| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
.gitlab-ci.yml: switched fedora to latest version
See merge request gnutls/gnutls!1015
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
RELEASES.md: document the releases policy
See merge request gnutls/gnutls!1011
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a file to document the policy on releases based on
the discussions taken place in the last face to face meeting.
https://gitlab.com/gnutls/gnutls/wikis/face2face-meeting-fosdem2019
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Do not regenerate autogen files if --enable-local-libopts is given
Closes #772
See merge request gnutls/gnutls!1010
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This addresses issue on installed systems which have autogen but
use --enable-local-libopts. In these systems if the installed autogen
would not match the local libopts library version compilation would
fail because the auto-generated files depend on the corresponding to
autogen version libopts internals.
Resolves: #772
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Makefile.am: do not create files when it shouldn't
See merge request gnutls/gnutls!1014
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If a pdf or html file is not distributed, previously `make dist`
would create a file called '*.pdf' which did not make sense. This
addresses this problem.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Datum.c cleanup
See merge request gnutls/gnutls!1002
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
_gnutls_set_datum(): Do not change output 'dat' on error
_gnutls_set_strdatum: Likewise, cleanup code
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/ /
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| |
| |
| |
| | |
It compicates the 'make dist' phase and does not add much
value as the files are available from the web site.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
Do not add libraries in the global LIBS in configure
Closes #735
See merge request gnutls/gnutls!1008
|
| |
| |
| |
| |
| |
| |
| |
| | |
We do not use this variable as it is global and applies to all of
tests, applications and library, and when it is set it is usually due to
bugs in configure.ac.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
This ensures that libraries are linked with the programs
requiring them.
Resolves: #735
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
tests: prf-early fixes the global version
See merge request gnutls/gnutls!1009
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
| |
This allows having fixed data in the hello message involved.
That required exposing the variable holding the global gnutls
version number for testing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
In order to make the CI functional again. The version number update
seems to conflict with tests/tls13/prf-early.sh
This reverts commit d34d93b8713cf10235ce7016fd69b6932b0752c0.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This eliminates unexpected failures of the test in slower systems.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
These are mersenne primes so q = (p - 1) / 2
We check that p = (q * 2) + 1
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
In FIPS mode do an extra check that we did have Q, but it is always
passed into the tls13 derive function from the callers.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
This test ensures that public keys are properly tested for validity
before a ECDH exchange is computed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
This test ensures that public keys are properly tested for validity
before a DH exchange is computed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This is for NIST SP800-56A requirements and FIPS CAVS testing.
GnuTLS never passes in a non-empty Q for normal operations, but tests will
and if Q is passed in it needs to be checked.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Fix handling of malformed KeyUpdate messages
Closes #699
See merge request gnutls/gnutls!1005
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The limit was too small when testing the capability of handling
multiple KeyUpdate messages with tlsfuzzer.
This requires a change in the rate limit logic, as previously it
doesn't count the KeyUpdate messages despite the name of
KEY_UPDATES_PER_SEC.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The function checks if a Handshake message is interleaved with an
Application Data, but the check was insuffient because it assumed that
a complete header is received in the buffer.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
priority: add new option to allow small records (>= 64)
See merge request gnutls/gnutls!1006
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a mismatch in the lower limit of record sizes in RFC
8449 (64) and our default (512). If the server advertises a smaller
limit than our default, the client has no way to keep communicating
with the server.
This patch adds a new priority string option %ALLOW_SMALL_RECORDS to
set the limit to 64.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA
Closes #754
See merge request gnutls/gnutls!1004
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The gnutls_certificate_verify_flags comparisons against
OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.
Resolves: #754
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
server auth: disable TLS 1.3 if no signature algorithm is usable
Closes #731
See merge request gnutls/gnutls!987
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements the errata for RFC 7919 eliminating the requirement to
reply with an insufficient_security alert when we have negotiated an
FFDHE group, but cannot find common ciphersuite:
https://www.rfc-editor.org/errata/eid4908
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a server side counterpart of
005a4d04145707daad9588acedfdb5f6cd97c80c.
Instead of signalling an error when no algorithm is usable in TLS 1.3,
it downgrades the session to TLS 1.2 with a warning.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|