summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* document new behavior on safe padding removaltmp-safe-padding-removal-made-optionalNikos Mavrogiannopoulos2018-06-203-4/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* record: fail with invalid request when attempting to send no pad and no dataNikos Mavrogiannopoulos2018-06-202-2/+21
| | | | | | | Previously we were returning an internal error which seems to be incorrect in that case. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhance padding checkNikos Mavrogiannopoulos2018-06-202-24/+91
| | | | | | | This introduces tests for zero-data transfers with padding as well as padding and de-padding with safe padding flag set. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli: added CCM run under TLS1.2 in benchmark modeNikos Mavrogiannopoulos2018-06-201-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cipher: made TLS1.3 safe padding check optionalNikos Mavrogiannopoulos2018-06-202-2/+10
| | | | | | | | | | | | This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK which makes the TLS1.3 safe padding check optional. That way applications which do not utilize the TLS1.3 padding do not get penalized by the performance drop in TLS1.3 packet processing. This addresses a regression in TLS1.3 packet processing performance. Resolves: #466 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_id: document restrictionsNikos Mavrogiannopoulos2018-06-201-0/+12
| | | | | | | | | This documents the fact that a TLS session ID cannot be relied to be unique or to even have a meaningful value. Resolves #484 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: verify that resumed session ID matches originalNikos Mavrogiannopoulos2018-06-201-0/+27
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'fix-files-update' into 'master'Nikos Mavrogiannopoulos2018-06-202-10/+13
|\ | | | | | | | | Fix make files-update for out-of-tree builds See merge request gnutls/gnutls!674
| * Makefile.am: move autogen files update to src/Makefile.amDmitry Eremin-Solenikov2018-06-192-6/+9
| | | | | | | | | | | | | | Move autogen'ed files update to src/Makefile.am to simplify code and support out-of-tree builds. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * Makefile.am: files-update: support out-of-tree buildsDmitry Eremin-Solenikov2018-06-191-3/+3
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * symbol-check: fix typo to make it work for out-of-tree buildsDmitry Eremin-Solenikov2018-06-191-1/+1
|/ | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* aarch64: update elf files to correspond to the macosx versionNikos Mavrogiannopoulos2018-06-195-74/+1796
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* macosx: include aarch64 asm filesNikos Mavrogiannopoulos2018-06-198-4/+6333
| | | | | | Relates #475 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fix-tags' into 'master'Tim Rühsen2018-06-191-6/+7
|\ | | | | | | | | Makefile.am: abi-check: fetch fresh tags See merge request gnutls/gnutls!668
| * Makefile.am: abi-check: fetch fresh tagsNikos Mavrogiannopoulos2018-06-181-6/+7
|/ | | | | | | This addresses the issue of failed abi-check CI runs on forked repositories. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* drbg-aes: removed the continuous DRBG checksNikos Mavrogiannopoulos2018-06-181-12/+0
| | | | | | These are no longer necessary for FIPS140-2 compliance. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'fix-autoreconf' into 'master'Nikos Mavrogiannopoulos2018-06-163-3/+3
|\ | | | | | | | | Fix usage of 'autoreconf' See merge request gnutls/gnutls!667
| * Fix usage of 'autoreconf'Tim Rühsen2018-06-163-3/+3
|/ | | | | | | | | | | 'autoreconf' created a different configure script than ./bootstrap. The result was a broken wchar.h that failed to compile. The work-around was 'autoreconf -I gl/m4' which is not what a developer expects. This patch moves gl/m4/* to m4/ which is the default include dir for autoreconf. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* configure: Check for clock_gettime and fmemopen using a proper testMartin Storsjo2018-06-161-1/+18
| | | | | | | | | | | | | | Don't use AC_CHECK_FUNCS for these functions, but actually test by including the real header that defines the functions. This allows the macOS version selection work as intended, making the references to these functions weak if targeting a version of macOS where these functions aren't available. Thanks to -no_weak_imports, these weak references end up in failed linker tests, marking the functions as unavailable. This fixes issue #142. Signed-off-by: Martin Storsjo <martin@martin.st>
* configure: Include sys/random.h before checking for getentropy on macOSMartin Storsjo2018-06-162-0/+6
| | | | | | | | | | | | | | | This function is available since macOS 10.12, but it's in sys/random.h on macOS, contrary to the other platforms supporting it where it is present in unistd.h. If we don't include the right header that declares the function and its availability, the configure check would succeed even if targeting older versions of macOS that lacks the function. Also include the same header in the source file that actually uses getentropy. Signed-off-by: Martin Storsjo <martin@martin.st>
* configure: Pass -no_weak_imports to the linker, if supportedMartin Storsjo2018-06-161-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids linking to functions that aren't available in the lowest targeted macOS version. If the proper header declaring a function is included, and gnutls is built with -mmacosx-version-min or the MACOSX_DEPLOYMENT_TARGET environment variable is set, each reference to a function that doesn't exist in the minimum targeted version will be made a weak reference, so that loading the binary still works, but the function pointer will resolve to NULL if running on a version of the platform that lacks it. Since this project doesn't do such runtime checks for functions it expects to have available, we should instead add this linker option to fail on the weak references. This allows autoconf to work as intended, detecting that these functions aren't usable. This flag appeared in Xcode 8, so check for its availability before using it. (Xcode 8 and the 10.12 SDK is coincidentally the release where most relevant new functions appeared, so with older Xcode versions, the modern platform functions we might want to avoid don't exist.) See issue #142. Signed-off-by: Martin Storsjo <martin@martin.st>
* configure: Remove a duplicate check for fmemopenMartin Storsjo2018-06-161-1/+1
| | | | | | | The duplicate was added in 5bb8a18b without any specific reasoning as to why. Signed-off-by: Martin Storsjo <martin@martin.st>
* Merge branch 'tmp-tlsfuzzer-tls13-hrr' into 'master'Nikos Mavrogiannopoulos2018-06-155-11/+28
|\ | | | | | | | | | | | | update tlsfuzzer with TLS 1.3 HRR test Closes #469 See merge request gnutls/gnutls!664
| * tlsfuzzer: update to the latest versiontmp-tlsfuzzer-tls13-hrrDaiki Ueno2018-06-152-0/+0
| | | | | | | | | | | | Also enable test-tls13-hrr.py. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * _gnutls13_handshake_server: send CCS immediately after HRRDaiki Ueno2018-06-152-9/+20
| | | | | | | | | | | | | | In the TLS 1.3 middlebox compatibility mode, CCS follows the first handshake message sent from the server, that is either SH or HRR. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * _gnutls13_handshake_server: corrected transition when post_handshake ↵Nikos Mavrogiannopoulos2018-06-151-3/+1
| | | | | | | | | | | | callback is set Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * _gnutls_send_change_cipher_spec: don't cache under TLS 1.3Daiki Ueno2018-06-151-0/+8
|/ | | | | | | | Under TLS 1.3, when the server sent HRR, CCS may be followed by receiving ClientHello. In that case, the messsage shouldn't be cached. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp-iovec-api' into 'master'Nikos Mavrogiannopoulos2018-06-1413-53/+550
|\ | | | | | | | | | | | | Introduce an iovec API for encryption Closes #458 See merge request gnutls/gnutls!653
| * abi-check skip session::set_transport_vec_push_functiontmp-iovec-apiNikos Mavrogiannopoulos2018-06-141-0/+4
| | | | | | | | | | | | | | This prevents an abi-compliance checker error when run under gcc8 (though this error is not there under any other gcc). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * corrected check for iovec types in libcNikos Mavrogiannopoulos2018-06-141-1/+1
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * updated auto-generated filesNikos Mavrogiannopoulos2018-06-143-0/+4
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * gnutls-cli: benchmark for TLS1.3 and TLS1.2Nikos Mavrogiannopoulos2018-06-141-14/+20
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * cipher: use gnutls_aead_cipher_encryptvNikos Mavrogiannopoulos2018-06-141-27/+46
| | | | | | | | | | | | | | | | | | This eliminates the need of a memory allocation during each packet encryption when no padding is done. Relates #458 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * gnutls_aead_cipher_encryptv: introducedNikos Mavrogiannopoulos2018-06-145-10/+474
| | | | | | | | | | | | | | | | | | | | | | This API allows encryption using a scatter input, by also taking advantage of ciphers which are optimized for such input. That is particularly useful under TLS1.3 since its encryption is based on encryption of scattered data (data+pad). Resolves #458 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * MAX_CIPHER_BLOCK_SIZE: increased to 64-bytes for CHACHA20Nikos Mavrogiannopoulos2018-06-141-1/+1
|/ | | | | | | | This was not necessary since that value was only used by block (in TLS sense) ciphers, but that definition could also be used for the CHACHA20. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure: reduce warnings about implicit-fallthrough [ci skip]Nikos Mavrogiannopoulos2018-06-141-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_alert_send_appropriate: fix typeNikos Mavrogiannopoulos2018-06-141-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* README-ci.freebsd.md: updated for new build method with gnulib [ci skip]Nikos Mavrogiannopoulos2018-06-141-2/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'gnulib-bootstrap' into 'master'Nikos Mavrogiannopoulos2018-06-14728-133973/+2815
|\ | | | | | | | | Gnulib bootstrap, fix 'make distcheck' and more... See merge request gnutls/gnutls!641
| * Use $(MAKE) instead of makeTim Rühsen2018-06-142-14/+14
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * distclean temp. test files for 'make distcheck'Tim Rühsen2018-06-143-1/+7
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Add DISTCLEANFILES to src/Makefile.am to fix 'make distcheck'Tim Rühsen2018-06-141-0/+5
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix creation of ChangeLog for 'make distcheck'Tim Rühsen2018-06-142-3/+3
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix 'compare-makefile' make target for 'make distcheck'Tim Rühsen2018-06-141-1/+1
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix 'compare-exported' make target for 'make distcheck'Tim Rühsen2018-06-141-1/+1
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix distcheck issuesTim Rühsen2018-06-143-8/+8
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix gcc 8 warningsTim Rühsen2018-06-146-31/+63
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix CI testing -WerrorTim Rühsen2018-06-141-3/+3
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Skip sc_prohibit_always_true_header_testsTim Rühsen2018-06-143-4/+1
| | | | | | | | | | | | | | | | | | We can't simply remove the checks for HAVE_SYS_SOCKET_H. If we do, we have to make checks on real WIN32, which is currently not an option. So we skip sc_prohibit_always_true_header_tests. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix sc_prohibit_always-defined_macrosTim Rühsen2018-06-141-1/+2
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
View Lorry Controller Status