| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
tests: enable all tests to run under valgrind
Closes #1174 and #708
See merge request gnutls/gnutls!1383
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
|
|
| |
This introduces a non-installed program "fipshmac" and uses it for
generating HMAC files required in FIPS 140-2. The generated files are
installed along with the main library.
Resolves issues #1101.
Signed-off-by: Ondrej Moris <omoris@redhat.com>
Co-authored-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
| |
When libhogweed built with external gmplib, then it required explicit
path to gmplib to pass check.
Signed-off-by: Dmitriy Tsvettsikh <dmitrycvet@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
configure.ac: include <libguile.h> when checking scm_* functions
Closes #1116
See merge request gnutls/gnutls!1360
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
Reported by Tim Rühsen in:
https://gitlab.com/gnutls/gnutls/-/issues/577
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
availability
This reverts commit 945a48993dcdd9ead17216e55c59db209923ea5e
and fixes the original issue (#966) differently.
This makes sure that when targeting a version of macOS less than
10.12, we won't pick up and unconditionally use functions that
only appeared later, when building with Xcode 11.4 or newer.
(With Xcode 11.4 or newer, the fix from 945a48993dcdd9 caused
-no_weak_links not be added, affecting the function availability
tests.)
Signed-off-by: Martin Storsjo <martin@martin.st>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This allows us to remove several backports, including XTS, CFB8,
raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the build failure with -Werror:
configure:53786: gcc -o conftest -O0 -Wall -Werror -g3 conftest.c -lev >&5
conftest.c:412: error: "GNULIB_STRERROR" redefined [-Werror]
412 | #define GNULIB_STRERROR 1
|
conftest.c:305: note: this is the location of the previous definition
305 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS
|
cc1: all warnings being treated as errors
as well as improves code coverage.
Suggested by Bruno Haible in:
<https://lists.gnu.org/archive/html/bug-gnulib/2020-10/msg00148.html>.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
-Warith-conversion is new in GCC 10.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
| |
This brings in the build fixes of parse-datetime module:
https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
minitasn1: move WARN_CFLAGS setting to configure.ac
Closes #1022
See merge request gnutls/gnutls!1307
|
| |
| |
| |
| |
| |
| |
| | |
Some compilers don't support -Wno-type-limits, while they support
-Wtype-limits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
Add or clean header guards in lib/includes/gnutls/
See merge request gnutls/gnutls!993
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| |
| |
| |
| | |
This makes the extended test suite work one Debian(-ish) systems
without Python 2, where the Python 3 interpreter is called "python3".
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
configure.ac: prefer the latest version of build infrastructure
See merge request gnutls/gnutls!1284
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
AM_GNU_GETTEXT_REQUIRE_VERSION tells autopoint to copy the latest
possible build infrastructure installed on the system, rather than the
fixed version from the archive.dir.tar.xz. This makes the
bootstrapping slightly faster and allows us not to stick with the
ancient gettext version.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some linkers might optimize away the libraries passed on the
command line if they aren't actually needed, such as gnu ld with
--as-needed.
The ldd output then won't list the shared libraries and the
detection will fail.
Make sure nettle and others are really used.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|\ \
| | |
| | |
| | |
| | | |
MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
See merge request gnutls/gnutls!1161
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This should fix #1020 where bcrypt is missing from thirdparty_libadd.
Ultimately it would be good to add libraries that always need to be linked in
one variable that is shared between the Makefile and the pkg-config file.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
use bcrypt for the windows random generator instead of wincrypt
See merge request gnutls/gnutls!1255
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
Rewrite the CryptoAPI calls in bcrypt.
bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
configure.ac: add -fno-builtin-strcmp if valgrind is enabled
Closes #944
See merge request gnutls/gnutls!1264
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Recent GCC provides strcmp which makes Valgrind assume that it accesses
uninitialized data. Disable this optimization if Valgrind tests are
enabled.
Fixes #944
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
configure: check that -no_weak_links works with FD_SET
Closes #966
See merge request gnutls/gnutls!1266
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Several Xcode/SDK versions provide FD_SET implementation that does not
work with -no_weak_links. Check that this option does not break FD_SET
usage.
Fixes #966
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | | |
lib: improve external file loading
See merge request gnutls/gnutls!1261
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
fread_file and read_file. This also adds the following changes to be
consistent with the latest changes in Gnulib:
- the callers of fread_file and read_file to be adjusted for the FLAGS
argument
- "attribute.h" needs to be used extensively
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
the build. We can assume that the minimum platform the code will run on is
Vista [1]
In that case there's no need to call API's (ncrypt) dynamically when it can be
done statically.
[1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
To properly link it needs to be linked with the crypt32.dll.
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
This library was missing from the pkg-config library. It exists in
thirdparty_libadd to link gnutls as a DLL.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
nettle: expose SIV-CMAC through the AEAD interface
Closes #974 and #463
See merge request gnutls/gnutls!1238
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Given the fixed version of the function will be part of Nettle 3.6,
use pkg-config --atleast-version instead of a manually comparison of
the Nettle version.
Fixes #974.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
New make target 'update-copyright-year'
Closes #980
See merge request gnutls/gnutls!1241
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We don't want to automatically update the copyright year as this
prevents reproducible builds.
Instead, 'make update-copyright-year' has to be executed at the
start of each new year and the changes have to be pushed.
Closes #980
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/ /
| |
| |
| |
| |
| |
| | |
Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
use this function from imported nettle sources.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Update gostdsa_vko() following changes going to be accepted into Nettle.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Provide GOST support using source files copied by script rather than
manually crafted by me.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
build: use valgrind client request to detect undefined memory use
See merge request gnutls/gnutls!1228
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This tightens the check introduced in
ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|