| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This adds a couple of functions, gnutls_handshake_set_read_function()
and gnutls_handshake_write(), to allow QUIC implementations to
directly interact with the TLS state machine.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\
| |
| |
| |
| | |
TravisCI: Add bison
See merge request gnutls/gnutls!1192
|
| |
| |
| |
| |
| |
| | |
The latest gnulib needs a newer bison than TravisCI OSX has.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
Add option to store all stapled OCSP responses to gnutls-cli
See merge request gnutls/gnutls!1189
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Note that there's a small modification to the behavior of the existing
--ocsp-save option: If there is no stapled OCSP response the output
file is still created and will be empty.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \
| |/
|/|
| |
| | |
.lgtm.yml: Fix --disable-documentation to --disable-doc [skip ci]
See merge request gnutls/gnutls!1191
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
keylogfile: generalize with a callback
Closes #852
See merge request gnutls/gnutls!1184
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This refactors the keylogfile mechanism by adding a callback to get
notified when a new secret is derived and installed. That way,
consumers can implement custom logging feature per session, which is
particularly useful in QUIC implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Update gnulib to fix building on OSX 10.9
Closes #926
See merge request gnutls/gnutls!1190
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1.
References:
https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html
https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html
https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #926
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
testcompat-openssl: improve testing against secured OpenSSL versions.
See merge request gnutls/gnutls!1168
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and
requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
and thus enabling testing more compatability combinations.
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
|\ \
| |/
|/|
| |
| | |
nettle/gost: gost28147: require calling set_param before set_key
See merge request gnutls/gnutls!1188
|
| |
| |
| |
| |
| |
| |
| | |
Require selecting parameter set before setting the key. There is no need
to provide default setting, if a param is always selected anyway.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
crypto-api: add generic crypto functions for KDF
Closes #851 and #813
See merge request gnutls/gnutls!1186
|
| |
| |
| |
| |
| |
| |
| | |
The MAC algorithm used in the PBKDF2 is actually prohibited in the
FIPS mode and previously there wasn't a check for that.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This exposes HKDF and PBKDF2 functions from the library. Instead of
defining a single KDF interface as in PKCS #11, this patch defines 3
distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
derivation, so that we can take advantage of compile time checking of
necesssary parameters.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
session_pack: fix leak in error path
See merge request gnutls/gnutls!1185
|
|/
|
|
|
|
|
| |
If called at the wrong time, it allocates the buffer sb and forgets to
clear it.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
nettle/gost: support use GOST DSA support from master branch
See merge request gnutls/gnutls!1183
|
| |
| |
| |
| |
| |
| | |
Use GOST DSA and GOST curves provided by Nettle's master branch.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
pkcs12: do not go try calculating pbkdf2 with 0 iterations
See merge request gnutls/gnutls!1182
|
| |/
| |
| |
| |
| |
| |
| | |
Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
GnuTLS PKCS12 GOST code to check that iter is not 0.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| |/
|/|
| |
| | |
add support for local threads with studio and ibm compilers
See merge request gnutls/gnutls!1181
|
|/
|
|
| |
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
|
|\
| |
| |
| |
| | |
Avoid pushd/popd bashism in testsuite
See merge request gnutls/gnutls!1180
|
| |
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
|
| |
This test requires a TLS-1.3-only server as its tests clash with
extensions supported by a TLS-1.2 server. Ensure that the extensions
that overlap with TLS-1.2 are not manipulated as we don't have
a pure TLS-1.3-only implementation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
Use 'make -j' with higher values for CI builds and tests
Closes #897
See merge request gnutls/gnutls!1154
|
| |
| |
| |
| |
| |
| | |
This fixes issues on the CI cross-runners with 'make -jN', N > 1.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| |
| |
| |
| | |
This speeds up the Gitlab CI runners. E.g. measured timings of the
Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
tlsfuzzer: updated to latest upstream
Closes #907
See merge request gnutls/gnutls!1179
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py.
The latter introduced too pendantic tests on curves we don't implement,
and requires significant changes to passing with limited benefit. For example
it requires the server to error on mismatching entries (and we simply ignore
them). As its value is low (we do not target to be a reference implementation
for testing broken clients), it was removed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
|
| |
On unknown curves or illegal parameters, make sure we return the
right error code which will translate to the appropriate alert.
Resolves: #907
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
fuzz: update ed448 fuzzer traces and other fuzz improvements
See merge request gnutls/gnutls!1177
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fuzzer files for ed448 were the reverse for client and server.
Enhanced the fuzzer tools to run a single fuzzer, and added more
clear documentation on how to generate and manually test the fuzzer
outputs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|