summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: pkcs12_encode: fix test for SHA512tmp-gnutls_3_5_x-backport-record-pad-fixesNikos Mavrogiannopoulos2018-06-131-12/+0
| | | | | | We don't support SHA512 in the 3.5.x branch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* hmac-sha384 and sha256 ciphersuites were removed from defaultsNikos Mavrogiannopoulos2018-06-133-15/+7
| | | | | | | | | | | | These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cbc_mac_verify: require minimum padding under SSL3.0Nikos Mavrogiannopoulos2018-06-131-1/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* dummy_wait: always hash the same amount of blocks that would have been on ↵Nikos Mavrogiannopoulos2018-06-131-30/+33
| | | | | | | | | | | minimum pad This improves protection against lucky13-type of attacks when encrypt-then-mac is not in use. Resolves #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* dummy_wait: correctly account the length field in SHA384 HMACNikos Mavrogiannopoulos2018-06-122-15/+13
| | | | | | | | | | | | | | | The existing lucky13 attack count-measures did not work correctly for SHA384 HMAC. The overall impact of that should not be significant as SHA384 is prioritized lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported by the peer. Relates #455 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: improved detection of 64-bit systemstmp-gnutls_3_5_x-f26Nikos Mavrogiannopoulos2018-05-263-2/+8
| | | | | | | We now use the ${ac_cv_sizeof_unsigned_long_int} variable which gives the numbers used in the host system, not the build one. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0Nikos Mavrogiannopoulos2018-05-261-6/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Use gcc's attribute to mark fallthrough statementsNikos Mavrogiannopoulos2018-05-265-2/+46
| | | | | | | | gcc7 is more verbose on fallthrough warnings, and this patch set cleans up the current state by making use of the attribute when necessary. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure: do not utilize the -Wno-format-truncation gcc warningNikos Mavrogiannopoulos2018-05-261-0/+1
| | | | | | The warnings it produces have little value in our use of string functions. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: removed initialization stepNikos Mavrogiannopoulos2018-05-261-25/+4
| | | | | | | | That is, combine syntax-check with the static analyzers run. That provides more parallelism per build and reduces the overall time spent on a successful run. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip]Nikos Mavrogiannopoulos2018-05-261-0/+2
| | | | | | This allows a more descriptive name to any downloaded artifacts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: use the same flags in the tags and non-tags windows buildsNikos Mavrogiannopoulos2018-05-261-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 buildNikos Mavrogiannopoulos2018-05-261-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat ↵Nikos Mavrogiannopoulos2018-05-261-1/+2
| | | | | | testing as well Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: switched to fedora 26 for CI buildsNikos Mavrogiannopoulos2018-05-261-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-04-251-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* retrieve_pin: refuse to retrieve PIN from URI more than one timeNikos Mavrogiannopoulos2018-04-252-3/+36
| | | | | | | | | That is, prevent re-using a static PIN if it has already been known to be wrong. Introduced tests of that behavior. Resolves #425 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle: corrected typo in version check for compatibility mode with 3.3Nikos Mavrogiannopoulos2018-03-271-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* nettle/pk: include nettle/version.hNikos Mavrogiannopoulos2018-03-201-0/+1
| | | | | | That enables the nettle version macros to operate. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cryptodev: fix prototype of cryptodev_mac_fast [ci skip]Nikos Mavrogiannopoulos2018-03-081-0/+4
| | | | | | Resolves #406 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cryptodev: added missing macro [ci skip]Nikos Mavrogiannopoulos2018-03-071-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* configure: treat solaris as ELF systemNikos Mavrogiannopoulos2018-02-231-0/+1
| | | | | | Resolves #376 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2018-02-161-0/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11 verification: always use the ↵Nikos Mavrogiannopoulos2018-02-162-6/+10
| | | | | | | | | | GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE That is, make sure that all our calls to PKCS#11 subsystem for verification will only trigger the trust module initialization, and not the generic PKCS#11 initialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: simplify trusted module loading stateNikos Mavrogiannopoulos2018-02-162-13/+15
| | | | | | | | That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE) to determine whether to initialize trusted modules only or proceed with general initialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_pkcs11_check_init: improved transition between statesNikos Mavrogiannopoulos2018-02-163-20/+59
| | | | | | | | | | | | | The init_level_t for PKCS#11 modules, was incorrectly handled as a linear state transition, causing few cases in the transition to be incorrectly handled. Define precisely the state transitions and enforce them in _gnutls_pkcs11_check_init. That addresses a regression introduced by the previous state handling addition, which made impossible to switch from the trusted state to the all modules. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* bumped versiongnutls_3_5_18Nikos Mavrogiannopoulos2018-02-163-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-02-121-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-02-091-1/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: make explicit key size check to all accelerated ciphersNikos Mavrogiannopoulos2018-02-0916-6/+37
| | | | | | | | That is, do not rely on checks done on asm level, as they vary and may change over updates. Also handle consistently invalid key sizes by returning an error, and eliminate calls to abort(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: check keysize in SSSE3 cipher setkeyVitezslav Cizek2018-02-091-0/+3
| | | | | | | | | | aes_ssse3_cipher_setkey() accepted any key size, which could lead to invalid memory access. Such as with the oss-fuzz corpora file fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
* nettle: use the nettle_get_secp API when availableNikos Mavrogiannopoulos2018-02-071-5/+15
| | | | | | Resolves #380 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* sed: use it in a portable way in makefilesNikos Mavrogiannopoulos2018-02-061-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2018-02-061-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* accelerated: aarch64: fix GCM counter incrementNikos Mavrogiannopoulos2018-02-061-2/+3
| | | | | | Ensure that we restrict the GCM counter to the 4 bytes assigned to it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* accelerated: fix use of SSSE3 vpaes_encrypttmp-gnutls_3_5_x-aesni-fixNikos Mavrogiannopoulos2018-02-061-1/+7
| | | | | | | | | Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-02-051-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* accelerated: fix use of aesni_ecb_encrypt()Nikos Mavrogiannopoulos2018-02-051-1/+1
| | | | | | | | | Previously we assumed that the nettle GCM internal functions will use the provided ECB function for single block encryption. Newer versions no longer operate that way. Ensure that we are compatible with them. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2018-01-231-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: corrected issue preventing the deletion of objects in batch modeNikos Mavrogiannopoulos2018-01-231-0/+2
| | | | | | | Previously initialization of PIN callbacks would only happen during listing of objects, which happened only in non-batch mode. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: corrected type affecting use of --only-urlsNikos Mavrogiannopoulos2018-01-231-1/+1
| | | | | | It would enable batch mode accidentally. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]Nikos Mavrogiannopoulos2018-01-171-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* bumped versiongnutls_3_5_17Nikos Mavrogiannopoulos2018-01-173-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updatetmp-gnutls_3_5_x-dtls-fixNikos Mavrogiannopoulos2018-01-161-0/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check whether get_mtu() functions relate to the set valuesNikos Mavrogiannopoulos2018-01-161-0/+25
| | | | | | | | That is, verify that gnutls_dtls_set_data_mtu() value would be reflected into gnutls_dtls_get_data_mtu(), as well as the gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* DTLS: improved data MTU calculation under CBC ciphersuitesNikos Mavrogiannopoulos2018-01-161-31/+34
| | | | | | | | | | | | | | | | | | | The data MTU calculation under CBC ciphersuites takes into account that the overhead of these ciphersuites is constant (IV + hash + 1 byte padding), though the capacity varies due to the padding block. That is, on 16-byte padding block, one padding byte is the overhead but the rest 15 bytes are accounted for data MTU. That also has the side effect that setting a data MTU using gnutls_dtls_set_data_mtu(), is not definite, and the actual MTU may be larger for these ciphersuites --i.e., the return value of gnutls_dtls_get_data_mtu(). (backported from master branch) Resolves #360 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* libtasn1: updated to latest master branchtmp-gnutls_3_5_x-update-libtasn1Nikos Mavrogiannopoulos2018-01-093-8/+32
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updatetmp-gnutls_3_5_x-fix-verification-issuesNikos Mavrogiannopoulos2018-01-071-0/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: updated copyright year for manualNikos Mavrogiannopoulos2018-01-071-2/+2
| | | | | | That eliminates the 'make syntax-check' error. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for self-signed verification errorNikos Mavrogiannopoulos2018-01-072-0/+146
| | | | | | Relates #347 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status