| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
fix invalid unsigned arithmetic.
See merge request gnutls/gnutls!1364
|
| |
| |
| |
| | |
Signed-off-by: ihsinme <ihsinme@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
fuzz: fix handshake fuzzer issues spotted by oss-fuzz
See merge request gnutls/gnutls!1363
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
x509: Improve documentation of new set_getissuer_function
See merge request gnutls/gnutls!1365
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since gnutls!1354, some of this information is now obsolete. The caller
is no longer responsible for verifying the certificate or adding it to
the trust list. GnuTLS will now handle that. Instead, the callback
should always import the missing certificate and return success if the
certificate was imported, or failure otherwise.
Also, let's point to gnutls_x509_crt_get_authority_info_access(), since
it is useful in combination with this function.
Finally, since this callback is emitted once for each missing
intermediate certificate, it's probably less confusing if we talk about
only a single missing intermediate here. Yes, there could be multiple
missing certificates, but a single invocation of this callback can only
deal with one.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
verify-tofu: return errors from store functions if callback fails
Closes #1092
See merge request gnutls/gnutls!1361
|
| |/
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
Update openssl submodule to fix backtrace info
See merge request gnutls/gnutls!1362
|
| |
| |
| |
| |
| |
| | |
Re-generate assembly sources from the updated openssl submodule.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|/
|
|
|
|
|
| |
Update openssl submodule to current OpenSSL_1_1_1-stable branch
(8e813c085a).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
x509: check certificate trust status when adding CA through AIA
Closes #1100
See merge request gnutls/gnutls!1354
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous issuer callback API had a drawback: the callback is
supposed to add CA to the trust list by itself. This was error-prone,
because the callback must check the new CA is trusted by the already
added CA. This instead moves the responsibility to the library.
This also rewrites the chain amendment logic in a side-effect free
manner. The application can assume that the trust information stored
on gnutls_x509_trust_list_t shouldn't change after the verification.
The missingissuer test has been extended to cover all the possible
patterns exhaustively.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
This makes static analyzers happy.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
crypto-backend: remove ability of overriding ciphers
Closes #790
See merge request gnutls/gnutls!1355
|
|/ /
| |
| |
| |
| |
| |
| | |
Those functions has been deprecated in 3.6.9 as they do not have
active use cases.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add QUIC related API functions
Closes #850, #849, and #826
See merge request gnutls/gnutls!1353
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds gnutls_alert_set_read_function(), to allow QUIC
implementations to be notified when an alert message is sent.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For the use with QUIC, the change of traffic secrets must be notified
_after_ a new epoch is set up for reading or writing, and we can't
simply reuse the keylog mechanism.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This adds a couple of functions, gnutls_handshake_set_read_function()
and gnutls_handshake_write(), to allow QUIC implementations to
directly interact with the TLS state machine.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
_gnutls_x509_read_value: don't count terminating null byte for OIDs
Closes #805
See merge request gnutls/gnutls!1358
|
| |/
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
pkcs11: increase the maximum PIN length from 31 to 255
Closes #932
See merge request gnutls/gnutls!1357
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The maximum is chosen from the default configuration of SoftHSMv2:
https://github.com/opendnssec/SoftHSMv2/blob/develop/CMakeLists.txt#L61
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use proper record version in client hello after hello retry request
Closes #1053
See merge request gnutls/gnutls!1346
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
Fixes: #1053
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
x509: clarify how to release memory allocated for DN
Closes #1110
See merge request gnutls/gnutls!1359
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
The application can assume that DNs returned from
_gnutls_x509_get_dn() are allocated with gnutls_malloc() and thus
shall be freed with gnutls_free().
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2
See merge request gnutls/gnutls!1352
|
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts 485f2551e68d1b4ee70be2960f0a241b4a2b9fb9. After the new
configuration file has been introduced, the allowed algorithms are
checked after this part.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
pkcs11: fix session leak in error path
See merge request gnutls/gnutls!1343
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls_pkcs11_obj_set_info() fails to call pkcs11_close_session() after
a successful pkcs11_open_session() if called with an invalid itype
parameter. That would be programmer error, of course, but better not
forget to close the session regardless.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
Closes #1012
See merge request gnutls/gnutls!1339
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
applications
to have a way to pass the gnutls_verify_output_function() as a callback so that the full
path of the certificate chain to the trusted root can be avaiable as output.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
build: hard require nettle 3.6
See merge request gnutls/gnutls!1322
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
qemu is currently causing segmentation fault:
cipher: aes-128-gcm
cipher: aes-192-gcm
cipher: aes-256-gcm
cipher: chacha20-poly1305
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
default cipher tests failed
FAIL test-ciphers-openssl.sh (exit status: 139)
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit bbe93dc315009fe1f9a30426cbe20f4661b8435c.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Spotted by valgrind:
==5721== 40 bytes in 1 blocks are definitely lost in loss record 1 of 3
==5721== at 0x4839809: malloc (vg_replace_malloc.c:307)
==5721== by 0x4DC3E59: __gmp_default_allocate (in /usr/lib64/libgmp.so.10.4.0)
==5721== by 0x4DD26A3: __gmpz_realloc (in /usr/lib64/libgmp.so.10.4.0)
==5721== by 0x4DD8B9D: __gmpz_set_str (in /usr/lib64/libgmp.so.10.4.0)
==5721== by 0x499339D: _gnutls_gostdsa_unmask_key (gostdsa-mask.c:68)
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
https://sourceforge.net/p/mingw-w64/bugs/818/
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|