| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This adds a test that exercises a failed handshake upon receipt of an
OCSP response with the "revoked" status.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
gnutls_aead_cipher_decrypt(), that works on data buffers.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This adds an iterator interface over giovec_t array, extracting a
fixed sized block.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This exposes the deterministic ECDSA/DSA functionality through the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a token is a general access device, it is expected that login
attempt to that token returns error:
https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
On the other hand, _pkcs11_traverse_tokens treats the error as fatal
and stops iteration. This behavior prevents object search without
token specifier if such tokens are registered in the system.
Reported by Stanislav Zidek in
https://bugzilla.redhat.com/show_bug.cgi?id=1705478
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes the multiple KeyUpdate messages handling in commit
65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
sent even if the limit doesn't exceed.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a server side counterpart of
005a4d04145707daad9588acedfdb5f6cd97c80c.
Instead of signalling an error when no algorithm is usable in TLS 1.3,
it downgrades the session to TLS 1.2 with a warning.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous behavior was that both sending and receiving limits are
negotiated to be the same value. It was problematic when:
- client sends a record_size_limit with a large value in CH
- server sends a record_size_limit with a smaller value in EE
- client updates the limit for both sending and receiving, upon
receiving EE
- server sends a Certificate message larger than the limit
With this patch, each peer maintains the sending / receiving limits
separately so not to confuse with the contradicting settings.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When checking datefudge availability under cross-compiling environment
with a binfmt wrapper, it is not sufficient to check against the host
executable. This instead uses a test executable compiled for the
target architecture.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This adds a new function gnutls_prf_early, which shall be called in a
handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test
needs to be run in a datefudge wrapper as the early secrets depend on
the current time (through PSK).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This adds a test that exercise the client's auth rejection logic,
using the RSA-PSS disabled PKCS #11 token.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The original file was unmaintained since long time. This is now
auto-generated from the git shortlog, at release time.
Relates: #606
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
| |
Bootstrapping with latest gnulib updated both files,
so they are obviously auto-generated files which do not
belong into the repository.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This implements ClientHello recording outlined in section 8.2 of RFC
8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Relates #489
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |
|
|
|
|
|
| |
Autogen seems to output on the creates files gradually, something that
makes 'make' believe that the command is complete prior to the output
file being fully populated. The current approach uses stamp files to
ensure that no incomplete files are used for compilation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This checks whether GnuTLS properly calls login prior to any sign
operations when the object is marked as CKA_ALWAYS_AUTHENTICATE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add dedicated test file name-constraints-ip for IP tests.
- Test the following:
* Generation and saving of valid name constraints.
* Trying to save invalid IP constraints.
* Reading the saved constraints.
* constraints_check() calls for both IPv4 and IPv6.
* IP constraints intersection (simple, empty, mediocre, complicated).
* IPv4/IPv6 constraints interaction and various corner cases.
- IPs/CIDRs are printed in logs in case of failure.
- Add 2 new chain tests (positive, negative).
- Add generated test executable to ignored files.
Signed-off-by: Martin Ukrop <mukrop@redhat.com>
|
| |
|
|
|
|
|
|
| |
- Renamed ip-in-cidr test to ip-utils.
- Added built binary to .gitignore.
- Added new tests for gnutls_x509_cidr_to_rfc5280.
Signed-off-by: Martin Ukrop <mukrop@redhat.com>
|
| |
|
|
|
|
|
|
| |
* .tmp and .swp for text editor files
* Makefile.user created by Qt Creator
* gl/tests/ctype.h as it is generated from ctype.h.in
Signed-off-by: Martin Ukrop <mukrop@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
