| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| | |
gnutls_hmac_copy() API
Closes #787
See merge request gnutls/gnutls!1035
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
During the test suite run we require that all supported
MAC and hash algorithms implement the copy function.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
This implements the new API to all internal implementations.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Add gnutls_hash_copy() function for copying message digest context.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
necessary for SMB3 support.
Resolves: #787
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/
|
|
|
|
|
|
|
| |
GOST ciphersuites requires continuously computing MAC of all the
previously sent or received data. The easies way to support that is to
add support for copy function, that creates MAC instance with the same
internal state.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
Enhance the configuration file capabilities
Closes #587
See merge request gnutls/gnutls!1013
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This introduces the inih copylib, and makes our configuration
file parsing more flexible.
Relates: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
Corrected call for updating ABI files
See merge request gnutls/gnutls!1033
|
| |
| |
| |
| | |
Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Marked the crypto backend registration APIs as deprecated
Closes #789
See merge request gnutls/gnutls!1032
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This is to warn for a future conversion of these APIs to a no-op.
Resolves: #789
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| | |
tests: improve record_size_limit tests
See merge request gnutls/gnutls!1023
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
The option changes the behavior of the server, it would make sense to
check both with and without %ALLOW_SMALL_RECORDS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously those tests assumed varying sizes of connection information
gnutls-serv sends. This is too brittle and if the default algorithm
has changed the tests need to be updated.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
By default, the gnutls-server --http responds with the connection
information. While this is useful for manual testing, fixed content
would be more desirable for automated testing.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a new test against the server to check if
%ALLOW_SMALL_RECORDS is required to continue communicating with the
server. The test is in two parts: one to check if the server accepts
records with the default size (512 bytes) and the other is to check if
%ALLOW_SMALL_RECORDS helps if the previuos test fails.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a means to set maximum record size to receive. If the size
is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
also needs to be specified.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
CONTRIBUTING.md: Fix syntax error [ci skip]
See merge request gnutls/gnutls!1028
|
|/ /
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| | |
| | |
| | |
| | | |
gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
See merge request gnutls/gnutls!1025
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously this flag was ignored, although documented not to.
This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi
which were supposed to test this interface, but were never enabled.
This was caught by Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
fips: run selftests over overridden AES-CBC algorithm
See merge request gnutls/gnutls!1027
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, we only tested nettle's AES-CBC in
_gnutls_fips_perform_self_checks1(), which is called before the
implementation is overridden. This adds an AES-CBC self-test in
_gnutls_fips_perform_self_checks2() so it can test the actual
implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
guile: Deprecate OpenPGP bindings.
See merge request gnutls/gnutls!1021
|
| |/
| |
| |
| |
| |
| |
| |
| | |
* guile/modules/gnutls.in (define-deprecated): New macro.
Use it for all the *openpgp* bindings.
* guile/src/core.c: Rename *openpgp* bindings with a '%' prefix.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Remove unbounded uses of alloca in the Guile bindings
Closes #684
See merge request gnutls/gnutls!1022
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* guile/src/core.c (ALLOCA_MAX_SIZE, FAST_ALLOC): New macros.
(set_certificate_file):
(scm_gnutls_set_certificate_credentials_x509_key_files_x)
(scm_gnutls_set_srp_server_credentials_files_x)
(scm_gnutls_set_srp_client_credentials_x)
(scm_gnutls_srp_base64_encode, scm_gnutls_srp_base64_decode)
(scm_gnutls_set_psk_server_credentials_file_x)
(scm_gnutls_pkcs8_import_x509_private_key)
(scm_gnutls_x509_certificate_matches_hostname_p)
(scm_gnutls_import_openpgp_private_key): Use 'FAST_ALLOC' instead of
'alloca'.
* guile/src/utils.c: Remove unneeded <alloca.h> include.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
* guile/src/core.c (scm_gc_malloc_pointerless)
[!HAVE_SCM_GC_MALLOC_POINTERLESS]: New macro.
(make_session_record_port): Remove #ifdef HAVE_SCM_GC_MALLOC_POINTERLESS.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
tls13/key_update: ignore multiple key updates instead of error
See merge request gnutls/gnutls!1019
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This fixes the multiple KeyUpdate messages handling in commit
65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
sent even if the limit doesn't exceed.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
Prefix gcc attributes with 'attr_'
See merge request gnutls/gnutls!1017
|
|/ /
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
Fix warn_unused_result for clang < 4
See merge request gnutls/gnutls!1016
|
|/ /
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| |/
|/|
| |
| | |
.gitlab-ci.yml: switched fedora to latest version
See merge request gnutls/gnutls!1015
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
RELEASES.md: document the releases policy
See merge request gnutls/gnutls!1011
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a file to document the policy on releases based on
the discussions taken place in the last face to face meeting.
https://gitlab.com/gnutls/gnutls/wikis/face2face-meeting-fosdem2019
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Do not regenerate autogen files if --enable-local-libopts is given
Closes #772
See merge request gnutls/gnutls!1010
|