| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
According to FIPS140-2 IG 7.5, the minimum key size of FFC through
2030 is defined as 2048 bits. This updates the relevant self-test
using ffdhe3072 defined in RFC 7919.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
This is a leftover of 52e78f1e. We need to call
gnutls_verify_output_function with the replaced CA cert instead of the
original cert.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| | |
padlock:fix exception in wrap_padlock_hmac_fast
See merge request gnutls/gnutls!1336
|
| |
| |
| |
| |
| |
| |
| | |
In function wrap_padlock_hmac_fast, use free to release local variables
ctx. Remove a call to wrap_padlock_hmac_deinit() to fix a crash.
Signed-off-by: JonasZhou <JonasZhou@zhaoxin.com>
|
|\ \
| | |
| | |
| | |
| | | |
priority: add Ed448 to SECURE192 signing algorithms
See merge request gnutls/gnutls!1332
|
| |/
| |
| |
| |
| |
| |
| | |
Reported Vladimír Čunát in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/984#note_349374656
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
tests: allow clock_nanosleep in seccomp tests
Closes #1086
See merge request gnutls/gnutls!1325
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids -fanalyzer false-positive in GCC 10:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
as well as the cppcheck warning:
"variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
Suggested by Martin Sebor in:
https://bugzilla.redhat.com/show_bug.cgi?id=1876801#c1
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The function was not really useful because _gnutls_free_datum()
has a NULL check as in free(). This also makes GCC 10 happy if
-Warray-bounds=2 is specified:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
Make private exponent optional in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1323
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| |
| |
| |
| | |
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|/
|
|
|
|
| |
Printing UTCTime really needs last 2 digits of the year.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
Dynamic downloading of missing intermediate CAs via gnutls-cli using the option 'ca-auto-retrieve'
Closes #968
See merge request gnutls/gnutls!1319
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
handshake: reject no_renegotiation alert if handshake is incomplete
Closes #1071
See merge request gnutls/gnutls!1320
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix padlock partial PHE detection and sizeof usage
Closes #1076
See merge request gnutls/gnutls!1316
|
| |/
| |
| |
| |
| |
| |
| | |
The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted,
key fixup logic however checks for 3 missing arguments when updating coefficient 'u'
but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters
are missing at that point.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|/
|
|
| |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\
| |
| |
| |
| |
| |
| | |
handshake: check TLS version against modified server priorities
Closes #1054
See merge request gnutls/gnutls!1309
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The server needs to take into account of multiple factors when
determining the TLS protocol version actually being used:
- the legacy version
- "supported_versions" extension
- user_hello_func that may modify the server's priorities
Only after that it can check whether the TLS version is enabled in the
server's priorities.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
cert-session: check OCSP error responses
Closes #1062
See merge request gnutls/gnutls!1308
|
| |/
| |
| |
| |
| |
| |
| |
| | |
If the OCSP responder returns an error code, such as tryLater, we
can't proceed to examine the response bytes. In that case, just skip
the check unless the stapling is mandatory on this certificate.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_aead_cipher_decrypt: check output buffer size before writing
Closes #1049
See merge request gnutls/gnutls!1312
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
While the documentation of gnutls_aead_cipher_decrypt indicates that
the inout argument ptext_len initially holds the size that
sufficiently fits the expected output size, there was no runtime check
on that. This makes the interface robuster against misuses.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_x509_crt_export2: return 0 instead of the length
Closes #1025
See merge request gnutls/gnutls!1311
|
| | |
| | |
| | |
| | |
| | |
| | | |
This aligns the behavior to the documentation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
minitasn1: move WARN_CFLAGS setting to configure.ac
Closes #1022
See merge request gnutls/gnutls!1307
|
| |/
| |
| |
| |
| |
| |
| | |
Some compilers don't support -Wno-type-limits, while they support
-Wtype-limits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
_gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled
See merge request gnutls/gnutls!1306
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Previously gnutls_fips140_mode_enabled() returned true, even after
selftests have failed and the library state has switched to error.
While later calls to crypto operations fails, it would be more
convenient to have a function to detect that state.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
doc: assorted typo fixes
See merge request gnutls/gnutls!1305
|
| |/
| |
| |
| |
| |
| | |
Spotted by codespell.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
cert-session: ensure that invalid flag is always set
See merge request gnutls/gnutls!1304
|
| |/
| |
| |
| |
| |
| |
| |
| | |
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| |/
|/|
| |
| | |
Add or clean header guards in lib/includes/gnutls/
See merge request gnutls/gnutls!993
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|\ \
| | |
| | |
| | |
| | | |
pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig()
See merge request gnutls/gnutls!1301
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When checking in _gnutls_pubkey_compatible_with_sig() whether a public
key is compatible with a signature algorithm, run first
pubkey_supports_sig() before performing weaker checks that can accept
the given algorithm but with an audit-log warning. This avoids an issue
when a weaker check would log an audit message for some signature
algorithm that would then be determined as incompatible by the
pubkey_supports_sig() check anyway.
For instance, a GnuTLS server might have a certificate with a SECP384R1
public key and a client can report that it supports
ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the
GnuTLS server will eventually find that it must use
ECDSA-SECP384R1-SHA384 with this public key. However, the code would
first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is
compatible with ECDSA-SECP256R1-SHA256. The function would report the
audit warning "The hash size used in signature (32) is less than the
expected (48)" but then reject the signature algorithm in
pubkey_supports_sig() as incompatible because it has a different curve.
Since the algorithm gets rejected it is not necessary to inform about
its hash size difference in the audit log.
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements full public key validation required in
SP800-56A rev3, section 5.6.2.3.3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements full public key validation required in SP800-56A rev3,
section 5.6.2.3.1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary for full public key validation in
SP800-56A (revision 3), section 5.6.2.3.1.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of
the calculated shared secret is verified before the data is returned
to the caller. This patch adds the validation check.
Suggested by Stephan Mueller.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|