summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* fips: use larger prime for DH self-teststmp-dh-2048Daiki Ueno2020-10-072-16/+130
| | | | | | | | According to FIPS140-2 IG 7.5, the minimum key size of FFC through 2030 is defined as 2048 bits. This updates the relevant self-test using ffdhe3072 defined in RFC 7919. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* x509: correct argument of gnutls_verify_output_functiontmp-verify-outputDaiki Ueno2020-09-271-2/+3
| | | | | | | | This is a leftover of 52e78f1e. We need to call gnutls_verify_output_function with the replaced CA cert instead of the original cert. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'fix-x86-padlock' into 'master'Daiki Ueno2020-09-231-1/+0
|\ | | | | | | | | padlock:fix exception in wrap_padlock_hmac_fast See merge request gnutls/gnutls!1336
| * padlock:fix exception in wrap_padlock_hmac_fastJonasZhou2020-09-231-1/+0
| | | | | | | | | | | | | | In function wrap_padlock_hmac_fast, use free to release local variables ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash. Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
* | Merge branch 'tmp-default-prio' into 'master'Daiki Ueno2020-09-231-0/+1
|\ \ | | | | | | | | | | | | priority: add Ed448 to SECURE192 signing algorithms See merge request gnutls/gnutls!1332
| * | priority: add Ed448 to SECURE192 signing algorithmstmp-default-prioDaiki Ueno2020-09-201-0/+1
| |/ | | | | | | | | | | | | Reported Vladimír Čunát in: https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-clock_nanosleep' into 'master'Daiki Ueno2020-09-2114-201/+84
|\ \ | |/ |/| | | | | | | | | tests: allow clock_nanosleep in seccomp tests Closes #1086 See merge request gnutls/gnutls!1325
| * inih: remove unused codeDaiki Ueno2020-09-212-94/+4
| | | | | | | | | | | | | | | | | | This avoids -fanalyzer false-positive in GCC 10: https://bugzilla.redhat.com/show_bug.cgi?id=1878600 as well as the cppcheck warning: "variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced." Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * build: remove dead assignmentsDaiki Ueno2020-09-188-70/+50
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * spki: work around GCC 10 -Warray-bounds false-positiveDaiki Ueno2020-09-182-4/+8
| | | | | | | | | | | | | | Suggested by Martin Sebor in: https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1 Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * tls13/session_ticket: remove _gnutls13_session_ticket_unsetDaiki Ueno2020-09-183-33/+22
| | | | | | | | | | | | | | | | | | The function was not really useful because _gnutls_free_datum() has a NULL check as in free(). This also makes GCC 10 happy if -Warray-bounds=2 is specified: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984 Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'rsa_privkey_prive' into 'master'Daiki Ueno2020-09-203-21/+61
|\ \ | |/ |/| | | | | Make private exponent optional in gnutls_privkey_import_rsa_raw() See merge request gnutls/gnutls!1323
| * Make private exponent optional in gnutls_privkey_import_rsa_raw().Nikolay Sivov2020-09-063-7/+47
| | | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
| * Use symbols defined for RSA key parameter indices in some more places.Nikolay Sivov2020-09-061-14/+14
| | | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
* | Modifies P_hash() to hash the seed and label separatelySahana Prasad2020-09-172-19/+8
| | | | | | | | | | | | | | Thereby not restricting the implementation of prf to MAX_SEED_SIZE MAX_SEED_SIZE is not used anymore Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | build: ignore pointless -Wformat-y2k warningDaiki Ueno2020-09-171-0/+3
|/ | | | | | Printing UTCTime really needs last 2 digits of the year. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'gnutls-cli-aia' into 'master'Daiki Ueno2020-09-044-0/+43
|\ | | | | | | | | | | | | Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve' Closes #968 See merge request gnutls/gnutls!1319
| * src/cli: adds new option '--ca-auto-retrieve' that can be used with ↵Sahana Prasad2020-09-024-0/+43
| | | | | | | | | | | | | | | | | | | | gnutls-cli to automatically download missing intermediate CAs in a certificate chain lib/cred-cert.c : adds set and get APIs to get user data in the gnutls_x509_trust_list_set_getissuer_function() callback. Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | Merge branch 'tmp-renegotiation' into 'master'Daiki Ueno2020-09-032-13/+36
|\ \ | | | | | | | | | | | | | | | | | | handshake: reject no_renegotiation alert if handshake is incomplete Closes #1071 See merge request gnutls/gnutls!1320
| * | handshake: reject no_renegotiation alert if handshake is incompletetmp-renegotiationDaiki Ueno2020-09-032-13/+36
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | If the initial handshake is incomplete and the server sends a no_renegotiation alert, the client should treat it as a fatal error even if its level is warning. Otherwise the same handshake state (e.g., DHE parameters) are reused in the next gnutls_handshake call, if it is called in the loop idiom: do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-sizeof' into 'master'Daiki Ueno2020-09-031-6/+10
|\ \ | | | | | | | | | | | | | | | | | | Fix padlock partial PHE detection and sizeof usage Closes #1076 See merge request gnutls/gnutls!1316
| * | padlock: fix partial PHE detectionDaiki Ueno2020-08-301-6/+10
| |/ | | | | | | | | | | | | The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead of arbitrary length data when EAX is set to -1. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Move RSA key parameter counter fixup closer to exponent update helper.Nikolay Sivov2020-09-021-3/+2
| | | | | | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
* | Fix optional parameters counter when importing RSA private keys.Nikolay Sivov2020-09-011-0/+3
| | | | | | | | | | | | | | | | | | Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted, key fixup logic however checks for 3 missing arguments when updating coefficient 'u' but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters are missing at that point. Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
* | Use symbols defined for RSA key parameter indices in more places.Nikolay Sivov2020-09-012-13/+13
|/ | | | Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
* Merge branch 'tmp-tls12-version-checks' into 'master'Daiki Ueno2020-08-211-1/+11
|\ | | | | | | | | | | | | handshake: check TLS version against modified server priorities Closes #1054 See merge request gnutls/gnutls!1309
| * handshake: check TLS version against modified server prioritiestmp-tls12-version-checksDaiki Ueno2020-08-171-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | The server needs to take into account of multiple factors when determining the TLS protocol version actually being used: - the legacy version - "supported_versions" extension - user_hello_func that may modify the server's priorities Only after that it can check whether the TLS version is enabled in the server's priorities. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-ocsp-resp-status' into 'master'Daiki Ueno2020-08-201-0/+21
|\ \ | | | | | | | | | | | | | | | | | | cert-session: check OCSP error responses Closes #1062 See merge request gnutls/gnutls!1308
| * | cert-session: check OCSP error responsestmp-ocsp-resp-statusDaiki Ueno2020-08-141-0/+21
| |/ | | | | | | | | | | | | | | If the OCSP responder returns an error code, such as tryLater, we can't proceed to examine the response bytes. In that case, just skip the check unless the stapling is mandatory on this certificate. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-cipher-check-length' into 'master'Daiki Ueno2020-08-181-0/+8
|\ \ | | | | | | | | | | | | | | | | | | gnutls_aead_cipher_decrypt: check output buffer size before writing Closes #1049 See merge request gnutls/gnutls!1312
| * | gnutls_aead_cipher_decrypt: check output buffer size before writingtmp-cipher-check-lengthDaiki Ueno2020-08-171-0/+8
| |/ | | | | | | | | | | | | | | | | While the documentation of gnutls_aead_cipher_decrypt indicates that the inout argument ptext_len initially holds the size that sufficiently fits the expected output size, there was no runtime check on that. This makes the interface robuster against misuses. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-crt-export2' into 'master'Daiki Ueno2020-08-181-4/+9
|\ \ | | | | | | | | | | | | | | | | | | gnutls_x509_crt_export2: return 0 instead of the length Closes #1025 See merge request gnutls/gnutls!1311
| * | gnutls_x509_crt_export2: return 0 instead of the lengthtmp-crt-export2Daiki Ueno2020-08-161-4/+9
| | | | | | | | | | | | | | | | | | This aligns the behavior to the documentation. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | Merge branch 'tmp-type-limits' into 'master'Daiki Ueno2020-08-181-4/+0
|\ \ \ | |/ / |/| | | | | | | | | | | | | | minitasn1: move WARN_CFLAGS setting to configure.ac Closes #1022 See merge request gnutls/gnutls!1307
| * | minitasn1: move WARN_CFLAGS setting to configure.actmp-type-limitsDaiki Ueno2020-08-131-4/+0
| |/ | | | | | | | | | | | | Some compilers don't support -Wno-type-limits, while they support -Wtype-limits. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-fips-enabled' into 'master'Daiki Ueno2020-08-141-1/+10
|\ \ | | | | | | | | | | | | _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled See merge request gnutls/gnutls!1306
| * | _gnutls_fips_mode_enabled: treat selftest failure as FIPS disabledtmp-fips-enabledDaiki Ueno2020-08-121-1/+10
| |/ | | | | | | | | | | | | | | | | Previously gnutls_fips140_mode_enabled() returned true, even after selftests have failed and the library state has switched to error. While later calls to crypto operations fails, it would be more convenient to have a function to detect that state. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-typo-fixes' into 'master'Daiki Ueno2020-08-1411-13/+13
|\ \ | | | | | | | | | | | | doc: assorted typo fixes See merge request gnutls/gnutls!1305
| * | doc: assorted typo fixestmp-typo-fixesDaiki Ueno2020-08-1211-13/+13
| |/ | | | | | | | | | | Spotted by codespell. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-cert-invalid' into 'master'Daiki Ueno2020-08-141-0/+1
|\ \ | | | | | | | | | | | | cert-session: ensure that invalid flag is always set See merge request gnutls/gnutls!1304
| * | cert-session: fail hard if mandatory stapling is not honoredDaiki Ueno2020-08-121-0/+1
| |/ | | | | | | | | | | | | | | According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'tmp-public-header-guards' into 'master'Daiki Ueno2020-08-1418-37/+50
|\ \ | |/ |/| | | | | Add or clean header guards in lib/includes/gnutls/ See merge request gnutls/gnutls!993
| * Add or clean header guards in lib/includes/gnutls/tmp-public-header-guardsTim Rühsen2019-05-0818-37/+50
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Fix typo in API docsMichael Catanzaro2020-08-071-1/+1
| | | | | | | | Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
* | Merge branch 'sign-spurious-message' into 'master'Daiki Ueno2020-07-271-4/+7
|\ \ | | | | | | | | | | | | pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig() See merge request gnutls/gnutls!1301
| * | pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig()Petr Pavlu2020-07-271-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When checking in _gnutls_pubkey_compatible_with_sig() whether a public key is compatible with a signature algorithm, run first pubkey_supports_sig() before performing weaker checks that can accept the given algorithm but with an audit-log warning. This avoids an issue when a weaker check would log an audit message for some signature algorithm that would then be determined as incompatible by the pubkey_supports_sig() check anyway. For instance, a GnuTLS server might have a certificate with a SECP384R1 public key and a client can report that it supports ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the GnuTLS server will eventually find that it must use ECDSA-SECP384R1-SHA384 with this public key. However, the code would first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is compatible with ECDSA-SECP256R1-SHA256. The function would report the audit warning "The hash size used in signature (32) is less than the expected (48)" but then reject the signature algorithm in pubkey_supports_sig() as incompatible because it has a different curve. Since the algorithm gets rejected it is not necessary to inform about its hash size difference in the audit log. Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
* | | ecdh: perform SP800-56A rev3 full pubkey validation on keygentmp-dh-zDaiki Ueno2020-07-201-2/+180
| | | | | | | | | | | | | | | | | | | | | This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.3. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | dh: perform SP800-56A rev3 full pubkey validation on keygenDaiki Ueno2020-07-181-0/+90
| | | | | | | | | | | | | | | | | | | | | This implements full public key validation required in SP800-56A rev3, section 5.6.2.3.1. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | dh-primes: make the FIPS approved check return Q valueDaiki Ueno2020-07-183-20/+30
| | | | | | | | | | | | | | | | | | | | | This is necessary for full public key validation in SP800-56A (revision 3), section 5.6.2.3.1. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | | ecdh: check validity of P before exportDaiki Ueno2020-07-181-6/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the calculated shared secret is verified before the data is returned to the caller. This patch adds the validation check. Suggested by Stephan Mueller. Signed-off-by: Daiki Ueno <ueno@gnu.org>
View Lorry Controller Status