| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Nettle's RSA signing, encryption and decryption functions still
require randomness for blinding, so fallback to use a fixed buffer in
selftests where entropy might not be available.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
This script will handle other backports except ECC as well.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
Closes #953
See merge request gnutls/gnutls!1242
|
| |
| |
| |
| |
| |
| |
| |
| | |
For RSA-PSS, this flag alone doens't fully enable reproducible
signatures and the user needs to indicate the fact that a zero-length
salt is used through SPKI upon verification.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| | |
Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
use this function from imported nettle sources.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|/
|
|
|
|
|
|
| |
Update imported nettle version to 3.6rc3. This will bring in updated
gmp-glue code and a possiblity to use gostdsa-vko imported from nettle
sources.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
gnutls_session_ext_register: keep track of extension name
See merge request gnutls/gnutls!1224
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously it discarded the name argument, and that was making the
debug output awkward, e.g., running tests/tls-session-ext-register -v:
client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/242) for 'client hello'
client|<4>| EXT[0x9cdc20]: Preparing extension ((null)/241) for 'client hello'
client|<4>| EXT[0x9cdc20]: Sending extension (null)/241 (2 bytes)
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a generalized version of gnutls_ext_get_name, which can
retrieve the name of the extension, even if it is registered per
session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
| |
Update gostdsa_vko() following changes going to be accepted into Nettle.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
handshake-tls13: add session flag to disable sending session tickets
See merge request gnutls/gnutls!1234
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While GnuTLS by default implicitly sends NewSessionTicket during
handshake, application protocols like QUIC set a clear boundary
between "in handshake" and "post handshake", and NST must be sent in
the post handshake state.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
xts: check key block according to FIPS-140-2 IG A.9
See merge request gnutls/gnutls!1233
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The implementation guidance suggests that a check of key1 != key2
should be done at any place before the keys are used:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Nettle's poly1305 code ended up with internal symbol _poly1305_block in
public header. This causes issues on Nettle version changes. Since those
symbols are going to become nettle-internal, vendor in relevant source
file.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove another dependency on nettle internal symbol by vendoring in
_nettle_write_le32 code
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Provide GOST support using source files copied by script rather than
manually crafted by me.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As the script now imports not just Curve448, but also gost code, rename
the script, target directory and symbols to follow that.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
build: use valgrind client request to detect undefined memory use
See merge request gnutls/gnutls!1228
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This tightens the check introduced in
ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
A binary comparison will not work in case the contents is the same but
the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
variations are permitted so we need to handle them.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
|
| |
| |
| |
| |
| |
| |
| | |
We might want to do other things than a simple memcmp() so make sure
we're using the right helper when comparing DNs.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
|
|/
|
|
|
|
|
|
|
|
|
| |
We require private symbols which dissapear at some point in
IDN2 releases in order to support old versions of libidn2. Simplify
the code by requiring only recent versions and avoid issues such
as #832.
Resolves: #832
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Fix padlock accelerated code
Closes #930
See merge request gnutls/gnutls!1226
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
wrap_padlock_hash_fast() allocates a context on a stack (via local
variable) then tries to free it by calling wrap_padlock_hash_deinit()
causing a crash. Remove a call to deinit() to fix a crash.
Fixes #930
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
padlock sha code will segfault (at least on Nano) if it is passed a NULL
data pointer (even if size is 0). Pass digest output buffer as a dummy
data pointer in such case.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
If underlying padlock_cbc_en/decrypt return an error, pass this error to
calling code.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Added null checks in legacy callbacks to avoid warnings from
static analyzers. The issues do not appear to be reproducible
in real-world use.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| |
| | |
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
|\ \
| | |
| | |
| | |
| | | |
gnutls_session_get_keylog_function: new function
See merge request gnutls/gnutls!1220
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
support non-NULL-terminated PSKs
Closes #586
See merge request gnutls/gnutls!917
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
memory access
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit closes #586.
Two new functions are introduced: gnutls_psk_server_get_username2()
and gnutls_psk_set_client_username2(), which are identical in behavior
to those named similarly (without the final '2'), but allow arbitrary
gnutls datums (not strings) to be used as usernames.
Two new callback functions are also introduced, with their respective
setters: gnutls_psk_set_server_credentials_function2() and
gnutls_psk_set_client_credentials_function2().
In addition, the password file format is extended so that non-string
usernames can be specified. A leading '#' character tells GnuTLS that the
username should be interpreted as a raw byte string (encoded in HEX).
Example:
#deadbeef:9e32cf7786321a828ef7668f09fb35db
Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
global: Load configuration after FIPS POST
Closes #956
See merge request gnutls/gnutls!1216
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail. By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for loading Ed25519 keys from PKCS#11 and using them
Closes #946
See merge request gnutls/gnutls!1200
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
EC_POINT attribute
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
nonce variant of GNUTLS_CIPHER_CHACHA20_64.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|