]>
git.ipfire.org Git - thirdparty/gnutls.git/log
Nikos Mavrogiannopoulos [Fri, 4 Mar 2016 09:16:51 +0000 (10:16 +0100)]
corrected typo in comment [ci skip]
Nikos Mavrogiannopoulos [Tue, 1 Mar 2016 15:23:55 +0000 (16:23 +0100)]
configure: silence clang's warnings
Nikos Mavrogiannopoulos [Thu, 3 Mar 2016 13:24:13 +0000 (14:24 +0100)]
tests: added check for version negotiation default prio string
That verifies whether the support versions are negotiated.
Nikos Mavrogiannopoulos [Thu, 3 Mar 2016 08:05:32 +0000 (09:05 +0100)]
tests: include test-hash-large into dist
Nikos Mavrogiannopoulos [Thu, 3 Mar 2016 07:50:48 +0000 (08:50 +0100)]
Sync with TP [ci skip]
Ludovic Courtès [Wed, 2 Mar 2016 08:59:19 +0000 (09:59 +0100)]
Update NEWS.
Nikos Mavrogiannopoulos [Tue, 1 Mar 2016 13:50:42 +0000 (14:50 +0100)]
Disable weak symbols for _gnutls_global_init_skip() under windows
That is to avoid an issue with running gnutls under windows;
that renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows.
Relates #74
Nikos Mavrogiannopoulos [Tue, 1 Mar 2016 12:19:29 +0000 (13:19 +0100)]
.gitlab-ci.yml: asan, clang and valgrind builds were made arch-independent
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 19:49:09 +0000 (20:49 +0100)]
tests: pkcs12: allow multiple in-place builds
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 18:41:33 +0000 (19:41 +0100)]
tests: pkcs1-pad,rsa-md5-collision: allow multiple in-place builds
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 16:12:49 +0000 (17:12 +0100)]
doc update
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 16:06:12 +0000 (17:06 +0100)]
gnutls-cli: fail if gnutls is not compiled with DANE support and --dane is provided
Suggested by Bjorn Jacke.
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 12:23:25 +0000 (13:23 +0100)]
tests: always used the slow (portable) version of get16bits
This prevents issues with misaligned addresses and undefined sanitizer.
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 11:46:47 +0000 (12:46 +0100)]
timespec_sub_ms: fixed operation in 32-bit systems
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 09:23:20 +0000 (10:23 +0100)]
.gitlab-ci.yml: don't use the internal libtasn1 when compiling with libubsan
This prevents build failures due to issues in libtasn1
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 09:22:13 +0000 (10:22 +0100)]
tests: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 09:18:58 +0000 (10:18 +0100)]
pkcs11: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:58:40 +0000 (09:58 +0100)]
cipher.c: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:57:40 +0000 (09:57 +0100)]
ecc: optimized extension parsing
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:48:12 +0000 (09:48 +0100)]
opencdk: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:48:02 +0000 (09:48 +0100)]
gnutls.h: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:43:32 +0000 (09:43 +0100)]
x509: Fixes to prevent undefined behavior (found with libubsan)
Nikos Mavrogiannopoulos [Mon, 29 Feb 2016 08:27:23 +0000 (09:27 +0100)]
x509: cleanup in privkey.c
Andreas Metzler [Sun, 28 Feb 2016 14:35:01 +0000 (15:35 +0100)]
Let p11tool --provider option accept filenames.
Drop 'file-exists = yes;' to allow specifying either an absolute pathname
or a file in P11_MODULE_PATH.
Nikos Mavrogiannopoulos [Sun, 28 Feb 2016 12:01:11 +0000 (13:01 +0100)]
.gitlab-ci.yml: abort on ubsan errors
Nikos Mavrogiannopoulos [Sun, 28 Feb 2016 11:12:09 +0000 (12:12 +0100)]
p11tool: addressed memory leaks
Nikos Mavrogiannopoulos [Sun, 28 Feb 2016 09:45:02 +0000 (10:45 +0100)]
tests: use 'datefudge -s' to avoid loops
This avoids repeated loops of the same test as well as
random failures in the test suite.
Nikos Mavrogiannopoulos [Sat, 27 Feb 2016 21:37:21 +0000 (22:37 +0100)]
tests: krb5-test: increased the number of loops
This should prevent random failures in the test suite.
Nikos Mavrogiannopoulos [Sat, 27 Feb 2016 21:23:34 +0000 (22:23 +0100)]
.gitlab-ci.yml: asan and ubsan include the suite/
Nikos Mavrogiannopoulos [Tue, 23 Feb 2016 09:35:14 +0000 (10:35 +0100)]
.gitignore: more files to ignore
Nikos Mavrogiannopoulos [Tue, 23 Feb 2016 09:33:18 +0000 (10:33 +0100)]
doc: documented false start functionality
Nikos Mavrogiannopoulos [Tue, 23 Feb 2016 09:23:57 +0000 (10:23 +0100)]
doc update
Nikos Mavrogiannopoulos [Tue, 23 Feb 2016 09:14:53 +0000 (10:14 +0100)]
tests: Added checks for false start operation
Nikos Mavrogiannopoulos [Tue, 23 Feb 2016 08:40:26 +0000 (09:40 +0100)]
Added gnutls_handshake_set_false_start_function()
This function allows to use TLS False-start, by using the provided
function to send data just after finished message.
Nikos Mavrogiannopoulos [Sat, 27 Feb 2016 20:54:51 +0000 (21:54 +0100)]
tests: enable softhsmv2 test suite by default
Also do not fatally fail with known softhsmv2 bugs.
Jan Vcelak [Fri, 26 Feb 2016 15:17:48 +0000 (16:17 +0100)]
pkcs11: tests for RSA, ECC, DSA private key import
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Jan Vcelak [Fri, 26 Feb 2016 15:17:47 +0000 (16:17 +0100)]
pkcs11: tests for DSA key generating
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Nikos Mavrogiannopoulos [Sat, 27 Feb 2016 16:56:36 +0000 (17:56 +0100)]
added getpid() to the list of system calls used
Nikos Mavrogiannopoulos [Fri, 26 Feb 2016 13:41:12 +0000 (14:41 +0100)]
.gitlab-ci.yml: added compilation rule with libubsan
Jan Vcelak [Thu, 25 Feb 2016 15:43:36 +0000 (16:43 +0100)]
gnutls_x509_privkey_import: add missing algorithm setting for DSA keys
The algorithm number was set only in the private key structure, not in
the nested structure with parameters. This made certain operations to
fail (e.g., copying the key into a PKCS #11 token).
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Jan Vcelak [Thu, 25 Feb 2016 14:21:30 +0000 (15:21 +0100)]
pkcs11: implement correct DSA key pair generating
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Jan Vcelak [Thu, 25 Feb 2016 14:21:29 +0000 (15:21 +0100)]
pkcs11: add interface for C_GenerateKey
Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
Nikos Mavrogiannopoulos [Fri, 26 Feb 2016 11:00:55 +0000 (12:00 +0100)]
better match with unknown_tls_aid
Nikos Mavrogiannopoulos [Fri, 26 Feb 2016 10:54:05 +0000 (11:54 +0100)]
x509: moved time-specific functions to time.c
Sebastian Dröge [Wed, 24 Feb 2016 10:42:26 +0000 (12:42 +0200)]
configure: Android is ELF too
Without this, compiling Android for x86 or x86-64 fails because the assembly
optimizations are not compiled in.
Nikos Mavrogiannopoulos [Thu, 25 Feb 2016 14:45:04 +0000 (15:45 +0100)]
mentioned the public git URL for cloning [ci skip]
Nikos Mavrogiannopoulos [Wed, 24 Feb 2016 14:12:23 +0000 (15:12 +0100)]
doc update [ci skip]
Nikos Mavrogiannopoulos [Wed, 24 Feb 2016 13:55:19 +0000 (14:55 +0100)]
doc update
Nikos Mavrogiannopoulos [Wed, 24 Feb 2016 13:53:59 +0000 (14:53 +0100)]
tests: check functions which export session parameters
That is gnutls_session_get_random() and gnutls_session_get_master_secret().
Nikos Mavrogiannopoulos [Wed, 24 Feb 2016 13:43:17 +0000 (14:43 +0100)]
Added gnutls_session_get_master_secret
This provides the ability to export all session parameters in various
formats.
Resolves #64
Nikos Mavrogiannopoulos [Mon, 22 Feb 2016 14:51:11 +0000 (15:51 +0100)]
tests: gnutls_session_get_flags() is checked for extended master secret
Nikos Mavrogiannopoulos [Mon, 22 Feb 2016 14:49:25 +0000 (15:49 +0100)]
tests: check gnutls_session_get_flags() for EtM
Nikos Mavrogiannopoulos [Mon, 22 Feb 2016 14:46:33 +0000 (15:46 +0100)]
tests: check gnutls_session_get_flags() for safe renegotiation
Nikos Mavrogiannopoulos [Mon, 22 Feb 2016 14:26:46 +0000 (15:26 +0100)]
Added gnutls_session_get_flags()
This function would allow to simplify handling of future
flags which we may want to indicate, and would not require
API additions for new flags.
Nikos Mavrogiannopoulos [Mon, 22 Feb 2016 10:57:30 +0000 (11:57 +0100)]
Revert ".gitlab-ci.yml: disable guile tests"
This reverts commit
50ce516eebaf011f041002ecbfdb61b113159282 .
Ludovic Courtès [Sun, 21 Feb 2016 17:58:35 +0000 (18:58 +0100)]
guile: Fix out-of-tree builds.
This fixes a regression introduced in
3045a96 .
* guile/Makefile.am (.in.scm): Make the parent directory of $@.
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 16:04:24 +0000 (17:04 +0100)]
Improved documentation in _gnutls_sort_clist
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 15:43:51 +0000 (16:43 +0100)]
gnutls_x509_crt_list_import: corrected memory leak
This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was specified
and a failure occurred.
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 14:59:31 +0000 (15:59 +0100)]
_gnutls_sort_clist: fixed issues when used with func option
This function would incorrectly call func() on elements that were
included in the list, and would not call func() if the size of the
final chain was one.
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 14:10:54 +0000 (15:10 +0100)]
tests: added tests for gnutls_pcert_list_import_x509_raw()
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 13:29:20 +0000 (14:29 +0100)]
ext master secret: ensure we disable ext master secret if requested
That is, on rehandshakes, as on the standard handshakes it is disabled
by default.
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 13:18:04 +0000 (14:18 +0100)]
tests: verify that we do not allow rehandshakes without ext master
That is, if we have an initial session which uses the extended master
secret do not allow subsequent rehandshakes to skip it.
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 10:53:20 +0000 (11:53 +0100)]
tests: sha3-test: use different dates for generation and validation
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 09:55:32 +0000 (10:55 +0100)]
certtool: eliminated memory leaks
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 09:28:33 +0000 (10:28 +0100)]
bumped the version of max algorithm num to account for new signing algorithms
Nikos Mavrogiannopoulos [Thu, 18 Feb 2016 08:17:17 +0000 (09:17 +0100)]
src: added systemkey-args to BUILT_SOURCES
Nikos Mavrogiannopoulos [Wed, 17 Feb 2016 14:19:08 +0000 (15:19 +0100)]
tests: simplified sha3-test
Nikos Mavrogiannopoulos [Wed, 17 Feb 2016 04:43:24 +0000 (05:43 +0100)]
cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp 6.1.0 and p11-kit 0.23.2 [ci skip]
Nikos Mavrogiannopoulos [Tue, 16 Feb 2016 15:46:54 +0000 (16:46 +0100)]
.gitlab-ci.yml: disable guile tests
This prevents the test suite from failing.
Nikos Mavrogiannopoulos [Tue, 16 Feb 2016 15:40:09 +0000 (16:40 +0100)]
doc update [ci skip]
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 15:18:00 +0000 (16:18 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 15:13:12 +0000 (16:13 +0100)]
tests: resume: check whether the server does not resume in ext master secret mismatch
Relates #69
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 15:10:31 +0000 (16:10 +0100)]
Ensure that session resumption does not occur when ext master secret status changes
That is we make sure the server doesn't resume when:
1. Original session had extended master secret but not advertised in resumed
2. Original session did not have extended master secret but is advertised in resumed
Relates #69
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 13:45:40 +0000 (14:45 +0100)]
tests: resume: simplified structure assignment using C99 syntax
Nikos Mavrogiannopoulos [Mon, 15 Feb 2016 09:52:55 +0000 (10:52 +0100)]
tests: added certification generation tests with SHA-3 tests
Nikos Mavrogiannopoulos [Mon, 15 Feb 2016 09:37:57 +0000 (10:37 +0100)]
Added NIST's OIDs for SHA3 signature algorithms
This allows to generate certificates signed with SHA3.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:38 +0000 (23:04 +0100)]
guile: Work around lack of 'eval-when' on 1.8.
* guile/modules/gnutls.in (eval-when) [!guile-2]: New macro.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:37 +0000 (23:04 +0100)]
guile: Install modules in versioned directory by default.
* configure.ac: Change default 'GUILE_SITE' value to include
$guile_effective_version.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:36 +0000 (23:04 +0100)]
guile: build: Make silent rules actually quiet.
* guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at).
* guile/src/Makefile.am (enums.h, enum-map.i.c)
(smobs.h, smob-types.i.c, %.x): Likewise.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:35 +0000 (23:04 +0100)]
guile: Build and install .go files on Guile 2.x.
* configure.ac: Check for 'guild' and substitute 'GUILD'. Define
'HAVE_GUILD'. Substitute 'guileobjectdir'. Don't output
guile/modules/Makefile and guile/tests/Makefile.
* guile/modules/Makefile.am, guile/tests/Makefile.am: Remove. Move
contents to...
* guile/Makefile.am: ... here.
(SUBDIRS): Remove 'modules' and 'tests'.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:34 +0000 (23:04 +0100)]
guile: doc: Change prompt in examples.
* doc/gnutls-guile.texi (Guile Preparations): Use the prompt found in
2.0. Change "libguile-gnutls-v-0" to "guile-gnutls-v-2".
Ludovic Courtès [Thu, 11 Feb 2016 22:04:33 +0000 (23:04 +0100)]
guile: tests: Add Guile 2.2 compatibility layer.
This allows tests to run with Guile 2.1/2.2.
* guile/modules/gnutls/build/tests.scm (define-replacement) [guile-2]:
New macro.
(uniform-vector-read!, uniform-vector-write) [guile-2]: New procedures.
* doc/gnutls-guile.texi (Guile Preparations): Mention 2.2.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:32 +0000 (23:04 +0100)]
guile: tests: Make sure no processes are left behind.
Before that, child processes would be left behind and become zombies.
* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
Add (waitpid pid) call on the server side.
Ludovic Courtès [Thu, 11 Feb 2016 22:04:31 +0000 (23:04 +0100)]
guile: tests: Add 'with-child-process'.
This makes sure that child processes always exit no matter what.
* guile/modules/gnutls/build/tests.scm (define-syntax-rule) [!guile-2]:
New macro.
(call-with-child-process): New procedure.
(with-child-process): New macro.
* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use it
instead of an explicit 'primitive-fork' call.
* guile/.dir-locals.el: New file.
* guile/Makefile.am (EXTRA_DIST): New variable.
Nikos Mavrogiannopoulos [Mon, 15 Feb 2016 08:52:10 +0000 (09:52 +0100)]
tests: mini-loss-time: ensure client timeouts after the server is
This addresses issue with the server detecting the client disconnection
prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler.
Jaak Ristioja [Fri, 12 Feb 2016 14:59:31 +0000 (16:59 +0200)]
Removed the invariant htype parameter of _gnutls_recv_int()
All uses of _gnutls_recv_int() passed -1 as the htype argument of type
gnutls_handshake_description_t, which had been used for SSLv2 client
hellos. Introduced in 2001 with
dc1122e7b6 .
Nikos Mavrogiannopoulos [Sun, 14 Feb 2016 17:41:01 +0000 (18:41 +0100)]
provable RSA key generation: adjust the seed size based on N size
Nikos Mavrogiannopoulos [Sun, 14 Feb 2016 17:18:38 +0000 (18:18 +0100)]
provable RSA key generation: allow non-2048 and non-3072 keys
That is enforce the 2048 and 3072-bit limit to FIPS when in FIPS140-2
mode.
Nikos Mavrogiannopoulos [Sat, 13 Feb 2016 17:21:08 +0000 (18:21 +0100)]
DH/DSA: allow the generation of larger than 15360 bit parameters
Nikos Mavrogiannopoulos [Sat, 13 Feb 2016 13:50:19 +0000 (14:50 +0100)]
tests: eliminated mem leak in hash-large
Nikos Mavrogiannopoulos [Fri, 12 Feb 2016 14:16:55 +0000 (15:16 +0100)]
tests: check whether large buffer hashes and MAC work as expected
Nikos Mavrogiannopoulos [Fri, 12 Feb 2016 09:48:12 +0000 (10:48 +0100)]
nettle: use the correct type for hash and MAC functions
Nikos Mavrogiannopoulos [Sat, 6 Feb 2016 21:44:37 +0000 (22:44 +0100)]
provable prime generation: arbitrary seed lengths are accepted in non-FIPS mode
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 11:10:57 +0000 (12:10 +0100)]
gnutls-cli: improved indentation in benchmark output
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 10:43:27 +0000 (11:43 +0100)]
certtool: removed unused variable
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 10:00:15 +0000 (11:00 +0100)]
certtool: the --generate-dh-params option can be combined with --provable
This however, will generate provable DSA parameters and import them
as DH parameters.
Resolves #72
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 09:42:34 +0000 (10:42 +0100)]
certtool: the --dh-info option will retrieve DH parameters from DSA keys
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 09:34:52 +0000 (10:34 +0100)]
tests: added check for gnutls_dh_params_import_dsa
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 09:05:58 +0000 (10:05 +0100)]
doc update
Nikos Mavrogiannopoulos [Thu, 11 Feb 2016 09:05:13 +0000 (10:05 +0100)]
Added gnutls_dh_params_import_dsa() which allows to import DSA parameters into DH ones
This simplifies importing DSA private keys into DH parameters.