| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
According to the latest TC-26 requirements, the MAC algorithm used for
PBKDF2 should always be HMAC_GOSTR3411_2012_512.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This introduces transparent loading of TPM2 keys which are in PEM
form by gnutls_privkey_import_x509_raw() and higher level functions
which wrap it.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Co-authored-by: David Woodhouse <dwmw2@infradead.org>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
|
| |
This adds a couple of flags to RSA-PSS signing and verification, to
enforce that the salt length matches the digest length. That is not
only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
1.3 context.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported at <https://issues.guix.gnu.org/47867>
by Florian Pelz <pelzflorian@pelzflorian.de>.
This is a followup to a229bb36c9592b151f6feb277238c41ab39f40a9.
* guile/src/core.c (write_to_session_record_port) [USING_GUILE_BEFORE_2_2]:
Keep looping upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
(write_to_session_record_port) [!USING_GUILE_BEFORE_2_2]: Loop on
GNUTLS_E_INTERRUPTED and return -1 on GNUTLS_E_AGAIN if C_SESSION is
backed by a file descriptor.
* NEWS: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DN components are expected to be ordered by scale, with the wire format
representing larger-scale components (like country or organization) before
smaller-scale components (like state or organizationalUnit).
The bulk of the changes here of course are changes to the target
certificates in the test suite.
Note that a change was necessary in tests/cert-tests/crq.sh because it
tests the "interactive" mode of certtool. If any user is scripting
certtool in this way, this change will cause a backwards-incompatible
break. However, I think this is OK -- the supported scripted/batch
mode for certtool should use a template file, and I don't think it's
important to maintain a strict api on the interactive mode.
The main change here is to order the DN from least-specific-to-most,
in particular:
country, state, locality, org, orgunit, cn, uid
But I've also made an additional arbitrary choice, which is that DC
(domain component) comes *after* uid. This was already the case in
certificate generation, but in *request* generation, it was the other
way around. I've changed request generation to match this ordering
from certificate generation.
Closes: #1243
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
| |
The old envvar still has effect but has been marked as deprecated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
| |
Suggested by Thomas Karlsson in:
https://gitlab.com/gnutls/gnutls/-/issues/1126
While this changes the default behavior, CDP can always be set through
the template or interactive input.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the client was sending early data after receiving a Server
Hello message, which not only negates the benefit of 0-RTT, but also
was a logic error as it can only be decrypted by the server when the
initial handshake and the resuming handshake agree on the same
ciphersuites. This fixes that behavior in the following ways:
- extend the session data format to include the selected ciphersuites,
even in TLS 1.3
- setup the epoch for early data, right before the client sending
early data (also right after the server deciding to accept early
data).
- extend the test case to use different ciphersuites in the initial
and resuming handshakes
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
compatibility mode at run-time.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
Those functions has been deprecated in 3.6.9 as they do not have
active use cases.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
Closes #1012
See merge request gnutls/gnutls!1339
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
applications
to have a way to pass the gnutls_verify_output_function() as a callback so that the full
path of the certificate chain to the trusted root can be avaiable as output.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |/
|
|
|
|
|
| |
This allows us to remove several backports, including XTS, CFB8,
raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
| |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |
|
|
|
|
|
| |
Reported by Andreas Metzler in:
https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004650.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
| |
Add support for AES-192 in GCM mode.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Basically export print_pkcs7_info() in a way usable by external
applications.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
improve gnutls-cli-debug testing of old SSL 3.0 servers
See merge request gnutls/gnutls!1221
|
| | |
| |
| |
| | |
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
gnutls_session_get_keylog_function: new function
See merge request gnutls/gnutls!1220
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
| |
|
|
|
|
|
|
| |
This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This partially reverts commit 97117556 with a simpler interface. The
original intention of having the callback mechanism was to reuse it
for monitoring QUIC encryption changes. However, it turned out to be
insufficient because such changes must be emitted after a new epoch is
ready.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This refactors the keylogfile mechanism by adding a callback to get
notified when a new secret is derived and installed. That way,
consumers can implement custom logging feature per session, which is
particularly useful in QUIC implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This exposes HKDF and PBKDF2 functions from the library. Instead of
defining a single KDF interface as in PKCS #11, this patch defines 3
distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
derivation, so that we can take advantage of compile time checking of
necesssary parameters.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
algorithms: implement X448 key exchange and Ed448 signature scheme
See merge request gnutls/gnutls!984
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
tls13: fix issues with client OCSP responses
Closes #876
See merge request gnutls/gnutls!1169
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The TLS1.3 protocol requires the server to advertise an empty
OCSP status request extension on its certificate verify message
for an OCSP response to be sent by the client. We now always
send this extension to allow clients attaching those responses.
Resolves: #876
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
