| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Declare GOST curves from GOST R 34.10-2001 and GOST R 34.10-2012 (test
curves) and GOST curves defined by TC26 itself.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
gnutls_aead_cipher_decrypt(), that works on data buffers.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
| |
Added suppressions for _MAX enumerator values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
| |
Add support for computing AES-GMAC using MAC API, as requested by Samba
for SMB3 support.
Resolves: #781
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were not setting the third array member correctly, though
this didn't have any impact to previous implementations as they
did not rely on it. This also moves away from the custom implementation
of cpuid (which was limited), and we now rely on the compiler's
version.
This effectively enables support for SHA_NI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Add gnutls_hash_copy() function for copying message digest context.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
necessary for SMB3 support.
Resolves: #787
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This introduces the inih copylib, and makes our configuration
file parsing more flexible.
Relates: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous behavior was that both sending and receiving limits are
negotiated to be the same value. It was problematic when:
- client sends a record_size_limit with a large value in CH
- server sends a record_size_limit with a smaller value in EE
- client updates the limit for both sending and receiving, upon
receiving EE
- server sends a Certificate message larger than the limit
With this patch, each peer maintains the sending / receiving limits
separately so not to confuse with the contradicting settings.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
To suppress changes in internal structures.
Suggested by Nikos Mavrogiannopoulos.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This adds a new function gnutls_prf_early, which shall be called in a
handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test
needs to be run in a datefudge wrapper as the early secrets depend on
the current time (through PSK).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These have output ABI format compatibility and that means we can
take snapshots to test ABI against. We also hard-code explicitly
the SONAME version to ensure no accidental SONAME bumps happen.
This patch also moves symbols.last in the devel/ subdirectory
and no internal files are shipped.
Relates: #292
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the target branch we check against by adding upstream as remote.
Drop the use of set -e as this causes the shell to immediately exit on
errors instead of allowing the code to check the failure and report what
it faled about.
Also print which commits are being checked and what information was found
so that a CI failure can be better diagnosed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
|
|
|
| |
This checks for unsafe uses of variables in our included threaded
tests.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
| |
This adds support of the final RFC numbers.
Resolves #542
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Do not require certificate validation on tests where no certificate is sent
* Rekey test performs data transfer after re-key
This introduces a dependency on the expect package for testing, and
updates openssl to address an issue in post-handshake auth interop
testing.
Resolves #488
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds interoperability tests for:
* PSK with elliptic curve DHE
* RSA,RSA-PSS,secp256r1,ed25519 server certificate
* RSA,RSA-PSS,secp256r1,ed25519 client certificate
* X25519,SECP256R1 key share exchange
* key share with HRR
Relates #328
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This allows to compile the library with flags which will add predictable
random generation and eliminate some crypto checks, in order for the
library to be used for testing (fuzzying).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This enables the fuzzers to run even when statically linked.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This allows updating the fuzzer corpus from openssl using a single
command.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
