| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This prevents an abi-compliance checker error when run under
gcc8 (though this error is not there under any other gcc).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
This eliminates the need of a memory allocation during each
packet encryption when no padding is done.
Relates #458
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This API allows encryption using a scatter input, by also
taking advantage of ciphers which are optimized for such input.
That is particularly useful under TLS1.3 since its encryption is
based on encryption of scattered data (data+pad).
Resolves #458
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
This was not necessary since that value was only used by block
(in TLS sense) ciphers, but that definition could also be used
for the CHACHA20.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Gnulib bootstrap, fix 'make distcheck' and more...
See merge request gnutls/gnutls!641
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't simply remove the checks for HAVE_SYS_SOCKET_H.
If we do, we have to make checks on real WIN32, which
is currently not an option.
So we skip sc_prohibit_always_true_header_tests.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
nettle: require Nettle library >= 3.4
See merge request gnutls/gnutls!662
|
|/
|
|
|
|
|
|
| |
Nettle version 3.4 was released more than a half year ago, require it to
compile GnuTLS library. It allows us to remove bundled code that was
merged into that release.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
update tlsfuzzer with TLS 1.3
Closes #411
See merge request gnutls/gnutls!660
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| | |
That eliminates the need for locking and allows parallel runs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Also enable the TLS 1.3 tests.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, _gnutls_recv_in_buffers() silently discarded empty
messages because such messages are used as a countermeasure to
vulnerabilities in the CBC mode. In TLS 1.3, however, there are only
AEAD ciphers and such logic is meaningless. Moreover, in the protocol
it is suggested to send "unexpected_message" alert when receiving
empty messages in certain occasions. This change moves the empty
message handling to record_add_to_buffers().
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
| |
Previoysly if TLSInnerPlaintext.content is zero-length, the loop
couldn't detect ContentType following the content.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Address issues in record layer decoding
Closes #472, #456, and #455
See merge request gnutls/gnutls!657
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This introduces a priority string option to force encrypt-then-mac
during negotiation, to prevent negotiating the legacy CBC ciphersuites.
Resolves #472
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.
Relates #456
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
This would allow to further modify for more invasive work-arounds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
minimum pad
This improves protection against lucky13-type of attacks when
encrypt-then-mac is not in use.
Resolves #456
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
That enhances the existing CBC check and adds sha384, uses PSK
to reduce handshake time, and other updates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing lucky13 attack count-measures did not work correctly for
SHA384 HMAC.
The overall impact of that should not be significant as SHA384 is prioritized
lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a
client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both
cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported
by the peer.
Resolves #455
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Fix variable overflow in TLS1.3 session ticket code
Closes #471
See merge request gnutls/gnutls!656
|
|/ |
|
|\
| |
| |
| |
| | |
TLS 1.3 session ticket: don't send ticket when no common KE modes
See merge request gnutls/gnutls!652
|