summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge branch 'wip/dueno/interruptible' into 'master'Daiki Ueno2022-08-091-0/+2
|\ \ | | | | | | | | | | | | | | | | | | .gitlab-ci.yml: mark all CI jobs interruptible Closes #1390 See merge request gnutls/gnutls!1628
| * | .gitlab-ci.yml: mark all CI jobs interruptibleDaiki Ueno2022-08-091-0/+2
| |/ | | | | | | | | | | | | | | | | This allows previous pipelines to be cancelled if a new job is submitted subsequently: https://docs.gitlab.com/ee/ci/yaml/#interruptible Suggested-by: Zoltán Fridrich <zfridric@redhat.com> Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'interop' into 'master'Daiki Ueno2022-08-094-2/+36
|\ \ | | | | | | | | | | | | interoperability testing with openssl See merge request gnutls/gnutls!1623
| * | Moved TLS interoperability tests to submodule.Stanislav Zidek2022-08-094-4/+6
| | | | | | | | | | | | Signed-off-by: Stanislav Zidek <szidek@redhat.com>
| * | interoperability testing with opensslStanislav Zidek2022-08-041-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | GitLab CI extended to run 2way interoperability tests with openssl on Fedora. Also prepared for adding further interoperability tests once they are in better shape. Signed-off-by: Stanislav Zidek <szidek@redhat.com>
* | | Merge branch 'tmp-ametzler-2022-bashism' into 'master'Andreas Metzler2022-08-091-1/+1
|\ \ \ | |_|/ |/| | | | | | | | Avoid &> redirection bashism in testsuite See merge request gnutls/gnutls!1627
| * | Avoid &> redirection bashism in testsuiteAndreas Metzler2022-08-061-1/+1
|/ / | | | | | | | | | | Broken by 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* | Merge branch 'wip/dueno/fips-pbes1' into 'master'Daiki Ueno2022-08-041-6/+4
|\ \ | |/ |/| | | | | | | | | _gnutls_decrypt_pbes1_des_md5_data: use public crypto API Closes #1392 See merge request gnutls/gnutls!1626
| * _gnutls_decrypt_pbes1_des_md5_data: use public crypto APIDaiki Ueno2022-08-041-6/+4
|/ | | | | | | | This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In the decryption code path with PBES1, algorithm checks for FIPS was not applied, because it used internal functions that bypass those checks. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'jas/doc-fix-tls-exporter' into 'master'Daiki Ueno2022-07-311-1/+1
|\ | | | | | | | | Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266. See merge request gnutls/gnutls!1621
| * Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.Simon Josefsson2022-07-301-1/+1
|/ | | | Signed-off-by: Simon Josefsson <simon@josefsson.org>
* Merge branch 'ktls_fix' into 'master'Daiki Ueno2022-07-291-1/+2
|\ | | | | | | | | KTLS: hotfix See merge request gnutls/gnutls!1620
| * KTLS: hotfixFrantisek Krenzelok2022-07-291-1/+2
|/ | | | | | | | | | session->internals.pull_func is set to system_read during gnutls_init() so check for user set pull/push function added in commit mentioned bellow will never pass. source: 2d3cba6bb21acb40141180298f3924c73c7de8f8 Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
* Merge branch 'zfridric_devel' into 'master'3.7.7Zoltán Fridrich2022-07-285-25/+16
|\ | | | | | | | | Release 3.7.7 See merge request gnutls/gnutls!1619
| * Release 3.7.7Zoltan Fridrich2022-07-285-25/+16
|/ | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Merge branch 'wip/dueno/socket-no-wrap' into 'master'Daiki Ueno2022-07-282-9/+16
|\ | | | | | | | | Make gnutls-cli work with KTLS See merge request gnutls/gnutls!1617
| * socket: only set pull/push functions when --save-*-trace is usedDaiki Ueno2022-07-271-8/+8
| | | | | | | | | | | | | | This allows gnutls-cli to use KTLS for the transport, unless either --save-client-trace or --save-server-trace is used. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * handshake: do not enable KTLS if custom pull/push functions are setDaiki Ueno2022-07-271-1/+8
| | | | | | | | | | | | | | | | If gnutls_transport_set_pull_function or gnutls_transport_set_push_function is used, we can't assume the underlying transport handle is an FD. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'zfridric_devel' into 'master'Zoltán Fridrich2022-07-275-2/+223
|\ \ | |/ |/| | | | | | | | | Fix double free during gnutls_pkcs7_verify Closes #1383 See merge request gnutls/gnutls!1615
| * Fix double free during gnutls_pkcs7_verifyZoltan Fridrich2022-07-275-2/+223
|/ | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Merge branch 'wip/dueno/guile-skip-reauth-test' into 'master'Daiki Ueno2022-07-271-3/+4
|\ | | | | | | | | guile: revert gnutls/build/tests.scm to use use-modules See merge request gnutls/gnutls!1618
| * guile: revert gnutls/build/tests.scm to use use-modulesDaiki Ueno2022-07-271-3/+4
|/ | | | | | | | This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90. For some reason, the usage of #:use-module causes some behavioral difference that affects reauth.scm test. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'zfridric_devel2' into 'master'Zoltán Fridrich2022-07-261-1/+5
|\ | | | | | | | | | | | | Fix memory leak in gnutls_pkcs7_import Closes #1387 See merge request gnutls/gnutls!1616
| * Fix memory leak in gnutls_pkcs7_importZoltan Fridrich2022-07-261-1/+5
|/ | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Merge branch 'wip/dueno/cbc-pkcs7-pad' into 'master'Daiki Ueno2022-07-2311-2/+370
|\ | | | | | | | | crypto-api: add block cipher API with automatic padding See merge request gnutls/gnutls!1611
| * crypto-api: add block cipher API with automatic paddingDaiki Ueno2022-07-2211-2/+370
|/ | | | | | | | This adds a couple of functions gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3, which add or remove padding as necessary if the length of the plaintext is not a multiple of the block size. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/minor-f36' into 'master'Daiki Ueno2022-07-229-14/+28
|\ | | | | | | | | | | | | Suppress compile time warnings on Fedora 36 Closes #1386 See merge request gnutls/gnutls!1606
| * tests: temporarily disable checking against unresolvable hostsDaiki Ueno2022-07-221-3/+7
| | | | | | | | | | | | | | *.dane.verisignlabs.com and fedoraproject.org are no longer resolvable. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: add __attribute__((malloc)) to safe_open_rwDaiki Ueno2022-07-201-0/+2
| | | | | | | | | | | | | | | | This silences -Wsuggest-attribute=malloc warning with GCC 12. While we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not possible to use it until Gnulib is updated. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * src: add NULL check on return value of realloc used in testsDaiki Ueno2022-07-201-1/+7
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * tests: resume-with-previous-stek: initialize session dataDaiki Ueno2022-07-201-1/+1
| | | | | | | | | | | | Spotted by gcc-analyzer 12. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * tests: add __attribute__((__noreturn__)) to _fail and fail_ignoreDaiki Ueno2022-07-201-3/+3
| | | | | | | | | | | | To suppress warnings with gcc-analyzer 12. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * crypto-selftests: fix decryption check condition in test_cipher_aeadDaiki Ueno2022-07-201-1/+3
| | | | | | | | | | | | Spotted by gcc-analyzer 12. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * x509, tpm2: use asn1_node instead of deprecated ASN1_TYPEDaiki Ueno2022-07-203-5/+5
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip-session-record-port-close' into 'master'Daiki Ueno2022-07-194-9/+122
|\ \ | | | | | | | | | | | | guile: Allow session record ports to have a 'close' procedure See merge request gnutls/gnutls!1610
| * | guile: Allow session record ports to have a 'close' procedure.Ludovic Courtès2022-07-184-9/+122
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This addition makes it easy to close the backing file descriptor or port of a session when its record port is closed. * guile/src/core.c (SCM_GNUTLS_SESSION_RECORD_PORT_SESSION): Add SCM_CAR. (SCM_GNUTLS_SESSION_RECORD_PORT_CLOSE_PROCEDURE) (SCM_GNUTLS_SET_SESSION_RECORD_PORT_CLOSE) (SCM_GNUTLS_SESSION_RECORD_PORT_P) (SCM_VALIDATE_SESSION_RECORD_PORT): New macros. (make_session_record_port): Change "stream" argument to a pair. (close_session_record_port): New function. (scm_gnutls_session_record_port): Add optional 'close' parameter and honor it. (scm_gnutls_set_session_record_port_close_x): New function. (scm_init_gnutls_session_record_port_type): Add call to 'scm_set_port_close' and 'scm_set_port_needs_close_on_gc'. * guile/tests/session-record-port.scm: Test it. * NEWS: Update. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* | Merge branch 'wip-remove-guile-1.8-support' into 'master'Daiki Ueno2022-07-187-134/+62
|\ \ | | | | | | | | | | | | Remove support for Guile 1.8. See merge request gnutls/gnutls!1608
| * | guile: Remove support for the 1.8.x series.Ludovic Courtès2022-07-176-126/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The last Guile 1.8.x release dates back to 2010. * configure.ac: Remove 1.8 from 'GUILE_PKG'. * doc/gnutls-guile.texi (Guile Preparations): Remove mention of Guile 1.8. * guile/src/core.c (mark_session_record_port) (free_session_record_port): Remove. (scm_init_gnutls_session_record_port_type): Remove corresponding 'scm_set_port_mark' and 'scm_set_port_free' calls. * guile/modules/gnutls.in: Remove top-level 'cond-expand' forms for Guile 1.8. * guile/modules/gnutls/build/tests.scm: Likewise. * NEWS: Update. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| * | maint: Update guile.m4.Ludovic Courtès2022-07-171-8/+11
|/ / | | | | | | | | | | * m4/guile.m4: Update from Guile 3.0.7. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* | Merge branch 'aarch64_openbsd' into 'master'Daiki Ueno2022-07-161-0/+22
|\ \ | | | | | | | | | | | | accelerated: aarch64: add OpenBSD/aarch64 support See merge request gnutls/gnutls!1612
| * | accelerated: aarch64: add OpenBSD/aarch64 supportBrad Smith2022-07-151-0/+22
|/ / | | | | | | Signed-off-by: Brad Smith <brad@comstyle.com>
* | Merge branch 'wip/dueno/aes-gcm-rekey-limit' into 'master'Daiki Ueno2022-07-1311-29/+240
|\ \ | | | | | | | | | | | | cipher: limit plaintext length supplied to AES-GCM See merge request gnutls/gnutls!1603
| * | cipher: limit plaintext length supplied to AES-GCMDaiki Ueno2022-07-1311-29/+240
|/ / | | | | | | | | | | | | According to SP800-38D 5.2.1.1, input data length of AES-GCM encryption function must be less than or equal to 2^39-256 bits. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip-guile-premature-termination' into 'master'Daiki Ueno2022-07-114-4/+112
|\ \ | | | | | | | | | | | | guile: Session record port treats premature termination as EOF. See merge request gnutls/gnutls!1609
| * | guile: Session record port treats premature termination as EOF.Ludovic Courtès2022-07-104-4/+112
|/ / | | | | | | | | | | | | | | | | | | | | * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Treat GNUTLS_E_PREMATURE_TERMINATION as EOF. (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise. * guile/tests/premature-termination.scm: New file. * guile/Makefile.am (TESTS): Add it. * NEWS: Update. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* | Merge branch 'master' into 'master'Daiki Ueno2022-07-092-8/+31
|\ \ | | | | | | | | | | | | Add self-test code inside a FIPS context See merge request gnutls/gnutls!1607
| * | Add self-test code inside a FIPS contextRichard Costa2022-07-092-8/+31
|/ / | | | | | | | | | | | | | | | | | | | | Self-test code exercise lots of different FIPS-related code with side-effects. So, in order to prevent it from losing information when executing inside another context, we create an appropriated one. If the self-test fails, then the library is placed in error state, so it doesn't matter for other contexts. Signed-off-by: Richard Maciel Costa <richard.costa@suse.com>
* | Merge branch 'zfridric_devel2' into 'master'Zoltán Fridrich2022-07-0815-139/+187
|\ \ | | | | | | | | | | | | | | | | | | Increase the limit of TLS PSK usernames Closes #1323 See merge request gnutls/gnutls!1581
| * | Increase the limit of TLS PSK usernames from 128 to 65535 charactersZoltan Fridrich2022-07-0815-139/+187
|/ / | | | | | | | | Co-authored-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* | Merge branch 'more-rsa-checks' into 'master'Daiki Ueno2022-07-031-9/+27
|\ \ | |/ |/| | | | | tests/fips-test: minor extension See merge request gnutls/gnutls!1605
View Lorry Controller Status