summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | Merge branch 'certs' into 'master'Nikos Mavrogiannopoulos2019-04-181-10/+10
|\ \ \ \ | |/ / / |/| | | | | | | | | | | Extend test cert to 2049-05-27 See merge request gnutls/gnutls!979
| * | | Extend test cert to 2049-05-27Bernhard M. Wiedemann2019-04-151-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of expiring in 2024-02-29 This update did not trigger y2038 bugs on 32-bit systems. Without this patch, one test fails after 2024: doit:124: rsa pss key: gnutls_x509_crt_verify_data2 | FAIL x509sign-verify (exit status: 1) Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
* | | | Merge branch 'tmp-mingw-fix' into 'master'Tim Rühsen2019-04-153-58/+69
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | Fix WIN32 custom push/pull functions Closes #751 See merge request gnutls/gnutls!978
| * | | Fix WIN32 custom push/pull functionstmp-mingw-fixTim Rühsen2019-04-113-58/+69
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)
* | | | Merge branch 'tmp-ametzler-gcc9-build-error' into 'master'Tim Rühsen2019-04-141-1/+1
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | Fix link errors with gcc-9 See merge request gnutls/gnutls!966
| * | | Fix link error with gcc-9Andreas Metzler2019-04-141-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against libcrypto. This fixes a build error with gcc9 which passes the linker option --as-needed by default. Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* | | doc: mark TLS1.2 functions as such [ci skip]Nikos Mavrogiannopoulos2019-04-142-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | gnutls_cipher_suite_get_name and gnutls_session_get_master_secret are marked as TLS1.2 or earlier-only as they cannot be used with TLS 1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | gnutlsxx.h: removed fixme comments [ci skip]Nikos Mavrogiannopoulos2019-04-131-2/+2
| | | | | | | | | | | | | | | | | | They served no purpose. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | gnutls-cli: renamed global variable nameNikos Mavrogiannopoulos2019-04-131-7/+7
|/ / | | | | | | | | | | | | That is because the same variable name is used by local variables as well. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-fix-pha-pkcs11-test' into 'master'Nikos Mavrogiannopoulos2019-04-101-2/+5
|\ \ | | | | | | | | | | | | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 See merge request gnutls/gnutls!977
| * | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11tmp-fix-pha-pkcs11-testDaiki Ueno2019-04-101-2/+5
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The test had a strange setup of server/client processes: the server runs in a child process and the client runs in a parent process. The intention behind this was to detect softhsm availability in the parent process and exit with 77 if missing. However, there was a potential race when the server exits and proceeds to the next call of start(). This fixes the process setup and moves the softhsm detection at the program startup. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'guile' into 'master'Nikos Mavrogiannopoulos2019-04-103-24/+52
|\ \ | | | | | | | | | | | | | | | | | | build: allow override guile system location Closes #748 See merge request gnutls/gnutls!968
| * | build: rename guile variables to match upstream namesAlon Bar-Lev2019-04-092-12/+12
| | | | | | | | | | | | | | | | | | Reduce confusion between the upstream terms and the gnutls terms. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
| * | build: allow override guile system locationAlon Bar-Lev2019-04-093-17/+45
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | guile has three settings acquired from system: * GUILE_SITE * GUILE_SITE_CCACHE * GUILE_EXTENSION The <guile-2.2 m4 macro exposed only GUILE_SITE while build tried to guess the other variables based on the $libdir of the gnutls which may be different. The >=guile-2.2 m4 macro provides all settings for build to use as default, while allowing to override each. Resolves: #748 Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* | Merge branch 'tmp-check-even' into 'master'Tim Rühsen2019-04-091-2/+5
|\ \ | |/ |/| | | | | Pass CI commit check if branches are 'even' See merge request gnutls/gnutls!975
| * Pass CI commit check if branches are 'even'tmp-check-evenTim Rühsen2019-04-091-2/+5
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tests' into 'master'Tim Rühsen2019-04-091-2/+2
|\ \ | |/ |/| | | | | tests: cert-tests: crl: cleanup files See merge request gnutls/gnutls!973
| * tests: cert-tests: crl: cleanup filesAlon Bar-Lev2019-04-091-2/+2
|/ | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* Merge branch 'ci' into 'master'Nikos Mavrogiannopoulos2019-04-091-1/+1
|\ | | | | | | | | ci: refresh the cache due to failures in debian See merge request gnutls/gnutls!974
| * ci: refresh the cache due to failures in debianAlon Bar-Lev2019-04-091-1/+1
|/ | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* Merge branch 'tmp-include-unit-testing-doc' into 'master'Nikos Mavrogiannopoulos2019-04-071-3/+5
|\ | | | | | | | | | | | | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] Closes #749 See merge request gnutls/gnutls!971
| * CONTRIBUTING.md: document unit testing method of internal functions [ci skip]Nikos Mavrogiannopoulos2019-04-071-3/+5
|/ | | | | | Resolves: #749 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-client-auth-decline' into 'master'Daiki Ueno2019-04-078-29/+629
|\ | | | | | | | | | | | | cert auth: reject auth if no signature algorithm is usable in TLS 1.3 Closes #730 See merge request gnutls/gnutls!967
| * tests: add post-handshake auth test using PKCS#11 tokenDaiki Ueno2019-04-073-0/+468
| | | | | | | | | | | | | | This adds a test that exercise the client's auth rejection logic, using the RSA-PSS disabled PKCS #11 token. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * tests: add mock PKCS#11 module disabling RSA-PSSDaiki Ueno2019-04-072-0/+114
| | | | | | | | | | | | | | | | | | This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the use of the CKM_RSA_PKCS_PSS mechanism. That way we can simulate the situation where the certificate is RSA while the private key cannot be used for RSA-PSS. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * cert auth: reject auth if no signature algorithm is usable in TLS 1.3Daiki Ueno2019-04-043-23/+42
| | | | | | | | | | | | | | | | | | | | Previously, when there is no overlap between usable signature algorithms and the "signature_algorithms" extension in Certificate Request, the client failed in sending Certificate Verify, followed by a connection close. In TLS 1.3, it is possible to keep the connection but reject the authentication by not sending Certificate Verify. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * handshake: remove unnecessary HSK_CRT_SENT flagDaiki Ueno2019-04-032-6/+5
| | | | | | | | | | | | | | Previously, while the flag HSK_CRT_SENT was checked in _gnutls13_send_certificate_verify, the flag was never set anywhere. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-cmac-cfb8-fix' into 'master'Tim Rühsen2019-04-063-1/+9
|\ \ | | | | | | | | | | | | nettle: include config.h before checking for definitions See merge request gnutls/gnutls!970
| * | nettle: include config.h before checking for definitionstmp-cmac-cfb8-fixNikos Mavrogiannopoulos2019-04-063-1/+9
|/ / | | | | | | | | | | | | | | | | This makes sure that we don't include the internal backport if compiled with a version of nettle that includes that code. We also exclude nettle/backport from the static analyzer's list as it contains files outside our control (from nettle project). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'master' into 'master'Tim Rühsen2019-04-051-0/+3
|\ \ | | | | | | | | | | | | [OSCP] Fix : null pointer resp See merge request gnutls/gnutls!969
| * | [OSCP] Fix : null pointer respElta Koepp2019-04-051-0/+3
| | | | | | | | | | | | Signed-off-by: Elta Koepp <elta_koepp@gmail.com>
* | | gnutls_memset(): calling explicit_bzero() is enough to zero-fill a bufferMaciej S. Szmigiero2019-04-051-0/+1
|/ / | | | | | | | | | | | | If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we don't need to zero it again via a volatile trick later in this function. Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
* | .gitlab-ci.yml: do not run commit-check on master branchNikos Mavrogiannopoulos2019-04-031-0/+2
| | | | | | | | | | | | That is, because there are no diffs to check. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'check_if_signed' into 'master'Nikos Mavrogiannopoulos2019-04-021-10/+15
|\ \ | |/ |/| | | | | Fix check_if_signed See merge request gnutls/gnutls!964
| * Fix check_if_signedSimo Sorce2019-04-011-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix the target branch we check against by adding upstream as remote. Drop the use of set -e as this causes the shell to immediately exit on errors instead of allowing the code to check the failure and report what it faled about. Also print which commits are being checked and what information was found so that a CI failure can be better diagnosed. Signed-off-by: Simo Sorce <simo@redhat.com>
* | doc update [ci skip]Nikos Mavrogiannopoulos2019-03-301-0/+8
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Vendor in XTS functionality from NettleSimo Sorce2019-03-2910-0/+536
|/ | | | | | | | If nettle's XTS is not available, use a vendored in version from master. This is necessary as long as we need to link against 3.4 for ABI compatibility reasons. Signed-off-by: Simo Sorce <simo@redhat.com>
* fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip]Nikos Mavrogiannopoulos2019-03-29431-4/+68
| | | | | | | Added a larger set of corpus (generated with afl-fuzz), and made sure that the fuzzer application crashes if verification succeeds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fail-sigcheck' into 'master'Tim Rühsen2019-03-282-3/+5
|\ | | | | | | | | Let check_if_signed fail if git fails See merge request gnutls/gnutls!962
| * Let check_if_signed fail if git failstmp-fail-sigcheckTim Rühsen2019-03-282-3/+5
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'master' into 'master'Tim Rühsen2019-03-271-0/+3
|\ | | | | | | | | Detect malloc failure. See merge request gnutls/gnutls!960
| * Update ocsptool-common.cElta Koepp2019-03-271-2/+1
| |
| * Detect malloc failure.Elta Koepp2019-03-271-0/+4
|/ | | malloc(data.size + 1) maybe returns NULL on failure.
* released 3.6.7gnutls_3_6_7Nikos Mavrogiannopoulos2019-03-271-8/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* handshake: add missing initialization of local variableDaiki Ueno2019-03-271-0/+2
| | | | | | | Resolves: #704 Signed-off-by: Daiki Ueno <dueno@redhat.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: added fuzzer for certificate verificationNikos Mavrogiannopoulos2019-03-278-2/+286
| | | | | | | | This also adds a reproducer for CVE-2019-3829. Resolves: #694 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'sha3_selftests' into 'master'Nikos Mavrogiannopoulos2019-03-261-0/+25
|\ | | | | | | | | fips140: Perform SHA-3 self tests See merge request gnutls/gnutls!958
| * fips140: Perform SHA-3 self testsAnderson Toshiyuki Sasaki2019-03-261-0/+25
| | | | | | | | | | | | | | It is required to perform the self tests to validate SHA-3 implementation. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | bumped versionNikos Mavrogiannopoulos2019-03-262-2/+2
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'tmp-increase-nr-of-tickets' into 'master'Nikos Mavrogiannopoulos2019-03-269-35/+67
|\ \ | |/ |/| | | | | | | | | handshake: increase the default number of tickets we send to 2 Closes #596 See merge request gnutls/gnutls!942
View Lorry Controller Status