summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| * | gost: import _nettle_write_le32 to stop using Nettle's internal symbolDmitry Baryshkov2020-04-143-1/+73
| | | | | | | | | | | | | | | | | | | | | Remove another dependency on nettle internal symbol by vendoring in _nettle_write_le32 code Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | nettle: use new imported source files for GOST DSADmitry Baryshkov2020-04-1426-5008/+304
| | | | | | | | | | | | | | | | | | | | | Provide GOST support using source files copied by script rather than manually crafted by me. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | build: import-curve448 -> import-eccDmitry Baryshkov2020-04-144-51/+51
| | | | | | | | | | | | | | | | | | | | | As the script now imports not just Curve448, but also gost code, rename the script, target directory and symbols to follow that. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | devel: modify curve448 script to import gost sourcesDmitry Baryshkov2020-04-131-13/+54
| | | | | | | | | | | | | | | | | | | | | Curve448 script already imports several ecc sources into GnuTLS tree. Modify it to also vendor in GOST-related ecc files. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | import-chacha: fix several additional symbol clashesDmitry Baryshkov2020-04-131-1/+3
| | | | | | | | | | | | | | | | | | | | | Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | curve448: import write-le64.c which defines internal symbolDmitry Baryshkov2020-04-132-0/+3
| | | | | | | | | | | | Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | import-curve448: fix several additional symbol clashesDmitry Baryshkov2020-04-131-1/+5
|/ / | | | | | | | | | | | | Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'ftbfs20201024' into 'master'Nikos Mavrogiannopoulos2020-04-061-0/+11
|\ \ | | | | | | | | | | | | | | | | | | tests: Fix status-request-revoked after 2020-10-24 Closes #967 See merge request gnutls/gnutls!1230
| * | tests: Fix status-request-revoked after 2020-10-24Bernhard M. Wiedemann2020-04-051-0/+11
|/ / | | | | | | | | | | | | | | | | | | included certs expire 2020-10-24 so this test fails after that date. Fixes #967 This patch was done while working on reproducible builds for openSUSE. Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
* | Merge branch 'tmp-valgrind-memcheck' into 'master'Nikos Mavrogiannopoulos2020-04-053-3/+35
|\ \ | | | | | | | | | | | | build: use valgrind client request to detect undefined memory use See merge request gnutls/gnutls!1228
| * | build: use valgrind client request to detect undefined memory usetmp-valgrind-memcheckDaiki Ueno2020-04-043-3/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This tightens the check introduced in ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client request to explicitly mark the "uninitialized but initialization is needed before use" regions. With this patch and the fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see the following error when running dtls_hello_random_value under valgrind: $ valgrind ./dtls_hello_random_value testing: default ==520145== Conditional jump or move depends on uninitialised value(s) ==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90) ==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215) ==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332) ==520145== by 0x488FC7E: send_client_hello (handshake.c:2290) ==520145== by 0x48902A1: handshake_client (handshake.c:2908) ==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740) ==520145== by 0x402CB3: client (dtls_hello_random_value.c:153) ==520145== by 0x402CB3: start (dtls_hello_random_value.c:317) ==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331) ==520145== by 0x4023D4: main (utils.c:254) ==520145== Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'compare_dn' into 'master'Nikos Mavrogiannopoulos2020-04-056-15/+187
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Compare DNs by comparing their string representations Closes #553 See merge request gnutls/gnutls!1223
| * | | Compare DNs by comparing their string representationsPierre Ossman2020-04-035-4/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A binary comparison will not work in case the contents is the same but the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such variations are permitted so we need to handle them. Signed-off-by: Pierre Ossman <ossman@cendio.se>
| * | | Properly compare DNs when checking sortingPierre Ossman2020-04-031-11/+2
|/ / / | | | | | | | | | | | | | | | | | | We might want to do other things than a simple memcmp() so make sure we're using the right helper when comparing DNs. Signed-off-by: Pierre Ossman <ossman@cendio.se>
* | | Merge branch 'tmp-libidn-simplify' into 'master'Nikos Mavrogiannopoulos2020-04-033-100/+10
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | IDNA: require libidn2 2.0.0 Closes #832 See merge request gnutls/gnutls!1229
| * | | IDNA: require libidn2 2.0.0Nikos Mavrogiannopoulos2020-03-313-100/+10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We require private symbols which dissapear at some point in IDN2 releases in order to support old versions of libidn2. Simplify the code by requiring only recent versions and avoid issues such as #832. Resolves: #832 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | NEWS: updated for release3.6.13Nikos Mavrogiannopoulos2020-03-311-2/+3
|/ / | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | NEWS: doc updateNikos Mavrogiannopoulos2020-03-301-3/+3
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | bumped versionNikos Mavrogiannopoulos2020-03-302-4/+4
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-added-reproducer-for-960' into 'master'Nikos Mavrogiannopoulos2020-03-304-1/+610
|\ \ | |/ |/| | | | | Added reproducer for fix in !1225 See merge request gnutls/gnutls!1227
| * NEWS: doc updatetmp-added-reproducer-for-960Nikos Mavrogiannopoulos2020-03-301-0/+5
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added check for random value of client and server hello in TLSNikos Mavrogiannopoulos2020-03-302-1/+268
| | | | | | | | | | | | | | This creates a tests that checks whether the TLS client and server hello have sufficient non-zero bytes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added reproducer for client hello random value behavior in DTLSNikos Mavrogiannopoulos2020-03-302-1/+338
| | | | | | | | | | | | | | | | | | This adds an equivalent test of tls13/hello_random_value.c for DTLS and extends the tests for server hello as well. Relates: #960 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'fix-padlock' into 'master'Nikos Mavrogiannopoulos2020-03-302-4/+7
|\ \ | | | | | | | | | | | | | | | | | | Fix padlock accelerated code Closes #930 See merge request gnutls/gnutls!1226
| * | padlock: fix exception in wrap_padlock_hash_fastDmitry Baryshkov2020-03-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | wrap_padlock_hash_fast() allocates a context on a stack (via local variable) then tries to free it by calling wrap_padlock_hash_deinit() causing a crash. Remove a call to deinit() to fix a crash. Fixes #930 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | padlock: fix exception in sha codeDmitry Baryshkov2020-03-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | padlock sha code will segfault (at least on Nano) if it is passed a NULL data pointer (even if size is 0). Pass digest output buffer as a dummy data pointer in such case. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | padlock: make cbc code return error properlyDmitry Baryshkov2020-03-281-3/+5
| | | | | | | | | | | | | | | | | | | | | If underlying padlock_cbc_en/decrypt return an error, pass this error to calling code. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | psk: added checks to satisfy static analyzersNikos Mavrogiannopoulos2020-03-301-0/+6
| |/ |/| | | | | | | | | | | | | Added null checks in legacy callbacks to avoid warnings from static analyzers. The issues do not appear to be reproducible in real-world use. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'fix-dlts-client-zero-random' into 'master'Nikos Mavrogiannopoulos2020-03-291-1/+1
|\ \ | | | | | | | | | | | | | | | | | | dtls client hello: fix zeroed random (fixes #960) Closes #960 See merge request gnutls/gnutls!1225
| * | dtls client hello: fix zeroed random (fixes #960)Stefan Bühler2020-03-271-1/+1
|/ / | | | | | | | | | | | | This broke with bcf4de03 "handshake: treat reply to HRR as a reply to hello verify request", which failed to "De Morgan" properly. Signed-off-by: Stefan Bühler <stbuehler@web.de>
* | Merge branch 'better_SSL3.0_tests' into 'master'Nikos Mavrogiannopoulos2020-03-274-2/+49
|\ \ | | | | | | | | | | | | improve gnutls-cli-debug testing of old SSL 3.0 servers See merge request gnutls/gnutls!1221
| * | add NEWS entryDaniel Lenski2020-03-221-0/+3
| | | | | | | | | | | | Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | add additional tests of SSL 3.0 (with extensions, and with cipher suites not ↵Daniel Lenski2020-03-223-1/+42
| | | | | | | | | | | | | | | | | | | | | | | | in SSL 3.0) See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | test_ssl3: minimize cipher suites to those actually included in SSL 3.0Daniel Lenski2020-03-221-2/+5
| | | | | | | | | | | | | | | | | | See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| * | SSL 3.0 (RFC6101) doesn't actually appear to require extensions, and some ↵Daniel Lenski2020-03-221-1/+1
| |/ | | | | | | | | | | | | | | servers don't accept them See #958 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
* | Merge branch 'tmp-get-keylog-func' into 'master'Daiki Ueno2020-03-259-0/+27
|\ \ | | | | | | | | | | | | gnutls_session_get_keylog_function: new function See merge request gnutls/gnutls!1220
| * | gnutls_session_get_keylog_function: new functiontmp-get-keylog-funcDaiki Ueno2020-03-229-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | This adds a way to retrieve the keylog function set by gnutls_session_set_keylog_function() to allow application protocols to implement custom logging facility. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'fix_echo_serv' into 'master'Daiki Ueno2020-03-241-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | gnutls-serv: Do not exit when a message to be echoed is received Closes #959 See merge request gnutls/gnutls!1222
| * | | gnutls-serv: Do not exit when a message to be echoed is receivedAnderson Toshiyuki Sasaki2020-03-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when gnutls-serv was executed with the --echo option, it would exit when a message to be echoed was received. Moreover, the server would output "Memory error" although no error occurred. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | | | Merge branch 'ajuaristi-issue-586' into 'master'Nikos Mavrogiannopoulos2020-03-2427-5212/+6436
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | support non-NULL-terminated PSKs Closes #586 See merge request gnutls/gnutls!917
| * | | _gnutls_check_id_for_change: ensure that we check the username lengthajuaristi-issue-586Nikos Mavrogiannopoulos2020-03-233-5/+8
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | Ensure that an incorrectly formatted password file doesn't cause invalid ↵Nikos Mavrogiannopoulos2020-03-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | memory access Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | | Update NEWS fileAnder Juaristi2020-03-231-0/+7
| | | | | | | | | | | | | | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
| * | | Update filesAnder Juaristi2020-03-232-5077/+5568
| | | | | | | | | | | | | | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
| * | | psk: Allow non-NULL PSK usernamesAnder Juaristi2020-03-2322-132/+854
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit closes #586. Two new functions are introduced: gnutls_psk_server_get_username2() and gnutls_psk_set_client_username2(), which are identical in behavior to those named similarly (without the final '2'), but allow arbitrary gnutls datums (not strings) to be used as usernames. Two new callback functions are also introduced, with their respective setters: gnutls_psk_set_server_credentials_function2() and gnutls_psk_set_client_credentials_function2(). In addition, the password file format is extended so that non-string usernames can be specified. A leading '#' character tells GnuTLS that the username should be interpreted as a raw byte string (encoded in HEX). Example: #deadbeef:9e32cf7786321a828ef7668f09fb35db Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
* | | | Merge branch 'postpone_config_loading' into 'master'Daiki Ueno2020-03-231-1/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | global: Load configuration after FIPS POST Closes #956 See merge request gnutls/gnutls!1216
| * | | global: Load configuration after FIPS POSTAnderson Toshiyuki Sasaki2020-03-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if the loaded configuration file disabled an algorithm tested during FIPS-140 power-on self-tests, the test would fail. By loading the configuration file after the test is finished, such failure is avoided as any algorithm is allowed during the tests. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | | | Merge branch 'fix-fuzz' into 'master'Tim Rühsen2020-03-231-3/+4
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | Two fixes for oss-fuzz build target See merge request gnutls/gnutls!1219
| * | | oss-fuzz: return build error if fuzzers have failed to buildDmitry Baryshkov2020-03-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of silently ignoring build errors and running fewer fuzzers, exit on the first build error. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | | oss-fuzz: use CC rather than CXX to compile fuzzersDmitry Baryshkov2020-03-221-2/+3
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | clang++ will choke on several fuzzer sources because C++ is stricter than C wrt. type conversion: gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned int' in initializer list [-Wc++11-narrowing] gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size}; Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
View Lorry Controller Status