summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests/key-material-dtls.c: Try again on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTEDtmp-ci-make-jTim Rühsen2020-01-261-1/+1
| | | | | | This fixes issues on the CI cross-runners with 'make -jN', N > 1. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Use make with crafted -j for CI builds and testsTim Rühsen2020-01-261-60/+73
| | | | | | | This speeds up the Gitlab CI runners. E.g. measured timings of the Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes). Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-fuzzers-update' into 'master'Nikos Mavrogiannopoulos2020-01-2511-41/+161
|\ | | | | | | | | fuzz: update ed448 fuzzer traces and other fuzz improvements See merge request gnutls/gnutls!1177
| * fuzz: fixed Ed448 fuzzer tracesNikos Mavrogiannopoulos2020-01-254-2/+2
| | | | | | | | | | | | | | | | | | The fuzzer files for ed448 were the reverse for client and server. Enhanced the fuzzer tools to run a single fuzzer, and added more clear documentation on how to generate and manually test the fuzzer outputs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * README-adding-traces.md: updated with more precise informationNikos Mavrogiannopoulos2020-01-251-0/+17
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * fuzzers: added ed448 keysNikos Mavrogiannopoulos2020-01-256-14/+103
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * fuzzers: when provided with a parameter they will run on a single fileNikos Mavrogiannopoulos2020-01-251-25/+39
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-gl-lgpl2' into 'master'Tim Rühsen2020-01-251-1/+1
|\ \ | |/ |/| | | | | Create files in gl/ licenced lgpl2+ instead of lgpl3+ See merge request gnutls/gnutls!1178
| * Create files in gl/ licenced lgpl2+ instead of lgpl3+tmp-gl-lgpl2Tim Rühsen2020-01-251-1/+1
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'fix-gost-nettle-master' into 'master'Dmitry Baryshkov2020-01-254-1/+74
|\ | | | | | | | | lib/nettle/gost: restore compatibility with nettle master See merge request gnutls/gnutls!1176
| * .gitlab-ci.yml: remove --disable-gost from nettle-master testDmitry Baryshkov2020-01-241-1/+1
| | | | | | | | | | | | | | Remove --disable-gost switch from the test using Nettle's master branch as GnuTLS is now compatible again with nettle/master. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * lib/nettle/gost: restore compatibility with nettle masterDmitry Baryshkov2020-01-243-0/+73
|/ | | | | | Use newer format of ecc curve data if curve448 support is detected. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* .gitlab-ci.yml: force running jobs on linux runnersNikos Mavrogiannopoulos2020-01-241-0/+17
| | | | | | | There are shared windows runners in gitlab, that will fail running our jobs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'legacy-gost-512' into 'master'Nikos Mavrogiannopoulos2020-01-243-6/+10
|\ | | | | | | | | x509: include digestParamSet into GOST 512-bit curves A and B params See merge request gnutls/gnutls!1173
| * x509: include digestParamSet into GOST 512-bit curves A and B paramsDmitry Eremin-Solenikov2020-01-203-6/+10
| | | | | | | | | | | | | | | | Old implementations do not understand PublicKeyParams with omitted digestParamSet. So include the field for old 512-bit curves to improve compatibility with old implementations. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-ed448' into 'master'Daiki Ueno2020-01-2453-116/+790
|\ \ | | | | | | | | | | | | algorithms: implement X448 key exchange and Ed448 signature scheme See merge request gnutls/gnutls!984
| * | fuzz: import key, certificate, and traces using Ed448tmp-ed448Daiki Ueno2020-01-234-0/+0
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | tlsfuzzer: enable tests for X448Daiki Ueno2020-01-232-28/+2
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | .gitlab-ci.yml: set WINEPATH to allow eccdata run under WineDaiki Ueno2020-01-231-0/+4
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | .gitlab-ci.yml: export LDFLAGS throughout the FreeBSD buildDaiki Ueno2020-01-231-2/+3
| | | | | | | | | | | | | | | | | | Otherwise the build process wouldn't be able to find -lgmp. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | .gitlab-ci.yml: add target to build against nettle masterDaiki Ueno2020-01-231-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | This is similar to the build/gnutls target in nettle's own gitlab CI. The only difference is that this will build/test all branches of GnuTLS against the master branch of nettle. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | algorithms: implement X448 key exchange and Ed448 signature schemeDaiki Ueno2020-01-2339-84/+528
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | nettle: vendor in Curve448 and Ed448 implementationDaiki Ueno2020-01-238-2/+222
| |/ | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'fix-gost-pkcs12' into 'master'Dmitry Baryshkov2020-01-202-1/+15
|\ \ | | | | | | | | | | | | pkcs12: use correct key length when using STREEBOG-512 See merge request gnutls/gnutls!1171
| * | pkcs12: use correct key length when using STREEBOG-512Dmitry Baryshkov2020-01-202-1/+15
| |/ | | | | | | | | | | | | | | | | PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special function to generate MAC key. Pass correct key length (fixed to be 32) when generating PKCS#12 files protected with Streebog (currently it incorrectly uses 64 there). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-tls13-ocsp' into 'master'Nikos Mavrogiannopoulos2020-01-208-3/+258
|\ \ | | | | | | | | | | | | | | | | | | tls13: fix issues with client OCSP responses Closes #876 See merge request gnutls/gnutls!1169
| * | tls13: request OCSP responses as a serverNikos Mavrogiannopoulos2020-01-204-2/+238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The TLS1.3 protocol requires the server to advertise an empty OCSP status request extension on its certificate verify message for an OCSP response to be sent by the client. We now always send this extension to allow clients attaching those responses. Resolves: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | tls13: do not send OCSP responses as client without server requestingNikos Mavrogiannopoulos2020-01-156-2/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | In client side ensure we see a request for OCSP from servers before sending one. Relates: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Merge branch 'ogrnip' into 'master'Dmitry Baryshkov2020-01-201-0/+2
|\ \ \ | | | | | | | | | | | | | | | | x509: add OGRNIP DN entry definition used by qualified GOST certificates See merge request gnutls/gnutls!1174
| * | | x509: add OGRNIP DN entry definition used by qualified GOST certificatesDmitry Baryshkov2020-01-201-0/+2
| | |/ | |/| | | | | | | Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | Merge branch 'gost-fuzz-1' into 'master'Dmitry Baryshkov2020-01-2037-0/+0
|\ \ \ | | | | | | | | | | | | | | | | fuzz in gost pkcs7/8/12 files See merge request gnutls/gnutls!1172
| * | | fuzz in gost pkcs7/8/12 filesDmitry Baryshkov2020-01-2037-0/+0
| |/ / | | | | | | | | | | | | | | | | | | Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and digest functions. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | Merge branch 'tmp-fix-gnutls-cli-debug' into 'master'Dmitry Baryshkov2020-01-202-2/+43
|\ \ \ | |/ / |/| | | | | | | | gnutls-cli-debug: ignore tests when algorithms are unavailable See merge request gnutls/gnutls!1170
| * | gnutls-cli-debug: ignore tests when algorithms are unavailableNikos Mavrogiannopoulos2020-01-182-2/+43
|/ / | | | | | | | | | | | | | | When gnutls-cli-debug is run on systems where a particular algorithm is disabled, ensure that we don't stop the testing; in that case we ignore the test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | doc update [ci skip]Nikos Mavrogiannopoulos2020-01-151-0/+3
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'override-default-priority' into 'master'Nikos Mavrogiannopoulos2020-01-138-4/+153
|\ | | | | | | | | libgnutls: Add system-wide default-priority-string override. See merge request gnutls/gnutls!1158
| * libgnutls: Add system-wide default-priority-string override.Dimitri John Ledkov2020-01-138-4/+153
| | | | | | | | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
* | Merge branch 'tmp-oid-fix' into 'master'Nikos Mavrogiannopoulos2020-01-138-50/+50
|\ \ | | | | | | | | | | | | tests: replace invalid extension OIDs with valid ones See merge request gnutls/gnutls!1153
| * | tests: replace invalid extension OIDs with valid onesNikos Mavrogiannopoulos2020-01-078-50/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libtasn1 4.15.0 or earlier allow encoding and decoding of invalid OIDs, but more recent versions may stop accepting them. Ensure that our test suite includes OIDs which can be decoded by all versions of libtasn1. Relates: https://gitlab.com/gnutls/libtasn1/issues/25 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-cli-multi-staple' into 'master'Dmitry Baryshkov2020-01-131-6/+15
|\ \ \ | | | | | | | | | | | | | | | | gnutls-cli: Log all stapled OCSP responses when running with --verbose See merge request gnutls/gnutls!1165
| * | | gnutls-cli: Log all stapled OCSP responses when running with --verboseFiona Klute2020-01-111-6/+15
| | | | | | | | | | | | | | | | Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* | | | Merge branch 'gost-prio-tests' into 'master'Dmitry Baryshkov2020-01-132-0/+4
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | tests/priorities: add tests for GOST ciphersuites enablement See merge request gnutls/gnutls!1166
| * | | | lib: fix _kx_priority_gost termination itemDmitry Eremin-Solenikov2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | tests/priorities: add tests for GOST ciphersuites enablementDmitry Eremin-Solenikov2020-01-121-0/+3
|/ / / / | | | | | | | | | | | | | | | | | | | | Add test counting GOST ciphersuites and ciphers available. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | Merge branch 'gost-priorities' into 'master'Dmitry Eremin-Solenikov2020-01-127-95/+150
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Extend GOST priority settings and documentation See merge request gnutls/gnutls!1160
| * | | | NEWS: expand documentation for GOST priority stringsDmitry Eremin-Solenikov2020-01-101-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly added GOST shortcuts. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: make priority matching less error-proneDmitry Eremin-Solenikov2020-01-101-67/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To remove possibility of using wrong length or using strncasecmp() instead of c_strncasecmp() define PRIO_MATCH(name) macro taking care about all details. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: add new GOST-ALL shortcutDmitry Eremin-Solenikov2020-01-102-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add GOST-ALL as an alias for CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL and GROUP-GOST-ALL. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | priority: add more GOST shortcutsDmitry Eremin-Solenikov2020-01-095-44/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only one item, but this list will be expanded as support for GOST-CTR-ACPKM ciphersuites will be added. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | lib/priority: add SIGN-GOST-ALL keywordDmitry Eremin-Solenikov2020-01-095-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SIGN-GOST-ALL keyword containing all defined GOST signature algorithms. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status