| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
Fix removal of duplicate certs during verification for 3.7. series
See merge request gnutls/gnutls!1709
|
| |
| |
| |
| |
| |
| | |
Needed by 3173805baed95e3790417ccc9e6b21c83fb38c7f
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|/
|
|
|
|
|
| |
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
(cherry picked from commit e89378d5853d9bd0136b95aade37e23762ad9290)
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\
| |
| |
| |
| | |
.gitlab-ci.yml: use artifacts:untracked [3.7.x]
See merge request gnutls/gnutls!1710
|
| |
| |
| |
| |
| |
| |
| |
| | |
The previous attempt to use relative paths caused issues when the
repository is mirrored, requiring all the local submodules are
mirrored as well.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
GitLab CI has support for automatic checkout of submodules, though it
requires some modifications to .gitmodules:
https://docs.gitlab.com/ee/ci/git_submodules.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
|
|
| |
The "artifacts:untracked" enables to efficiently archive build
artifacts:
https://docs.gitlab.com/ee/ci/yaml/#artifactsuntracked
Also copy files with bootstrap, as symlinks are excluded from the
artifacts.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
Release 3.7.9
See merge request gnutls/gnutls!1700
|
| |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Hubert Kario <hkario@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Signed-off-by: Hubert Kario <hkario@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Remove branching that depends on secret data.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Signed-off-by: Hubert Kario <hkario@redhat.com>
Tested-by: Hubert Kario <hkario@redhat.com>
|
|\ \
| |/
| |
| |
| | |
Release 3.7.8
See merge request gnutls/gnutls!1646
|
| |
| |
| |
| |
| |
| | |
Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|/
|
|
| |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s
Closes #1370
See merge request gnutls/gnutls!1642
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the LD doesn't have support for version scripts,
_gnutls_x86_cpuid_s is exported through libtool's
--export-symbols-regex and that causes link error with clang:
libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib
/Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib
__gnutls_x86_cpuid_s
make[4]: *** [libgnutls.la] Error 1
This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid
the issue.
Problem investigated and fix suggested by Clemens Lang in:
https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
compress-cert: support compression of client certificates
Closes #1397
See merge request gnutls/gnutls!1641
|
|/
|
|
|
|
|
|
| |
Previously the compress_certificate extension was sent by the server
as part of ServerHello, which violates RFC 8879. This patch instead
send it as an extension of CertificateRequest.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Report system config file location via gnutls-cli
Closes #1399
See merge request gnutls/gnutls!1639
|
|/
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|\
| |
| |
| |
| | |
cipher: Ensure correct alignment
See merge request gnutls/gnutls!1633
|
| |
| |
| |
| |
| |
| | |
Unsigned math is required to calculate the current alignment.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
doc: mention GNUTLS_CB_TLS_EXPORTER
Closes #1391
See merge request gnutls/gnutls!1636
|
| |
| |
| |
| |
| |
| | |
This is to comply with RFC9266 4.2.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to RFC9622 4.2, the "tls-exporter" channel binding is only
usable when the handshake is bound to a unique master secret. This
adds a check whether either TLS 1.3 or extended master secret
extension is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
accelerated: clear AVX bits if it cannot be queried through XSAVE
Closes #1282
See merge request gnutls/gnutls!1631
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
Architectures Software Developer’s Manual".
GnuTLS previously only followed that algorithm when registering the
crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
that the extension bits are propagated to _gnutls_x86_cpuid_s.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Unload custom allocators in gnutls_crypto_deinit()
Closes #1398
See merge request gnutls/gnutls!1637
|
|/ /
| |
| |
| |
| |
| | |
Closes #1398
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
srptool: resurrect default value for -i
Closes #1394
See merge request gnutls/gnutls!1634
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default option value for -i (--index) was dropped during the
cligen conversion. This adds it back for compatibility with the
existing command line usage.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/ /
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
restrict allowlisting api to before priority string initialization
See merge request gnutls/gnutls!1533
|
| | |
| | |
| | |
| | |
| | |
| | | |
(in a separate commit so that it's easier to compare)
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
fips: mark RSA SigVer operation approved for known modulus sizes
See merge request gnutls/gnutls!1630
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
SP800-131A rev2 suggests certain RSA modulus sizes under 2048
bits (1024, 1280, 1536, and 1792) may continue to be used for
signature verification but not for signature generation. This loosen
the current service indicator report to approve them.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Previously we checked RSA modulus size clamped to byte unit instead of
bits. This makes the check stricter by explicitly calculating the
modulus size in bits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
windows: Avoid -Wint-conversion errors
See merge request gnutls/gnutls!1632
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clang 15 made "incompatible pointer to integer conversion" an error
instead of a plain warning. This fixes errors like these:
system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion]
HCRYPTHASH hHash = NULL;
^ ~~~~
Signed-off-by: Martin Storsjo <martin@martin.st>
|
|\ \
| |/
|/|
| |
| | |
fips: disable GNUTLS_CIPHER_3DES_CBC self-test
See merge request gnutls/gnutls!1629
|
| |
| |
| |
| | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|