summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'tmp-ametzler-fix-1335-for-3.7' into 'gnutls_3_7_x'gnutls_3_7_xDaiki Ueno2023-02-245-83/+204
|\ | | | | | | | | Fix removal of duplicate certs during verification for 3.7. series See merge request gnutls/gnutls!1709
| * Add linkedhash-list.Andreas Metzler2023-02-241-1/+1
| | | | | | | | | | | | Needed by 3173805baed95e3790417ccc9e6b21c83fb38c7f Signed-off-by: Andreas Metzler <ametzler@bebt.de>
| * Fix removal of duplicate certs during verificationZoltan Fridrich2023-02-244-82/+203
|/ | | | | | | Co-authored-by: Daiki Ueno <ueno@gnu.org> Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> (cherry picked from commit e89378d5853d9bd0136b95aade37e23762ad9290) Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Merge branch 'wip/ci-fixes-3_7_x' into 'gnutls_3_7_x'Daiki Ueno2023-02-242-20/+76
|\ | | | | | | | | .gitlab-ci.yml: use artifacts:untracked [3.7.x] See merge request gnutls/gnutls!1710
| * .gitmodules: revert to use full URLs for submodulesDaiki Ueno2023-02-241-6/+6
| | | | | | | | | | | | | | | | The previous attempt to use relative paths caused issues when the repository is mirrored, requiring all the local submodules are mirrored as well. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitlab-ci.yml: bump cache versionDaiki Ueno2023-02-231-1/+1
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitlab-ci.yml: preserve timestamp around bootstrapDaiki Ueno2023-02-232-0/+71
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitlab-ci.yml: take advantage of git submodules in GitLab CIDaiki Ueno2023-02-212-22/+7
| | | | | | | | | | | | | | | | GitLab CI has support for automatic checkout of submodules, though it requires some modifications to .gitmodules: https://docs.gitlab.com/ee/ci/git_submodules.html Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * .gitlab-ci.yml: use artifacts:untrackedDaiki Ueno2023-02-211-19/+19
|/ | | | | | | | | | | The "artifacts:untracked" enables to efficiently archive build artifacts: https://docs.gitlab.com/ee/ci/yaml/#artifactsuntracked Also copy files with bootstrap, as symlinks are excluded from the artifacts. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'zfridric_devel' into 'gnutls_3_7_x'3.7.9Zoltán Fridrich2023-02-095-31/+16
|\ | | | | | | | | Release 3.7.9 See merge request gnutls/gnutls!1700
| * Release 3.7.9Zoltan Fridrich2023-02-092-2/+2
| | | | | | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
| * Update year of copyright notices in doc/gnutls.texiZoltan Fridrich2023-02-091-2/+2
| | | | | | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
| * document the CVE fixHubert Kario2023-02-091-0/+9
| | | | | | | | Signed-off-by: Hubert Kario <hkario@redhat.com>
| * rsa: remove dead codeHubert Kario2023-02-091-17/+3
| | | | | | | | | | | | | | since the `ok` variable isn't used any more, we can remove all code used to calculate it Signed-off-by: Hubert Kario <hkario@redhat.com>
| * auth/rsa: side-step potential side-channelAlexander Sosedkin2023-02-091-10/+0
| | | | | | | | | | | | | | | | Remove branching that depends on secret data. Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com> Signed-off-by: Hubert Kario <hkario@redhat.com> Tested-by: Hubert Kario <hkario@redhat.com>
* | Merge branch '3.7.8' into 'master'3.7.8Zoltán Fridrich2022-09-273-3/+15
|\ \ | |/ | | | | | | Release 3.7.8 See merge request gnutls/gnutls!1646
| * Release 3.7.8Alexander Sosedkin2022-09-273-8/+10
| | | | | | | | | | | | Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes. Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * NEWS: add an entry for allowlisting-relaxing functions restrictionAlexander Sosedkin2022-09-271-0/+10
|/ | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
* Merge branch 'wip/dueno/cpuid-symbol-rename' into 'master'Zoltán Fridrich2022-09-2720-63/+63
|\ | | | | | | | | | | | | accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s Closes #1370 See merge request gnutls/gnutls!1642
| * accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_sDaiki Ueno2022-09-2020-63/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the LD doesn't have support for version scripts, _gnutls_x86_cpuid_s is exported through libtool's --export-symbols-regex and that causes link error with clang: libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib /Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib __gnutls_x86_cpuid_s make[4]: *** [libgnutls.la] Error 1 This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid the issue. Problem investigated and fix suggested by Clemens Lang in: https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'wip/dueno/cert-compression-followup' into 'master'Daiki Ueno2022-09-196-4/+274
|\ \ | |/ |/| | | | | | | | | compress-cert: support compression of client certificates Closes #1397 See merge request gnutls/gnutls!1641
| * compress-cert: support compression of client certificatesDaiki Ueno2022-09-196-4/+274
|/ | | | | | | | Previously the compress_certificate extension was sent by the server as part of ServerHello, which violates RFC 8879. This patch instead send it as an extension of CertificateRequest. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'zfridric_devel' into 'master'Zoltán Fridrich2022-09-132-0/+2
|\ | | | | | | | | | | | | Report system config file location via gnutls-cli Closes #1399 See merge request gnutls/gnutls!1639
| * Report system config file location via gnutls-cliZoltan Fridrich2022-09-122-0/+2
|/ | | | Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
* Merge branch 'fix_nettle_alignment' into 'master'Daiki Ueno2022-08-301-2/+2
|\ | | | | | | | | cipher: Ensure correct alignment See merge request gnutls/gnutls!1633
| * cipher: Ensure correct alignmentDoug Nazar2022-08-281-2/+2
| | | | | | | | | | | | Unsigned math is required to calculate the current alignment. Signed-off-by: Doug Nazar <nazard@nazar.ca>
* | Merge branch 'wip/dueno/cb-fixes' into 'master'Daiki Ueno2022-08-296-23/+93
|\ \ | |/ |/| | | | | | | | | doc: mention GNUTLS_CB_TLS_EXPORTER Closes #1391 See merge request gnutls/gnutls!1636
| * src: request tls-exporter only when unique master secrets are usedDaiki Ueno2022-08-291-19/+46
| | | | | | | | | | | | This is to comply with RFC9266 4.2. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * gnutls_session_channel_binding: perform check on "tls-exporter"Daiki Ueno2022-08-292-1/+23
| | | | | | | | | | | | | | | | | | According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret. This adds a check whether either TLS 1.3 or extended master secret extension is negotiated. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * doc: mention GNUTLS_CB_TLS_EXPORTERDaiki Ueno2022-08-293-3/+24
|/ | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/cpuid-fixes' into 'master'Daiki Ueno2022-08-241-11/+38
|\ | | | | | | | | | | | | accelerated: clear AVX bits if it cannot be queried through XSAVE Closes #1282 See merge request gnutls/gnutls!1631
| * accelerated: clear AVX bits if it cannot be queried through XSAVEDaiki Ueno2022-08-231-11/+38
| | | | | | | | | | | | | | | | | | | | | | The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32 Architectures Software Developer’s Manual". GnuTLS previously only followed that algorithm when registering the crypto backend, while the CRYPTOGAMS derived SHA code assembly expects that the extension bits are propagated to _gnutls_x86_cpuid_s. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'unload' into 'master'Daiki Ueno2022-08-231-3/+5
|\ \ | | | | | | | | | | | | | | | | | | Unload custom allocators in gnutls_crypto_deinit() Closes #1398 See merge request gnutls/gnutls!1637
| * | Unload custom allocators in gnutls_crypto_deinit()Tobias Heider2022-08-231-3/+5
|/ / | | | | | | | | | | Closes #1398 Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
* | Merge branch 'wip/dueno/cligen-update' into 'master'Daiki Ueno2022-08-182-2/+3
|\ \ | | | | | | | | | | | | | | | | | | srptool: resurrect default value for -i Closes #1394 See merge request gnutls/gnutls!1634
| * | srptool: resurrect default value for -iDaiki Ueno2022-08-181-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | The default option value for -i (--index) was dropped during the cligen conversion. This adds it back for compatibility with the existing command line usage. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | cligen: update git submoduleDaiki Ueno2022-08-181-0/+0
|/ / | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'restrict-allowlisting-api' into 'master'Daiki Ueno2022-08-179-307/+867
|\ \ | | | | | | | | | | | | restrict allowlisting api to before priority string initialization See merge request gnutls/gnutls!1533
| * | update documentation on allowlisting APIAlexander Sosedkin2022-08-161-15/+54
| | | | | | | | | | | | | | | | | | (in a separate commit so that it's easier to compare) Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * | plumb allowlisting API through the config, restrict usage to early timesAlexander Sosedkin2022-08-169-265/+658
| | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * | lib/priority: extract parts of cfg_apply into cfg_*_set_array*Alexander Sosedkin2022-08-151-39/+178
| | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * | lib/priority: move sigalgs filtering to set_ciphersuite_listAlexander Sosedkin2022-08-151-18/+7
| | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
* | | Merge branch 'wip/dueno/fips-rsa-key-sizes' into 'master'Daiki Ueno2022-08-165-24/+369
|\ \ \ | | | | | | | | | | | | | | | | fips: mark RSA SigVer operation approved for known modulus sizes See merge request gnutls/gnutls!1630
| * | | tests: add fips-rsa-sizesAlexander Sosedkin2022-08-163-1/+331
| | | | | | | | | | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
| * | | nettle: mark RSA SigVer operation approved for known modulus sizesDaiki Ueno2022-08-132-5/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SP800-131A rev2 suggests certain RSA modulus sizes under 2048 bits (1024, 1280, 1536, and 1792) may continue to be used for signature verification but not for signature generation. This loosen the current service indicator report to approve them. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | nettle: check RSA modulus size in bits rather than bytesDaiki Ueno2022-08-121-20/+20
| | |/ | |/| | | | | | | | | | | | | | | | | | | Previously we checked RSA modulus size clamped to byte unit instead of bits. This makes the check stricter by explicitly calculating the modulus size in bits. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'int-conversion' into 'master'Daiki Ueno2022-08-161-4/+4
|\ \ \ | |_|/ |/| | | | | | | | windows: Avoid -Wint-conversion errors See merge request gnutls/gnutls!1632
| * | windows: Avoid -Wint-conversion errorsMartin Storsjo2022-08-161-4/+4
|/ / | | | | | | | | | | | | | | | | | | | | Clang 15 made "incompatible pointer to integer conversion" an error instead of a plain warning. This fixes errors like these: system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion] HCRYPTHASH hHash = NULL; ^ ~~~~ Signed-off-by: Martin Storsjo <martin@martin.st>
* | Merge branch 'drop-3des-selftest' into 'master'Daiki Ueno2022-08-121-5/+0
|\ \ | |/ |/| | | | | fips: disable GNUTLS_CIPHER_3DES_CBC self-test See merge request gnutls/gnutls!1629
| * fips: disable GNUTLS_CIPHER_3DES_CBC self-testAlexander Sosedkin2022-08-091-5/+0
| | | | | | | | Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
View Lorry Controller Status