| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
fips: tighten check on DH parameters according to SP800-56A (rev 3)
See merge request gnutls/gnutls!1295
|
| |
| |
| |
| |
| |
| |
| |
| | |
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
Wipe session ticket keys before releasing the session structure
See merge request gnutls/gnutls!1289
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This includes both a copy of the master key and one or two derived
keys, all of which could be used to decrypt session tickets if
stolen. The derived keys could only be used for tickets issued within
a certain time frame (by default several hours).
The documentation for gnutls_session_ticket_enable_server() already
states that the master key should be wiped before releasing it, and
the same should apply to internal copies.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \
| | |
| | |
| | |
| | | |
issues #1018- Modied the license to GPLv2.1+ to keep with LICENSE file.
See merge request gnutls/gnutls!1285
|
| | |
| | |
| | |
| | | |
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Detect Python interpreter for tests instead of assuming "python"
Closes #1034
See merge request gnutls/gnutls!1292
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Tlsfuzzer also assumed the Python interpreter would be called
"python", this update is necessary to get a fixed version (see
https://github.com/tomato42/tlsfuzzer/pull/671).
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This makes the extended test suite work one Debian(-ish) systems
without Python 2, where the Python 3 interpreter is called "python3".
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
GOSTR341194, RIPEMD160: mark as insecure for digital signatures
See merge request gnutls/gnutls!1175
|
| |\ \ \
| |/ / /
|/| | |
| | | | |
# Conflicts:
# lib/crypto-selftests-pk.c
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
build: minor fixes
See merge request gnutls/gnutls!1287
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but both only with %NO_EXTENSIONS
See merge request gnutls/gnutls!1251
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
both only with %NO_EXTENSIONS
This is a follow-up to !1221.
See #958 and https://gitlab.com/openconnect/openconnect/-/issues/145 for a
real-world example of ancient Cisco servers with these deficiencies.
With !1221 only, gnutls-cli-debug reports that these ancient servers only support
SSL 3.0 (but without extensions). Information after this point is
largely erroneous:
$ gnutls-cli-debug ***vpn.***.com
GnuTLS debug client 3.6.12
Checking ***vpn.***.com:443
whether the server accepts default record size (512 bytes)... no
whether %ALLOW_SMALL_RECORDS is required... no
for SSL 3.0 (RFC6101) support... yes
for SSL 3.0 with extensions... no
With this additional change, gnutls-cli-debug correctly reports that such a
server also supports TLS 1.0 (but again with extensions disabled). Below
I've marked some of the significant fields that have changed:
$ gnutls-cli-debug ***vpn.***.com
GnuTLS debug client 3.6.12
Checking ***vpn.***.com:443
whether the server accepts default record size (512 bytes)... no
whether %ALLOW_SMALL_RECORDS is required... no
for SSL 3.0 (RFC6101) support... yes
for SSL 3.0 with extensions... no
whether we need to disable TLS 1.2... yes
whether we need to disable TLS 1.1... yes
# This is now correct:
whether we need to disable TLS 1.0... no
# This is now correct:
whether %NO_EXTENSIONS is required... yes
# This is now correct:
for TLS 1.0 (RFC2246) support... yes
for TLS 1.1 (RFC4346) support... no
fallback from TLS 1.1 to... failed
for TLS 1.2 (RFC5246) support... no
# This is now correct:
for known TLS or SSL protocols support... yes
TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance)
for inappropriate fallback (RFC7507) support... no
for HTTPS server name... ******
for certificate chain order... sorted
for Safe renegotiation support (SCSV)... no
for version rollback bug in RSA PMS... no
for version rollback bug in Client Hello... no
whether the server ignores the RSA PMS version... no
whether small records (512 bytes) are tolerated on handshake... yes
whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted... yes
whether the server understands TLS closure alerts... partially
whether the server supports session resumption... yes
for anonymous authentication support... no
for ephemeral Diffie-Hellman support... no
for RFC7919 Diffie-Hellman support... no
for AES-GCM cipher (RFC5288) support... no
for AES-CCM cipher (RFC6655) support... no
for AES-CCM-8 cipher (RFC6655) support... no
for AES-CBC cipher (RFC3268) support... no
for CAMELLIA-GCM cipher (RFC6367) support... no
for CAMELLIA-CBC cipher (RFC5932) support... no
# This is now correct:
for 3DES-CBC cipher (RFC2246) support... yes
# This is now correct:
for ARCFOUR 128 cipher (RFC2246) support... yes
for CHACHA20-POLY1305 cipher (RFC7905) support... no
for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no
for MD5 MAC support... yes
for SHA1 MAC support... yes
for SHA256 MAC support... no
for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
tests: improve datefudge usage
Closes #1021
See merge request gnutls/gnutls!1288
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Suggested by Andreas Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1021
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This makes check_for_datefudge not to immediately exit the program,
but to return non-zero to allow the tests by themselves to control the
behavior when "datefudge" is not found.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
configure.ac: prefer the latest version of build infrastructure
See merge request gnutls/gnutls!1284
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
AM_GNU_GETTEXT_REQUIRE_VERSION tells autopoint to copy the latest
possible build infrastructure installed on the system, rather than the
fixed version from the archive.dir.tar.xz. This makes the
bootstrapping slightly faster and allows us not to stick with the
ancient gettext version.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
configure: improve nettle, gmp, and hogweed soname detection
See merge request gnutls/gnutls!1286
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some linkers might optimize away the libraries passed on the
command line if they aren't actually needed, such as gnu ld with
--as-needed.
The ldd output then won't list the shared libraries and the
detection will fail.
Make sure nettle and others are really used.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix Vista CI and add a Vista DLL target
See merge request gnutls/gnutls!1279
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This resulted in the MinGW64.Vista+ target doing the same thing as the MinGW64
target.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
crypto-api: always allocate memory when serializing iovec_t
Closes #1017
See merge request gnutls/gnutls!1278
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The AEAD iov interface falls back to serializing the input buffers if
the low-level cipher doesn't support scatter/gather encryption.
However, there was a bug in the functions used for the serialization,
which causes memory leaks under a certain condition (i.e. the number
of input buffers is 1).
This patch makes the logic of the functions simpler, by removing a
micro-optimization that tries to minimize the number of calls to
malloc/free.
The original problem was reported by Marius Steffen in:
https://bugzilla.samba.org/show_bug.cgi?id=14399
and the cause was investigated by Alexander Haase in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
See merge request gnutls/gnutls!1161
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add test vectors for newly added MAC algorithms.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Merge the extra libraries to link dynamically in GNUTLS_LIBS_PRIVATE
Closes #1020
See merge request gnutls/gnutls!1280
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should fix #1020 where bcrypt is missing from thirdparty_libadd.
Ultimately it would be good to add libraries that always need to be linked in
one variable that is shared between the Makefile and the pkg-config file.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
tests: updated tlsfuzzer tests to latest version
See merge request gnutls/gnutls!1276
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
excluded some tests from test-certificate-malformed.py
Signed-off-by: KrenzelokFrantisek <krenzelok.frantisek@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls_aead_cipher_init: fix potential memleak
Closes #1010
See merge request gnutls/gnutls!1274
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Upon failure this function returns without freeing memory allocated
internally. This makes sure that it is released and do not touch the
output handle argument.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When _gnutls_aead_cipher_init() fails, the function returns without
freeing the allocted handle. This was once fixed in commit
502be130493e8ce802cdf60fffdbb5f1885352a5 but regressed after a code
reorganization in commit 2eef509ce5f2d250f8dcaeffa46444dd2b694e91.
Reported by Miroslav Lichvar.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
AIA callback to retrieve missing chain certificates
See merge request gnutls/gnutls!1262
|