| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
| |
This pacifies -fanalyzer false-positive:
common.c:552:3: warning: use of NULL '<unknown>' where non-null expected [CWE-690] [-Wanalyzer-null-argument]
Ideally, the function should be defined as 'extern inline' to avoid
code bloat by being copied across multiple translation units.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| | |
fips: enable self-tests for KDF algorithms and CMAC
See merge request gnutls/gnutls!1341
|
| | |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-tests on CMAC.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires to run a single instance of each KDF
mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
with HMAC-SHA-256 as the underlying MAC.
Although HKDF is non-approved, it would be sensible to do that as it
will be approved in FIPS140-3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| |/
|/|
| |
| | |
fips: use 2048-bit prime for DH self-tests
See merge request gnutls/gnutls!1342
|
| |/
|
|
|
|
|
|
| |
According to FIPS140-2 IG 7.5, the minimum key size of FFC through
2030 is defined as 2048 bits. This updates the relevant self-test
using ffdhe3072 defined in RFC 7919.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| | |
tests: simplify shell-script usage
See merge request gnutls/gnutls!1337
|
| | |
| |
| |
| |
| |
| | |
Pointed by Andreas Metzler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| | |
gnutls-serv invocations in cert-tests/dsa can take long time to launch
if valgrind tests are enabled.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| | |
This fixes a race condition in the timings between when a free port is
detected and when the port is actually used.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| | |
This function is only used by testpkcs11.sh.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | | |
x509: correct argument of gnutls_verify_output_function
See merge request gnutls/gnutls!1338
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
This is a leftover of 52e78f1e. We need to call
gnutls_verify_output_function with the replaced CA cert instead of the
original cert.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| |/
|/|
| |
| | |
padlock:fix exception in wrap_padlock_hmac_fast
See merge request gnutls/gnutls!1336
|
| | |
| |
| |
| |
| |
| |
| | |
In function wrap_padlock_hmac_fast, use free to release local variables
ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash.
Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
|
| |\ \
| | |
| | |
| | |
| | | |
priority: add Ed448 to SECURE192 signing algorithms
See merge request gnutls/gnutls!1332
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reported Vladimír Čunát in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
tests: allow clock_nanosleep in seccomp tests
Closes #1086
See merge request gnutls/gnutls!1325
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default selection of signature schemes is also affected by the
crypto-policies, and needs to be explicitly enabled with -sigalgs.
Suggested by Tomas Mraz.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This avoids -fanalyzer false-positive in GCC 10:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
as well as the cppcheck warning:
"variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Martin Sebor in:
https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The function was not really useful because _gnutls_free_datum()
has a NULL check as in free(). This also makes GCC 10 happy if
-Warray-bounds=2 is specified:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The nanosleep wrapper in glibc has changed the implementation using
the clock_nanosleep syscall:
https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
Fix inconsistent handling of $SERV environment variable in testsuite
Closes #1090
See merge request gnutls/gnutls!1331
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests did not support overriding the PATH to gnutls-serv by setting
the environment variable SERV but used GNUTLS_SERV instead.
Closes #1090
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | |/
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \
| |/
|/|
| |
| | |
Make private exponent optional in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1323
|
| | |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Modifies P_hash() to hash the seed and label separately.
Closes #1013
See merge request gnutls/gnutls!1329
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
Fix and enable GOST test in tests/gnutls-cli-debug.sh
See merge request gnutls/gnutls!1328
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Closes #1097
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |/ /
| |
| |
| |
| |
| |
| | |
GOST algorithms are not enabled by default, explicitely request them in
priority string.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \
| |/
|/|
| |
| | |
gnulib: update git submodule
See merge request gnutls/gnutls!1330
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| | |
-Warith-conversion is new in GCC 10.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
