| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
| |
verify-high.c:284:7: runtime error: implicit conversion from type 'size_t'
(aka 'unsigned long') of value 15421545260338 418178 (64-bit, unsigned) to
type 'uint32_t' (aka 'unsigned int') changed the value to 437555714 (32-bit,
unsigned)
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
Suppressions are in devel/ubsan.supp.
Suppressions only work on recoverable checks.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| |
| |
| | |
ecore cli: updated and rewritten to use libev
Closes #884
See merge request gnutls/gnutls!1148
|
| |
| |
| |
| |
| |
| | |
This part of the test suite is only run on CI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
That removes a lot of code that was not necessary in the gnutls test
suite.
Resolves: #884
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This should result to faster image loading for CI builds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
tests: use newer nettle APIs in cipher-override.c
See merge request gnutls/gnutls!1149
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
doc: updated copyrights for 2020
See merge request gnutls/gnutls!1147
|
|/
|
|
|
|
|
| |
This updates the copyright year for documentation
and excludes gnulib files from the copyright check.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
guile: Arrange to make 'gnutls.scm' architecture-independent.
Closes #838
See merge request gnutls/gnutls!1121
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #838.
Reported by Andreas Metzler.
* configure.ac: Define and substitute 'maybe_guileextensiondir'.
* guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'.
* guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@.
Check if %LIBDIR is true.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
Fix gnutls-cli compilation with GOST disabled
See merge request gnutls/gnutls!1143
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix building gnutls-cli (benchmark part) with GOST keys support being
disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| | |
Support gnutls-serv when building GnuTLS with OCSP API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
Workaround for SChannel limitations
See merge request gnutls/gnutls!1138
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add tests mimicking SChannel clients which are unable to send proper
SignatureAlgorithms extension.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SChannel-based clients can not send GOST identifiers as a part of
SignatureAlgorithms extension. To mitigate this forcefully enable GOST
signature algorithms if client sends GOST ciphersuite.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Benchmark GOST ciphers/ciphersuites
See merge request gnutls/gnutls!1142
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use newly added gnutls_hmac_get_key_size() to get key size instead of
assuming that key size = block size (incorrect for GOST 28147 IMIT).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add gnutls_hmac_get_key_size() to retrieve MAC key size.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Rewrite gost28147 imit code to clean up state and index on key setup to
be sure that imit context is properly cleaned.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Do not tolerate invalid DER time
Closes #207
See merge request gnutls/gnutls!1141
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This effectively reverts !400 and ensures that we no longer tolerate
invalid DER time. This complements the previous commit by Lili Quan
and ensures we provide the --disable-strict-der-time backwards compatibility
option.
Resolves: #207
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
certtool: always set extensions from template
See merge request gnutls/gnutls!1130
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously we would only set these extensions specific with add_extension
when generating using --generate-certificate. The change makes sure these
options are considered even when generating an extension from a certificate
request. Issue reported on the mailing list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Improvements in gnutls-cli --benchmark-tls-kx
See merge request gnutls/gnutls!1128
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It is now printed in a way that separates the tests. Example:
```
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 179.19 transactions/sec
- avg. handshake time: 5.57 ms
- standard deviation: 0.57
(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 182.24 transactions/sec
- avg. handshake time: 5.48 ms
- standard deviation: 0.64
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This allows micro and nanoseconds to be reported if necessary,
and it changes reporting of sample variance to standard deviation
giving a possibly better overview as it is in the same units as
the average.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls-serv: do not exit on command failure
Closes #868
See merge request gnutls/gnutls!1129
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
would simply quit. This prevents using this tool in a test environment
like tlsfuzzer. Ensure that we don't quit on error.
Resolves: #868
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
abi-check: fix include paths
See merge request gnutls/gnutls!1139
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If GnuTLS is built outside of source tree, abicheck will miss gnutls.h
header which is generated in the build tree. Expand arguments to include
it.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
_gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements
Closes #877
See merge request gnutls/gnutls!1140
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When running the test suite we do not apply the global
gnutls configration as it may change options that are
tested.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected
level. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise.
Resolves: #877
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This applies to the --verify and --verify-chain commands.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|