summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* .lgtm.yml: disable dependency trackingtmp-lgtm-fix2Nikos Mavrogiannopoulos2020-03-141-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* bootstrap.conf: do not bring tests in gnulib clones (src/unistring)Nikos Mavrogiannopoulos2020-03-141-2/+2
| | | | | | | These tests are not being run, and they can cause issues as in !1208. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .lgtm.yml: no longer bring nettle from masterNikos Mavrogiannopoulos2020-03-141-10/+2
| | | | | | The system used has already a sufficiently recent version. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'fix-crq-ext' into 'master'Dmitry Baryshkov2020-03-112-11/+9
|\ | | | | | | | | x509: drop endless loop in print_extensions See merge request gnutls/gnutls!1205
| * x509: apply same fix to print_crqDmitry Baryshkov2020-03-101-4/+3
| | | | | | | | Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * x509: apply same fix to print_crlDmitry Baryshkov2020-03-101-4/+3
| | | | | | | | Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * x509: drop endless loop in print_extensionsDmitry Baryshkov2020-03-102-3/+3
| | | | | | | | | | | | | | | | | | | | If crq is malformed in extensions part, print_extensions() might loop endlessly because gnutls_x509_crq_get_extension_info would return unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather than bailing out. Fix this by handling this error code properly. Found thanks to oss-fuzz. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-static-assert' into 'master'Daiki Ueno2020-03-114-17/+19
|\ \ | | | | | | | | | | | | lib: use static assertion to check enum values See merge request gnutls/gnutls!1201
| * | lib: use static assertion to check enum valuestmp-static-assertDaiki Ueno2020-03-102-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We previously had checks of enum values with '#if', such as below: #define GNUTLS_EXTENSION_MAX_VALUE 31 typedef enum extensions_t { ... GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */ } extensions_t; /* we must provide at least 16 extensions for users to register */ #if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16 # error not enough extension types #endif This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not defined as a preprocessor macro, it always expands to 0. To properly do this check, we need to use static assert as provided as the 'verify' macro in gnulib. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | hello_ext: use 64-bit integer to track extensionsDaiki Ueno2020-03-103-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | We currently have 26 predefined extensions, allowing the user to define 5 extra as tested in tests/handshake-large-packet.c. However, if we introduce one more, session->internals.used_exts exceeds. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'fix-issuer-sign-tool' into 'master'Dmitry Baryshkov2020-03-102-1/+2
|\ \ \ | |_|/ |/| | | | | | | | lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool() See merge request gnutls/gnutls!1203
| * | lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool()Dmitry Baryshkov2020-03-072-1/+2
| |/ | | | | | | | | | | | | Remove memory leak in error handling in print_issuer_sign_tool() by moving asn1_delete_structure to the end of the function. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'crl-crq-fuzz' into 'master'Dmitry Baryshkov2020-03-0920-0/+106
|\ \ | | | | | | | | | | | | | | | | | | fuzz: add simple x509 certificate requests fuzzer Closes #903 See merge request gnutls/gnutls!1204
| * | fuzz: add simple x509 certificate requests and revocation lists fuzzersDmitry Baryshkov2020-03-0920-0/+106
| |/ | | | | | | | | | | | | | | | | Add x509 certificate requests and certificate revocation lists fuzzers. Use data from tests/cert-tests as a starting seed for the corpora. Fixes #903 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-releases' into 'master'Nikos Mavrogiannopoulos2020-03-091-0/+26
|\ \ | | | | | | | | | | | | RELEASES.md: describe the release process [ci skip] See merge request gnutls/gnutls!1202
| * | RELEASES.md: describe the release processNikos Mavrogiannopoulos2020-03-051-0/+26
| |/ | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'tmp-gen-suppressions' into 'master'Nikos Mavrogiannopoulos2020-03-062-1/+8
|\ \ | |/ |/| | | | | Let valgrind suggest suppression rules on any issue it finds See merge request gnutls/gnutls!1195
| * Add valgrind suppression for fun:decode_complex_string.isra.0tmp-gen-suppressionsTim Rühsen2020-02-211-0/+7
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Add --gen-suppressions=all to valgrind to iautomatically generate ↵Tim Rühsen2020-02-211-1/+1
| | | | | | | | | | | | suppression rules Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tmp-keylog-func' into 'master'Daiki Ueno2020-02-2716-182/+67
|\ \ | | | | | | | | | | | | keylogfile: simplify the callback mechanism See merge request gnutls/gnutls!1196
| * | keylogfile: simplify the callback mechanismtmp-keylog-funcDaiki Ueno2020-02-2216-182/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts commit 97117556 with a simpler interface. The original intention of having the callback mechanism was to reuse it for monitoring QUIC encryption changes. However, it turned out to be insufficient because such changes must be emitted after a new epoch is ready. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | Merge branch 'macosx-aarch64-accel' into 'master'Nikos Mavrogiannopoulos2020-02-251-6/+4
|\ \ \ | |/ / |/| | | | | | | | Adding missing macosx directory for aarch64 acceleration See merge request gnutls/gnutls!1198
| * | Adding missing macosx directory for aarch64 accelerationRoss Nicholson2020-02-241-6/+4
|/ / | | | | | | Signed-off-by: Ross Nicholson <phunkyfish@gmail.com>
* | Merge branch 'pbkdf2' into 'master'Dmitry Baryshkov2020-02-214-216/+0
|\ \ | |/ |/| | | | | lib: drop unused pbkdf2 helpers See merge request gnutls/gnutls!1194
| * lib: drop unused pbkdf2 helpersDmitry Baryshkov2020-02-184-216/+0
|/ | | | | | | Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop them now. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* Merge branch 'tmp-travis-bison' into 'master'Nikos Mavrogiannopoulos2020-02-111-5/+7
|\ | | | | | | | | TravisCI: Add bison See merge request gnutls/gnutls!1192
| * TravisCI: Add bison [skip ci]tmp-travis-bisonTim Rühsen2020-02-081-5/+7
| | | | | | | | | | | | The latest gnulib needs a newer bison than TravisCI OSX has. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'wip-save-ocsp-multi' into 'master'Tim Rühsen2020-02-092-16/+91
|\ \ | | | | | | | | | | | | Add option to store all stapled OCSP responses to gnutls-cli See merge request gnutls/gnutls!1189
| * | gnutls-cli: Add option to store all stapled OCSP responsesFiona Klute2020-02-082-16/+91
|/ / | | | | | | | | | | | | | | Note that there's a small modification to the behavior of the existing --ocsp-save option: If there is no stapled OCSP response the output file is still created and will be empty. Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
* | Merge branch 'tmp-lgtm' into 'master'Tim Rühsen2020-02-081-1/+1
|\ \ | |/ |/| | | | | .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci] See merge request gnutls/gnutls!1191
| * .lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci]Tim Rühsen2020-02-071-1/+1
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tmp-keylog-hook' into 'master'Daiki Ueno2020-02-0717-25/+588
|\ \ | |/ |/| | | | | | | | | keylogfile: generalize with a callback Closes #852 See merge request gnutls/gnutls!1184
| * keylogfile: generalize with a callbacktmp-keylog-hookDaiki Ueno2020-02-0717-25/+588
| | | | | | | | | | | | | | | | | | This refactors the keylogfile mechanism by adding a callback to get notified when a new secret is derived and installed. That way, consumers can implement custom logging feature per session, which is particularly useful in QUIC implementation. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-gnulib-update' into 'master'Tim Rühsen2020-02-072-0/+1
|\ \ | | | | | | | | | | | | | | | | | | Update gnulib to fix building on OSX 10.9 Closes #926 See merge request gnutls/gnutls!1190
| * | cfg.mk: Exclude sc_prohibit_gnu_make_extensions from syntax-checktmp-gnulib-updateTim Rühsen2020-02-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1. References: https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * | Update gnulib to fix building on OSX 10.9Tim Rühsen2020-02-061-0/+0
| | | | | | | | | | | | | | | | | | Fixes #926 Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | | Merge branch 'openssl-min1.2' into 'master'Tim Rühsen2020-02-061-40/+33
|\ \ \ | |/ / |/| | | | | | | | testcompat-openssl: improve testing against secured OpenSSL versions. See merge request gnutls/gnutls!1168
| * | testcompat-openssl: improve testing against secured OpenSSL versions.Dimitri John Ledkov2020-02-061-40/+33
|/ / | | | | | | | | | | | | | | | | In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and requiring minimum TLSv1.2. However, smaller hashes/keys/versions are allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos, and thus enabling testing more compatability combinations. Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
* | Merge branch 'gost28147' into 'master'Dmitry Baryshkov2020-02-053-20/+11
|\ \ | |/ |/| | | | | nettle/gost: gost28147: require calling set_param before set_key See merge request gnutls/gnutls!1188
| * nettle/gost: gost28147: require calling set_param before set_keyDmitry Baryshkov2020-02-053-20/+11
| | | | | | | | | | | | | | Require selecting parameter set before setting the key. There is no need to provide default setting, if a param is always selected anyway. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-kdf-api' into 'master'Daiki Ueno2020-02-0418-91/+444
|\ \ | |/ |/| | | | | | | | | crypto-api: add generic crypto functions for KDF Closes #851 and #813 See merge request gnutls/gnutls!1186
| * tests: skip pkcs12-gost under GNUTLS_FORCE_FIPS_MODEDaiki Ueno2020-02-041-0/+5
| | | | | | | | | | | | | | The MAC algorithm used in the PBKDF2 is actually prohibited in the FIPS mode and previously there wasn't a check for that. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * privkey_pkcs8: remove unused #include <nettle/pbkdf2.h>Daiki Ueno2020-02-041-1/+0
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * pkcs7-crypt: refactor using gnutls_pbkdf2Daiki Ueno2020-02-041-37/+9
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * pkcs12: refactor using gnutls_pbkdf2Daiki Ueno2020-02-041-26/+12
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * secrets: refactor using gnutls_hkdf_{extract,expand}Daiki Ueno2020-02-041-26/+19
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * crypto-api: add generic crypto functions for KDFDaiki Ueno2020-02-0413-1/+399
| | | | | | | | | | | | | | | | | | | | This exposes HKDF and PBKDF2 functions from the library. Instead of defining a single KDF interface as in PKCS #11, this patch defines 3 distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2 derivation, so that we can take advantage of compile time checking of necesssary parameters. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'mcatanzaro/session-pack-leak' into 'master'Daiki Ueno2020-02-021-1/+2
|\ \ | |/ |/| | | | | session_pack: fix leak in error path See merge request gnutls/gnutls!1185
| * session_pack: fix leak in error pathMichael Catanzaro2020-02-021-1/+2
|/ | | | | | | If called at the wrong time, it allocates the buffer sb and forgets to clear it. Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
* .mailmap: map Dmitry's email to a single name [ci skip]Nikos Mavrogiannopoulos2020-02-011-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
View Lorry Controller Status