| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
That is, force re-key of the KEY and RANDOM PRNG after 2 hours
of operation, irrespective of the amount of data having been output.
At the same time, increase limits for key and nonce generators,
to prevent a large amount of system calls in busy servers.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
That allows using the faster generator for ephemeral keys.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, we do not really require high quality secret data for the generation
of signatures. A better approach would be to switch to predictable signatures (RFC6979).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This should reduce both the bandwidth and the time of the fetch.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Martin Storsjo <martin@martin.st>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
|
|
|
| |
That brings back the -Werror for building, after its removal from
clang-analyzer build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
| |
When we pass '--status-bugs' to the command in combination with
'-Werror' in CFLAGS it has the following side effects. In a failed
due to Werror build, scan-build fails to find any issues, and
marks the run as successfully completed. Hence, removes the -Werror
from clang-analyzer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Incorrect ordering of -lseccomp:
<snip>
-Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
./.libs/libutils.a(seccomp.o): In function seccomp_init'
seccomp.c:(.text+0x2b): undefined reference to `seccomp_init'
<snip>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
|
|
|
| |
This change assumes that afl-fuzz (and not libfuzzer) will be used
by default.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
When initializing a private key operation, attempt to re-open the key
if CKR_SESSION_HANDLE_INVALID is received.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This avoids crashes when the object is used after a fork but prior
to the session being re-established.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This inputs a large set of valid and invalid OCSP files
in the OCSP parser with the intention to stress test its
error checking, and prevent regressions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This inputs a large set of valid and invalid certificates in
the certificate parser with the intention to stress test its
error checking, and prevent regressions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
|
|
|
|
| |
These functions were previously made available only in FIPS140-2
mode. Enabling them unconditionally allows applications to directly
utilize that functionality for testing the gnutls library.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This prevents clashes when the same operation is carried in other
threads.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This allows to run PKCS#11 private key operations such as signing
and decryption in parallel.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t
context work.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
|
|
|
| |
This optimizes access when multiple provider modules are available,
by avoiding scanning irrelevant ones.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This prevents denial of service through very large iteration
counts. Issue found via oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
|
|
|
| |
This reverts commit 603772688c4e37dae437b4cede12e25b9dd9f678.
The commit introduced a long wait for the coverage build without
and significant benefit (the extend of the FIPS140 code is limited
to have any impact on the overall coverage).
|
| |
|
|
|
|
| |
This fixes compilation in systems without getrandom().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This will allow the test tool to operate even after openpgp certificates
are deprecated.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That allows disabling openpgp authentication and at the same time
retaining ABI compatibility with versions including openpgp.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
