summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | NEWS: updated for release3.6.13Nikos Mavrogiannopoulos2020-03-311-2/+3
|/ / | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | NEWS: doc updateNikos Mavrogiannopoulos2020-03-301-3/+3
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | bumped versionNikos Mavrogiannopoulos2020-03-302-4/+4
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-added-reproducer-for-960' into 'master'Nikos Mavrogiannopoulos2020-03-304-1/+610
|\ \ | |/ |/| | | | | Added reproducer for fix in !1225 See merge request gnutls/gnutls!1227
| * NEWS: doc updatetmp-added-reproducer-for-960Nikos Mavrogiannopoulos2020-03-301-0/+5
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added check for random value of client and server hello in TLSNikos Mavrogiannopoulos2020-03-302-1/+268
| | | | | | | | | | | | | | This creates a tests that checks whether the TLS client and server hello have sufficient non-zero bytes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added reproducer for client hello random value behavior in DTLSNikos Mavrogiannopoulos2020-03-302-1/+338
| | | | | | | | | | | | | | | | | | This adds an equivalent test of tls13/hello_random_value.c for DTLS and extends the tests for server hello as well. Relates: #960 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'fix-padlock' into 'master'Nikos Mavrogiannopoulos2020-03-302-4/+7
|\ \ | | | | | | | | | | | | | | | | | | Fix padlock accelerated code Closes #930 See merge request gnutls/gnutls!1226
| * | padlock: fix exception in wrap_padlock_hash_fastDmitry Baryshkov2020-03-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | wrap_padlock_hash_fast() allocates a context on a stack (via local variable) then tries to free it by calling wrap_padlock_hash_deinit() causing a crash. Remove a call to deinit() to fix a crash. Fixes #930 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | padlock: fix exception in sha codeDmitry Baryshkov2020-03-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | padlock sha code will segfault (at least on Nano) if it is passed a NULL data pointer (even if size is 0). Pass digest output buffer as a dummy data pointer in such case. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | padlock: make cbc code return error properlyDmitry Baryshkov2020-03-281-3/+5
| | | | | | | | | | | | | | | | | | | | | If underlying padlock_cbc_en/decrypt return an error, pass this error to calling code. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | psk: added checks to satisfy static analyzersNikos Mavrogiannopoulos2020-03-301-0/+6
| |/ |/| | | | | | | | | | | | | Added null checks in legacy callbacks to avoid warnings from static analyzers. The issues do not appear to be reproducible in real-world use. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'fix-dlts-client-zero-random' into 'master'Nikos Mavrogiannopoulos2020-03-291-1/+1
|\ \ | | | | | | | | | | | | | | | | | | dtls client hello: fix zeroed random (fixes #960) Closes #960 See merge request gnutls/gnutls!1225
| * | dtls client hello: fix zeroed random (fixes #960)Stefan Bühler2020-03-271-1/+1
|/ / | | | | | | | | | | | | This broke with bcf4de03 "handshake: treat reply to HRR as a reply to hello verify request", which failed to "De Morgan" properly. Signed-off-by: Stefan Bühler <stbuehler@web.de>
* | Merge branch 'better_SSL3.0_tests' into 'master'Nikos Mavrogiannopoulos2020-03-274-2/+49
|\ \ | | | | | | | | | | | | improve gnutls-cli-debug testing of old SSL 3.0 servers See merge request gnutls/gnutls!1221
| * | add NEWS entryDaniel Lenski2020-03-221-0/+3
| | | | | | | | | | | | Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | add additional tests of SSL 3.0 (with extensions, and with cipher suites not ↵Daniel Lenski2020-03-223-1/+42
| | | | | | | | | | | | | | | | | | | | | | | | in SSL 3.0) See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | test_ssl3: minimize cipher suites to those actually included in SSL 3.0Daniel Lenski2020-03-221-2/+5
| | | | | | | | | | | | | | | | | | See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some ↵Daniel Lenski2020-03-221-1/+1
| |/ | | | | | | | | | | | | | | servers don't accept them See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
* | Merge branch 'tmp-get-keylog-func' into 'master'Daiki Ueno2020-03-259-0/+27
|\ \ | | | | | | | | | | | | gnutls_session_get_keylog_function: new function See merge request gnutls/gnutls!1220
| * | gnutls_session_get_keylog_function: new functiontmp-get-keylog-funcDaiki Ueno2020-03-229-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | This adds a way to retrieve the keylog function set by gnutls_session_set_keylog_function() to allow application protocols to implement custom logging facility. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'fix_echo_serv' into 'master'Daiki Ueno2020-03-241-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | gnutls-serv: Do not exit when a message to be echoed is received Closes #959 See merge request gnutls/gnutls!1222
| * | | gnutls-serv: Do not exit when a message to be echoed is receivedAnderson Toshiyuki Sasaki2020-03-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when gnutls-serv was executed with the --echo option, it would exit when a message to be echoed was received. Moreover, the server would output "Memory error" although no error occurred. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | | | Merge branch 'ajuaristi-issue-586' into 'master'Nikos Mavrogiannopoulos2020-03-2427-5212/+6436
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | support non-NULL-terminated PSKs Closes #586 See merge request gnutls/gnutls!917
| * | | _gnutls_check_id_for_change: ensure that we check the username lengthajuaristi-issue-586Nikos Mavrogiannopoulos2020-03-233-5/+8
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | Ensure that an incorrectly formatted password file doesn't cause invalid ↵Nikos Mavrogiannopoulos2020-03-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | memory access Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | Update NEWS fileAnder Juaristi2020-03-231-0/+7
| | | | | | | | | | | | | | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
| * | | Update filesAnder Juaristi2020-03-232-5077/+5568
| | | | | | | | | | | | | | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
| * | | psk: Allow non-NULL PSK usernamesAnder Juaristi2020-03-2322-132/+854
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit closes #586. Two new functions are introduced: gnutls_psk_server_get_username2() and gnutls_psk_set_client_username2(), which are identical in behavior to those named similarly (without the final '2'), but allow arbitrary gnutls datums (not strings) to be used as usernames. Two new callback functions are also introduced, with their respective setters: gnutls_psk_set_server_credentials_function2() and gnutls_psk_set_client_credentials_function2(). In addition, the password file format is extended so that non-string usernames can be specified. A leading '#' character tells GnuTLS that the username should be interpreted as a raw byte string (encoded in HEX). Example: #deadbeef:9e32cf7786321a828ef7668f09fb35db Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
* | | | Merge branch 'postpone_config_loading' into 'master'Daiki Ueno2020-03-231-1/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | global: Load configuration after FIPS POST Closes #956 See merge request gnutls/gnutls!1216
| * | | global: Load configuration after FIPS POSTAnderson Toshiyuki Sasaki2020-03-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if the loaded configuration file disabled an algorithm tested during FIPS-140 power-on self-tests, the test would fail. By loading the configuration file after the test is finished, such failure is avoided as any algorithm is allowed during the tests. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | | | Merge branch 'fix-fuzz' into 'master'Tim Rühsen2020-03-231-3/+4
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | Two fixes for oss-fuzz build target See merge request gnutls/gnutls!1219
| * | | oss-fuzz: return build error if fuzzers have failed to buildDmitry Baryshkov2020-03-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of silently ignoring build errors and running fewer fuzzers, exit on the first build error. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | | oss-fuzz: use CC rather than CXX to compile fuzzersDmitry Baryshkov2020-03-221-2/+3
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | clang++ will choke on several fuzzer sources because C++ is stricter than C wrt. type conversion: gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned int' in initializer list [-Wc++11-narrowing] gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size}; Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | Merge branch 'tmp-fuzz-readme' into 'master'Tim Rühsen2020-03-221-4/+6
|\ \ \ | |_|/ |/| | | | | | | | fuzz: Update README.md for clang-9 [skip ci] See merge request gnutls/gnutls!1218
| * | fuzz: Update README.md for clang-9 [skip ci]Tim Rühsen2020-03-221-4/+6
| | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | | Merge branch 'eddsa-pkcs11' into 'master'Nikos Mavrogiannopoulos2020-03-207-4/+282
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add support for loading Ed25519 keys from PKCS#11 and using them Closes #946 See merge request gnutls/gnutls!1200
| * | | Validate EC_PARAMS for EdDSA keysJakub Jelen2020-03-183-4/+123
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| * | | pubkey: Validate input parameters in pubkey_import_ecc_rawJakub Jelen2020-03-181-1/+6
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| * | | tests: Verify writing and reading of ECDSA public keys from PKCS#11Jakub Jelen2020-03-181-0/+42
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| * | | tests: Verify writing and reading of EdDSA public keysJakub Jelen2020-03-181-0/+43
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| * | | pkcs11_write: Copy data to avoid double-free crashes and properly encode ↵Jakub Jelen2020-03-181-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | EC_POINT attribute Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| * | | Add support for loading EdDSA keys from PKCS#11 and using themJakub Jelen2020-02-282-0/+60
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* | | | Merge branch 'tmp-prf-get' into 'master'Daiki Ueno2020-03-2010-0/+46
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | state: add function to get the current hash algorithm See merge request gnutls/gnutls!1217
| * | | state: add function to get the current hash algorithmtmp-prf-getDaiki Ueno2020-03-1910-0/+46
|/ / / | | | | | | | | | | | | | | | | | | | | | This is particularly useful when the application applies key derivation function by itself with the same underlying hash algorithm as the session. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'tmp-chacha' into 'master'Daiki Ueno2020-03-1911-0/+196
|\ \ \ | |_|/ |/| | | | | | | | cipher: expose raw ChaCha20 cipher See merge request gnutls/gnutls!1210
| * | abi: add enum values for GNUTLS_CIPHER_CHACHA20_*tmp-chachaDaiki Ueno2020-03-191-0/+2
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | cipher: allow setting ChaCha20 initial block counterDaiki Ueno2020-03-194-6/+68
| | | | | | | | | | | | | | | | | | | | | This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit nonce variant of GNUTLS_CIPHER_CHACHA20_64. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | nettle: vendor in ChaCha20 implementation from nettleDaiki Ueno2020-03-196-0/+102
| | | | | | | | | | | | | | | | | | | | | This enables to use bundled ChaCha20 implementation if the system nettle doesn't have nettle_chacha_set_counter. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | cipher: expose raw ChaCha20 cipherDaiki Ueno2020-03-193-0/+30
|/ / | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
View Lorry Controller Status