| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This is a leftover of 52e78f1e. We need to call
gnutls_verify_output_function with the replaced CA cert instead of the
original cert.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
padlock:fix exception in wrap_padlock_hmac_fast
See merge request gnutls/gnutls!1336
|
| |
| |
| |
| |
| |
| |
| | |
In function wrap_padlock_hmac_fast, use free to release local variables
ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash.
Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
|
|\ \
| | |
| | |
| | |
| | | |
priority: add Ed448 to SECURE192 signing algorithms
See merge request gnutls/gnutls!1332
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reported Vladimír Čunát in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
tests: allow clock_nanosleep in seccomp tests
Closes #1086
See merge request gnutls/gnutls!1325
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default selection of signature schemes is also affected by the
crypto-policies, and needs to be explicitly enabled with -sigalgs.
Suggested by Tomas Mraz.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This avoids -fanalyzer false-positive in GCC 10:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
as well as the cppcheck warning:
"variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Martin Sebor in:
https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The function was not really useful because _gnutls_free_datum()
has a NULL check as in free(). This also makes GCC 10 happy if
-Warray-bounds=2 is specified:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The nanosleep wrapper in glibc has changed the implementation using
the clock_nanosleep syscall:
https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
Fix inconsistent handling of $SERV environment variable in testsuite
Closes #1090
See merge request gnutls/gnutls!1331
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests did not support overriding the PATH to gnutls-serv by setting
the environment variable SERV but used GNUTLS_SERV instead.
Closes #1090
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |/
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| |/
|/|
| |
| | |
Make private exponent optional in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1323
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Modifies P_hash() to hash the seed and label separately.
Closes #1013
See merge request gnutls/gnutls!1329
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Fix and enable GOST test in tests/gnutls-cli-debug.sh
See merge request gnutls/gnutls!1328
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #1097
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|/ /
| |
| |
| |
| |
| |
| | |
GOST algorithms are not enabled by default, explicitely request them in
priority string.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| |/
|/|
| |
| | |
gnulib: update git submodule
See merge request gnutls/gnutls!1330
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
-Warith-conversion is new in GCC 10.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
Printing UTCTime really needs last 2 digits of the year.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
| |
This brings in the build fixes of parse-datetime module:
https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve'
Closes #968
See merge request gnutls/gnutls!1319
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
handshake: reject no_renegotiation alert if handshake is incomplete
Closes #1071
See merge request gnutls/gnutls!1320
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix padlock partial PHE detection and sizeof usage
Closes #1076
See merge request gnutls/gnutls!1316
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Fix optional arguments handling in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1318
|
| | |
| | |
| | |
| | |
| | |
| | | |
import.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted,
key fixup logic however checks for 3 missing arguments when updating coefficient 'u'
but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters
are missing at that point.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
improve gnutls-serv EOL processing
Closes #1073
See merge request gnutls/gnutls!1314
|
|/
|
|
|
|
| |
add option `--crlf` to gnutls-serv to disable replacing a received CRLF
by LF in echo mode (fixes #1073).
Signed-off-by: Albrecht Dreß <albrecht.dress@arcor.de>
|
|\
| |
| |
| |
| |
| |
| | |
handshake: check TLS version against modified server priorities
Closes #1054
See merge request gnutls/gnutls!1309
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The server needs to take into account of multiple factors when
determining the TLS protocol version actually being used:
- the legacy version
- "supported_versions" extension
- user_hello_func that may modify the server's priorities
Only after that it can check whether the TLS version is enabled in the
server's priorities.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
cert-session: check OCSP error responses
Closes #1062
See merge request gnutls/gnutls!1308
|
| |/
| |
| |
| |
| |
| |
| |
| | |
If the OCSP responder returns an error code, such as tryLater, we
can't proceed to examine the response bytes. In that case, just skip
the check unless the stapling is mandatory on this certificate.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_aead_cipher_decrypt: check output buffer size before writing
Closes #1049
See merge request gnutls/gnutls!1312
|