| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
According to FIPS140-2 IG 7.5, the minimum key size of FFC through
2030 is defined as 2048 bits. This updates the relevant self-test
using ffdhe3072 defined in RFC 7919.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
tests: simplify shell-script usage
See merge request gnutls/gnutls!1337
|
| |
| |
| |
| |
| |
| | |
Pointed by Andreas Metzler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
gnutls-serv invocations in cert-tests/dsa can take long time to launch
if valgrind tests are enabled.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This fixes a race condition in the timings between when a free port is
detected and when the port is actually used.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
This function is only used by testpkcs11.sh.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
x509: correct argument of gnutls_verify_output_function
See merge request gnutls/gnutls!1338
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This is a leftover of 52e78f1e. We need to call
gnutls_verify_output_function with the replaced CA cert instead of the
original cert.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
padlock:fix exception in wrap_padlock_hmac_fast
See merge request gnutls/gnutls!1336
|
| |
| |
| |
| |
| |
| |
| | |
In function wrap_padlock_hmac_fast, use free to release local variables
ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash.
Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
|
|\ \
| | |
| | |
| | |
| | | |
priority: add Ed448 to SECURE192 signing algorithms
See merge request gnutls/gnutls!1332
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reported Vladimír Čunát in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
tests: allow clock_nanosleep in seccomp tests
Closes #1086
See merge request gnutls/gnutls!1325
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default selection of signature schemes is also affected by the
crypto-policies, and needs to be explicitly enabled with -sigalgs.
Suggested by Tomas Mraz.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This avoids -fanalyzer false-positive in GCC 10:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
as well as the cppcheck warning:
"variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Martin Sebor in:
https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The function was not really useful because _gnutls_free_datum()
has a NULL check as in free(). This also makes GCC 10 happy if
-Warray-bounds=2 is specified:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The nanosleep wrapper in glibc has changed the implementation using
the clock_nanosleep syscall:
https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
Fix inconsistent handling of $SERV environment variable in testsuite
Closes #1090
See merge request gnutls/gnutls!1331
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests did not support overriding the PATH to gnutls-serv by setting
the environment variable SERV but used GNUTLS_SERV instead.
Closes #1090
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |/
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| |/
|/|
| |
| | |
Make private exponent optional in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1323
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Modifies P_hash() to hash the seed and label separately.
Closes #1013
See merge request gnutls/gnutls!1329
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Fix and enable GOST test in tests/gnutls-cli-debug.sh
See merge request gnutls/gnutls!1328
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #1097
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|/ /
| |
| |
| |
| |
| |
| | |
GOST algorithms are not enabled by default, explicitely request them in
priority string.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| |/
|/|
| |
| | |
gnulib: update git submodule
See merge request gnutls/gnutls!1330
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
-Warith-conversion is new in GCC 10.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
Printing UTCTime really needs last 2 digits of the year.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
| |
This brings in the build fixes of parse-datetime module:
https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve'
Closes #968
See merge request gnutls/gnutls!1319
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
handshake: reject no_renegotiation alert if handshake is incomplete
Closes #1071
See merge request gnutls/gnutls!1320
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix padlock partial PHE detection and sizeof usage
Closes #1076
See merge request gnutls/gnutls!1316
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Fix optional arguments handling in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1318
|