| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
use bcrypt for the windows random generator instead of wincrypt
See merge request gnutls/gnutls!1255
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
Rewrite the CryptoAPI calls in bcrypt.
bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
configure.ac: add -fno-builtin-strcmp if valgrind is enabled
Closes #944
See merge request gnutls/gnutls!1264
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Recent GCC provides strcmp which makes Valgrind assume that it accesses
uninitialized data. Disable this optimization if Valgrind tests are
enabled.
Fixes #944
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
configure: check that -no_weak_links works with FD_SET
Closes #966
See merge request gnutls/gnutls!1266
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Several Xcode/SDK versions provide FD_SET implementation that does not
work with -no_weak_links. Check that this option does not break FD_SET
usage.
Fixes #966
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
lib: improve external file loading
See merge request gnutls/gnutls!1261
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
fread_file and read_file. This also adds the following changes to be
consistent with the latest changes in Gnulib:
- the callers of fread_file and read_file to be adjusted for the FLAGS
argument
- "attribute.h" needs to be used extensively
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
the build. We can assume that the minimum platform the code will run on is
Vista [1]
In that case there's no need to call API's (ncrypt) dynamically when it can be
done statically.
[1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|/
|
|
|
|
|
|
|
|
|
| |
Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
To properly link it needs to be linked with the crypt32.dll.
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
This library was missing from the pkg-config library. It exists in
thirdparty_libadd to link gnutls as a DLL.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|\
| |
| |
| |
| |
| |
| | |
nettle: expose SIV-CMAC through the AEAD interface
Closes #974 and #463
See merge request gnutls/gnutls!1238
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Given the fixed version of the function will be part of Nettle 3.6,
use pkg-config --atleast-version instead of a manually comparison of
the Nettle version.
Fixes #974.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
New make target 'update-copyright-year'
Closes #980
See merge request gnutls/gnutls!1241
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We don't want to automatically update the copyright year as this
prevents reproducible builds.
Instead, 'make update-copyright-year' has to be executed at the
start of each new year and the changes have to be pushed.
Closes #980
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
|
|
|
| |
Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
use this function from imported nettle sources.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
| |
Update gostdsa_vko() following changes going to be accepted into Nettle.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Provide GOST support using source files copied by script rather than
manually crafted by me.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
build: use valgrind client request to detect undefined memory use
See merge request gnutls/gnutls!1228
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This tightens the check introduced in
ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
We require private symbols which dissapear at some point in
IDN2 releases in order to support old versions of libidn2. Simplify
the code by requiring only recent versions and avoid issues such
as #832.
Resolves: #832
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
| |
Use GOST DSA and GOST curves provided by Nettle's master branch.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That removes a lot of code that was not necessary in the gnutls test
suite.
Resolves: #884
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
guile: Arrange to make 'gnutls.scm' architecture-independent.
Closes #838
See merge request gnutls/gnutls!1121
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #838.
Reported by Andreas Metzler.
* configure.ac: Define and substitute 'maybe_guileextensiondir'.
* guile/Makefile.am (.in.scm): Substitute 'maybe_guileextensiondir'.
* guile/modules/gnutls.in <top level>: Use @maybe_guileextensiondir@.
Check if %LIBDIR is true.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This effectively reverts !400 and ensures that we no longer tolerate
invalid DER time. This complements the previous commit by Lili Quan
and ensures we provide the --disable-strict-der-time backwards compatibility
option.
Resolves: #207
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| | |
This reverts commit 1e9c9ba0c0798b5566902e6c5ab83418826dd7f5.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by Helmut Grohne <helmut@subdivi.de>
and Andreas Metzler <ametzler@bebt.de>
at <https://bugs.debian.org/943905>.
* configure.ac: Add 'CROSS_COMPILING' conditional.
* guile/Makefile.am (CROSS_COMPILING_VARIABLE): New variable.
(%.go): Use it.
* guile/modules/gnutls.in <top level>: Do not call 'load-extension'
when "GNUTLS_GUILE_CROSS_COMPILING" is defined.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
| |
This system call will never block and does not require a file
descriptor to be opened. It provides an endless stream of random
numbers from the kernel's ChaCha20-based random number generator.
Signed-off-by: Nia Alarie <nia@NetBSD.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
We already depend on nettle 3.4.1 which provides that symbol,
ensure that we use it consistently.
Relates: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
previously-supported versions.
* doc/gnutls-guile.texi (Guile Preparations): Update list of supported
versions.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
| |
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
This makes the functionality available on gcc 4.8.
Resolves: #812
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
Check for nettle_xts_encrypt_message() function rather than just
xts_encrypt_message(). All functions in nettle are renamed to contain
`nettle_` prefix.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Nettle library starts to gain support for GOST algorithms. Support
building GnuTLS with GOST-enabled nettle library.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This introduces the inih copylib, and makes our configuration
file parsing more flexible.
Relates: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|