| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
When asking the questions for CA certificate generation, default
to yes to signing certificates. This is because that's the most
common type of CAs generated and defaulting to yes eliminates
the need for restart on error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
nettle/gost: support building with GOST-enabled Nettle
See merge request gnutls/gnutls!1044
|
| |
| |
| |
| |
| |
| |
| |
| | |
Check for nettle_xts_encrypt_message() function rather than just
xts_encrypt_message(). All functions in nettle are renamed to contain
`nettle_` prefix.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Nettle library starts to gain support for GOST algorithms. Support
building GnuTLS with GOST-enabled nettle library.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Added suppressions for _MAX enumerator values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added test certificates (cert10.der) with registered ID
Updated Makefile for inclusion of test certificates
Updated SAN unknown test certificates (cert5.der)
Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fixed alerts returned on TLS1.3 corner cases
Closes #682
See merge request gnutls/gnutls!1045
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables the tls-fuzzer tests 'test-tls13-certificate-verify.py'.
Resolves: #682
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'master'
Fix documented params for gnutls_certificate_retrieve_function3()
See merge request gnutls/gnutls!1047
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Support post-handshake reauthentication in the Guile bindings
See merge request gnutls/gnutls!1026
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* guile/modules/gnutls/build/enums.scm (%connection-flag-enum): New
variable.
(%gnutls-enums): Add it.
* guile/modules/gnutls.in: Export 'reauthenticate',
'connection-flag->string', and all the 'connection-flag/' bindings.
* guile/src/core.c (scm_gnutls_make_session): Add rest arguments FLAGS
and honor it.
(scm_gnutls_reauthenticate): New function.
* guile/tests/reauth.scm: New file.
* guile/Makefile.am (TESTS): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while
'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
(read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise, and
return -1 if SCM_GNUTLS_SESSION_TRANSPORT_IS_FD and we got GNUTLS_E_AGAIN.
(session_record_port_fd) [!USING_GUILE_BEFORE_2_2]: New function.
(scm_init_gnutls_session_record_port_type) [!USING_GUILE_BEFORE_2_2]:
Call 'scm_set_port_read_wait_fd'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* guile/src/errors.c (scm_gnutls_fatal_error_p): New function.
* guile/modules/gnutls.in: Export 'fatal-error?'.
* guile/tests/errors.scm: test 'fatal-error?'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* guile/modules/gnutls/build/enums.scm (%error-enum): Update list of
error constants.
* guile/modules/gnutls.in (gnutls): Adjust exports accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
ext/session_ticket: eliminate redundant memcpy
See merge request gnutls/gnutls!1040
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
from ticket_data->data, thus those memory areas may overlap. Using
memcpy here leads to undefined behavior.
Spotted by valgrind run on ppc64le.
==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023)
==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139)
==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
==95231== by 0x4110DEB: handshake_server (handshake.c:3331)
==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727)
==95231== by 0x10009EBF: retry_handshake (serv.c:1306)
==95231== by 0x1000AB67: tcp_server (serv.c:1500)
==95231== by 0x10009E5B: main (serv.c:1297)
==95231==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
pkcs11: ignore login error when traversing tokens
See merge request gnutls/gnutls!1031
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This file is replaced with tests/p11-kit-load.sh and
tests/pkcs11/list-tokens.c.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a token is a general access device, it is expected that login
attempt to that token returns error:
https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
On the other hand, _pkcs11_traverse_tokens treats the error as fatal
and stops iteration. This behavior prevents object search without
token specifier if such tokens are registered in the system.
Reported by Stanislav Zidek in
https://bugzilla.redhat.com/show_bug.cgi?id=1705478
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
lib: mark infinite loops explicitly
See merge request gnutls/gnutls!1043
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There were few infinite loop constructions which were checking
for an always true condition. Make sure that this construction
is marked explicitly as while(1) to assist static analysers, or
reviewers.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
tests: improve coverage of CRQ related functions
See merge request gnutls/gnutls!1042
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
That adds sanity check of crq-related functions that were not included
in the testsuite at all.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
encode_ber_digest_info: added sanity check
See merge request gnutls/gnutls!1041
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | | |
Improve the OCSP (status request) and interop testing
See merge request gnutls/gnutls!1024
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This tests AES-CBC ciphersuites in isolation, as they are
prioritized lower than AES-GCM. We want to test them explicitly
because they have different behavior under EtM.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |_|_|/
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
gnutls-cli-debug: test whether RSA key exchange is supported
Closes #449
See merge request gnutls/gnutls!1039
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Resolves: #449
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls_session_get_desc: avoid printing a NULL value
See merge request gnutls/gnutls!1038
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When gnutls_session_set_premaster() is used (under openconnect),
it is possible that gnutls_session_get_desc will print a string like
this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
With this change we ensure that we do not print null values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
See merge request gnutls/gnutls!1034
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds a continuous random number generator test as defined in FIPS
140-2 4.9.2, by iteratively fetching fixed sized block from the system
and comparing consecutive blocks.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
lib: add support for AES-GMAC
Closes #781
See merge request gnutls/gnutls!1036
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|