| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
Release 3.7.3
See merge request gnutls/gnutls!1517
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This function previously used gnutls_x509_trust_list_get_issuer
without GNUTLS_TL_GET_COPY flag, which is required when the function
is called from multi-threaded application and PKCS #11 trust store is
in use.
Reported and the change suggested by Remi Gacogne in:
https://gitlab.com/gnutls/gnutls/-/issues/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
fips: add mechanism to embed FIPS module name in the library
See merge request gnutls/gnutls!1508
|
| |
| |
| |
| |
| |
| |
| | |
With this option gnutls-cli prints the build-time configuration of the
library, retrieved through gnutls_get_library_config.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
Minor build fixes for 3.7.3 release (part 2)
See merge request gnutls/gnutls!1516
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
In src, we now have two helper programs: systemkey and dumpcfg.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
remove autogen dependency
Closes #775, #774, and #773
See merge request gnutls/gnutls!1506
|
| |
| |
| |
| | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This runs a couple of code analysis on the Python scripts added to
remove AutoGen dependency.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
As neither the tools nor documentation depends on AutoGen, we don't
need to include the AutoGen definition files.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This replaces man-pages generation previously provided by the autogen
-Tagman.tpl command with a Python script (gen-cmd-man.py).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This replaces texinfo generation previously provided by the autogen
-Tagtexi.tpl command with a Python script (gen-cmd-texi.py).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
As no tools link with libopts anymore, we don't need to include it in
the distribution.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This replaces configuration file parsing code previously provided by
<autoopts/options.h>, with a minimal compatible implementation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This replaces AutoGen based command-line parser with a Python
script (gen-getopt.py), which takes JSON description as the input.
The included JSON files were converted one-off using the parse-autogen
program: https://gitlab.com/dueno/parse-autogen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
| |
This adds the jsonopts Python module used by the command-line parser
generator and documentation generators in the following commits. This
also bumps the required Python interpreter version to 3.6.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
pkcs12: use the correct MAC algorithm for GOST key generation
Closes #1225
See merge request gnutls/gnutls!1514
|
| |
| |
| |
| |
| |
| |
| | |
According to the latest TC-26 requirements, the MAC algorithm used for
PBKDF2 should always be HMAC_GOSTR3411_2012_512.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
Minor build fixes before the 3.7.3 release
See merge request gnutls/gnutls!1511
|
| |
| |
| |
| |
| |
| |
| | |
When the library is built with --disable-gost, gnutls_digest_get_id
returns GNUTLS_DIG_UNKNOWN for GOST algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Spotted by GCC analyzer:
common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
552 | memcpy(output_data, out.data, (size_t) out.size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When compiled with gcc -fanalyzer, it reports:
cert.c: In function '_gnutls_pcert_to_auth_info':
cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference]
85 | if (info->raw_certificate_list != NULL) {
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
accelerated: fix CPU feature detection for Intel CPUs
See merge request gnutls/gnutls!1487
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
CPUs.
Suggested by Rafael Gieschke in:
https://gitlab.com/gnutls/gnutls/-/issues/1282
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid
CPUID detected for Intel and AMD CPUs.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
Extend system-override-curves-allowlist test with key generation
See merge request gnutls/gnutls!1500
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
certtool: --to-p12: use modern algorithms by default
See merge request gnutls/gnutls!1499
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in
PKCS#12, while it is suggested to migrate to more modern algorithms,
namely AES-128-CBC with PBKDF2 and SHA-256:
https://bugzilla.redhat.com/show_bug.cgi?id=1759982
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
fips: add functions to inspect thread-local FIPS operation state
See merge request gnutls/gnutls!1465
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This installs service indicator state transitions in certain public
key operations in gnutls_crypto_pk_st, namely:
* fallible operations
- encrypt
- sign
- generate_keys
- derive
* infallible operations
- decrypt, decrypt2
- verify
other operations, such as generate_params, are not considered as
crypto operation. Note that fallible operations above mean that those
return value could indicate error, while infallible operations do not
have distinction between errors and failures: decrypt/verify failures
are treated as a successful completion of the operation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
|