| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|/ /
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| |/
|/|
| |
| | |
Added reproducer for fix in !1225
See merge request gnutls/gnutls!1227
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This creates a tests that checks whether the TLS client and server
hello have sufficient non-zero bytes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds an equivalent test of tls13/hello_random_value.c for DTLS
and extends the tests for server hello as well.
Relates: #960
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix padlock accelerated code
Closes #930
See merge request gnutls/gnutls!1226
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
wrap_padlock_hash_fast() allocates a context on a stack (via local
variable) then tries to free it by calling wrap_padlock_hash_deinit()
causing a crash. Remove a call to deinit() to fix a crash.
Fixes #930
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
padlock sha code will segfault (at least on Nano) if it is passed a NULL
data pointer (even if size is 0). Pass digest output buffer as a dummy
data pointer in such case.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If underlying padlock_cbc_en/decrypt return an error, pass this error to
calling code.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
Added null checks in legacy callbacks to avoid warnings from
static analyzers. The issues do not appear to be reproducible
in real-world use.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
dtls client hello: fix zeroed random (fixes #960)
Closes #960
See merge request gnutls/gnutls!1225
|
|/ /
| |
| |
| |
| |
| |
| | |
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
|\ \
| | |
| | |
| | |
| | | |
improve gnutls-cli-debug testing of old SSL 3.0 servers
See merge request gnutls/gnutls!1221
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
in SSL 3.0)
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
servers don't accept them
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
gnutls_session_get_keylog_function: new function
See merge request gnutls/gnutls!1220
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
gnutls-serv: Do not exit when a message to be echoed is received
Closes #959
See merge request gnutls/gnutls!1222
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, when gnutls-serv was executed with the --echo option, it
would exit when a message to be echoed was received. Moreover, the
server would output "Memory error" although no error occurred.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
support non-NULL-terminated PSKs
Closes #586
See merge request gnutls/gnutls!917
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
memory access
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit closes #586.
Two new functions are introduced: gnutls_psk_server_get_username2()
and gnutls_psk_set_client_username2(), which are identical in behavior
to those named similarly (without the final '2'), but allow arbitrary
gnutls datums (not strings) to be used as usernames.
Two new callback functions are also introduced, with their respective
setters: gnutls_psk_set_server_credentials_function2() and
gnutls_psk_set_client_credentials_function2().
In addition, the password file format is extended so that non-string
usernames can be specified. A leading '#' character tells GnuTLS that the
username should be interpreted as a raw byte string (encoded in HEX).
Example:
#deadbeef:9e32cf7786321a828ef7668f09fb35db
Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
global: Load configuration after FIPS POST
Closes #956
See merge request gnutls/gnutls!1216
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail. By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
Two fixes for oss-fuzz build target
See merge request gnutls/gnutls!1219
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Instead of silently ignoring build errors and running fewer fuzzers,
exit on the first build error.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
clang++ will choke on several fuzzer sources because C++ is stricter
than C wrt. type conversion:
gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression
cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned
int' in initializer list [-Wc++11-narrowing]
gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size};
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
fuzz: Update README.md for clang-9 [skip ci]
See merge request gnutls/gnutls!1218
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add support for loading Ed25519 keys from PKCS#11 and using them
Closes #946
See merge request gnutls/gnutls!1200
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
EC_POINT attribute
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
state: add function to get the current hash algorithm
See merge request gnutls/gnutls!1217
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
cipher: expose raw ChaCha20 cipher
See merge request gnutls/gnutls!1210
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
nonce variant of GNUTLS_CIPHER_CHACHA20_64.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|