summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* ext/supported_versions: reorder client precedence if necessarytmp-supported-versionsDaiki Ueno2019-09-261-21/+34
| | | | | | | | If the client advertises TLS < 1.2 before TLS 1.3 and the server is configured with TLS 1.3 enabled, the server should select TLS 1.3; otherwise the client will disconnect when seeing downgrade sentinel. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: use nettle_get_secpp* consistentlyNikos Mavrogiannopoulos2019-09-231-10/+0
| | | | | | | | | We already depend on nettle 3.4.1 which provides that symbol, ensure that we use it consistently. Relates: #835 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'tmp-interop-old-gnutls' into 'master'Nikos Mavrogiannopoulos2019-09-132-4/+11
|\ | | | | | | | | | | | | Do not forbid excess random padding in TLS1.x CBC ciphersuites Closes #811 See merge request gnutls/gnutls!1054
| * _gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuitesNikos Mavrogiannopoulos2019-09-062-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | Since some point in 3.6.x we updated the calculation of maximum record size, however that did not include the possibility of random record padding available for CBC ciphersuites which exceeds the maximum. This commit allows for larger sizes for these ciphersuites to account for random padding as applied by gnutls 2.12.x. Resolves: #811 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | lib/*: remove unnecessary cast to ssize_ttmp-decr-lenDaiki Ueno2019-09-1226-78/+58
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | gnutls_int.h: make DECR_LEN neutral to signednessDaiki Ueno2019-09-121-5/+6
| | | | | | | | | | | | | | | | | | DECR_LEN was previously implemented in a way that it first decrements the given length and then checks whether the result is negative. This requires the caller to properly coerce the length argument to a signed integer, before invoking the macro. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | priority: fix loop which removes systemwide disabled KX algosDmitry Eremin-Solenikov2019-09-051-1/+1
|/ | | | | | Fix c&p error in KX-removal loop. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Fix typo in gnutls_db_set_cache_expiration() docsMichael Catanzaro2019-08-131-1/+1
| | | | | | 21600 seconds is six hours. Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
* crypto-api: add gnutls_aead_cipher_{en,de}cryptv2tmp-encryptv2Daiki Ueno2019-08-093-3/+374
| | | | | | | This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and gnutls_aead_cipher_decrypt(), that works on data buffers. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* crypto-api: use giovec_t iterator interface for aead_encryptvDaiki Ueno2019-08-091-110/+57
| | | | | | | This replaces the macros AUTH_UPDATE and ENCRYPT used in gnutls_aead_cipher_encryptv() with the iov_iter interface. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* iov: add iterator interface for giovec_tDaiki Ueno2019-08-094-1/+171
| | | | | | | This adds an iterator interface over giovec_t array, extracting a fixed sized block. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: prohibit deterministic ECDSA/DSA under FIPS except selfteststmp-deterministic-ecdsaDaiki Ueno2019-08-081-0/+8
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: enable deterministic ECDSA/DSA during FIPS selftestsDaiki Ueno2019-08-081-2/+4
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* pk: implement deterministic ECDSA/DSADaiki Ueno2019-08-087-4/+85
| | | | | | | This exposes the deterministic ECDSA/DSA functionality through the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* privkey_sign_prehashed: remove unused argumentDaiki Ueno2019-08-081-5/+4
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* privkey_sign_raw_data: remove unnecessary local variableDaiki Ueno2019-08-081-3/+1
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: add functions for deterministic ECDSA/DSADaiki Ueno2019-08-087-1/+527
| | | | | | | | | This adds functions to perform deterministic ECDSA/DSA, namely _gnutls_{ecdsa,dsa}_compute_k(), which computes the k value according to RFC 6979. The retrieved k value can be given to nettle_{ecdsa,dsa}_sign() through a wrapper random function. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* read_cpuid_vals: use __get_cpuid_count() only when availabletmp-fixesNikos Mavrogiannopoulos2019-08-051-4/+20
| | | | | | | | This makes the functionality available on gcc 4.8. Resolves: #812 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Ship inih/LICENSE.txt in release tarballAndreas Metzler2019-07-291-1/+1
| | | | | | | inih's license terms requires shipping a copy of the license when redistributing the source. Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* Improve documentation of gnutls_record_send()Michael Catanzaro2019-07-261-3/+6
| | | | | | | | | It's no longer required to retry this function with the same parameters if you want to use gnutls_record_discard_queued(). Fixes #806 Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>
* Merge branch 'fix-gost' into 'master'Dmitry Eremin-Solenikov2019-07-2218-4/+75
|\ | | | | | | | | nettle/gost: support building with GOST-enabled Nettle See merge request gnutls/gnutls!1044
| * nettle/backport: fix xts-backport guarding checkDmitry Eremin-Solenikov2019-07-142-4/+4
| | | | | | | | | | | | | | | | Check for nettle_xts_encrypt_message() function rather than just xts_encrypt_message(). All functions in nettle are renamed to contain `nettle_` prefix. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * nettle/gost: support building with GOST-enabled NettleDmitry Eremin-Solenikov2019-07-1416-0/+71
| | | | | | | | | | | | | | Nettle library starts to gain support for GOST algorithms. Support building GnuTLS with GOST-enabled nettle library. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | gnutls.h: mark AEAD ciphers as such in gnutls_cipher_algorithm_t descriptionNikos Mavrogiannopoulos2019-07-221-8/+8
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Support for Generalname registeredID from RFC 5280 in subject alt nameKarsten Ohme2019-07-225-3/+22
| | | | | | | | | | | | | | | | | | | | Added test certificates (cert10.der) with registered ID Updated Makefile for inclusion of test certificates Updated SAN unknown test certificates (cert5.der) Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
* | Merge branch 'tmp-tls-fuzzer' into 'master'Nikos Mavrogiannopoulos2019-07-193-2/+3
|\ \ | | | | | | | | | | | | | | | | | | Fixed alerts returned on TLS1.3 corner cases Closes #682 See merge request gnutls/gnutls!1045
| * | Fixed alerts returned on TLS1.3 corner casesNikos Mavrogiannopoulos2019-07-153-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'. Resolves: #682 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Fix documented params for gnutls_certificate_retrieve_function3()tmp-fix-doc-gnutls_certificate_set_retrieve_function3Tim Rühsen2019-07-161-4/+10
|/ / | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tmp-session-ticket-valgrind' into 'master'Daiki Ueno2019-07-111-1/+5
|\ \ | | | | | | | | | | | | ext/session_ticket: eliminate redundant memcpy See merge request gnutls/gnutls!1040
| * | ext/session_ticket: avoid calling memcpy on overlapping memory areastmp-session-ticket-valgrindDaiki Ueno2019-07-101-1/+5
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated from ticket_data->data, thus those memory areas may overlap. Using memcpy here leads to undefined behavior. Spotted by valgrind run on ppc64le. ==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160) ==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023) ==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139) ==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335) ==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249) ==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307) ==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511) ==95231== by 0x4110DEB: handshake_server (handshake.c:3331) ==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727) ==95231== by 0x10009EBF: retry_handshake (serv.c:1306) ==95231== by 0x1000AB67: tcp_server (serv.c:1500) ==95231== by 0x10009E5B: main (serv.c:1297) ==95231== Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-pkcs11-login-error' into 'master'Daiki Ueno2019-07-111-1/+7
|\ \ | | | | | | | | | | | | pkcs11: ignore login error when traversing tokens See merge request gnutls/gnutls!1031
| * | pkcs11: ignore login error when traversing tokensDaiki Ueno2019-07-111-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a token is a general access device, it is expected that login attempt to that token returns error: https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852 On the other hand, _pkcs11_traverse_tokens treats the error as fatal and stops iteration. This behavior prevents object search without token specifier if such tokens are registered in the system. Reported by Stanislav Zidek in https://bugzilla.redhat.com/show_bug.cgi?id=1705478 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | lib: mark infinite loops explicitlytmp-mark-infinite-loopsNikos Mavrogiannopoulos2019-07-102-35/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | There were few infinite loop constructions which were checking for an always true condition. Make sure that this construction is marked explicitly as while(1) to assist static analysers, or reviewers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | encode_ber_digest_info: added sanity checkNikos Mavrogiannopoulos2019-07-081-0/+4
| |/ |/| | | | | | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'tmp-fix-desc' into 'master'Nikos Mavrogiannopoulos2019-06-301-4/+4
|\ \ | | | | | | | | | | | | gnutls_session_get_desc: avoid printing a NULL value See merge request gnutls/gnutls!1038
| * | gnutls_session_get_desc: avoid printing a NULL valuetmp-fix-descNikos Mavrogiannopoulos2019-06-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When gnutls_session_set_premaster() is used (under openconnect), it is possible that gnutls_session_get_desc will print a string like this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)" With this change we ensure that we do not print null values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-fips-drbg-continuous' into 'master'Daiki Ueno2019-06-301-21/+81
|\ \ \ | | | | | | | | | | | | | | | | nettle/rnd-fips: add FIPS 140-2 continuous RNG test See merge request gnutls/gnutls!1034
| * | | nettle/rnd-fips: add FIPS 140-2 continuous RNG testtmp-fips-drbg-continuousDaiki Ueno2019-06-281-21/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a continuous random number generator test as defined in FIPS 140-2 4.9.2, by iteratively fetching fixed sized block from the system and comparing consecutive blocks. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | | Merge branch 'mac-gmac' into 'master'Dmitry Eremin-Solenikov2019-06-296-6/+221
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | lib: add support for AES-GMAC Closes #781 See merge request gnutls/gnutls!1036
| * | | | lib: document gnutls_hmac_fast vs nonce relationshipDmitry Eremin-Solenikov2019-06-282-6/+7
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle: return true for gnutls_mac_exists(AES-CMAC*)Dmitry Eremin-Solenikov2019-06-281-0/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle/mac: fail mac calculation if nonce is required but not providedDmitry Eremin-Solenikov2019-06-281-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC requires nonce, but it was not supplied. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle/mac: in mac_fast call set_nonce after set_keyDmitry Eremin-Solenikov2019-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling set_nonce before set_key is plain incorrect. For GMAC key is not initialized. For UMAC set_key will reset nonce to empty. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | lib: add support for AES-GMACDmitry Eremin-Solenikov2019-06-285-0/+205
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for computing AES-GMAC using MAC API, as requested by Samba for SMB3 support. Resolves: #781 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | gnutls_x509_crt_list_import2: updated doc to reflect the actual return value ↵Nikos Mavrogiannopoulos2019-06-281-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | options Resolves: #794 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would beNikos Mavrogiannopoulos2019-06-2712-448/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were not setting the third array member correctly, though this didn't have any impact to previous implementations as they did not rely on it. This also moves away from the custom implementation of cpuid (which was limited), and we now rely on the compiler's version. This effectively enables support for SHA_NI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Updated asm files to latest version under cryptogams licenseNikos Mavrogiannopoulos2019-06-2752-12994/+52935
| | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | gnutls_hash/hmac_copy: check its usability in all casesNikos Mavrogiannopoulos2019-06-261-6/+2
| | | | | | | | | | | | | | | | | | | | | During the test suite run we require that all supported MAC and hash algorithms implement the copy function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | accelerated ciphers: implement hmac and hash copyNikos Mavrogiannopoulos2019-06-266-0/+121
| | | | | | | | | | | | | | | | | | This implements the new API to all internal implementations. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | lib: add support for gnutls_hash_copy()Dmitry Eremin-Solenikov2019-06-268-0/+99
| | | | | | | | | | | | | | | | | | Add gnutls_hash_copy() function for copying message digest context. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status