closes #775, #774, and #773 See merge request gnutls/gnutls!1506
| * tests: use more aliases in tests for better alias testing coverageAlexander Sosedkin2022-01-152-7/+7
| | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * .gitlab-ci.yml: run static analyzers on Python filesDaiki Ueno2022-01-151-0/+2
| | | | | | | | | | | | | | This runs a couple of code analysis on the Python scripts added to remove AutoGen dependency. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitlab-ci.yml: bump cache key for python3 detectionDaiki Ueno2022-01-151-1/+1
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * README.md: mention Python as requirement instead of AutoGenDaiki Ueno2022-01-152-4/+3
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: remove AutoGen .def filesDaiki Ueno2022-01-1513-4019/+0
| | | | | | | | | | | | | | As neither the tools nor documentation depends on AutoGen, we don't need to include the AutoGen definition files. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * doc: generate man-pages from JSONDaiki Ueno2022-01-153-47/+441
| | | | | | | | | | | | | | This replaces man-pages generation previously provided by the autogen -Tagman.tpl command with a Python script (gen-cmd-man.py). Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * doc: generate texinfo files from JSONDaiki Ueno2022-01-1528-175/+1418
| | | | | | | | | | | | | | This replaces texinfo generation previously provided by the autogen -Tagtexi.tpl command with a Python script (gen-cmd-texi.py). Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: remove included copy of liboptsDaiki Ueno2022-01-1577-23103/+13
| | | | | | | | | | | | | | As no tools link with libopts anymore, we don't need to include it in the distribution. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: replace autoopts/libopts with minimal config parserDaiki Ueno2022-01-1533-129/+1138
| | | | | | | | | | | | | | This replaces configuration file parsing code previously provided by <autoopts/options.h>, with a minimal compatible implementation. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: generate option handling code from JSONDaiki Ueno2022-01-1431-210/+3261
| | | | | | | | | | | | | | | | | | This replaces AutoGen based command-line parser with a Python script (gen-getopt.py), which takes JSON description as the input. The included JSON files were converted one-off using the parse-autogen program: https://gitlab.com/dueno/parse-autogen. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * python: add library for handling JSON-based option descriptionDaiki Ueno2022-01-144-2/+261
|/ | | | | | | | | This adds the jsonopts Python module used by the command-line parser generator and documentation generators in the following commits. This also bumps the required Python interpreter version to 3.6. Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
* Merge branch 'wip/dueno/gost-pkcs12' into 'master'Daiki Ueno2022-01-142-1/+6
|\ | | | | | | | | | | | | pkcs12: use the correct MAC algorithm for GOST key generation Closes #1225 See merge request gnutls/gnutls!1514
| * pkcs12: use the correct MAC algorithm for GOST key generationDaiki Ueno2022-01-132-1/+6
| | | | | | | | | | | | | | According to the latest TC-26 requirements, the MAC algorithm used for PBKDF2 should always be HMAC_GOSTR3411_2012_512. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/build-fixes2' into 'master'Daiki Ueno2022-01-124-4/+19
|\ \ | |/ |/| | | | | Minor build fixes before the 3.7.3 release See merge request gnutls/gnutls!1511
| * tests: simple: check if the digest algorithm is compiled inDaiki Ueno2022-01-121-1/+6
| | | | | | | | | | | | | | When the library is built with --disable-gost, gnutls_digest_get_id returns GNUTLS_DIG_UNKNOWN for GOST algorithms. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * x509: fix potential wrong usage of memcpyDaiki Ueno2022-01-121-1/+3
| | | | | | | | | | | | | | | | | | | | Spotted by GCC analyzer: common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument] 552 | memcpy(output_data, out.data, (size_t) out.size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * cert-auth: suppress false-positive warnings with GCC analyzerDaiki Ueno2022-01-122-2/+10
| | | | | | | | | | | | | | | | | | | | When compiled with gcc -fanalyzer, it reports: cert.c: In function '_gnutls_pcert_to_auth_info': cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference] 85 | if (info->raw_certificate_list != NULL) { Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/cpuid' into 'master'Daiki Ueno2022-01-121-16/+41
|\ \ | | | | | | | | | | | | accelerated: fix CPU feature detection for Intel CPUs See merge request gnutls/gnutls!1487
| * | accelerated: fix CPU feature detection for Intel CPUsDaiki Ueno2021-12-221-15/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes read_cpuid_vals to correctly read the CPUID quadruple, as well as to set the bit the ustream CRYPTOGAMS uses to identify Intel CPUs. Suggested by Rafael Gieschke in: https://gitlab.com/gnutls/gnutls/-/issues/1282 Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | padlock: reset _gnutls_x86_cpuid_s only after padlock check succeedsDaiki Ueno2021-12-221-1/+2
| | | | | | | | | | | | | | | | | | | | | Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid CPUID detected for Intel and AMD CPUs. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'curve-keygen-allowlist-test' into 'master'Daiki Ueno2022-01-123-27/+291
|\ \ \ | |_|/ |/| | | | | | | | Extend system-override-curves-allowlist test with key generation See merge request gnutls/gnutls!1500
| * | tests: extend system-override-curves-allowlist with key generationAlexander Sosedkin2021-12-203-5/+243
| | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * | tests: tweak system-override-curves-allowlist insignificantlyAlexander Sosedkin2021-12-201-26/+52
| | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
* | | Merge branch 'wip/dueno/pkcs12' into 'master'Daiki Ueno2022-01-129-28/+80
|\ \ \ | | | | | | | | | | | | | | | | certtool: --to-p12: use modern algorithms by default See merge request gnutls/gnutls!1499
| * | | gnutls_pkcs12_generate_mac: use SHA256 by defaultDaiki Ueno2022-01-111-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | .gitlab-ci.yml: reduce PKCS#12 iteration count while testingDaiki Ueno2022-01-111-16/+18
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | tests: check algorithms for generating PKCS#12 fileDaiki Ueno2022-01-113-3/+47
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | _gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2Daiki Ueno2022-01-071-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | pkcs12: determine iteration count for MAC at build timeDaiki Ueno2022-01-071-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | pkcs7: determine iteration count for PBKDF2 at build timeDaiki Ueno2022-01-072-1/+11
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | certtool: --to-p12: use modern algorithms by defaultDaiki Ueno2022-01-072-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in PKCS#12, while it is suggested to migrate to more modern algorithms, namely AES-128-CBC with PBKDF2 and SHA-256: https://bugzilla.redhat.com/show_bug.cgi?id=1759982 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | | Merge branch 'wip/dueno/fipscontext' into 'master'Daiki Ueno2022-01-0821-355/+1683
|\ \ \ \ | |/ / / |/| | | | | | | | | | | fips: add functions to inspect thread-local FIPS operation state See merge request gnutls/gnutls!1465
| * | | cipher-api-test: mention why it is written using forkDaiki Ueno2022-01-081-0/+5
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | fips: plumb service indicator to symmetric key crypto operationsDaiki Ueno2022-01-086-142/+535
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
| * | | fips: plumb service indicator to public key crypto operationsDaiki Ueno2022-01-086-200/+809
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This installs service indicator state transitions in certain public key operations in gnutls_crypto_pk_st, namely: * fallible operations - encrypt - sign - generate_keys - derive * infallible operations - decrypt, decrypt2 - verify other operations, such as generate_params, are not considered as crypto operation. Note that fallible operations above mean that those return value could indicate error, while infallible operations do not have distinction between errors and failures: decrypt/verify failures are treated as a successful completion of the operation. Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
View Lorry Controller Status