| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Extend test cert to 2049-05-27
See merge request gnutls/gnutls!979
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
instead of expiring in 2024-02-29
This update did not trigger y2038 bugs on 32-bit systems.
Without this patch, one test fails after 2024:
doit:124: rsa pss key: gnutls_x509_crt_verify_data2 |
FAIL x509sign-verify (exit status: 1)
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Fix WIN32 custom push/pull functions
Closes #751
See merge request gnutls/gnutls!978
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Fix link errors with gcc-9
See merge request gnutls/gnutls!966
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against
libcrypto. This fixes a build error with gcc9 which passes the linker
option --as-needed by default.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_cipher_suite_get_name and gnutls_session_get_master_secret
are marked as TLS1.2 or earlier-only as they cannot be used with
TLS 1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
They served no purpose.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/ /
| |
| |
| |
| |
| |
| | |
That is because the same variable name is used by local
variables as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
tests: fix race condition in tls13/post-handshake-with-cert-pkcs11
See merge request gnutls/gnutls!977
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The test had a strange setup of server/client processes: the server
runs in a child process and the client runs in a parent process. The
intention behind this was to detect softhsm availability in the parent
process and exit with 77 if missing. However, there was a potential
race when the server exits and proceeds to the next call of start().
This fixes the process setup and moves the softhsm detection at the
program startup.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
build: allow override guile system location
Closes #748
See merge request gnutls/gnutls!968
|
| | |
| | |
| | |
| | |
| | |
| | | |
Reduce confusion between the upstream terms and the gnutls terms.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
guile has three settings acquired from system:
* GUILE_SITE
* GUILE_SITE_CCACHE
* GUILE_EXTENSION
The <guile-2.2 m4 macro exposed only GUILE_SITE while build tried to guess the
other variables based on the $libdir of the gnutls which may be different.
The >=guile-2.2 m4 macro provides all settings for build to use as default,
while allowing to override each.
Resolves: #748
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\ \
| |/
|/|
| |
| | |
Pass CI commit check if branches are 'even'
See merge request gnutls/gnutls!975
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| |/
|/|
| |
| | |
tests: cert-tests: crl: cleanup files
See merge request gnutls/gnutls!973
|
|/
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\
| |
| |
| |
| | |
ci: refresh the cache due to failures in debian
See merge request gnutls/gnutls!974
|
|/
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
CONTRIBUTING.md: document unit testing method of internal functions [ci skip]
Closes #749
See merge request gnutls/gnutls!971
|
|/
|
|
|
|
| |
Resolves: #749
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
cert auth: reject auth if no signature algorithm is usable in TLS 1.3
Closes #730
See merge request gnutls/gnutls!967
|
| |
| |
| |
| |
| |
| |
| | |
This adds a test that exercise the client's auth rejection logic,
using the RSA-PSS disabled PKCS #11 token.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the
use of the CKM_RSA_PKCS_PSS mechanism. That way we can simulate the
situation where the certificate is RSA while the private key cannot be
used for RSA-PSS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, when there is no overlap between usable signature
algorithms and the "signature_algorithms" extension in Certificate
Request, the client failed in sending Certificate Verify, followed by
a connection close. In TLS 1.3, it is possible to keep the connection
but reject the authentication by not sending Certificate Verify.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Previously, while the flag HSK_CRT_SENT was checked in
_gnutls13_send_certificate_verify, the flag was never set anywhere.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
nettle: include config.h before checking for definitions
See merge request gnutls/gnutls!970
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This makes sure that we don't include the internal backport
if compiled with a version of nettle that includes that code.
We also exclude nettle/backport from the static analyzer's list
as it contains files outside our control (from nettle project).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
[OSCP] Fix : null pointer resp
See merge request gnutls/gnutls!969
|
| | |
| | |
| | |
| | | |
Signed-off-by: Elta Koepp <elta_koepp@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we
don't need to zero it again via a volatile trick later in this function.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
|
| |
| |
| |
| |
| |
| | |
That is, because there are no diffs to check.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
Fix check_if_signed
See merge request gnutls/gnutls!964
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the target branch we check against by adding upstream as remote.
Drop the use of set -e as this causes the shell to immediately exit on
errors instead of allowing the code to check the failure and report what
it faled about.
Also print which commits are being checked and what information was found
so that a CI failure can be better diagnosed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
| |
If nettle's XTS is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
Added a larger set of corpus (generated with afl-fuzz), and made
sure that the fuzzer application crashes if verification succeeds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
Let check_if_signed fail if git fails
See merge request gnutls/gnutls!962
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
Detect malloc failure.
See merge request gnutls/gnutls!960
|
| | |
|
|/
|
| |
malloc(data.size + 1) maybe returns NULL on failure.
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
Resolves: #704
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This also adds a reproducer for CVE-2019-3829.
Resolves: #694
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
fips140: Perform SHA-3 self tests
See merge request gnutls/gnutls!958
|
| |
| |
| |
| |
| |
| |
| | |
It is required to perform the self tests to validate SHA-3
implementation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
handshake: increase the default number of tickets we send to 2
Closes #596
See merge request gnutls/gnutls!942
|