summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* .gitlab-ci.yml: temporarily allow failures on Debian.cross.aarch64tmp-nettle-3.6Daiki Ueno2020-11-091-0/+1
| | | | | | | | | | | | | | qemu is currently causing segmentation fault: cipher: aes-128-gcm cipher: aes-192-gcm cipher: aes-256-gcm cipher: chacha20-poly1305 qemu: uncaught target signal 11 (Segmentation fault) - core dumped Segmentation fault (core dumped) default cipher tests failed FAIL test-ciphers-openssl.sh (exit status: 139) Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: use nettle git master for FreeBSD.x86_64Daiki Ueno2020-11-091-5/+15
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Revert ".lgtm.yml: no longer bring nettle from master"Daiki Ueno2020-11-051-3/+10
| | | | | | This reverts commit bbe93dc315009fe1f9a30426cbe20f4661b8435c. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gostdsa: fix memleak in _gnutls_gostdsa_unmask_keyDaiki Ueno2020-11-041-0/+1
| | | | | | | | | | | | Spotted by valgrind: ==5721== 40 bytes in 1 blocks are definitely lost in loss record 1 of 3 ==5721== at 0x4839809: malloc (vg_replace_malloc.c:307) ==5721== by 0x4DC3E59: __gmp_default_allocate (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x4DD26A3: __gmpz_realloc (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x4DD8B9D: __gmpz_set_str (in /usr/lib64/libgmp.so.10.4.0) ==5721== by 0x499339D: _gnutls_gostdsa_unmask_key (gostdsa-mask.c:68) Signed-off-by: Daiki Ueno <ueno@gnu.org>
* testcompat-openssl: use RC4-SHA instead of RC4-MD5 for testingDaiki Ueno2020-11-041-6/+6
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: use Fedora 33 with LEGACY policy for SSL 3.0 testingDaiki Ueno2020-11-041-1/+2
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: supply -fstack-protector required by latest MinGWDaiki Ueno2020-11-041-1/+19
| | | | | | https://sourceforge.net/p/mingw-w64/bugs/818/ Signed-off-by: Daiki Ueno <ueno@gnu.org>
* tls-fuzzer: update submodulesDaiki Ueno2020-11-043-0/+0
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: avoid using fipshmacDaiki Ueno2020-11-041-1/+4
| | | | | | | The new fipshmac command provided by libkcapi requires NETLINK_CRYPTO, which is not enabled on gitlab CI. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src: remove use of siginterruptDaiki Ueno2020-11-041-3/+5
| | | | | | | GCC 10 warns this: tests.c:702:2: error: 'siginterrupt' is deprecated: Use sigaction with SA_RESTART instead [-Werror=deprecated-declarations] Signed-off-by: Daiki Ueno <ueno@gnu.org>
* .gitlab-ci.yml: update build-images for nettle 3.6Daiki Ueno2020-11-041-8/+5
| | | | | | Also remove Debian.cross.mips-linux-gnu, as it is no longer supported. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* build: hard require nettle 3.6Daiki Ueno2020-11-0418-1137/+20
| | | | | | | This allows us to remove several backports, including XTS, CFB8, raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'wip/dueno/psktool-realloc' into 'master'Daiki Ueno2020-11-022-6/+41
|\ | | | | | | | | psktool: Fix hex-encoding logic of username See merge request gnutls/gnutls!1349
| * psktool: Fix hex-encoding logic of usernameDaiki Ueno2020-10-312-6/+41
| | | | | | | | | | | | | | | | | | | | The previous code didn't modify the pointer to the realloc'ed region nor check overflow before calling realloc. Spotted by Anderson Sasaki in: <https://gitlab.com/gnutls/gnutls/-/merge_requests/1345#note_439063374>. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'remove_3des' into 'master'Daiki Ueno2020-11-021-2/+2
|\ \ | |/ |/| | | | | | | | | PKCS #12: switch default encryption to AES-256-CBC Closes #799 See merge request gnutls/gnutls!1348
| * PKCS#12: switch default encryption to AES-256-CBCSahana Prasad2020-10-301-2/+2
|/ | | | Signed-off-by: Sahana Prasad <sahana@redhat.com>
* Merge branch 'wip/dueno/psk-colon' into 'master'Daiki Ueno2020-10-307-46/+110
|\ | | | | | | | | | | | | psktool: encode username if it contains special character Closes #1103 See merge request gnutls/gnutls!1345
| * srptool: fix FILE pointer leakDaiki Ueno2020-10-301-1/+1
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * mini-record-timing: use only async-signal-safe functions in handlerDaiki Ueno2020-10-301-5/+24
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * psktool: encode username if it contains special characterDaiki Ueno2020-10-302-33/+71
| | | | | | | | | | | | | | This also moves the hex encoding of key to write_key for readability and makes file stream closing robuster. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * bootstrap.conf: exercise more tests from GnulibDaiki Ueno2020-10-273-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the build failure with -Werror: configure:53786: gcc -o conftest -O0 -Wall -Werror -g3 conftest.c -lev >&5 conftest.c:412: error: "GNULIB_STRERROR" redefined [-Werror] 412 | #define GNULIB_STRERROR 1 | conftest.c:305: note: this is the location of the previous definition 305 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS | cc1: all warnings being treated as errors as well as improves code coverage. Suggested by Bruno Haible in: <https://lists.gnu.org/archive/html/bug-gnulib/2020-10/msg00148.html>. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * gnutls_psk_set_server_credentials_file: document the file formatDaiki Ueno2020-10-261-0/+5
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'fix-padlock' into 'master'Daiki Ueno2020-10-275-61/+371
|\ \ | |/ |/| | | | | | | | | x86:add detection of instruction set on Zhaoxin CPU Closes #1079 See merge request gnutls/gnutls!1335
| * x86:Modify variable nameJonasZhou2020-09-245-29/+31
| | | | | | | | | | | | | | | | Modify the variables _gnutls_sha_padlock and _gnutls_sha_padlock_nano. Add a comment for detecting CPU. Modify the indentation. Delete initialization etc. Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
| * x86:add detection of instruction set on Zhaoxin CPUJonasZhou2020-09-244-53/+361
| | | | | | | | | | | | | | | | Add detection of extended instruction set on Zhaoxin cpu,e.g:ssse3,sha, etc. Set the priority of the algorithm according to the benchmark test result on Zhaoxin cpu. Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
* | Merge branch 'fix-avx-detection' into 'master'Daiki Ueno2020-10-211-3/+3
|\ \ | | | | | | | | | | | | | | | | | | x86: fix avx detection Closes #1083 See merge request gnutls/gnutls!1334
| * | x86: fix avx detectionJonasZhou2020-09-231-3/+3
| |/ | | | | | | | | | | | | | | | | In the case of setting environment variables, AVX cannot be detected correctly. Because only MOVBE is added to variable _gnutls_x86_cpuid_s, there is no OSXSAVE. And according to the intel manual, using AVX does not need to detect FMA. Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
* | Merge branch 'tmp-src-fixes' into 'master'Daiki Ueno2020-10-198-544/+158
|\ \ | | | | | | | | | | | | | | | | | | Add extra checks on memory allocation in src/ and examples Closes #1102 See merge request gnutls/gnutls!1344
| * | serv: use only async-signal-safe functions in signal handlerstmp-src-fixesDaiki Ueno2020-10-182-3/+14
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | _gnutls_asn2err: define as static inlineDaiki Ueno2020-10-182-42/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This pacifies -fanalyzer false-positive: common.c:552:3: warning: use of NULL '<unknown>' where non-null expected [CWE-690] [-Wanalyzer-null-argument] Ideally, the function should be defined as 'extern inline' to avoid code bloat by being copied across multiple translation units. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | doc/examples/ex-ocsp-client.c: check malloc return valueDaiki Ueno2020-10-181-0/+4
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | serv: peer_print_info: add overflow check on reallocDaiki Ueno2020-10-182-10/+16
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | serv: replace our own list implementation with Gnulib's gl_listDaiki Ueno2020-10-185-491/+85
|/ / | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-kdf-tests' into 'master'Daiki Ueno2020-10-085-0/+498
|\ \ | | | | | | | | | | | | fips: enable self-tests for KDF algorithms and CMAC See merge request gnutls/gnutls!1341
| * | fips: run CMAC self-testsDaiki Ueno2020-10-081-0/+6
| | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-tests on CMAC. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | fips: add self-tests for TLS-PRFDaiki Ueno2020-10-085-0/+206
| | | | | | | | | | | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires to run a single instance of each KDF mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | fips: add self-tests for PBKDF2Daiki Ueno2020-10-065-0/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | fips: add self-tests for HKDFDaiki Ueno2020-10-065-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises HKDF-Extract and HKDF-Expand operations with HMAC-SHA-256 as the underlying MAC. Although HKDF is non-approved, it would be sensible to do that as it will be approved in FIPS140-3. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'tmp-dh-2048' into 'master'Daiki Ueno2020-10-082-16/+130
|\ \ \ | |/ / |/| | | | | | | | fips: use 2048-bit prime for DH self-tests See merge request gnutls/gnutls!1342
| * | fips: use larger prime for DH self-teststmp-dh-2048Daiki Ueno2020-10-072-16/+130
|/ / | | | | | | | | | | | | | | According to FIPS140-2 IG 7.5, the minimum key size of FFC through 2030 is defined as 2048 bits. This updates the relevant self-test using ffdhe3072 defined in RFC 7919. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-sh-tests' into 'master'Daiki Ueno2020-10-03159-815/+801
|\ \ | | | | | | | | | | | | tests: simplify shell-script usage See merge request gnutls/gnutls!1337
| * | tests: add missing ${EXEEXT}Daiki Ueno2020-10-035-6/+6
| | | | | | | | | | | | | | | | | | Pointed by Andreas Metzler. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: prolong timeout in wait_for_portDaiki Ueno2020-10-031-6/+7
| | | | | | | | | | | | | | | | | | | | | gnutls-serv invocations in cert-tests/dsa can take long time to launch if valgrind tests are enabled. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: remove unused lock facility using lockfile-createDaiki Ueno2020-10-031-8/+0
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: create lock for tests using GETPORTDaiki Ueno2020-10-032-3/+23
| | | | | | | | | | | | | | | | | | | | | This fixes a race condition in the timings between when a free port is detected and when the port is actually used. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: simplify program detectionDaiki Ueno2020-10-037-56/+54
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: rewrite launch_server using launch_bare_serverDaiki Ueno2020-10-036-158/+150
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: remove launch_pkcs11_serverDaiki Ueno2020-09-252-10/+1
| | | | | | | | | | | | | | | | | | This function is only used by testpkcs11.sh. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: remove unused first argument from launch_serverDaiki Ueno2020-09-2533-176/+168
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * | tests: use ": ${FOO=BAR}" syntax for default handling in shell scriptsDaiki Ueno2020-09-25157-438/+438
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
View Lorry Controller Status