summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build: ignore pointless -Wformat-nonliteral warningtmp-gnulibDaiki Ueno2020-09-171-0/+3
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* configure.ac: don't enable warning only available in decent gccDaiki Ueno2020-09-171-0/+1
| | | | | | -Warith-conversion is new in GCC 10. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: bump cache versionDaiki Ueno2020-09-171-1/+1
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* build: ignore pointless -Wformat-y2k warningDaiki Ueno2020-09-172-0/+6
| | | | | | Printing UTCTime really needs last 2 digits of the year. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gnulib: update git submoduleDaiki Ueno2020-09-173-2/+3
| | | | | | | | | This brings in the build fixes of parse-datetime module: https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'gnutls-cli-aia' into 'master'Daiki Ueno2020-09-0411-4/+255
|\ | | | | | | | | | | | | Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve' Closes #968 See merge request gnutls/gnutls!1319
| * src/cli: adds new option '--ca-auto-retrieve' that can be used with ↵Sahana Prasad2020-09-0211-4/+255
| | | | | | | | | | | | | | | | | | | | gnutls-cli to automatically download missing intermediate CAs in a certificate chain lib/cred-cert.c : adds set and get APIs to get user data in the gnutls_x509_trust_list_set_getissuer_function() callback. Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | Merge branch 'tmp-renegotiation' into 'master'Daiki Ueno2020-09-034-13/+36
|\ \ | | | | | | | | | | | | | | | | | | handshake: reject no_renegotiation alert if handshake is incomplete Closes #1071 See merge request gnutls/gnutls!1320
| * | handshake: reject no_renegotiation alert if handshake is incompletetmp-renegotiationDaiki Ueno2020-09-034-13/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the initial handshake is incomplete and the server sends a no_renegotiation alert, the client should treat it as a fatal error even if its level is warning. Otherwise the same handshake state (e.g., DHE parameters) are reused in the next gnutls_handshake call, if it is called in the loop idiom: do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'tmp-sizeof' into 'master'Daiki Ueno2020-09-032-7/+11
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix padlock partial PHE detection and sizeof usage Closes #1076 See merge request gnutls/gnutls!1316
| * | | tests: fix sizeof usage in mini-record-timingtmp-sizeofDaiki Ueno2020-08-301-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | | padlock: fix partial PHE detectionDaiki Ueno2020-08-301-6/+10
| | |/ | |/| | | | | | | | | | | | | | | | The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead of arbitrary length data when EAX is set to -1. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'rsa_privkey_import' into 'master'Daiki Ueno2020-09-033-13/+46
|\ \ \ | |/ / |/| | | | | | | | Fix optional arguments handling in gnutls_privkey_import_rsa_raw() See merge request gnutls/gnutls!1318
| * | Consolidate optional arguments tests for RSA key import, cleanup after each ↵Nikolay Sivov2020-09-021-25/+26
| | | | | | | | | | | | | | | | | | import. Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
| * | Move RSA key parameter counter fixup closer to exponent update helper.Nikolay Sivov2020-09-021-3/+2
| | | | | | | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
| * | Add some tests for optional arguments in gnutls_privkey_import_rsa_raw().Nikolay Sivov2020-09-011-0/+30
| | | | | | | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
| * | Fix optional parameters counter when importing RSA private keys.Nikolay Sivov2020-09-011-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted, key fixup logic however checks for 3 missing arguments when updating coefficient 'u' but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters are missing at that point. Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
| * | Use symbols defined for RSA key parameter indices in more places.Nikolay Sivov2020-09-012-13/+13
|/ / | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
* | Merge branch 'master' into 'master'Daiki Ueno2020-08-292-3/+13
|\ \ | |/ |/| | | | | | | | | improve gnutls-serv EOL processing Closes #1073 See merge request gnutls/gnutls!1314
| * improve gnutls-serv EOL processingAlbrecht Dreß2020-08-292-3/+13
|/ | | | | | add option `--crlf` to gnutls-serv to disable replacing a received CRLF by LF in echo mode (fixes #1073). Signed-off-by: Albrecht Dreß <albrecht.dress@arcor.de>
* Merge branch 'tmp-tls12-version-checks' into 'master'Daiki Ueno2020-08-212-12/+39
|\ | | | | | | | | | | | | handshake: check TLS version against modified server priorities Closes #1054 See merge request gnutls/gnutls!1309
| * handshake: check TLS version against modified server prioritiestmp-tls12-version-checksDaiki Ueno2020-08-172-12/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | The server needs to take into account of multiple factors when determining the TLS protocol version actually being used: - the legacy version - "supported_versions" extension - user_hello_func that may modify the server's priorities Only after that it can check whether the TLS version is enabled in the server's priorities. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-ocsp-resp-status' into 'master'Daiki Ueno2020-08-204-2/+134
|\ \ | | | | | | | | | | | | | | | | | | cert-session: check OCSP error responses Closes #1062 See merge request gnutls/gnutls!1308
| * | cert-session: check OCSP error responsestmp-ocsp-resp-statusDaiki Ueno2020-08-144-2/+134
| |/ | | | | | | | | | | | | | | If the OCSP responder returns an error code, such as tryLater, we can't proceed to examine the response bytes. In that case, just skip the check unless the stapling is mandatory on this certificate. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-cipher-check-length' into 'master'Daiki Ueno2020-08-182-0/+91
|\ \ | | | | | | | | | | | | | | | | | | gnutls_aead_cipher_decrypt: check output buffer size before writing Closes #1049 See merge request gnutls/gnutls!1312
| * | gnutls_aead_cipher_decrypt: check output buffer size before writingtmp-cipher-check-lengthDaiki Ueno2020-08-172-0/+91
| |/ | | | | | | | | | | | | | | | | While the documentation of gnutls_aead_cipher_decrypt indicates that the inout argument ptext_len initially holds the size that sufficiently fits the expected output size, there was no runtime check on that. This makes the interface robuster against misuses. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-crt-export2' into 'master'Daiki Ueno2020-08-182-4/+11
|\ \ | | | | | | | | | | | | | | | | | | gnutls_x509_crt_export2: return 0 instead of the length Closes #1025 See merge request gnutls/gnutls!1311
| * | gnutls_x509_crt_export2: return 0 instead of the lengthtmp-crt-export2Daiki Ueno2020-08-162-4/+11
| | | | | | | | | | | | | | | | | | This aligns the behavior to the documentation. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'tmp-type-limits' into 'master'Daiki Ueno2020-08-182-4/+1
|\ \ \ | |/ / |/| | | | | | | | | | | | | | minitasn1: move WARN_CFLAGS setting to configure.ac Closes #1022 See merge request gnutls/gnutls!1307
| * | minitasn1: move WARN_CFLAGS setting to configure.actmp-type-limitsDaiki Ueno2020-08-132-4/+1
| |/ | | | | | | | | | | | | Some compilers don't support -Wno-type-limits, while they support -Wtype-limits. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-fix-gost-cert-nogost' into 'master'Daiki Ueno2020-08-161-15/+1
|\ \ | | | | | | | | | | | | | | | | | | Fix parser output in tests/cert-tests/data/gost-cert-nogost.pem Closes #1038 See merge request gnutls/gnutls!1310
| * | Fix parser output in tests/cert-tests/data/gost-cert-nogost.pemFiona Klute2020-08-161-15/+1
|/ / | | | | | | | | | | | | | | | | When building without GOST support parsing a GOST certificate must return an "error importing public key" message instead of key details. This change makes tests/cert-tests/pem-decoding pass for builds with --disable-gost. Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* | Merge branch 'tmp-fips-enabled' into 'master'Daiki Ueno2020-08-141-1/+10
|\ \ | | | | | | | | | | | | _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled See merge request gnutls/gnutls!1306
| * | _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabledtmp-fips-enabledDaiki Ueno2020-08-121-1/+10
| |/ | | | | | | | | | | | | | | | | Previously gnutls_fips140_mode_enabled() returned true, even after selftests have failed and the library state has switched to error. While later calls to crypto operations fails, it would be more convenient to have a function to detect that state. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-typo-fixes' into 'master'Daiki Ueno2020-08-1423-31/+31
|\ \ | | | | | | | | | | | | doc: assorted typo fixes See merge request gnutls/gnutls!1305
| * | doc: assorted typo fixestmp-typo-fixesDaiki Ueno2020-08-1223-31/+31
| |/ | | | | | | | | | | Spotted by codespell. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-cert-invalid' into 'master'Daiki Ueno2020-08-142-1/+5
|\ \ | | | | | | | | | | | | cert-session: ensure that invalid flag is always set See merge request gnutls/gnutls!1304
| * | serv, cli: ensure that invalid flag is always settmp-cert-invalidDaiki Ueno2020-08-121-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | cert-session: fail hard if mandatory stapling is not honoredDaiki Ueno2020-08-121-0/+1
| |/ | | | | | | | | | | | | | | According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-public-header-guards' into 'master'Daiki Ueno2020-08-1419-38/+50
|\ \ | | | | | | | | | | | | Add or clean header guards in lib/includes/gnutls/ See merge request gnutls/gnutls!993
| * | Add or clean header guards in lib/includes/gnutls/tmp-public-header-guardsTim Rühsen2019-05-0819-38/+50
| | | | | | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | | Merge branch 'tmp-fix-cert-pass' into 'master'Daiki Ueno2020-08-142-1/+11
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix two issues about certtool and passwords Closes #933 and #888 See merge request gnutls/gnutls!1268
| * | | p12: do not encrypt encrypt certificate bag with empty passwordtmp-fix-cert-passDmitry Baryshkov2020-05-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not encrypt certificate bag if the user has specified empty password (--password ''). Encryption can be turned on by specifying --empty-password. Fixes #888 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | | certtool: do not ask for private key password if it was providedDmitry Baryshkov2020-05-281-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make pin_callback() use cinfo->password if it is set (via command line or from template). Fixes #933 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | | Merge branch 'mangle-ecc_scalar_random' into 'master'Daiki Ueno2020-08-141-1/+7
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | | | | | | | | | Mangle/hide GNUTLS-built ecc_scalar_random() Closes #1016 See merge request gnutls/gnutls!1300
| * | | mangle gnutls-built ecc_scalar_randomSteve Lhomme2020-08-141-1/+7
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we mangle the internal version we build. ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS. Fixes #1016 Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
* | | Merge branch 'mcatanzaro/test-missingissuer' into 'master'Daiki Ueno2020-08-081-1/+0
|\ \ \ | | | | | | | | | | | | | | | | Fix invalid free in missing issuer test case error path See merge request gnutls/gnutls!1303
| * | | Fix invalid free in missing issuer test case error pathMichael Catanzaro2020-08-071-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This variable is not initialized in this error path: it's only initialized if gnutls_x509_crt_get_authority_info_access() succeeds. Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
* | | | Merge branch 'mcatanzaro/typo' into 'master'Daiki Ueno2020-08-071-1/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | Fix typo in API docs See merge request gnutls/gnutls!1302
| * | | Fix typo in API docsMichael Catanzaro2020-08-071-1/+1
|/ / / | | | | | | | | | Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
View Lorry Controller Status