summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* .dir-locals.el: new fileDaiki Ueno2017-11-301-0/+1
| | | | | | This forces Emacs to use the Linux kernel coding style for all C code. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* build: remove m4 files pulled in by autopointDaiki Ueno2017-11-303-905/+0
| | | | | | | Having these files in the git repository causes unnecessary changes after "make bootstrap". Signed-off-by: Daiki Ueno <dueno@redhat.com>
* gnutls_aead_cipher_init: corrected potential memory leakNikos Mavrogiannopoulos2017-11-291-4/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: provided basic documentation of the FIPS140-2 mode [ci skip]Nikos Mavrogiannopoulos2017-11-283-4/+41
| | | | | | Resolves #332 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: verify whether group remains the same after resumptiontmp-restore-group-infoNikos Mavrogiannopoulos2017-11-271-0/+19
| | | | | | Resolves #331 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_set_resumed_parameters: restore the group from resumed parametersNikos Mavrogiannopoulos2017-11-271-0/+1
| | | | | | | That allows resumed sessions to have the original group information such as curve used for key exchange or FFDHE parameters. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: removed unnecessary assertNikos Mavrogiannopoulos2017-11-241-1/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: delete temporary filesNikos Mavrogiannopoulos2017-11-241-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* session state: use the right type for send_cert_req variableNikos Mavrogiannopoulos2017-11-241-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: client-fastopen: introduce child signal handler and delay prior to ↵Nikos Mavrogiannopoulos2017-11-241-5/+8
| | | | | | | | starting This addresses a hang issue on freebsd builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* psktool: allow up to 512-byte keysNikos Mavrogiannopoulos2017-11-221-1/+1
| | | | | | | | | | This aligns the psktool --help output with the psktool operation. Suggested by Jack Lloyd. Resolves #327 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* getfuncs-map.pl: added gnutls_srp_8192_group* symbols to ignore listtmp-srp-updatesNikos Mavrogiannopoulos2017-11-221-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* updated auto-generated filesNikos Mavrogiannopoulos2017-11-214-397/+400
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* srptool: --create-conf no longer includes 1024-bit parametersNikos Mavrogiannopoulos2017-11-212-10/+15
| | | | | | | In addition it includes the 8192-bit parameters, and the default params used for a new user are the 2k ones. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: updated SRP checksNikos Mavrogiannopoulos2017-11-211-37/+60
| | | | | | | | Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters. In addition, verify that parameters not in the SRP spec are rejected by a gnutls client. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: move destructive tests after trust store testsNikos Mavrogiannopoulos2017-11-211-1/+2
| | | | | | | That is, to ensure they are only run after the trust store is complete and that it doesn't affect its output. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-11-212-0/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: include the 8192-bit SRP prime into param checksNikos Mavrogiannopoulos2017-11-211-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* srp: added the 8192-bit primeNikos Mavrogiannopoulos2017-11-213-15/+180
| | | | | | | | As we now reject any primes not in the SRP spec, we include that parameter to ensure we can handle clients within the spec but with large parameters. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* srp: reject any parameters not in the SRP draftNikos Mavrogiannopoulos2017-11-211-113/+2
| | | | | | | | This implements the SHOULD requirement from RFC5054, i.e., to only accept group parameters that come from a trusted source, such as those listed in Appendix A. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip]Nikos Mavrogiannopoulos2017-11-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: combined key and cert teststmp-simplify-testsNikos Mavrogiannopoulos2017-11-2167-109/+29
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: windows subdir is only included on windows buildsNikos Mavrogiannopoulos2017-11-211-9/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: dtls subdir was merged into main testsNikos Mavrogiannopoulos2017-11-213-54/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: srp-client: restrict prime bits to 1537 [ci skip]Nikos Mavrogiannopoulos2017-11-201-0/+1
| | | | | | | That avoids timeouts in the oss-fuzz infrastructure: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: corrected typoNikos Mavrogiannopoulos2017-11-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: better detect acronym keyword on latex outputtmp-doc-fixNikos Mavrogiannopoulos2017-11-161-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: latex: resolve all citation issuesNikos Mavrogiannopoulos2017-11-161-9/+70
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: citations translate into references in texinfoNikos Mavrogiannopoulos2017-11-164-5/+14
| | | | | | | | That makes the citations to be links in the generated html manual. Resolves: #321 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: renamed pkcs11_set_pin() to allow static linkingNikos Mavrogiannopoulos2017-11-153-4/+4
| | | | | | Resolves #322 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* cfg.mk: do not include reproducer files into syntax checkstmp-fix-memleakNikos Mavrogiannopoulos2017-11-151-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_ext_import_proxy: corrected memory leakNikos Mavrogiannopoulos2017-11-152-8/+8
| | | | | | | | | Also added reproducer for the memory leak found. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tools: do not access unused variablesNikos Mavrogiannopoulos2017-11-142-8/+2
| | | | | | This avoids warnings by static analyzers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: disabled gcc warnings on CI builds and use dashNikos Mavrogiannopoulos2017-11-142-21/+22
| | | | | | | That should decrease the time spent in configure. Based on suggestions by Tim Ruehsen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: use configure cache file and ccacheNikos Mavrogiannopoulos2017-11-141-42/+72
| | | | | | | | | | | | That reduces the total time spent per build by caching configure checks, and compilation artifacts. Also that patch set no longer uploads coverage files as artifacts. These files are not generally useful, and removing that "feature" will reduce CI running time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* doc: corrected typo [ci skip]Nikos Mavrogiannopoulos2017-11-041-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: list-tokens: not only list but also verify whether module is operationalNikos Mavrogiannopoulos2017-11-031-0/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: refuse to load modules with duplicate informationNikos Mavrogiannopoulos2017-11-031-1/+2
| | | | | | | | That is, when ck_info matches, we soft fail loading the module. That is, because in several cases the pointers got by p11-kit may differ for the same modules. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced PKCS#11 loading testNikos Mavrogiannopoulos2017-11-032-0/+14
| | | | | | | | Test whether implicit initialization in trusted module (e.g., via verification), would result to proper initialization of additional modules once a PCKS#11 function is called. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#11 module loading testNikos Mavrogiannopoulos2017-11-037-10/+320
| | | | | | | | | | | | | | | | | | This checks: 1. Whether all modules are loaded from p11-kit when no explicit gnutls_pkcs11_init() is called and pkcs11 calls are accessed. 2. Whether only the trusted modules are loaded from p11-kit and no other PKCS#11 calls than PKCS#11 cert validation is performed. 3. Whether the trusted modules are loaded when gnutls_pkcs11_init() is called with manual flag. Resolves #315 Resolves #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: allow loading trusted modules when pkcs11 was initialized in manual modeNikos Mavrogiannopoulos2017-11-033-28/+26
| | | | | | | | | | | | | When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 trust store was not loaded, and thus prevent any certificate validation. This change allows initializing the trust modules only even if generic PKCS#11 support is disabled by the application. Relates #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: introduce multiple levels of loadingNikos Mavrogiannopoulos2017-11-034-15/+50
| | | | | | | | | That allows to load the PKCS#11 trusted modules (on systems which use them) without loading all the potentially present PKCS#11 modules. Relates #315 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* CONTRIBUTING.md: added a short text on reviewing code [ci skip]tmp-review-guidelinesNikos Mavrogiannopoulos2017-11-021-0/+21
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix non-null warningRoberto Newmon2017-10-291-8/+8
| | | | | | | | | Help the compiler understand the control flow in the MATCH_FUNC and INVALID_MATCH_FUNC macros. Because we are using macros, the compiler is not able to correlate the replaced values of the macro variables to each other yielding non-null warnings. Introduce a C variable to mimic the macro variable helping the compiler understanding the control flow.
* tests: test whether PKCS#11 generation works without loginNikos Mavrogiannopoulos2017-10-211-0/+23
| | | | | | Resolves #147 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: attempt to auto-login when the token requires itNikos Mavrogiannopoulos2017-10-211-8/+21
| | | | | | | | | In operations like generation or writing objects, run as if --login was given if the token is marked to require login. Relates #147 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11tool: print PKCS#11 token flags in --list-tokensNikos Mavrogiannopoulos2017-10-211-0/+88
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkcs11: forward token flags to applicationsNikos Mavrogiannopoulos2017-10-212-1/+58
| | | | | | | | That is, gnutls_pkcs11_token_get_flags() will not return the most common/useful PKCS#11 token flags, in addition to trusted and HW flags. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc update [ci skip]gnutls_3_6_1Nikos Mavrogiannopoulos2017-10-211-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2017-10-211-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status