| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Relates: #716
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This clarifies what is returned and what is to be expected on algorithms
with variable IV sizes.
Resolves: #717
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
pkcs11: clarify GNUTLS_PKCS11_TOKEN_MODNAME presence [ci skip]
Closes #633
See merge request gnutls/gnutls!938
|
| |/
|
|
|
|
| |
Resolves: #633
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
gnutls-cli: fix --benchmark-ciphers type overflow
See merge request gnutls/gnutls!934
|
| |/
|
|
| |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\
| |
| |
| |
| | |
Fetch OSS-Fuzz corpora much faster [skip ci]
See merge request gnutls/gnutls!883
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \
| | |
| | |
| | |
| | | |
Update m4/ax_code_coverage.m4
See merge request gnutls/gnutls!905
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Automatically NULLify after gnutls_free()
See merge request gnutls/gnutls!923
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
This method prevents direct use-after-free and
double-free issues.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Cleanup lib/auth/cert.c as suggested by cppcheck
See merge request gnutls/gnutls!924
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
handshake: defer setting downgrade sentinel until version is selected
Closes #689
See merge request gnutls/gnutls!918
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds a call to _gnutls_gen_server_random() in handling the
"supported_versions" extension, so that the TLS 1.3 downgrade sentinel
is set only when the earlier versions are selected.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | | |
Re-introduce topendir on Windows with Unicode support
See merge request gnutls/gnutls!932
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 681330882da19099eea360fab141cab937c45677.
Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
This revert also contains the fix to the original commit (invalid
utf8->utf16 conversion) and a minor simplification of the _treaddir loop.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
|
| |\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
lib: Provide _Thread_local on MSVC
See merge request gnutls/gnutls!933
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
check_if_signed: Get source branch if not set
See merge request gnutls/gnutls!930
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Fix issues in record_size_limit extension handling
See merge request gnutls/gnutls!879
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The record_size_limit extension can also be specified by the server to
indicate the maximum plaintext. Also add test cases for asymmetric
settings between server and client.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In TLS 1.3, the protocol maximum of plaintext size is 2^14+1, while
it is 2^14 in TLS 1.2. To accommodate that, this introduces the
following invariant:
- when the maximum is set by the user with
gnutls_record_set_max_size(), store it as is. The value range is
[511, 16834].
- when the maximum is negotiated through record_size_limit extension,
it can be [512, 16385]. In TLS 1.3, subtract by 1 to fit in [511,
16384].
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we
need to take account of the padding.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As documented in gnutls_int.h, max_record_send_size is for tracking
the user-supplied maximum, while max_record_recv_size for the
protocol negotiated maximum.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Otherwise, the connection will be disconnected by the client, as
suggested in RFC: A client MUST treat receipt of both
"max_fragment_length" and "record_size_limit" as a fatal error, and it
SHOULD generate an "illegal_parameter" alert.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The extension is assigned the internal ID 0.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom
Closes #703
See merge request gnutls/gnutls!926
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: R. Andrew Bailey <bailey@akamai.com>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
bootstrap.conf: do not override GNULIB_SRCDIR
See merge request gnutls/gnutls!925
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This was not set in all of our CI platforms, and was causing
issues in MacOSX.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
x509: corrected issue in the algorithm parameters comparison
Closes #698
See merge request gnutls/gnutls!921
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Each certificate has two fields to set the signature algorithm
and parameters used for the digital signature. One of the fields is
authenticated and the other is not. It is required from RFC5280 to
enforce the equality of these fields, but currently due to an issue
we wouldn't enforce the equality of the parameters fields. This
fix corrects the issue.
We also move an RSA-PSS certificate in chainverify that was relying
on invalid parameters, to this set of invalid certificates.
Resolves: #698
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix uninitialized warning in pkcs11.c
See merge request gnutls/gnutls!906
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix 32bit overflow issue in src/serv-args.def
Closes #700
See merge request gnutls/gnutls!922
|
