delta/gnutls.git, branch tmp-session-ticket-timestamp gitlab.com: gnutls/gnutls.git ext/pre_shared_key: don't assume ob_ticket_age < ticket_age_add 2018-10-26T08:53:55+00:00 Daiki Ueno dueno@redhat.com 2018-10-24T11:08:45+00:00 df693faf1afa1bd19660f9e332deb1349ee89211 Previously, the server treated the condition as error, while it is possible that ob_ticket_age may have wrapped round by 2^32. Signed-off-by: Daiki Ueno <dueno@redhat.com> 
Previously, the server treated the condition as error, while it is
possible that ob_ticket_age may have wrapped round by 2^32.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
tls13/session_ticket: calculate ticket_age in milliseconds 2018-10-26T08:53:55+00:00 Daiki Ueno dueno@redhat.com 2018-10-25T10:32:52+00:00 e7a76d1e7315c886de0959dd629e5bb85de6b0b0 Previously we calculated ticket age from the current wall clock in seconds, multiplying by 1000. This is conceptually wrong, because ticket age is designed to be in milliseconds. Signed-off-by: Daiki Ueno <dueno@redhat.com> 
Previously we calculated ticket age from the current wall clock in
seconds, multiplying by 1000.  This is conceptually wrong, because
ticket age is designed to be in milliseconds.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
str: add macros to encode/decode struct timespec value 2018-10-26T08:53:54+00:00 Daiki Ueno dueno@redhat.com 2018-10-26T06:18:01+00:00 0d1e3f90c3c90f6b6eeacc66a2b9a8eabf720985 Signed-off-by: Daiki Ueno <dueno@redhat.com> 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
system: provide a means to replace gettime implementation 2018-10-26T06:23:05+00:00 Daiki Ueno dueno@redhat.com 2018-10-25T11:47:13+00:00 a248c0ec45f0ce6ffe349d0fc865fd536033f73f While gettime() is extensively used in the code, the library previously hadn't provided a way to replace it for testing. This adds a new internal function _gnutls_global_set_gettime_function and makes use of it through virt-time.h. Signed-off-by: Daiki Ueno <dueno@redhat.com> 
While gettime() is extensively used in the code, the library
previously hadn't provided a way to replace it for testing.  This adds
a new internal function _gnutls_global_set_gettime_function and makes
use of it through virt-time.h.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
_gnutls_timespec_cmp: new inline function 2018-10-25T10:43:47+00:00 Daiki Ueno dueno@redhat.com 2018-10-25T10:09:05+00:00 0ec886fab57ce96394b98f794ed2a96ae9782f6e Signed-off-by: Daiki Ueno <dueno@redhat.com> 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_st 2018-10-25T10:43:45+00:00 Daiki Ueno dueno@redhat.com 2018-10-25T10:02:53+00:00 0ed156aa2e7487f761b28caebf1f549e2736e000 This is consistent with the coding guideline. Signed-off-by: Daiki Ueno <dueno@redhat.com> 
This is consistent with the coding guideline.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
gnutls-cli: do not print errors twice 2018-10-25T06:13:14+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-10-24T11:05:58+00:00 9d7403a07d523aa3f0b65114eab978c1d6409169 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Merge branch 'tmp-fix-fips-mode' into 'master' 2018-10-24T11:16:26+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-10-24T11:16:26+00:00 070f30fdcabadf4e3057cc8e530be45dcc607a5e fips140: aligned code with documentation See merge request gnutls/gnutls!781 
fips140: aligned code with documentation

See merge request gnutls/gnutls!781
 Merge branch 'tmp-initialize-so-pin-fix' into 'master' 2018-10-24T10:51:08+00:00 Nikos Mavrogiannopoulos nmav@gnutls.org 2018-10-24T10:51:08+00:00 09d7b8cfca9c818f23adff1f710c1bbf42612637 p11tool: fix admin user PIN initialization Closes #561 See merge request gnutls/gnutls!776 
p11tool: fix admin user PIN initialization

Closes #561

See merge request gnutls/gnutls!776
 p11tool: fix initialization of security officer's PIN 2018-10-24T09:04:25+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-10-15T13:59:48+00:00 f68a86202bd1aaeb3988566def4374359b211875 Previously we would call gnutls_pkcs11_token_set_pin() without an old PIN provided, which will result to the use of C_InitPIN() on the underlying module. The C_InitPIN() in contrast with C_SetPIN() will only work for the user and not for the administrator. As such, we always provide the oldpin for when we change the admin's PIN. Resolves #561 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Previously we would call gnutls_pkcs11_token_set_pin() without an
old PIN provided, which will result to the use of C_InitPIN() on the
underlying module. The C_InitPIN() in contrast with C_SetPIN() will
only work for the user and not for the administrator. As such, we
always provide the oldpin for when we change the admin's PIN.

Resolves #561

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>