| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This function is not thread safe and can be easily misused
even in single threaded scenarios (one such minor bug fixed).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Add or clean header guards in lib/
Closes #728
See merge request gnutls/gnutls!954
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
| |
For FIPS validation purposes, this adds a new function
_gnutls_cipher_get_iv() that exposes internal IV after encryption and
decryption. The function is not generally useful because the IV value
can be easily calculated from the initial IV and the subsequent
ciphertext but for FIPS validation purposes.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
To suppress changes in internal structures.
Suggested by Nikos Mavrogiannopoulos.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| | |
certtool: generate RSA-PSS certificates from RSA keys
See merge request gnutls/gnutls!980
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
When generating certificates it was not possible to generate
an RSA-PSS certificate from an RSA key (common scenario). This
fixes the certificate generation to include such a method.
Ironically there was a test for this scenario but the test
was limited to checking that the combination of certtool parameters
succeeded; modified the test to check the textual expression of
the certificate for the RSA-PSS indicators.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
Makefile.am: Don't assume autoopts-config returns a single dash.
See merge request gnutls/gnutls!976
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On distributions such as Nix or Guix, `autoopts-config libsrc` may
return something along the lines of
"/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz".
* Makefile.am (libopts-check): Print only the last field from
autoopts-config output.
Signed-off-by: Marius Bakke <mbakke@fastmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
p11tool: copy vendor query attributes when listing privkeys
See merge request gnutls/gnutls!982
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When listing private keys on a specified token, "pin-value" is
ignored and the tool looks for GNUTLS_PIN, because it internally
strips out vendor query attributes from the original URL.
This also replaces the global uses of GNUTLS_PIN envvar in
testpkcs11.sh to check the case where the envvar is not in effect.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
prf: add function to retrieve early keying material
Closes #736 and #329
See merge request gnutls/gnutls!894
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and
thus right shifting 32 could be an undefined behavior.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When checking datefudge availability under cross-compiling environment
with a binfmt wrapper, it is not sufficient to check against the host
executable. This instead uses a test executable compiled for the
target architecture.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds --keymatexport and --keymatexportsize options to both
gnutls-serv and gnutls-cli. Those would be useful for testing
interoperability with other implementations.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a new function gnutls_prf_early, which shall be called in a
handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test
needs to be run in a datefudge wrapper as the early secrets depend on
the current time (through PSK).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
TLS 1.3 Early Secret and the derived keys are calculated upon a PSK
being selected, thus the code fits better in ext/pre_shared_key.c.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Use libabigail for tracking ABI changes
See merge request gnutls/gnutls!972
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These have output ABI format compatibility and that means we can
take snapshots to test ABI against. We also hard-code explicitly
the SONAME version to ensure no accidental SONAME bumps happen.
This patch also moves symbols.last in the devel/ subdirectory
and no internal files are shipped.
Relates: #292
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This was available before 3.6.4, and was incorrectly removed.
It was found using libabigail tools.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
doc: Add documentation for GNUTLS_CERT_IGNORE
See merge request gnutls/gnutls!983
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Extend test cert to 2049-05-27
See merge request gnutls/gnutls!979
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
instead of expiring in 2024-02-29
This update did not trigger y2038 bugs on 32-bit systems.
Without this patch, one test fails after 2024:
doit:124: rsa pss key: gnutls_x509_crt_verify_data2 |
FAIL x509sign-verify (exit status: 1)
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Fix WIN32 custom push/pull functions
Closes #751
See merge request gnutls/gnutls!978
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Fix link errors with gcc-9
See merge request gnutls/gnutls!966
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against
libcrypto. This fixes a build error with gcc9 which passes the linker
option --as-needed by default.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_cipher_suite_get_name and gnutls_session_get_master_secret
are marked as TLS1.2 or earlier-only as they cannot be used with
TLS 1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
They served no purpose.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/ /
| |
| |
| |
| |
| |
| | |
That is because the same variable name is used by local
variables as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
tests: fix race condition in tls13/post-handshake-with-cert-pkcs11
See merge request gnutls/gnutls!977
|
