| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Resolves: #739
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
ext/record_size_limit: distinguish sending and receiving limits
See merge request gnutls/gnutls!985
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous behavior was that both sending and receiving limits are
negotiated to be the same value. It was problematic when:
- client sends a record_size_limit with a large value in CH
- server sends a record_size_limit with a smaller value in EE
- client updates the limit for both sending and receiving, upon
receiving EE
- server sends a Certificate message larger than the limit
With this patch, each peer maintains the sending / receiving limits
separately so not to confuse with the contradicting settings.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
lib/nettle: fix carry flag in Streebog code
See merge request gnutls/gnutls!992
|
|/ /
| |
| |
| |
| |
| | |
Fix carry flag being calculated incorrectly in Streebog code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
tools: suppress ctime() error from lgtm warnings
See merge request gnutls/gnutls!994
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This function is not thread safe and can be easily misused
even in single threaded scenarios (one such minor bug fixed).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
_gnutls_srp_entry_free: follow consistent behavior in freeing data
Closes #761
See merge request gnutls/gnutls!995
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
_gnutls_srp_entry_free would previously not free any parameters that
were known to gnutls to account for documented behavior of
gnutls_srp_set_server_credentials_function(). This was not updated
when the newly added 8192 parameter was added to the library.
This introduces a safety check for generator parameters, even though
in practice they are the same pointer.
Resolves: #761
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| | |
guile: Properly format guile configure options
See merge request gnutls/gnutls!991
|
| |
| |
| |
| |
| |
| |
| | |
Without the square brackets autoconf turns hyphens into underscores,
which is not what we want or what the help says.
Signed-off-by: Daniel Schaefer <git@danielschaefer.me>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Add or clean header guards in lib/
Closes #728
See merge request gnutls/gnutls!954
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
| |
For FIPS validation purposes, this adds a new function
_gnutls_cipher_get_iv() that exposes internal IV after encryption and
decryption. The function is not generally useful because the IV value
can be easily calculated from the initial IV and the subsequent
ciphertext but for FIPS validation purposes.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
| |
To suppress changes in internal structures.
Suggested by Nikos Mavrogiannopoulos.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\
| |
| |
| |
| | |
certtool: generate RSA-PSS certificates from RSA keys
See merge request gnutls/gnutls!980
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
When generating certificates it was not possible to generate
an RSA-PSS certificate from an RSA key (common scenario). This
fixes the certificate generation to include such a method.
Ironically there was a test for this scenario but the test
was limited to checking that the combination of certtool parameters
succeeded; modified the test to check the textual expression of
the certificate for the RSA-PSS indicators.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Makefile.am: Don't assume autoopts-config returns a single dash.
See merge request gnutls/gnutls!976
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On distributions such as Nix or Guix, `autoopts-config libsrc` may
return something along the lines of
"/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz".
* Makefile.am (libopts-check): Print only the last field from
autoopts-config output.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
p11tool: copy vendor query attributes when listing privkeys
See merge request gnutls/gnutls!982
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When listing private keys on a specified token, "pin-value" is
ignored and the tool looks for GNUTLS_PIN, because it internally
strips out vendor query attributes from the original URL.
This also replaces the global uses of GNUTLS_PIN envvar in
testpkcs11.sh to check the case where the envvar is not in effect.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
prf: add function to retrieve early keying material
Closes #736 and #329
See merge request gnutls/gnutls!894
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and
thus right shifting 32 could be an undefined behavior.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When checking datefudge availability under cross-compiling environment
with a binfmt wrapper, it is not sufficient to check against the host
executable. This instead uses a test executable compiled for the
target architecture.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds --keymatexport and --keymatexportsize options to both
gnutls-serv and gnutls-cli. Those would be useful for testing
interoperability with other implementations.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a new function gnutls_prf_early, which shall be called in a
handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test
needs to be run in a datefudge wrapper as the early secrets depend on
the current time (through PSK).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
TLS 1.3 Early Secret and the derived keys are calculated upon a PSK
being selected, thus the code fits better in ext/pre_shared_key.c.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Use libabigail for tracking ABI changes
See merge request gnutls/gnutls!972
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These have output ABI format compatibility and that means we can
take snapshots to test ABI against. We also hard-code explicitly
the SONAME version to ensure no accidental SONAME bumps happen.
This patch also moves symbols.last in the devel/ subdirectory
and no internal files are shipped.
Relates: #292
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This was available before 3.6.4, and was incorrectly removed.
It was found using libabigail tools.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
doc: Add documentation for GNUTLS_CERT_IGNORE
See merge request gnutls/gnutls!983
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|