| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| |/
|/|
| |
| | |
gost: update gostdsa_vko to follow Nettle
See merge request gnutls/gnutls!1237
|
|/
|
|
|
|
| |
Update gostdsa_vko() following changes going to be accepted into Nettle.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
handshake-tls13: add session flag to disable sending session tickets
See merge request gnutls/gnutls!1234
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While GnuTLS by default implicitly sends NewSessionTicket during
handshake, application protocols like QUIC set a clear boundary
between "in handshake" and "post handshake", and NST must be sent in
the post handshake state.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
build: attempt to fix build issues on FreeBSD
See merge request gnutls/gnutls!1236
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
BSD sed does not like \n and \0 in string substitution. Workaround this
by using sed magic.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
xts: check key block according to FIPS-140-2 IG A.9
See merge request gnutls/gnutls!1233
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The implementation guidance suggests that a check of key1 != key2
should be done at any place before the keys are used:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
Stop using Nettle and Hogweed internal symbols
See merge request gnutls/gnutls!1235
|
| | |
| | |
| | |
| | |
| | |
| | | |
lib/nettle/curve448
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Check that GnuTLS does not depend on Nettle/Hogweed internal symbols.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Nettle's poly1305 code ended up with internal symbol _poly1305_block in
public header. This causes issues on Nettle version changes. Since those
symbols are going to become nettle-internal, vendor in relevant source
file.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove another dependency on nettle internal symbol by vendoring in
_nettle_write_le32 code
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Provide GOST support using source files copied by script rather than
manually crafted by me.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As the script now imports not just Curve448, but also gost code, rename
the script, target directory and symbols to follow that.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Curve448 script already imports several ecc sources into GnuTLS tree.
Modify it to also vendor in GOST-related ecc files.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix sed script used to rename symbols to remove few additional symbols
sitting in _nettle_FOO namespace.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
Fix sed script used to rename symbols to remove few additional symbols
sitting in _nettle_FOO namespace.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
tests: Fix status-request-revoked after 2020-10-24
Closes #967
See merge request gnutls/gnutls!1230
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
included certs expire 2020-10-24 so this test fails after that date.
Fixes #967
This patch was done while working on reproducible builds for openSUSE.
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
|\ \
| | |
| | |
| | |
| | | |
build: use valgrind client request to detect undefined memory use
See merge request gnutls/gnutls!1228
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This tightens the check introduced in
ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Compare DNs by comparing their string representations
Closes #553
See merge request gnutls/gnutls!1223
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A binary comparison will not work in case the contents is the same but
the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
variations are permitted so we need to handle them.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
We might want to do other things than a simple memcmp() so make sure
we're using the right helper when comparing DNs.
Signed-off-by: Pierre Ossman <ossman@cendio.se>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
IDNA: require libidn2 2.0.0
Closes #832
See merge request gnutls/gnutls!1229
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We require private symbols which dissapear at some point in
IDN2 releases in order to support old versions of libidn2. Simplify
the code by requiring only recent versions and avoid issues such
as #832.
Resolves: #832
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| | |
Added reproducer for fix in !1225
See merge request gnutls/gnutls!1227
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This creates a tests that checks whether the TLS client and server
hello have sufficient non-zero bytes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds an equivalent test of tls13/hello_random_value.c for DTLS
and extends the tests for server hello as well.
Relates: #960
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix padlock accelerated code
Closes #930
See merge request gnutls/gnutls!1226
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
wrap_padlock_hash_fast() allocates a context on a stack (via local
variable) then tries to free it by calling wrap_padlock_hash_deinit()
causing a crash. Remove a call to deinit() to fix a crash.
Fixes #930
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
padlock sha code will segfault (at least on Nano) if it is passed a NULL
data pointer (even if size is 0). Pass digest output buffer as a dummy
data pointer in such case.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If underlying padlock_cbc_en/decrypt return an error, pass this error to
calling code.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
Added null checks in legacy callbacks to avoid warnings from
static analyzers. The issues do not appear to be reproducible
in real-world use.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
dtls client hello: fix zeroed random (fixes #960)
Closes #960
See merge request gnutls/gnutls!1225
|
|/ /
| |
| |
| |
| |
| |
| | |
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
|\ \
| | |
| | |
| | |
| | | |
improve gnutls-cli-debug testing of old SSL 3.0 servers
See merge request gnutls/gnutls!1221
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
in SSL 3.0)
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
servers don't accept them
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
gnutls_session_get_keylog_function: new function
See merge request gnutls/gnutls!1220
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
gnutls-serv: Do not exit when a message to be echoed is received
Closes #959
See merge request gnutls/gnutls!1222
|