Günther Deschner [Tue, 17 Sep 2019 22:50:48 +0000 (00:50 +0200)]
crypto-selftests: test CFB8 ciphers with different chunksizes
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 17 Sep 2019 16:27:09 +0000 (18:27 +0200)]
cfb8: Fix decrypt path
It failed to decrypt buffers smaller than blocksize.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Daiki Ueno [Mon, 16 Sep 2019 15:09:15 +0000 (15:09 +0000)]
Merge branch 'wip-guile-3.0' into 'master'
Add support for Guile 3.0
See merge request gnutls/gnutls!1020
Ludovic Courtès [Sat, 1 Jun 2019 14:54:47 +0000 (16:54 +0200)]
guile: Add support for Guile 3.0.
* configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
previously-supported versions.
* doc/gnutls-guile.texi (Guile Preparations): Update list of supported
versions.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Ludovic Courtès [Sat, 1 Jun 2019 14:52:34 +0000 (16:52 +0200)]
doc: Run guile with '-q'.
This makes sure we don't load the user's ~/.guile.
* doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Daiki Ueno [Mon, 16 Sep 2019 11:17:41 +0000 (11:17 +0000)]
Merge branch 'wip-guile-include-m4-macros' into 'master'
maint: Include Guile's M4 macros.
See merge request gnutls/gnutls!1061
Nikos Mavrogiannopoulos [Fri, 13 Sep 2019 12:14:42 +0000 (12:14 +0000)]
Merge branch 'tmp-interop-old-gnutls' into 'master'
Do not forbid excess random padding in TLS1.x CBC ciphersuites
Closes #811
See merge request gnutls/gnutls!1054
Nikos Mavrogiannopoulos [Thu, 12 Sep 2019 13:21:55 +0000 (15:21 +0200)]
tlsfuzzer: enable atypical padding check
The atypical padding check is complementary to the existing
GnuTLS 2.12.x interop test.
This commit also upgrades to the latest version, and adds new TLS1.3
tests as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Daiki Ueno [Thu, 12 Sep 2019 11:00:25 +0000 (11:00 +0000)]
Merge branch 'tmp-decr-len' into 'master'
gnutls_int.h: make DECR_LEN neutral to signedness
See merge request gnutls/gnutls!1056
Daiki Ueno [Thu, 8 Aug 2019 16:04:18 +0000 (18:04 +0200)]
lib/*: remove unnecessary cast to ssize_t
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Thu, 8 Aug 2019 16:02:08 +0000 (18:02 +0200)]
gnutls_int.h: make DECR_LEN neutral to signedness
DECR_LEN was previously implemented in a way that it first decrements
the given length and then checks whether the result is negative. This
requires the caller to properly coerce the length argument to a signed
integer, before invoking the macro.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Wed, 11 Sep 2019 09:24:17 +0000 (11:24 +0200)]
.gitlab-ci.yml: bump configure cache version
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Tue, 10 Sep 2019 11:50:45 +0000 (13:50 +0200)]
.gitlab-ci.yml: export guile related envvars for doc-dist.Fedora
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Dmitry Eremin-Solenikov [Fri, 6 Sep 2019 19:08:36 +0000 (19:08 +0000)]
Merge branch 'fix-priority-setting' into 'master'
priority: fix loop which removes systemwide disabled KX algos
See merge request gnutls/gnutls!1064
Dmitry Eremin-Solenikov [Fri, 6 Sep 2019 19:08:19 +0000 (19:08 +0000)]
Merge branch 'fix-cli-debug' into 'master'
gnutls-cli-debug: fix early break for no version supported check
See merge request gnutls/gnutls!1063
Nikos Mavrogiannopoulos [Fri, 6 Sep 2019 06:36:04 +0000 (08:36 +0200)]
tests: check interoperability testing with gnutls 2.12.x and SHA256
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Sat, 3 Aug 2019 19:51:58 +0000 (21:51 +0200)]
_gnutls_epoch_set_keys: do not forbid random padding in TLS1.x CBC ciphersuites
Since some point in 3.6.x we updated the calculation of maximum record size,
however that did not include the possibility of random record padding available
for CBC ciphersuites which exceeds the maximum. This commit allows for larger
sizes for these ciphersuites to account for random padding as applied by
gnutls 2.12.x.
Resolves: #811
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Ludovic Courtès [Sat, 20 Jul 2019 14:13:02 +0000 (16:13 +0200)]
.gitlab-ci.yml: minimal.Fedora.x86_64: Pass '--disable-guile' the 2nd time as well.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Ludovic Courtès [Sat, 20 Jul 2019 14:08:48 +0000 (16:08 +0200)]
.gitlab-ci.yml: doc-dist.Fedora: Pass "GUILE", "GUILD", and "guile_snarf" to 'configure'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Ludovic Courtès [Sat, 31 Aug 2019 14:38:13 +0000 (16:38 +0200)]
maint: Include Guile's M4 macros.
This ensures 'GUILE_PKG' & co. behaves as we want. Previously we had
problem in CI when using 'guile.m4' coming from potentially old distro
packages, as discussed in issue !1020:
https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890
* m4/guile.m4: New file, from Guile's 'stable-2.2' branch,
commit
9846178c69445142ef0b9432417453d2d4de6635.
* .x-sc_prohibit_test_minus_ao: New file.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Dmitry Eremin-Solenikov [Thu, 5 Sep 2019 08:36:27 +0000 (11:36 +0300)]
priority: fix loop which removes systemwide disabled KX algos
Fix c&p error in KX-removal loop.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Nikos Mavrogiannopoulos [Wed, 4 Sep 2019 11:45:05 +0000 (11:45 +0000)]
Merge branch 'tmp_rawpk_fuzzing' into 'master'
Raw public key fuzzing tests
Closes #687
See merge request gnutls/gnutls!1062
Nikos Mavrogiannopoulos [Wed, 4 Sep 2019 11:23:25 +0000 (11:23 +0000)]
Merge branch 'wip-certificate-status' into 'master'
guile: Update the list of certificate status values.
See merge request gnutls/gnutls!1060
Tom Vrancken [Sun, 1 Sep 2019 11:50:35 +0000 (13:50 +0200)]
Added initial corpora for rawpk client and server fuzzers.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
Tom Vrancken [Sun, 1 Sep 2019 11:49:59 +0000 (13:49 +0200)]
Implemented server rawpk fuzzer.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
Tom Vrancken [Sun, 1 Sep 2019 11:49:40 +0000 (13:49 +0200)]
Implemented client rawpk fuzzer.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
Dmitry Eremin-Solenikov [Mon, 2 Sep 2019 13:34:08 +0000 (16:34 +0300)]
gnutls-cli-debug: fix early break for no version supported check
Currently gnutls-cli-debug code hardodes index of tests, after which it
will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
the server. However this number is hardcoded and thus easy to break.
This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
Two tests were added in front of tests lists without updating this
index.
So let's make this check robust by adding another test which will return
fatal error if no known protocols are supported. While we are at it,
also simplify tests loop by removing internal loop completely and
controlling opening/closing a socket with a flag.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Nikos Mavrogiannopoulos [Sat, 3 Aug 2019 19:32:47 +0000 (21:32 +0200)]
tests: added interoperability test with gnutls 2.12.x
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Ludovic Courtès [Sat, 31 Aug 2019 14:33:33 +0000 (16:33 +0200)]
guile: Update the list of certificate status values.
* guile/modules/gnutls/build/enums.scm (%certificate-status-enum): Add
'gnutls_certificate_status_t' values that were missing.
* guile/src/core.c (scm_gnutls_peer_certificate_status): Add
'MATCH_STATUS' clauses to handle them.
* guile/modules/gnutls.in: Export them.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Daiki Ueno [Wed, 14 Aug 2019 04:23:28 +0000 (04:23 +0000)]
Merge branch 'mcatanzaro/typo' into 'master'
Fix typo in gnutls_db_set_cache_expiration() docs
See merge request gnutls/gnutls!1057
Michael Catanzaro [Tue, 13 Aug 2019 19:55:19 +0000 (14:55 -0500)]
Fix typo in gnutls_db_set_cache_expiration() docs
21600 seconds is six hours.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
Daiki Ueno [Fri, 9 Aug 2019 13:35:57 +0000 (13:35 +0000)]
Merge branch 'tmp-encryptv2' into 'master'
crypto-api: add gnutls_aead_cipher_{en,de}cryptv2
Closes #718
See merge request gnutls/gnutls!1052
Daiki Ueno [Fri, 2 Aug 2019 05:40:44 +0000 (07:40 +0200)]
crypto-api: add gnutls_aead_cipher_{en,de}cryptv2
This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
gnutls_aead_cipher_decrypt(), that works on data buffers.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Thu, 1 Aug 2019 16:13:38 +0000 (18:13 +0200)]
crypto-api: use giovec_t iterator interface for aead_encryptv
This replaces the macros AUTH_UPDATE and ENCRYPT used in
gnutls_aead_cipher_encryptv() with the iov_iter interface.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Thu, 1 Aug 2019 15:41:45 +0000 (17:41 +0200)]
iov: add iterator interface for giovec_t
This adds an iterator interface over giovec_t array, extracting a
fixed sized block.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Thu, 8 Aug 2019 17:24:30 +0000 (17:24 +0000)]
Merge branch 'tmp-deterministic-ecdsa' into 'master'
pk: implement deterministic ECDSA/DSA for provable signing
Closes #94
See merge request gnutls/gnutls!1051
Daiki Ueno [Wed, 7 Aug 2019 13:55:44 +0000 (15:55 +0200)]
nettle: prohibit deterministic ECDSA/DSA under FIPS except selftests
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Mon, 5 Aug 2019 13:21:55 +0000 (15:21 +0200)]
nettle: enable deterministic ECDSA/DSA during FIPS selftests
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Mon, 29 Jul 2019 12:01:11 +0000 (14:01 +0200)]
pk: implement deterministic ECDSA/DSA
This exposes the deterministic ECDSA/DSA functionality through the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Wed, 7 Aug 2019 12:37:00 +0000 (14:37 +0200)]
privkey_sign_prehashed: remove unused argument
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Mon, 29 Jul 2019 13:10:51 +0000 (15:10 +0200)]
privkey_sign_raw_data: remove unnecessary local variable
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Mon, 29 Jul 2019 12:00:30 +0000 (14:00 +0200)]
nettle: add functions for deterministic ECDSA/DSA
This adds functions to perform deterministic ECDSA/DSA, namely
_gnutls_{ecdsa,dsa}_compute_k(), which computes the k value according
to RFC 6979. The retrieved k value can be given to
nettle_{ecdsa,dsa}_sign() through a wrapper random function.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Nikos Mavrogiannopoulos [Tue, 6 Aug 2019 14:00:17 +0000 (14:00 +0000)]
Merge branch 'tmp-fixes' into 'master'
Minor fixes in 3.6.9 release
Closes #810 and #812
See merge request gnutls/gnutls!1053
Nikos Mavrogiannopoulos [Tue, 6 Aug 2019 12:07:47 +0000 (12:07 +0000)]
Merge branch 'patch-1' into 'master'
Notes about Ubuntu specific software versions not available.
See merge request gnutls/gnutls!1029
Nikos Mavrogiannopoulos [Fri, 2 Aug 2019 19:57:40 +0000 (21:57 +0200)]
read_cpuid_vals: use __get_cpuid_count() only when available
This makes the functionality available on gcc 4.8.
Resolves: #812
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 2 Aug 2019 20:16:31 +0000 (22:16 +0200)]
src/Makefile.am: fix detection of .bak files
This fixes detection in a way to work in builds outside the
source directory.
Resolves: #810
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 2 Aug 2019 19:25:39 +0000 (21:25 +0200)]
configure: AS_HELP_STRING cannot print variables; don't try
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sat, 3 Aug 2019 05:21:33 +0000 (05:21 +0000)]
Merge branch 'tmp-sign-cas' into 'master'
certtool: default to yes on signing certificates for CAs
See merge request gnutls/gnutls!1048
Karsten Ohme [Tue, 18 Jun 2019 12:17:14 +0000 (12:17 +0000)]
Notes about Ubuntu specific software versions not available.
Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
Tim Rühsen [Tue, 30 Jul 2019 07:38:50 +0000 (07:38 +0000)]
Merge branch 'tmp-missing-inih-license' into 'master'
Ship inih/LICENSE.txt in release tarball
See merge request gnutls/gnutls!1050
Andreas Metzler [Mon, 29 Jul 2019 15:47:42 +0000 (17:47 +0200)]
Ship inih/LICENSE.txt in release tarball
inih's license terms requires shipping a copy of the license when
redistributing the source.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Nikos Mavrogiannopoulos [Sat, 27 Jul 2019 19:20:53 +0000 (19:20 +0000)]
Merge branch 'mcatanzaro/#806' into 'master'
Improve documentation of gnutls_record_send()
Closes #806
See merge request gnutls/gnutls!1049
Michael Catanzaro [Fri, 26 Jul 2019 16:18:07 +0000 (11:18 -0500)]
Improve documentation of gnutls_record_send()
It's no longer required to retry this function with the same parameters
if you want to use gnutls_record_discard_queued().
Fixes #806
Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>
Nikos Mavrogiannopoulos [Fri, 26 Jul 2019 07:57:29 +0000 (09:57 +0200)]
certtool: default to yes on signing certificates for CAs
When asking the questions for CA certificate generation, default
to yes to signing certificates. This is because that's the most
common type of CAs generated and defaulting to yes eliminates
the need for restart on error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Thu, 25 Jul 2019 18:38:14 +0000 (20:38 +0200)]
bumped version for 3.6.9
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Dmitry Eremin-Solenikov [Mon, 22 Jul 2019 12:21:29 +0000 (12:21 +0000)]
Merge branch 'fix-gost' into 'master'
nettle/gost: support building with GOST-enabled Nettle
See merge request gnutls/gnutls!1044
Nikos Mavrogiannopoulos [Mon, 22 Jul 2019 10:43:50 +0000 (12:43 +0200)]
gnutls.h: mark AEAD ciphers as such in gnutls_cipher_algorithm_t description
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Mon, 22 Jul 2019 08:00:51 +0000 (10:00 +0200)]
abi-check: correctly bail-out on errors
Added suppressions for _MAX enumerator values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Karsten Ohme [Fri, 21 Jun 2019 22:39:56 +0000 (00:39 +0200)]
Support for Generalname registeredID from RFC 5280 in subject alt name
Added test certificates (cert10.der) with registered ID
Updated Makefile for inclusion of test certificates
Updated SAN unknown test certificates (cert5.der)
Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
Nikos Mavrogiannopoulos [Sun, 21 Jul 2019 08:18:35 +0000 (10:18 +0200)]
libgnutls.abignore: added comment linking to syntax
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Sun, 21 Jul 2019 08:06:22 +0000 (10:06 +0200)]
NEWS: updated for upcoming release [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 19 Jul 2019 11:07:15 +0000 (11:07 +0000)]
Merge branch 'tmp-tls-fuzzer' into 'master'
Fixed alerts returned on TLS1.3 corner cases
Closes #682
See merge request gnutls/gnutls!1045
Nikos Mavrogiannopoulos [Wed, 17 Jul 2019 09:24:58 +0000 (09:24 +0000)]
Merge branch 'tmp-fix-doc-gnutls_certificate_set_retrieve_function3' into 'master'
Fix documented params for gnutls_certificate_retrieve_function3()
See merge request gnutls/gnutls!1047
Tim Rühsen [Tue, 16 Jul 2019 12:41:50 +0000 (14:41 +0200)]
Fix documented params for gnutls_certificate_retrieve_function3()
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Nikos Mavrogiannopoulos [Sun, 14 Jul 2019 20:27:50 +0000 (22:27 +0200)]
Fixed alerts returned on TLS1.3 corner cases
This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'.
Resolves: #682
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Dmitry Eremin-Solenikov [Sun, 14 Jul 2019 09:17:18 +0000 (12:17 +0300)]
nettle/backport: fix xts-backport guarding check
Check for nettle_xts_encrypt_message() function rather than just
xts_encrypt_message(). All functions in nettle are renamed to contain
`nettle_` prefix.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Dmitry Eremin-Solenikov [Thu, 11 Jul 2019 18:37:08 +0000 (21:37 +0300)]
nettle/gost: support building with GOST-enabled Nettle
Nettle library starts to gain support for GOST algorithms. Support
building GnuTLS with GOST-enabled nettle library.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Tim Rühsen [Fri, 12 Jul 2019 09:08:36 +0000 (09:08 +0000)]
Merge branch 'guile-reauth' into 'master'
Support post-handshake reauthentication in the Guile bindings
See merge request gnutls/gnutls!1026
Daiki Ueno [Thu, 11 Jul 2019 17:10:24 +0000 (17:10 +0000)]
Merge branch 'tmp-session-ticket-valgrind' into 'master'
ext/session_ticket: eliminate redundant memcpy
See merge request gnutls/gnutls!1040
Daiki Ueno [Thu, 11 Jul 2019 07:40:28 +0000 (07:40 +0000)]
Merge branch 'tmp-pkcs11-login-error' into 'master'
pkcs11: ignore login error when traversing tokens
See merge request gnutls/gnutls!1031
Daiki Ueno [Sun, 30 Jun 2019 06:23:41 +0000 (08:23 +0200)]
tests: remove unused destructive/p11-kit-load.sh
This file is replaced with tests/p11-kit-load.sh and
tests/pkcs11/list-tokens.c.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Wed, 19 Jun 2019 15:21:16 +0000 (17:21 +0200)]
pkcs11: ignore login error when traversing tokens
If a token is a general access device, it is expected that login
attempt to that token returns error:
https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
On the other hand, _pkcs11_traverse_tokens treats the error as fatal
and stops iteration. This behavior prevents object search without
token specifier if such tokens are registered in the system.
Reported by Stanislav Zidek in
https://bugzilla.redhat.com/show_bug.cgi?id=
1705478
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Mon, 8 Jul 2019 14:54:56 +0000 (16:54 +0200)]
ext/session_ticket: avoid calling memcpy on overlapping memory areas
In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
from ticket_data->data, thus those memory areas may overlap. Using
memcpy here leads to undefined behavior.
Spotted by valgrind run on ppc64le.
==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023)
==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139)
==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
==95231== by 0x4110DEB: handshake_server (handshake.c:3331)
==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727)
==95231== by 0x10009EBF: retry_handshake (serv.c:1306)
==95231== by 0x1000AB67: tcp_server (serv.c:1500)
==95231== by 0x10009E5B: main (serv.c:1297)
==95231==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Nikos Mavrogiannopoulos [Wed, 10 Jul 2019 08:31:48 +0000 (08:31 +0000)]
Merge branch 'tmp-mark-infinite-loops' into 'master'
lib: mark infinite loops explicitly
See merge request gnutls/gnutls!1043
Nikos Mavrogiannopoulos [Tue, 9 Jul 2019 08:06:47 +0000 (10:06 +0200)]
lib: mark infinite loops explicitly
There were few infinite loop constructions which were checking
for an always true condition. Make sure that this construction
is marked explicitly as while(1) to assist static analysers, or
reviewers.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Tue, 9 Jul 2019 11:29:33 +0000 (11:29 +0000)]
Merge branch 'tmp-coverage' into 'master'
tests: improve coverage of CRQ related functions
See merge request gnutls/gnutls!1042
Nikos Mavrogiannopoulos [Tue, 9 Jul 2019 07:56:24 +0000 (09:56 +0200)]
tests: improve coverage of CRQ related functions
That adds sanity check of crq-related functions that were not included
in the testsuite at all.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Tue, 9 Jul 2019 04:16:53 +0000 (04:16 +0000)]
Merge branch 'tmp-var' into 'master'
encode_ber_digest_info: added sanity check
See merge request gnutls/gnutls!1041
Nikos Mavrogiannopoulos [Tue, 9 Jul 2019 04:16:10 +0000 (04:16 +0000)]
Merge branch 'tmp-fix-ocsp' into 'master'
Improve the OCSP (status request) and interop testing
See merge request gnutls/gnutls!1024
Nikos Mavrogiannopoulos [Mon, 8 Jul 2019 17:33:50 +0000 (19:33 +0200)]
encode_ber_digest_info: added sanity check
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Wed, 3 Jul 2019 19:04:23 +0000 (21:04 +0200)]
doc update [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Thu, 13 Jun 2019 07:13:22 +0000 (09:13 +0200)]
testcompat-openssl: added interop test with DTLS 1.2
This tests AES-CBC ciphersuites in isolation, as they are
prioritized lower than AES-GCM. We want to test them explicitly
because they have different behavior under EtM.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 7 Jun 2019 21:22:52 +0000 (23:22 +0200)]
tests: added sanity check for rfc7633 behavior
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 7 Jun 2019 14:51:30 +0000 (16:51 +0200)]
tests: status-request-missing: renamed to rfc7633-missing
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 7 Jun 2019 14:39:53 +0000 (16:39 +0200)]
status-request-ext: run under all TLS versions
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 7 Jun 2019 14:35:11 +0000 (16:35 +0200)]
tests: status-request: cleanup
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 7 Jun 2019 14:34:21 +0000 (16:34 +0200)]
tests: status-request-missing: run for all TLS versions
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Dmitry Eremin-Solenikov [Mon, 1 Jul 2019 22:08:51 +0000 (22:08 +0000)]
Merge branch 'tmp-cli-debug' into 'master'
gnutls-cli-debug: test whether RSA key exchange is supported
Closes #449
See merge request gnutls/gnutls!1039
Nikos Mavrogiannopoulos [Sun, 30 Jun 2019 07:19:02 +0000 (07:19 +0000)]
Merge branch 'tmp-fix-desc' into 'master'
gnutls_session_get_desc: avoid printing a NULL value
See merge request gnutls/gnutls!1038
Daiki Ueno [Sun, 30 Jun 2019 05:16:51 +0000 (05:16 +0000)]
Merge branch 'tmp-fips-drbg-continuous' into 'master'
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
See merge request gnutls/gnutls!1034
Nikos Mavrogiannopoulos [Sat, 29 Jun 2019 19:02:11 +0000 (21:02 +0200)]
gnutls-cli-debug: test whether RSA key exchange is supported
Resolves: #449
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Nikos Mavrogiannopoulos [Fri, 28 Jun 2019 19:08:32 +0000 (21:08 +0200)]
gnutls_session_get_desc: avoid printing a NULL value
When gnutls_session_set_premaster() is used (under openconnect),
it is possible that gnutls_session_get_desc will print a string like
this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
With this change we ensure that we do not print null values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Dmitry Eremin-Solenikov [Sat, 29 Jun 2019 09:09:35 +0000 (09:09 +0000)]
Merge branch 'mac-gmac' into 'master'
lib: add support for AES-GMAC
Closes #781
See merge request gnutls/gnutls!1036
Nikos Mavrogiannopoulos [Fri, 28 Jun 2019 19:36:40 +0000 (19:36 +0000)]
Merge branch 'tmp-fix-gnutls_x509_crt_list_import2' into 'master'
Fix gnutls_x509_crt_list_import2() documentation
Closes #794
See merge request gnutls/gnutls!1037
Daiki Ueno [Fri, 21 Jun 2019 13:49:26 +0000 (15:49 +0200)]
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
This adds a continuous random number generator test as defined in FIPS
140-2 4.9.2, by iteratively fetching fixed sized block from the system
and comparing consecutive blocks.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Dmitry Eremin-Solenikov [Fri, 28 Jun 2019 13:54:30 +0000 (16:54 +0300)]
lib: document gnutls_hmac_fast vs nonce relationship
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Dmitry Eremin-Solenikov [Thu, 27 Jun 2019 21:27:01 +0000 (00:27 +0300)]
tests/gnutls_hmac_fast: run test for AES-UMAC-96/-128
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Dmitry Eremin-Solenikov [Mon, 24 Jun 2019 21:12:29 +0000 (00:12 +0300)]
nettle: return true for gnutls_mac_exists(AES-CMAC*)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Dmitry Eremin-Solenikov [Fri, 28 Jun 2019 13:28:58 +0000 (16:28 +0300)]
NEWS: add an entry for AES-GMAC algorithms
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Dmitry Eremin-Solenikov [Thu, 27 Jun 2019 21:27:01 +0000 (00:27 +0300)]
tests/gnutls_hmac_fast: run test for AES-GMAC-128/-192/-256
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>