| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Pointed by Andreas Metzler.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
gnutls-serv invocations in cert-tests/dsa can take long time to launch
if valgrind tests are enabled.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This fixes a race condition in the timings between when a free port is
detected and when the port is actually used.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
| |
This function is only used by testpkcs11.sh.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\
| |
| |
| |
| |
| |
| | |
tests: allow clock_nanosleep in seccomp tests
Closes #1086
See merge request gnutls/gnutls!1325
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default selection of signature schemes is also affected by the
crypto-policies, and needs to be explicitly enabled with -sigalgs.
Suggested by Tomas Mraz.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The nanosleep wrapper in glibc has changed the implementation using
the clock_nanosleep syscall:
https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix inconsistent handling of $SERV environment variable in testsuite
Closes #1090
See merge request gnutls/gnutls!1331
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests did not support overriding the PATH to gnutls-serv by setting
the environment variable SERV but used GNUTLS_SERV instead.
Closes #1090
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |/
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \
| |/
|/|
| |
| | |
Make private exponent optional in gnutls_privkey_import_rsa_raw()
See merge request gnutls/gnutls!1323
|
| |
| |
| |
| | |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
| |
| |
| |
| |
| |
| | |
Closes #1097
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|/
|
|
|
|
|
| |
GOST algorithms are not enabled by default, explicitely request them in
priority string.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\
| |
| |
| |
| |
| |
| | |
Fix padlock partial PHE detection and sizeof usage
Closes #1076
See merge request gnutls/gnutls!1316
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
import.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|/
|
|
| |
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
|
|\
| |
| |
| |
| |
| |
| | |
handshake: check TLS version against modified server priorities
Closes #1054
See merge request gnutls/gnutls!1309
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The server needs to take into account of multiple factors when
determining the TLS protocol version actually being used:
- the legacy version
- "supported_versions" extension
- user_hello_func that may modify the server's priorities
Only after that it can check whether the TLS version is enabled in the
server's priorities.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
cert-session: check OCSP error responses
Closes #1062
See merge request gnutls/gnutls!1308
|
| |/
| |
| |
| |
| |
| |
| |
| | |
If the OCSP responder returns an error code, such as tryLater, we
can't proceed to examine the response bytes. In that case, just skip
the check unless the stapling is mandatory on this certificate.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_aead_cipher_decrypt: check output buffer size before writing
Closes #1049
See merge request gnutls/gnutls!1312
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
While the documentation of gnutls_aead_cipher_decrypt indicates that
the inout argument ptext_len initially holds the size that
sufficiently fits the expected output size, there was no runtime check
on that. This makes the interface robuster against misuses.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| | |
This aligns the behavior to the documentation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When building without GOST support parsing a GOST certificate must
return an "error importing public key" message instead of key
details. This change makes tests/cert-tests/pem-decoding pass for
builds with --disable-gost.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|/
|
|
|
|
| |
Spotted by codespell.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
| |
This variable is not initialized in this error path: it's only
initialized if gnutls_x509_crt_get_authority_info_access() succeeds.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|
|
|
|
|
|
|
|
| |
Split up system-override-sig-hash.sh
so that the errors won't get swallowed or conflated.
Also correct unused `srcdir` to `builddir`,
which I believe was meant to be set there.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
|
|
|
|
|
|
|
| |
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
Tlsfuzzer also assumed the Python interpreter would be called
"python", this update is necessary to get a fixed version (see
https://github.com/tomato42/tlsfuzzer/pull/671).
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
|
|
|
| |
This makes the extended test suite work one Debian(-ish) systems
without Python 2, where the Python 3 interpreter is called "python3".
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\
| |
| |
| | |
# Conflicts:
# lib/crypto-selftests-pk.c
|
| |\
| | |
| | |
| | |
| | | |
build: minor fixes
See merge request gnutls/gnutls!1287
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Suggested by Andreas Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1021
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This makes check_for_datefudge not to immediately exit the program,
but to return non-zero to allow the tests by themselves to control the
behavior when "datefudge" is not found.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
crypto-api: always allocate memory when serializing iovec_t
Closes #1017
See merge request gnutls/gnutls!1278
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The AEAD iov interface falls back to serializing the input buffers if
the low-level cipher doesn't support scatter/gather encryption.
However, there was a bug in the functions used for the serialization,
which causes memory leaks under a certain condition (i.e. the number
of input buffers is 1).
This patch makes the logic of the functions simpler, by removing a
micro-optimization that tries to minimize the number of calls to
malloc/free.
The original problem was reported by Marius Steffen in:
https://bugzilla.samba.org/show_bug.cgi?id=14399
and the cause was investigated by Alexander Haase in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
tests: updated tlsfuzzer tests to latest version
See merge request gnutls/gnutls!1276
|
| | |/
| | |
| | |
| | |
| | |
| | | |
excluded some tests from test-certificate-malformed.py
Signed-off-by: KrenzelokFrantisek <krenzelok.frantisek@gmail.com>
|
| |/
| |
| |
| | |
Signed-off-by: Sahana Prasad <sahana@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There was a confusion in the TOTP implementation in stek.c. When the
mechanism is initialized at the first time, it records the timestamp
but doesn't initialize the key. This removes the timestamp recording
at the initialization phase, so the key is properly set later.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| | |
| | |
| | |
| | | |
lib: add support for AES-192-GCM
See merge request gnutls/gnutls!1267
|