summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* gnutls-cli: improved output of --benchmark-tls-kxtmp-gnutls-cliNikos Mavrogiannopoulos2019-12-201-3/+3
| | | | | | | | | | | | | | | | | It is now printed in a way that separates the tests. Example: ``` (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 179.19 transactions/sec - avg. handshake time: 5.57 ms - standard deviation: 0.57 (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) - 182.24 transactions/sec - avg. handshake time: 5.48 ms - standard deviation: 0.64 ``` Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli: benchmark-tls-kx can work with sub-ms accuracyNikos Mavrogiannopoulos2019-12-203-13/+33
| | | | | | | | | This allows micro and nanoseconds to be reported if necessary, and it changes reporting of sample variance to standard deviation giving a possibly better overview as it is in the same units as the average. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'gost-split-4' into 'master'Dmitry Eremin-Solenikov2019-12-204-5/+123
|\ | | | | | | | | gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests See merge request gnutls/gnutls!1137
| * gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC testsDmitry Eremin-Solenikov2019-12-204-5/+123
| | | | | | | | | | | | | | Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT support by the server. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | README.md: updated to list fuzz coverage results [ci skip]Nikos Mavrogiannopoulos2019-12-191-4/+4
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | doc: update reference to the default configuration fileDimitri John Ledkov2019-12-191-1/+1
| | | | | | | | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
* | Introduced check to reject certificates with non-digits in time fieldLili Quan2019-12-196-9/+177
|/ | | | | | | | According to RFC5280 we should reject such certificates. Resolves: #870 Signed-off-by: Lili Quan <13132239506@163.com>
* Merge branch 'gost-split-3' into 'master'Dmitry Eremin-Solenikov2019-12-1811-14/+268
|\ | | | | | | | | Add GOST-CNT ciphersuite support See merge request gnutls/gnutls!1119
| * doc: document GROUP-GOST-ALL keywordDmitry Eremin-Solenikov2019-12-181-3/+3
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * NEWS: add news entry, describing TLS 1.3 vs GOST issuesDmitry Eremin-Solenikov2019-12-181-0/+8
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * ext/signature: use GOST signatures for GOST ciphersiuitesDmitry Eremin-Solenikov2019-12-182-0/+16
| | | | | | | | | | | | | | | | draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms in CertificateRequest message to GOST values if GOST cipher suite is selected. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * tls13-server-kx-neg: add test for GOST-enabled server and clientDmitry Eremin-Solenikov2019-12-181-1/+71
| | | | | | | | | | | | | | | | If both client and server have enabled TLS 1.3 and GOST-CNT ciphersuites, they should correctly negotiate a connection, but using TLS 1.2 version. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * tests: added testcases for ciphersuite/KX negotiation with VKO-GOSTDmitry Eremin-Solenikov2019-12-182-1/+76
| | | | | | | | | | | | | | This verifies whether the ciphersuite negotiation will detect and reject incompatible data present in credentials. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * tests: add tests for KX-GOST-VKO using different key variantsDmitry Eremin-Solenikov2019-12-181-0/+27
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * Add GOST cipher suitesDmitry Eremin-Solenikov2019-12-181-0/+11
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * priority: add GROUP-GOST-ALL keywordDmitry Eremin-Solenikov2019-12-181-0/+19
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * Support GOST certificate request valuesDmitry Eremin-Solenikov2019-12-181-8/+27
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * lib: fix group selection in case of GOST cipher suitesDmitry Eremin-Solenikov2019-12-182-1/+10
|/ | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Merge branch 'tmp-ext-fuzzer' into 'master'Nikos Mavrogiannopoulos2019-12-18870-1529/+84
|\ | | | | | | | | fuzzer: added fuzzer for gnutls_ext_raw_parse() [ci skip] See merge request gnutls/gnutls!1133
| * Sync with fuzzers from OSS-FuzzTim Rühsen2019-12-18832-1500/+0
| | | | | | | | | | | | | | Only lots of corpora removed (by merge step). Not sure why. But there are several new UBs detected. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Amend fuzz scripts and README for clang-8Tim Rühsen2019-12-182-6/+7
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Add fuzz corpora for gnutls_ext_raw_parse_fuzzerTim Rühsen2019-12-184-0/+0
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * fuzzer: added fuzzer for gnutls_ext_raw_parse()Nikos Mavrogiannopoulos2019-12-1832-23/+77
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* README.md: updated CI build badge [ci skip]Nikos Mavrogiannopoulos2019-12-161-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-more-const-1' into 'master'Tim Rühsen2019-12-1018-10098/+10795
|\ | | | | | | | | Add const to function arguments in lib/x509 See merge request gnutls/gnutls!1007
| * abi: updated to latest const changes and added NEWS entrytmp-more-const-1Nikos Mavrogiannopoulos2019-12-107-10002/+10692
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * Add const to function arguments in lib/x509Tim Rühsen2019-12-0712-101/+108
|/ | | | | | | This change does not introduce functionality changes. It just adds const promises to the caller. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'AVOID_INTERNALS' into 'master'Nikos Mavrogiannopoulos2019-12-051-8/+0
|\ | | | | | | | | lib: remove obsolete AVOID_INTERNALS See merge request gnutls/gnutls!1127
| * lib: remove obsolete AVOID_INTERNALSVitezslav Cizek2019-12-041-8/+0
| | | | | | | | | | | | | | | | Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS remained in lib/crypto-selftests-pk.c. Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
* | .triage-policies.yml: updated to work with latest gitlab-triage [ci skip]Nikos Mavrogiannopoulos2019-12-041-4/+2
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Revert "Released 3.6.11.1 including missing files"gnutls_3_6_11_1Nikos Mavrogiannopoulos2019-12-021-1/+1
| | | | | | This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Released 3.6.11.1 including missing filesNikos Mavrogiannopoulos2019-12-021-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-libopts-fix' into 'master'Nikos Mavrogiannopoulos2019-12-022-1/+3
|\ | | | | | | | | | | | | libopts: include new files into dist Closes #867 See merge request gnutls/gnutls!1126
| * libopts: include new files into disttmp-libopts-fixNikos Mavrogiannopoulos2019-12-022-1/+3
|/ | | | | | | | | This also includes --enable-local-libopts flag to make dist to catch future regressions. Resolves: #867 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* released 3.6.11gnutls_3_6_11Nikos Mavrogiannopoulos2019-12-011-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Write OCSP status request debug information to logfile, if setFiona Klute2019-12-011-1/+1
| | | | | | | The status information not part of the payload data and should be separate when using --logfile. Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* Send log messages about loading client credentials to logfile, if setFiona Klute2019-12-011-2/+2
| | | | Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* .travis.yml: explicitly install openssl to address build issueNikos Mavrogiannopoulos2019-11-291-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* NEWS: documented AES-CFB8 fix [ci skip]Nikos Mavrogiannopoulos2019-11-291-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* bumped versionNikos Mavrogiannopoulos2019-11-293-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .travis.yml: update submodules [ci skip]Nikos Mavrogiannopoulos2019-11-291-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* base64: minor improvements in OOM handling and test suiteNikos Mavrogiannopoulos2019-11-292-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-fix-base64' into 'master'Nikos Mavrogiannopoulos2019-11-283-8/+15
|\ | | | | | | | | | | | | gnutls_base64_decode2() succeeds decoding the empty string Closes #834 See merge request gnutls/gnutls!1124
| * gnutls_base64_decode2() succeeds decoding the empty stringNikos Mavrogiannopoulos2019-11-283-8/+15
|/ | | | | | | | | This is a behavioral change of the API but it conforms to the RFC4648 expectations. Resolves: #834 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Revert "tests: ignore datefudge-check check when running on command line"Nikos Mavrogiannopoulos2019-11-271-3/+3
| | | | | | | | This commit was breaking CI on FreeBSD systems. This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-fix-crl-dist-points' into 'master'Nikos Mavrogiannopoulos2019-11-276-13/+60
|\ | | | | | | | | | | | | Add CRL distribution points to non-self-signed certificates Closes #765 See merge request gnutls/gnutls!1123
| * certtool: always include the CRL distribution points on CAsNikos Mavrogiannopoulos2019-11-255-10/+57
| | | | | | | | | | | | | | | | | | Previously we would omit the CRL distribution points from a non-self signed CA certificate, even if contained in the template. Resolves: #765 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * tests: ignore datefudge-check check when running on command lineNikos Mavrogiannopoulos2019-11-251-3/+3
|/ | | | | | | That allows running the tests individually without make or setting top_builddir variable. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'minimal-check' into 'master'Dmitry Eremin-Solenikov2019-11-235-5/+23
|\ | | | | | | | | Run tests under minimal configuration See merge request gnutls/gnutls!1122
| * tests: make tests pass with disabled GOST algorithmsDmitry Eremin-Solenikov2019-11-224-5/+22
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status