| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
DTLS1.3 uses unified_header without necrypted sequence as a AD for AEAD
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
DTLS1.3 only
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
Add Cryptographic Label Prefix "dtls13"
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[RFC9147] 4.1 Demultiplexing DTLS Records
epoch is resolved by internal count and by the last 2 bits of unified
header flags (DTLSCiphertextStructure)
[RFC9147] 4.2.3 sequence number has to be first deciphered and then
resolved just like epoch
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
Use hello retry request instead of hello verify request
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
disable rfc8446#appendix-D.4
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
enable TLS 1.3 ciphersuites for DTLS 1.3
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
|
|
| |
This version is used for legacy_record_version in record_layer and it
has to be set to DTLS1.2 for compatibility purposes with servers not
supporting dtls1.3
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
| |
Enable all tls1.3 extentions for dtls
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
| |
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |\
| |
| |
| |
| | |
.gitlab-ci.yml: take advantage of GitLab code coverage visualization
See merge request gnutls/gnutls!1691
|
| |/
|
|
|
|
|
|
| |
This switches to using gcovr instead of our custom coverage generation
rule to take advantage of "Test coverage visualization" in GitLab:
https://docs.gitlab.com/ee/ci/testing/test_coverage_visualization.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| | |
.gitlab-ci.yml: consolidate duplicate "aggressive" targets
See merge request gnutls/gnutls!1690
|
| |/
|
|
|
|
|
|
| |
The UB+ASAN-Werror.Fedora.x86_64.gcc-aggressive shared almost same
tasks with UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc, except the
former explicitly specified --disable-hardware-acceleration.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
trust: make filesystem path construction flexible
Closes #1280
See merge request gnutls/gnutls!1493
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The current version of cppcheck hangs at the usage of Gnulib's
intprops module:
https://trac.cppcheck.net/ticket/10192
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
|
|
|
|
|
|
|
|
| |
To handle pathnames longer than the fixed length (previously 256),
this adds a set of internal API functions around the gnutls_pathbuf_st
struct, which enables to safely and efficiently construct pathnames.
The new API initially uses the statically allocated buffer and starts
allocating memory on heap only after the limit has reached.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Forbid uncolicited CompressedCertificate messages
Closes #1440
See merge request gnutls/gnutls!1678
|
| | |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
srtp: support AES-GCM profiles
Closes #1266
See merge request gnutls/gnutls!1685
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support for SRTP_AEAD_AES_128_GCM and SRTP_AEAD_AES_256_GCM
profiles defined in RFC 7714.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
build: remove MAX_RECORD_SEND_SIZE in favor of max_record_send_size
Closes #815
See merge request gnutls/gnutls!1684
|
| | |/
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | | |
doc: Fix Debian package name texlive-plain-generic
See merge request gnutls/gnutls!1689
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
The package texlive-generic-recommended is a transitional dummy package for
texlive-plain-generic in Debian buster (currently oldstable).
See: https://packages.debian.org/texlive-generic-recommended
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
doc: Fix several minor issues in INSTALL.md
See merge request gnutls/gnutls!1688
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
- Fix reference to moved file.
- Fix a dead link, and a typo.
- Use two spaces between sentences, and no trailing whitespace.
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Prefer HTTPS to HTTP in URLs
See merge request gnutls/gnutls!1687
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the latest recommendation, as described here:
https://www.gnu.org/licenses/gpl-howto.html
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| | |/
| |
| |
| |
| |
| |
| | |
This mostly updates NEWS and license links. All links have been
manually tested and confirmed working.
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| |\ \
| |/
|/|
| |
| | |
Fix typos
See merge request gnutls/gnutls!1686
|
| |/
|
|
| |
Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| | |
record: enable check on CCS content also in TLS 1.2
Closes #1439
See merge request gnutls/gnutls!1677
|
| |/
|
|
|
|
|
|
|
| |
This generilizes the value check of Change Cipher Spec for all TLS
protocol versions including TLS 1.2 or earlier. It also fixes the
logic of the check so the value is decrypted before being examined,
according to the RFC.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
build: disable SRP authentication by default
Closes #943
See merge request gnutls/gnutls!1681
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
|
|
|
|
|
|
|
|
| |
SRP authentication in TLS is not up to date with the latest TLS
standards and its ciphersuites are based on the CBC mode and SHA-1.
This makes the feature disabled by default at compile time, though the
users are still be able to enable it with --enable-srp-authentication
configure option.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| | |
Added new interoperability tests
See merge request gnutls/gnutls!1680
|
| | |
| |
| |
| | |
Signed-off-by: Peter Leitmann <pleitman@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
fix obtain credential type based on the key exchange type fail;fix log print key mac size error
See merge request gnutls/gnutls!1670
|
| | | |
| | |
| | |
| | | |
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
|
