summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge branch 'tmp-cert-status' into 'master'Dmitry Eremin-Solenikov2018-11-159-130/+118
|\ \ \ | |/ / |/| | | | | | | | tests: improve testsuite and ECC related minor fixes See merge request gnutls/gnutls!799
| * | _gnutls_x509_read_eddsa_pubkey(): sanity check the input valuestmp-cert-statusNikos Mavrogiannopoulos2018-11-151-4/+10
| | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizesNikos Mavrogiannopoulos2018-11-154-0/+23
| | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * | tests: verify whether certificate request levels behave consistentlyNikos Mavrogiannopoulos2018-11-152-78/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | This verifies whether the behavior of GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST and GNUTLS_CERT_REQUIRE is consistent accross protocols. Relates #615 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | doc: minor updates in elliptic curve documentationNikos Mavrogiannopoulos2018-11-154-48/+51
|/ / | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'pkcs7-ber' into 'master'Dmitry Eremin-Solenikov2018-11-145-3/+89
|\ \ | |/ |/| | | | | pkcs7: allow BER encoding when parsing encapContentInfo.eContent See merge request gnutls/gnutls!803
| * tests: add testfile from RFC4134 Section 4.5Dmitry Eremin-Solenikov2018-11-144-1/+87
| | | | | | | | | | | | | | Add test example demonstrating indefinite-length BER encoding of PKCS#7 data. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * pkcs7: allow BER encoding when parsing encapContentInfo.eContentDmitry Eremin-Solenikov2018-11-141-2/+2
|/ | | | | | | CMS specification explicitly allows BER encoding in CMS files. RFC 4134 example 4.5 uses BER indefinite encoding. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Merge branch 'tmp-autogen-bak' into 'master'Nikos Mavrogiannopoulos2018-11-1428-24125/+44
|\ | | | | | | | | build: remove autogen .bak files from repository See merge request gnutls/gnutls!801
| * build: minor cleanup of mech-list.h generationtmp-autogen-bakDaiki Ueno2018-11-132-5/+2
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * README-ci.freebsd.md: require autogenDaiki Ueno2018-11-131-1/+1
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * build: remove autogen .bak files from the repositoryDaiki Ueno2018-11-1324-24027/+2
| | | | | | | | | | | | | | | | | | | | While the .bak files are necessary for not requiring autogen on deployment environment, they are not needed for development and may cause conflict when other developers use different version of autogen. This removes those files from the repository and require autogen at make dist time. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * build: use suffix rules for generating .bak filesDaiki Ueno2018-11-133-88/+35
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * build: use AM_MISSING_PROG for autogenDaiki Ueno2018-11-131-4/+4
| | | | | | | | | | | | | | That makes error message more friendly when autogen is not installed on developing environment. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'no-session-ticket' into 'master'Nikos Mavrogiannopoulos2018-11-141-1/+0
|\ \ | |/ |/| | | | | | | | | configure.ac: drop obsolete info line Closes #616 See merge request gnutls/gnutls!804
| * configure.ac: drop obsolete info lineDmitry Eremin-Solenikov2018-11-141-1/+0
|/ | | | | | | | | | Since 4b567871 there is no `ac_enable_session_tickets` variable, so let's drop obsolete remnants. Closes #616 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Noted-by: Dilyan Palauzov
* Merge branch 'tpm12_fix_memory_leak' into 'master'Nikos Mavrogiannopoulos2018-11-131-5/+0
|\ | | | | | | | | tpm: Fix memory leak in encode_tpmkey_url See merge request gnutls/gnutls!800
| * tpm: Fix memory leak in encode_tpmkey_urlStefan Berger2018-11-121-5/+0
| | | | | | | | | | | | | | | | When returning the key URL in encode_tpm_key_url we do not need to allocate a separate buffer for the URL since we return the allocated buffer from _gnutls_buffer_to_datum(). Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* | Merge branch 'tmp-0rtt' into 'master'Daiki Ueno2018-11-1244-1057/+3093
|\ \ | | | | | | | | | | | | | | | | | | add support for 0-RTT Closes #127 See merge request gnutls/gnutls!775
| * | doc: mention 0-RTTtmp-0rttDaiki Ueno2018-11-122-0/+153
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | serv: enable anti-replay when early data is usedDaiki Ueno2018-11-121-36/+107
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | TLS 1.3: implement anti-replay measure using ClientHello recordingDaiki Ueno2018-11-1216-16/+595
| | | | | | | | | | | | | | | | | | | | | This implements ClientHello recording outlined in section 8.2 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | db: introduce gnutls_db_set_add_functionDaiki Ueno2018-11-129-1/+36
| | | | | | | | | | | | | | | | | | | | | This adds a way to store an entry if it is not found in the database, so that the implementation can provide atomic test-and-set. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | db: introduce gnutls_db_check_entry_expire_timeDaiki Ueno2018-11-128-2/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This would be particularly useful when the same database is used to store long-lived TLS 1.2 session data and short-lived TLS 1.3 anti-replay entries. Note that the existing gnutls_db_check_entry doesn't fit in this use-case, as it takes gnutls_session_t as the argument. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | tls13/session_ticket: record timestamp in ticketDaiki Ueno2018-11-122-4/+26
| | | | | | | | | | | | | | | | | | | | | This is needed for implementing freshness checks outlined in 8.3 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | str: suppress compiler warning when time_t is 32-bitDaiki Ueno2018-11-121-1/+1
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | testcompat-tls13-openssl: exercise early data transmissionDaiki Ueno2018-11-121-0/+54
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | tests: add tests for early dataDaiki Ueno2018-11-123-1/+327
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | cli: add --earlydata optionDaiki Ueno2018-11-126-511/+585
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | serv: add --earlydata optionDaiki Ueno2018-11-124-363/+424
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | record: introduce new API functions for early dataDaiki Ueno2018-11-117-1/+137
| | | | | | | | | | | | | | | | | | | | | | | | This introduces gnutls_record_get_max_early_data_size(), gnutls_record_send_early_data(), and gnutls_record_recv_early_data() functions. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | handshake: handle early dataDaiki Ueno2018-11-1112-108/+572
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This plumbers early data handling in the handshake processes, which consists of: - traffic key updates taking into account of client_early_traffic_secret - early data buffering in both server and client - the EndOfEarlyData message handling - making use of max_early_data_size extension in NewSessionTicket Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | session_pack: record max_early_data_size in session dataDaiki Ueno2018-11-111-2/+8
| | | | | | | | | | | | | | | | | | | | | max_early_data_size sent as part of NST should be recorded and restored when the session data is set back on the session. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | record: fix memleak when rejecting early dataDaiki Ueno2018-11-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The "discard" label previously used assumes that the decrypted record is already added to record_recv_buffer. It is not the case when rejecting early data. Release the allocated memory manually and return early. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | constate: add epoch_rel argument to _gnutls_epoch_dupDaiki Ueno2018-11-114-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is necessary for handling early data. Previously, _gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT, while the client only sets EPOCH_WRITE_CURRENT when sending early data. This allows caller to specify from which epoch the parameters are copied. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | handshake: refactor early secret derivationDaiki Ueno2018-11-112-16/+8
| | | | | | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | handshake: record transcript hash for ClientHelloDaiki Ueno2018-11-112-0/+8
| | | | | | | | | | | | | | | | | | | | | This is necessary to compute client_early_traffic_secret and early_exporter_master_secret in TLS 1.3. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * | ext/pre_shared_key: use predefined macros for secret labelsDaiki Ueno2018-11-112-5/+5
| |/ | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-f29' into 'master'Dmitry Eremin-Solenikov2018-11-129-53/+84
|\ \ | |/ |/| | | | | | | | | .gitlab-ci.yml: move to fedora29 for CI Closes #607 See merge request gnutls/gnutls!794
| * gnutls-cli: use assert to mark impossible pathtmp-f29Nikos Mavrogiannopoulos2018-11-101-0/+3
| | | | | | | | | | | | This avoids static analyzers from complaining. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * pkcs12: cleanups, and two memory leak fixesNikos Mavrogiannopoulos2018-11-101-10/+8
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * tls13: use system's openssl for interop testingNikos Mavrogiannopoulos2018-11-104-9/+15
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * Added checks to avoid false negatives reported by static analyzersNikos Mavrogiannopoulos2018-11-102-2/+9
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * Initialize output var to avoid false negative from static analyzersNikos Mavrogiannopoulos2018-11-091-1/+4
| | | | | | | | | | | | | | This was identified by clang analyzer's on _gnutls_x509_dn_to_string and _gnutls_x509_decode_string. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * .gitlab-ci.yml: move to fedora29 for CINikos Mavrogiannopoulos2018-11-091-31/+45
| | | | | | | | | | | | | | | | | | This also moves the x86 CI builds to the debian cross infrastructure as we have a more reliable way of generating a 32-bit image. Resolves #607 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Merge branch 'args-std-def' into 'master'Tim Rühsen2018-11-1031-2787/+2643
|\ \ | | | | | | | | | | | | | | | | | | src: args-std.def: substitute variables using configure Closes #567 See merge request gnutls/gnutls!793
| * | src: update autogenerated .bak filesDmitry Eremin-Solenikov2018-11-1022-2471/+2471
| | | | | | | | | | | | | | | | | | Update files to include proper year, version, etc. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | src: include .bak files in EXTRA_DISTDmitry Eremin-Solenikov2018-11-102-15/+29
| | | | | | | | | | | | | | | | | | | | | | | | Including .bak files in EXTRA_DIST allows us to stop hand-generating these files in distribution. Instead they are directly copied from the source tree. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | src: update .bak files during -args.c/.h regenerationDmitry Eremin-Solenikov2018-11-102-13/+52
| | | | | | | | | | | | | | | | | | | | | To ease updating of .bak files, update them when regenerating Autogen'erated source files. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | doc: fix texi generation in out-of-tree buildsDmitry Eremin-Solenikov2018-11-101-10/+10
| | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status