git.ipfire.org Git - thirdparty/gnutls.git/log

SKIP tests/suite/eagain if libev not available

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Merge branch 'topsrcdir' into 'master'

tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE

See merge request gnutls/gnutls!1156

commit | commitdiff | tree

Dimitri John Ledkov [Mon, 6 Jan 2020 09:41:27 +0000 (09:41 +0000)]

tests/Makefile.am: use absolute top_srcdir for GNUTLS_PRIORITY_FILE

Some tests, e.g. in suite/tls-fuzzer execute scripts from
sub-directories, making the relative path to system.prio in the
environment pointing to a non-existent file. Export system.prio
testsuite file as an absolute path to avoid this issue.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Sun, 5 Jan 2020 05:33:18 +0000 (05:33 +0000)]

Merge branch 'estanglerbm-getrandom' into 'master'

Fixes dummy getrandom() when errno = EAGAIN.

Closes #892

See merge request gnutls/gnutls!1150

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 23:26:54 +0000 (23:26 +0000)]

Merge branch 'tmp-ci-remove-command-concat' into 'master'

Remove && command concatenation in .gitlab-ci.yml

Closes #896

See merge request gnutls/gnutls!1152

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 19:21:07 +0000 (20:21 +0100)]

doc: updated epub.texi from gnutls.texi

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 15:58:04 +0000 (16:58 +0100)]

.gitlab-ci.yml: identify on runtime to db2epub directory

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Remove && command concatenation in .gitlab-ci.yml

As it turns out, `set -e` doesn't work if one of the commands fail,
maybe except the last command.
Seen, tested and reproduced on Fedora28 image.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Merge branch 'tmp-check-fuzz' into 'master'

UB+ASAN: Fail tests if UB detected

Closes #882 and #878

See merge request gnutls/gnutls!1136

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 12:55:09 +0000 (13:55 +0100)]

.gitlab-ci.yml: merged ASAN and UBSAN runs

This in addition to merging the two CI runs, it also attempts
to run the fuzz code under SHANI for CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Fixes dummy getrandom() when errno = EAGAIN.

Fixes #892.

Signed-off-by: Edward Stangler <estangler@bradmark.com>

Fix '-Werror=unused-const-variable=' in fuzz/

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Fix NULL ptr access in _gnutls_iov_iter_next()

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Use check_for_datefudge in tests

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Fix "left shift cannot be represented in type 'int'" in hello_ext.[ch]

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Fix 2x -Wunused-function in tests/

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

certtool-cfg.c: Silence -Wunused-variable if HAVE_IPV6 not set

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

status_request.c: Silence -Wsign-compare

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

rnd-fuzzer.c: Suppress shift sanitization check

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

handshake.c: Suppress warning in fuzzing build

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Fix implicit value change in verify-high.c

verify-high.c:284:7: runtime error: implicit conversion from type 'size_t'
(aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to
type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit,
unsigned)

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

UBSAN: Fail tests if UB detected

Suppressions are in devel/ubsan.supp.
Suppressions only work on recoverable checks.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 10:33:12 +0000 (10:33 +0000)]

Merge branch 'tmp-libev' into 'master'

ecore cli: updated and rewritten to use libev

Closes #884

See merge request gnutls/gnutls!1148

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 3 Jan 2020 07:53:55 +0000 (08:53 +0100)]

tests/suite: do not include scripts into dist

This part of the test suite is only run on CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 2 Jan 2020 13:09:50 +0000 (14:09 +0100)]

ecore cli: updated and rewritten to use libev

That removes a lot of code that was not necessary in the gnutls test
suite.

Resolves: #884

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 2 Jan 2020 21:32:43 +0000 (22:32 +0100)]

.gitlab-ci.yml: use separate images for mingw and fedora builds

This should result to faster image loading for CI builds.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Merge branch 'tmp-fix-slow-tests' into 'master'

tests: use newer nettle APIs in cipher-override.c

See merge request gnutls/gnutls!1149

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 2 Jan 2020 13:55:11 +0000 (14:55 +0100)]

tests: use newer nettle APIs in cipher-override.c

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-update-copyright' into 'master'

doc: updated copyrights for 2020

See merge request gnutls/gnutls!1147

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 1 Jan 2020 20:37:01 +0000 (21:37 +0100)]

doc: updated copyrights for 2020

This updates the copyright year for documentation
and excludes gnulib files from the copyright check.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 1 Jan 2020 08:31:28 +0000 (08:31 +0000)]

Merge branch 'wip-arch-independent-scm' into 'master'

guile: Arrange to make 'gnutls.scm' architecture-independent.

Closes #838

See merge request gnutls/gnutls!1121

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 30 Dec 2019 04:31:27 +0000 (04:31 +0000)]

Merge branch 'fix-gost-bench' into 'master'

Fix gnutls-cli compilation with GOST disabled

See merge request gnutls/gnutls!1143

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sun, 29 Dec 2019 09:52:21 +0000 (12:52 +0300)]

cli: fix building with GOST disabled

Fix building gnutls-cli (benchmark part) with GOST keys support being
disabled.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sun, 29 Dec 2019 09:49:16 +0000 (12:49 +0300)]

cli: support building with OCSP and ANON disabled

Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sun, 29 Dec 2019 09:49:16 +0000 (12:49 +0300)]

serv: support building with OCSP disabled

Support gnutls-serv when building GnuTLS with OCSP API disabled.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sun, 29 Dec 2019 10:00:06 +0000 (10:00 +0000)]

Merge branch 'gost-split-5' into 'master'

Workaround for SChannel limitations

See merge request gnutls/gnutls!1138

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Fri, 8 Nov 2019 23:29:19 +0000 (02:29 +0300)]

tls12-server-kx-neg: add tests without GOST signature algorithms

Add tests mimicking SChannel clients which are unable to send proper
SignatureAlgorithms extension.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Fri, 8 Nov 2019 23:01:22 +0000 (02:01 +0300)]

SignatureAlgorithms: force-enable GOST signatures for GOST KX

SChannel-based clients can not send GOST identifiers as a part of
SignatureAlgorithms extension. To mitigate this forcefully enable GOST
signature algorithms if client sends GOST ciphersuite.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 27 Dec 2019 21:57:20 +0000 (21:57 +0000)]

Merge branch 'gost-bench' into 'master'

Benchmark GOST ciphers/ciphersuites

See merge request gnutls/gnutls!1142

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Tue, 24 Dec 2019 13:26:27 +0000 (16:26 +0300)]

benchmark: enable benchmarking of GOST CNT ciphersuite/KX

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 23 Dec 2019 23:33:26 +0000 (02:33 +0300)]

benchmark: support benchmarking GOST ciphers/MACs

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 23 Dec 2019 23:32:17 +0000 (02:32 +0300)]

benchmark: use mac key size instead of block size

Use newly added gnutls_hmac_get_key_size() to get key size instead of
assuming that key size = block size (incorrect for GOST 28147 IMIT).

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 23 Dec 2019 23:31:30 +0000 (02:31 +0300)]

crypto-api: add gnutls_hmac_get_key_size() function

Add gnutls_hmac_get_key_size() to retrieve MAC key size.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 23 Dec 2019 22:20:24 +0000 (01:20 +0300)]

nettle/gost: remove gost28147_imit_init

Rewrite gost28147 imit code to clean up state and index on key setup to
be sure that imit context is properly cleaned.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

guile: Arrange to make 'gnutls.scm' architecture-independent.

Fixes #838.
Reported by Andreas Metzler.

* configure.ac: Define and substitute 'maybe_guileextensiondir'.
* guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'.
* guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@.
Check if %LIBDIR is true.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 26 Dec 2019 09:31:19 +0000 (09:31 +0000)]

Merge branch 'tmp-strict-x509-time' into 'master'

Do not tolerate invalid DER time

Closes #207

See merge request gnutls/gnutls!1141

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 23 Dec 2019 19:20:58 +0000 (20:20 +0100)]

x509: do not tolerate invalid DER time

This effectively reverts !400 and ensures that we no longer tolerate
invalid DER time. This complements the previous commit by Lili Quan
and ensures we provide the --disable-strict-der-time backwards compatibility
option.

Resolves: #207

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 23 Dec 2019 20:07:38 +0000 (20:07 +0000)]

Merge branch 'tmp-certtool-crq' into 'master'

certtool: always set extensions from template

See merge request gnutls/gnutls!1130

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 23 Dec 2019 19:04:24 +0000 (19:04 +0000)]

Merge branch 'tmp-gnutls-cli' into 'master'

Improvements in gnutls-cli --benchmark-tls-kx

See merge request gnutls/gnutls!1128

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Sat, 14 Dec 2019 09:51:48 +0000 (10:51 +0100)]

certtool: always set extensions from template

Previously we would only set these extensions specific with add_extension
when generating using --generate-certificate. The change makes sure these
options are considered even when generating an extension from a certificate
request. Issue reported on the mailing list.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Sat, 14 Dec 2019 09:44:16 +0000 (10:44 +0100)]

tests: check certificate generation from certificate request

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 23 Dec 2019 18:52:47 +0000 (18:52 +0000)]

Merge branch 'tmp-fix-serv-exit' into 'master'

gnutls-serv: do not exit on command failure

Closes #868

See merge request gnutls/gnutls!1129

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sat, 21 Dec 2019 00:17:10 +0000 (00:17 +0000)]

Merge branch 'abi-fix' into 'master'

abi-check: fix include paths

See merge request gnutls/gnutls!1139

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 20 Dec 2019 22:09:37 +0000 (22:09 +0000)]

Merge branch 'tmp-check-same-certs' into 'master'

_gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements

Closes #877

See merge request gnutls/gnutls!1140

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 20 Dec 2019 19:37:32 +0000 (20:37 +0100)]

tests: ensure test suite does not apply global config

When running the test suite we do not apply the global
gnutls configration as it may change options that are
tested.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 5 Dec 2019 10:40:31 +0000 (11:40 +0100)]

gnutls-cli: improved output of --benchmark-tls-kx

It is now printed in a way that separates the tests. Example:
```
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 179.19 transactions/sec
- avg. handshake time: 5.57 ms
- standard deviation: 0.57

(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 182.24 transactions/sec
- avg. handshake time: 5.48 ms
- standard deviation: 0.64
```

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 4 Dec 2019 12:58:21 +0000 (13:58 +0100)]

gnutls-cli: benchmark-tls-kx can work with sub-ms accuracy

This allows micro and nanoseconds to be reported if necessary,
and it changes reporting of sample variance to standard deviation
giving a possibly better overview as it is in the same units as
the average.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Fri, 20 Dec 2019 00:04:39 +0000 (00:04 +0000)]

Merge branch 'gost-split-4' into 'master'

gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests

See merge request gnutls/gnutls!1137

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Thu, 19 Jul 2018 12:40:46 +0000 (15:40 +0300)]

gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests

Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
support by the server.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 19 Dec 2019 20:13:15 +0000 (21:13 +0100)]

README.md: updated to list fuzz coverage results [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Dimitri John Ledkov [Sun, 15 Dec 2019 20:32:02 +0000 (20:32 +0000)]

doc: update reference to the default configuration file

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 19 Dec 2019 19:28:50 +0000 (20:28 +0100)]

updated auto-generated files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 19 Dec 2019 08:37:34 +0000 (09:37 +0100)]

_gnutls_verify_crt_status: apply algorithm checks to trusted CAs

If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected
level. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise.

Resolves: #877

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 13:38:32 +0000 (14:38 +0100)]

certtool: added option to apply a certificate verification profile

This applies to the --verify and --verify-chain commands.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 13:29:21 +0000 (14:29 +0100)]

Export profile ID/name handling functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 13:04:35 +0000 (14:04 +0100)]

is_level_acceptable: apply the system-wide profile in all verifications

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Introduced check to reject certificates with non-digits in time field

According to RFC5280 we should reject such certificates.

Resolves: #870

Signed-off-by: Lili Quan <13132239506@163.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 13 Nov 2019 20:47:16 +0000 (23:47 +0300)]

abi-check: fix include paths

If GnuTLS is built outside of source tree, abicheck will miss gnutls.h
header which is generated in the build tree. Expand arguments to include
it.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 18 Dec 2019 22:05:16 +0000 (22:05 +0000)]

Merge branch 'gost-split-3' into 'master'

Add GOST-CNT ciphersuite support

See merge request gnutls/gnutls!1119

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 18 Dec 2019 20:28:48 +0000 (23:28 +0300)]

doc: document GROUP-GOST-ALL keyword

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 27 Nov 2019 12:48:57 +0000 (15:48 +0300)]

NEWS: add news entry, describing TLS 1.3 vs GOST issues

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 17 Jul 2019 16:41:47 +0000 (19:41 +0300)]

ext/signature: use GOST signatures for GOST ciphersiuites

draft-smyshlyaev-tls12-gost-suites limits SignatureAndHash algorithms
in CertificateRequest message to GOST values if GOST cipher suite is
selected.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Tue, 3 Sep 2019 07:48:09 +0000 (10:48 +0300)]

tls13-server-kx-neg: add test for GOST-enabled server and client

If both client and server have enabled TLS 1.3 and GOST-CNT
ciphersuites, they should correctly negotiate a connection, but using
TLS 1.2 version.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Mon, 9 Oct 2017 04:17:59 +0000 (07:17 +0300)]

tests: added testcases for ciphersuite/KX negotiation with VKO-GOST

This verifies whether the ciphersuite negotiation will detect and
reject incompatible data present in credentials.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sat, 23 Sep 2017 18:37:38 +0000 (21:37 +0300)]

tests: add tests for KX-GOST-VKO using different key variants

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Thu, 27 Oct 2016 00:31:49 +0000 (03:31 +0300)]

Add GOST cipher suites

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sun, 10 Feb 2019 09:18:40 +0000 (12:18 +0300)]

priority: add GROUP-GOST-ALL keyword

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Wed, 30 Nov 2016 10:11:28 +0000 (13:11 +0300)]

Support GOST certificate request values

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Dmitry Eremin-Solenikov [Sat, 23 Sep 2017 18:56:23 +0000 (21:56 +0300)]

lib: fix group selection in case of GOST cipher suites

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 18 Dec 2019 09:48:11 +0000 (09:48 +0000)]

Merge branch 'tmp-ext-fuzzer' into 'master'

fuzzer: added fuzzer for gnutls_ext_raw_parse() [ci skip]

See merge request gnutls/gnutls!1133

Sync with fuzzers from OSS-Fuzz

Only lots of corpora removed (by merge step). Not sure why.
But there are several new UBs detected.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Amend fuzz scripts and README for clang-8

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Add fuzz corpora for gnutls_ext_raw_parse_fuzzer

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 16 Dec 2019 11:54:23 +0000 (12:54 +0100)]

fuzzer: added fuzzer for gnutls_ext_raw_parse()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 16 Dec 2019 10:35:48 +0000 (11:35 +0100)]

README.md: updated CI build badge [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Merge branch 'tmp-more-const-1' into 'master'

Add const to function arguments in lib/x509

See merge request gnutls/gnutls!1007

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Sat, 7 Dec 2019 20:30:17 +0000 (21:30 +0100)]

abi: updated to latest const changes and added NEWS entry

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Add const to function arguments in lib/x509

This change does not introduce functionality changes.
It just adds const promises to the caller.

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 5 Dec 2019 16:06:22 +0000 (17:06 +0100)]

gnutls-serv: do not exit on command failure

If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
would simply quit. This prevents using this tool in a test environment
like tlsfuzzer. Ensure that we don't quit on error.

Resolves: #868

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Thu, 5 Dec 2019 15:46:29 +0000 (15:46 +0000)]

Merge branch 'AVOID_INTERNALS' into 'master'

lib: remove obsolete AVOID_INTERNALS

See merge request gnutls/gnutls!1127

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Wed, 4 Dec 2019 21:18:02 +0000 (22:18 +0100)]

.triage-policies.yml: updated to work with latest gitlab-triage [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

lib: remove obsolete AVOID_INTERNALS

Although commit 1f246c381e8a7449d84b143ffe50a0818622d2a3 enabled
the self-check functions unconditionally, the #ifdefs AVOID_INTERNALS
remained in lib/crypto-selftests-pk.c.

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 2 Dec 2019 16:32:16 +0000 (17:32 +0100)]

Revert "Released 3.6.11.1 including missing files"

This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 2 Dec 2019 16:08:43 +0000 (17:08 +0100)]

Released 3.6.11.1 including missing files

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 2 Dec 2019 13:05:22 +0000 (13:05 +0000)]

Merge branch 'tmp-libopts-fix' into 'master'

libopts: include new files into dist

Closes #867

See merge request gnutls/gnutls!1126

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Mon, 2 Dec 2019 07:56:05 +0000 (08:56 +0100)]

libopts: include new files into dist

This also includes --enable-local-libopts flag to make dist
to catch future regressions.

Resolves: #867

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Sun, 1 Dec 2019 21:39:01 +0000 (22:39 +0100)]

released 3.6.11

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Write OCSP status request debug information to logfile, if set

The status information not part of the payload data and should be
separate when using --logfile.

Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

Send log messages about loading client credentials to logfile, if set

Signed-off-by: Fiona Klute <fiona.klute@gmx.de>

commit | commitdiff | tree

Nikos Mavrogiannopoulos [Fri, 29 Nov 2019 19:30:26 +0000 (20:30 +0100)]

.travis.yml: explicitly install openssl to address build issue

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>