| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\
| |
| |
| |
| | |
build: remove autogen .bak files from repository
See merge request gnutls/gnutls!801
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While the .bak files are necessary for not requiring autogen on
deployment environment, they are not needed for development and may
cause conflict when other developers use different version of
autogen. This removes those files from the repository and require
autogen at make dist time.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
That makes error message more friendly when autogen is not installed
on developing environment.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
configure.ac: drop obsolete info line
Closes #616
See merge request gnutls/gnutls!804
|
|/
|
|
|
|
|
|
|
|
| |
Since 4b567871 there is no `ac_enable_session_tickets` variable, so
let's drop obsolete remnants.
Closes #616
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Noted-by: Dilyan Palauzov
|
|\
| |
| |
| |
| | |
tpm: Fix memory leak in encode_tpmkey_url
See merge request gnutls/gnutls!800
|
| |
| |
| |
| |
| |
| |
| |
| | |
When returning the key URL in encode_tpm_key_url we do not need to allocate
a separate buffer for the URL since we return the allocated buffer from
_gnutls_buffer_to_datum().
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
add support for 0-RTT
Closes #127
See merge request gnutls/gnutls!775
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements ClientHello recording outlined in section 8.2 of RFC
8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a way to store an entry if it is not found in the database,
so that the implementation can provide atomic test-and-set.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This would be particularly useful when the same database is used to
store long-lived TLS 1.2 session data and short-lived TLS 1.3
anti-replay entries. Note that the existing gnutls_db_check_entry
doesn't fit in this use-case, as it takes gnutls_session_t as the
argument.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed for implementing freshness checks outlined in 8.3 of
RFC 8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This introduces gnutls_record_get_max_early_data_size(),
gnutls_record_send_early_data(), and gnutls_record_recv_early_data()
functions.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This plumbers early data handling in the handshake processes, which
consists of:
- traffic key updates taking into account of client_early_traffic_secret
- early data buffering in both server and client
- the EndOfEarlyData message handling
- making use of max_early_data_size extension in NewSessionTicket
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
max_early_data_size sent as part of NST should be recorded and
restored when the session data is set back on the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "discard" label previously used assumes that the decrypted record
is already added to record_recv_buffer. It is not the case when
rejecting early data. Release the allocated memory manually and
return early.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary for handling early data. Previously,
_gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT,
while the client only sets EPOCH_WRITE_CURRENT when sending early
data. This allows caller to specify from which epoch the parameters
are copied.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary to compute client_early_traffic_secret and
early_exporter_master_secret in TLS 1.3.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
.gitlab-ci.yml: move to fedora29 for CI
Closes #607
See merge request gnutls/gnutls!794
|
| |
| |
| |
| |
| |
| | |
This avoids static analyzers from complaining.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| |
| | |
This was identified by clang analyzer's on _gnutls_x509_dn_to_string
and _gnutls_x509_decode_string.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also moves the x86 CI builds to the debian cross infrastructure
as we have a more reliable way of generating a 32-bit image.
Resolves #607
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
src: args-std.def: substitute variables using configure
Closes #567
See merge request gnutls/gnutls!793
|
| | |
| | |
| | |
| | |
| | |
| | | |
Update files to include proper year, version, etc.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Including .bak files in EXTRA_DIST allows us to stop hand-generating
these files in distribution. Instead they are directly copied from the
source tree.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To ease updating of .bak files, update them when regenerating
Autogen'erated source files.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mark autogenerated sources as not distributable. We are distributing
.bak files instead.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is no need anymore to regenerate tools manpages, they will be
generated automatically from doc/manpages/Makefile.am.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It seems that dist_man_MANS does not work properly with Automake
conditionals. Automake will not distribute files which are conditionally
disabled at this make run. As released tarballs include all manpages
already, let's include them unconditionally.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pass additional include path to let autogen find common arguments
template.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replace unrolled loop over header files with for-loop to simplify
Makefile.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Move handling of autogen/libopts to a single place. Enforce usage of
local libopts if autogen is not found.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gtk-doc will not process gnutls.h.in file, so we need to point it to
generated gnutls.h file, found inside builddir.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ChangeLog regeneration does not work for out-of-tree build, so let's fix
that.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|