summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch]Tim Rühsen2020-01-032-3/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fix 2x -Wunused-function in tests/Tim Rühsen2020-01-032-0/+4
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* certtool-cfg.c: Silence -Wunused-variable if HAVE_IPV6 not setTim Rühsen2020-01-031-1/+2
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* status_request.c: Silence -Wsign-compareTim Rühsen2020-01-031-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* rnd-fuzzer.c: Suppress shift sanitization checkTim Rühsen2020-01-031-0/+2
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* handshake.c: Suppress warning in fuzzing buildTim Rühsen2020-01-031-0/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fix implicit value change in verify-high.cTim Rühsen2020-01-031-10/+10
| | | | | | | | | verify-high.c:284:7: runtime error: implicit conversion from type 'size_t' (aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit, unsigned) Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* UBSAN: Fail tests if UB detectedTim Rühsen2020-01-031-13/+12
| | | | | | | Suppressions are in devel/ubsan.supp. Suppressions only work on recoverable checks. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-libev' into 'master'Nikos Mavrogiannopoulos2020-01-03125-44673/+286
|\ | | | | | | | | | | | | ecore cli: updated and rewritten to use libev Closes #884 See merge request gnutls/gnutls!1148
| * tests/suite: do not include scripts into disttmp-libevNikos Mavrogiannopoulos2020-01-031-5/+2
| | | | | | | | | | | | This part of the test suite is only run on CI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * ecore cli: updated and rewritten to use libevNikos Mavrogiannopoulos2020-01-03125-44668/+284
|/ | | | | | | | | That removes a lot of code that was not necessary in the gnutls test suite. Resolves: #884 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: use separate images for mingw and fedora buildsNikos Mavrogiannopoulos2020-01-031-5/+6
| | | | | | This should result to faster image loading for CI builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fix-slow-tests' into 'master'Tim Rühsen2020-01-021-8/+9
|\ | | | | | | | | tests: use newer nettle APIs in cipher-override.c See merge request gnutls/gnutls!1149
| * tests: use newer nettle APIs in cipher-override.cNikos Mavrogiannopoulos2020-01-021-8/+9
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-update-copyright' into 'master'Tim Rühsen2020-01-022-2/+3
|\ | | | | | | | | doc: updated copyrights for 2020 See merge request gnutls/gnutls!1147
| * doc: updated copyrights for 2020tmp-update-copyrightNikos Mavrogiannopoulos2020-01-012-2/+3
|/ | | | | | | This updates the copyright year for documentation and excludes gnulib files from the copyright check. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'wip-arch-independent-scm' into 'master'Nikos Mavrogiannopoulos2020-01-013-3/+18
|\ | | | | | | | | | | | | guile: Arrange to make 'gnutls.scm' architecture-independent. Closes #838 See merge request gnutls/gnutls!1121
| * guile: Arrange to make 'gnutls.scm' architecture-independent.Ludovic Courtès2019-12-263-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #838. Reported by Andreas Metzler. * configure.ac: Define and substitute 'maybe_guileextensiondir'. * guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'. * guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@. Check if %LIBDIR is true. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* | Merge branch 'fix-gost-bench' into 'master'Nikos Mavrogiannopoulos2019-12-304-13/+84
|\ \ | | | | | | | | | | | | Fix gnutls-cli compilation with GOST disabled See merge request gnutls/gnutls!1143
| * | cli: fix building with GOST disabledDmitry Eremin-Solenikov2019-12-291-0/+2
| | | | | | | | | | | | | | | | | | | | | Fix building gnutls-cli (benchmark part) with GOST keys support being disabled. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | cli: support building with OCSP and ANON disabledDmitry Eremin-Solenikov2019-12-293-13/+52
| | | | | | | | | | | | | | | | | | | | | Support gnutls-cli when building GnuTLS with OCSP and ANON authentication API disabled. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | serv: support building with OCSP disabledDmitry Eremin-Solenikov2019-12-292-2/+32
|/ / | | | | | | | | | | Support gnutls-serv when building GnuTLS with OCSP API disabled. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'gost-split-5' into 'master'Dmitry Eremin-Solenikov2019-12-297-8/+91
|\ \ | | | | | | | | | | | | Workaround for SChannel limitations See merge request gnutls/gnutls!1138
| * | tls12-server-kx-neg: add tests without GOST signature algorithmsDmitry Eremin-Solenikov2019-12-281-0/+20
| | | | | | | | | | | | | | | | | | | | | Add tests mimicking SChannel clients which are unable to send proper SignatureAlgorithms extension. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | SignatureAlgorithms: force-enable GOST signatures for GOST KXDmitry Eremin-Solenikov2019-12-286-8/+71
| | | | | | | | | | | | | | | | | | | | | | | | SChannel-based clients can not send GOST identifiers as a part of SignatureAlgorithms extension. To mitigate this forcefully enable GOST signature algorithms if client sends GOST ciphersuite. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Merge branch 'gost-bench' into 'master'Nikos Mavrogiannopoulos2019-12-2712-16/+103
|\ \ \ | | | | | | | | | | | | | | | | Benchmark GOST ciphers/ciphersuites See merge request gnutls/gnutls!1142
| * | | benchmark: enable benchmarking of GOST CNT ciphersuite/KXDmitry Eremin-Solenikov2019-12-271-0/+55
| | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | benchmark: support benchmarking GOST ciphers/MACsDmitry Eremin-Solenikov2019-12-271-0/+12
| | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | benchmark: use mac key size instead of block sizeDmitry Eremin-Solenikov2019-12-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use newly added gnutls_hmac_get_key_size() to get key size instead of assuming that key size = block size (incorrect for GOST 28147 IMIT). Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | crypto-api: add gnutls_hmac_get_key_size() functionDmitry Eremin-Solenikov2019-12-277-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | Add gnutls_hmac_get_key_size() to retrieve MAC key size. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | nettle/gost: remove gost28147_imit_initDmitry Eremin-Solenikov2019-12-273-12/+8
|/ / / | | | | | | | | | | | | | | | | | | Rewrite gost28147 imit code to clean up state and index on key setup to be sure that imit context is properly cleaned. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Merge branch 'tmp-strict-x509-time' into 'master'Nikos Mavrogiannopoulos2019-12-2610-6/+201
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Do not tolerate invalid DER time Closes #207 See merge request gnutls/gnutls!1141
| * | | x509: do not tolerate invalid DER timeNikos Mavrogiannopoulos2019-12-2610-6/+201
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This effectively reverts !400 and ensures that we no longer tolerate invalid DER time. This complements the previous commit by Lili Quan and ensures we provide the --disable-strict-der-time backwards compatibility option. Resolves: #207 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-certtool-crq' into 'master'Nikos Mavrogiannopoulos2019-12-2310-8/+194
|\ \ \ | | | | | | | | | | | | | | | | certtool: always set extensions from template See merge request gnutls/gnutls!1130
| * | | certtool: always set extensions from templateNikos Mavrogiannopoulos2019-12-232-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we would only set these extensions specific with add_extension when generating using --generate-certificate. The change makes sure these options are considered even when generating an extension from a certificate request. Issue reported on the mailing list. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | tests: check certificate generation from certificate requestNikos Mavrogiannopoulos2019-12-238-3/+185
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | | Merge branch 'tmp-gnutls-cli' into 'master'Dmitry Eremin-Solenikov2019-12-233-14/+34
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Improvements in gnutls-cli --benchmark-tls-kx See merge request gnutls/gnutls!1128
| * | | | gnutls-cli: improved output of --benchmark-tls-kxtmp-gnutls-cliNikos Mavrogiannopoulos2019-12-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is now printed in a way that separates the tests. Example: ``` (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 179.19 transactions/sec - avg. handshake time: 5.57 ms - standard deviation: 0.57 (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 182.24 transactions/sec - avg. handshake time: 5.48 ms - standard deviation: 0.64 ``` Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | | gnutls-cli: benchmark-tls-kx can work with sub-ms accuracyNikos Mavrogiannopoulos2019-12-203-13/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows micro and nanoseconds to be reported if necessary, and it changes reporting of sample variance to standard deviation giving a possibly better overview as it is in the same units as the average. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | | | Merge branch 'tmp-fix-serv-exit' into 'master'Nikos Mavrogiannopoulos2019-12-232-20/+32
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | gnutls-serv: do not exit on command failure Closes #868 See merge request gnutls/gnutls!1129
| * | | | gnutls-serv: do not exit on command failureNikos Mavrogiannopoulos2019-12-072-20/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv would simply quit. This prevents using this tool in a test environment like tlsfuzzer. Ensure that we don't quit on error. Resolves: #868 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | | | Merge branch 'abi-fix' into 'master'Dmitry Eremin-Solenikov2019-12-211-4/+4
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | abi-check: fix include paths See merge request gnutls/gnutls!1139
| * | | | | abi-check: fix include pathsDmitry Eremin-Solenikov2019-12-191-4/+4
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If GnuTLS is built outside of source tree, abicheck will miss gnutls.h header which is generated in the build tree. Expand arguments to include it. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | | Merge branch 'tmp-check-same-certs' into 'master'Nikos Mavrogiannopoulos2019-12-2029-1679/+2252
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | _gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements Closes #877 See merge request gnutls/gnutls!1140
| * | | | tests: ensure test suite does not apply global configNikos Mavrogiannopoulos2019-12-205-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running the test suite we do not apply the global gnutls configration as it may change options that are tested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | | updated auto-generated filesNikos Mavrogiannopoulos2019-12-195-1640/+1708
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | | _gnutls_verify_crt_status: apply algorithm checks to trusted CAsNikos Mavrogiannopoulos2019-12-196-28/+160
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level. This addresses the problem of accepting CAs which would have been marked as insecure otherwise. Resolves: #877 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | | certtool: added option to apply a certificate verification profileNikos Mavrogiannopoulos2019-12-199-2/+256
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This applies to the --verify and --verify-chain commands. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | | Export profile ID/name handling functionsNikos Mavrogiannopoulos2019-12-198-5/+97
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | | | is_level_acceptable: apply the system-wide profile in all verificationsNikos Mavrogiannopoulos2019-12-194-1/+23
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status