| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
ktls is enabled by default, we can check if inicialization was
succesfull with gnutls_transport_is_ktls_enabled
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
|
|
|
| |
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
|
|
|
| |
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
|\
| |
| |
| |
| | |
build: stop running abi-dump-latest at "make files-update"
See merge request gnutls/gnutls!1491
|
| |
| |
| |
| |
| |
| |
| | |
These functions are only defined when compiled with
--enable-fips140-mode.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|
|
|
|
|
|
| |
As the *.abi files have been moved into a separate repository, we need
an extra step to update the repository for new release.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
This will produce more compact abixml output.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
Changes to the .abi files are a bit too noisy to track in the main
repository. This moves the files out of this repository and embed it
as a git submodule.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
devel: provide external git diff driver for *.abi files
See merge request gnutls/gnutls!1214
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds an external diff driver for *.abi files, that shows only
interesting changes in those files. This would be useful when adding
a new API.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This makes it possible to catch undefined memory access in the more
lightweight CI runs.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This fixes errors and warnings as well as some style issues spotted by
cppcheck 2.5. Others are recorded in the suppressions file.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds two new tls channel binding types into enum
gnutls_channel_binding_t:
* tls-server-end-point
* tls-exporter
Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
Update openssl submodule to current OpenSSL_1_1_1-stable branch
(8e813c085a).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Those functions has been deprecated in 3.6.9 as they do not have
active use cases.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
This adds gnutls_alert_set_read_function(), to allow QUIC
implementations to be notified when an alert message is sent.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
For the use with QUIC, the change of traffic secrets must be notified
_after_ a new epoch is set up for reading or writing, and we can't
simply reuse the keylog mechanism.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a couple of functions, gnutls_handshake_set_read_function()
and gnutls_handshake_write(), to allow QUIC implementations to
directly interact with the TLS state machine.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications
Closes #1012
See merge request gnutls/gnutls!1339
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
applications
to have a way to pass the gnutls_verify_output_function() as a callback so that the full
path of the certificate chain to the trusted root can be avaiable as output.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
This allows us to remove several backports, including XTS, CFB8,
raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires to run a single instance of each KDF
mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the
underlying MAC algorithm.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
with HMAC-SHA-256 as the underlying MAC.
Although HKDF is non-approved, it would be sensible to do that as it
will be approved in FIPS140-3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we
mangle the internal version we build.
ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS.
Fixes #1016
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
| |
| |
| |
| |
| |
| |
| | |
As the information is only useful to developers, having it under
devel/ rather than in the tarball is more releavant.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Add support for AES-192 in GCM mode.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
Vendor-in libtasn1 sources in a form of minitasn1
See merge request gnutls/gnutls!1247
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of keeping the minitasn1 source in Git, vendor in it during
bootstrap as we do with Nettle code. This also upgrades included
minitasn1 to latest version (4.16.0).
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import.
Add libtasn1 submodule to ease synchronization with libtasn1.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
Basically export print_pkcs7_info() in a way usable by external
applications.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
This script will handle other backports except ECC as well.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|