summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* priorities: cipher priorities were made consistent with the 3.6.x branchtmp-equalize-prioritiesNikos Mavrogiannopoulos2018-07-153-36/+18
| | | | | | | | | | | | | | | | | Current settings in NORMAL priorities which were affected: * Enabled ciphers: - AES-GCM - CHACHA20-POLY1305 - AES-CCM - AES-CBC Removed: * Ciphersuites utilizing CAMELLIA were removed. That also reduces the size of the client hello which when large could cause issues with pick middle-boxes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: use the new CI testing image of debianNikos Mavrogiannopoulos2018-07-151-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* bumped versionNikos Mavrogiannopoulos2018-07-152-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-07-071-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-07-071-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-06-211-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-gnutls_3_5_x-backport-record-pad-fixes' into 'gnutls_3_5_x'Nikos Mavrogiannopoulos2018-06-156-64/+50
|\ | | | | | | | | 3.5.x: backport fixes in record layer decoding See merge request gnutls/gnutls!663
| * tests: pkcs12_encode: fix test for SHA512tmp-gnutls_3_5_x-backport-record-pad-fixesNikos Mavrogiannopoulos2018-06-131-12/+0
| | | | | | | | | | | | We don't support SHA512 in the 3.5.x branch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * hmac-sha384 and sha256 ciphersuites were removed from defaultsNikos Mavrogiannopoulos2018-06-133-15/+7
| | | | | | | | | | | | | | | | | | | | | | | | These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * cbc_mac_verify: require minimum padding under SSL3.0Nikos Mavrogiannopoulos2018-06-131-1/+6
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * dummy_wait: always hash the same amount of blocks that would have been on ↵Nikos Mavrogiannopoulos2018-06-131-30/+33
| | | | | | | | | | | | | | | | | | | | | | minimum pad This improves protection against lucky13-type of attacks when encrypt-then-mac is not in use. Resolves #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * dummy_wait: correctly account the length field in SHA384 HMACNikos Mavrogiannopoulos2018-06-122-15/+13
|/ | | | | | | | | | | | | | | The existing lucky13 attack count-measures did not work correctly for SHA384 HMAC. The overall impact of that should not be significant as SHA384 is prioritized lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported by the peer. Relates #455 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: improved detection of 64-bit systemstmp-gnutls_3_5_x-f26Nikos Mavrogiannopoulos2018-05-263-2/+8
| | | | | | | We now use the ${ac_cv_sizeof_unsigned_long_int} variable which gives the numbers used in the host system, not the build one. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0Nikos Mavrogiannopoulos2018-05-261-6/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Use gcc's attribute to mark fallthrough statementsNikos Mavrogiannopoulos2018-05-265-2/+46
| | | | | | | | gcc7 is more verbose on fallthrough warnings, and this patch set cleans up the current state by making use of the attribute when necessary. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure: do not utilize the -Wno-format-truncation gcc warningNikos Mavrogiannopoulos2018-05-261-0/+1
| | | | | | The warnings it produces have little value in our use of string functions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: removed initialization stepNikos Mavrogiannopoulos2018-05-261-25/+4
| | | | | | | | That is, combine syntax-check with the static analyzers run. That provides more parallelism per build and reduces the overall time spent on a successful run. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip]Nikos Mavrogiannopoulos2018-05-261-0/+2
| | | | | | This allows a more descriptive name to any downloaded artifacts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: use the same flags in the tags and non-tags windows buildsNikos Mavrogiannopoulos2018-05-261-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 buildNikos Mavrogiannopoulos2018-05-261-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat ↵Nikos Mavrogiannopoulos2018-05-261-1/+2
| | | | | | testing as well Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: switched to fedora 26 for CI buildsNikos Mavrogiannopoulos2018-05-261-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-04-251-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* retrieve_pin: refuse to retrieve PIN from URI more than one timeNikos Mavrogiannopoulos2018-04-252-3/+36
| | | | | | | | | That is, prevent re-using a static PIN if it has already been known to be wrong. Introduced tests of that behavior. Resolves #425 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle: corrected typo in version check for compatibility mode with 3.3Nikos Mavrogiannopoulos2018-03-271-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* nettle/pk: include nettle/version.hNikos Mavrogiannopoulos2018-03-201-0/+1
| | | | | | That enables the nettle version macros to operate. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cryptodev: fix prototype of cryptodev_mac_fast [ci skip]Nikos Mavrogiannopoulos2018-03-081-0/+4
| | | | | | Resolves #406 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cryptodev: added missing macro [ci skip]Nikos Mavrogiannopoulos2018-03-071-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure: treat solaris as ELF systemNikos Mavrogiannopoulos2018-02-231-0/+1
| | | | | | Resolves #376 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2018-02-161-0/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11 verification: always use the ↵Nikos Mavrogiannopoulos2018-02-162-6/+10
| | | | | | | | | | GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE That is, make sure that all our calls to PKCS#11 subsystem for verification will only trigger the trust module initialization, and not the generic PKCS#11 initialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: simplify trusted module loading stateNikos Mavrogiannopoulos2018-02-162-13/+15
| | | | | | | | That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE) to determine whether to initialize trusted modules only or proceed with general initialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_pkcs11_check_init: improved transition between statesNikos Mavrogiannopoulos2018-02-163-20/+59
| | | | | | | | | | | | | The init_level_t for PKCS#11 modules, was incorrectly handled as a linear state transition, causing few cases in the transition to be incorrectly handled. Define precisely the state transitions and enforce them in _gnutls_pkcs11_check_init. That addresses a regression introduced by the previous state handling addition, which made impossible to switch from the trusted state to the all modules. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* bumped versiongnutls_3_5_18Nikos Mavrogiannopoulos2018-02-163-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-02-121-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-02-091-1/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: make explicit key size check to all accelerated ciphersNikos Mavrogiannopoulos2018-02-0916-6/+37
| | | | | | | | That is, do not rely on checks done on asm level, as they vary and may change over updates. Also handle consistently invalid key sizes by returning an error, and eliminate calls to abort(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: check keysize in SSSE3 cipher setkeyVitezslav Cizek2018-02-091-0/+3
| | | | | | | | | | aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
* nettle: use the nettle_get_secp API when availableNikos Mavrogiannopoulos2018-02-071-5/+15
| | | | | | Resolves #380 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* sed: use it in a portable way in makefilesNikos Mavrogiannopoulos2018-02-061-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2018-02-061-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: aarch64: fix GCM counter incrementNikos Mavrogiannopoulos2018-02-061-2/+3
| | | | | | Ensure that we restrict the GCM counter to the 4 bytes assigned to it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* accelerated: fix use of SSSE3 vpaes_encrypttmp-gnutls_3_5_x-aesni-fixNikos Mavrogiannopoulos2018-02-061-1/+7
| | | | | | | | | Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-02-051-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* accelerated: fix use of aesni_ecb_encrypt()Nikos Mavrogiannopoulos2018-02-051-1/+1
| | | | | | | | | Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-01-231-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: corrected issue preventing the deletion of objects in batch modeNikos Mavrogiannopoulos2018-01-231-0/+2
| | | | | | | Previously initialization of PIN callbacks would only happen during listing of objects, which happened only in non-batch mode. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: corrected type affecting use of --only-urlsNikos Mavrogiannopoulos2018-01-231-1/+1
| | | | | | It would enable batch mode accidentally. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-01-171-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* bumped versiongnutls_3_5_17Nikos Mavrogiannopoulos2018-01-173-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status