| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
gnutls-cli-debug: test whether RSA key exchange is supported
Closes #449
See merge request gnutls/gnutls!1039
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Resolves: #449
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
gnutls_session_get_desc: avoid printing a NULL value
See merge request gnutls/gnutls!1038
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When gnutls_session_set_premaster() is used (under openconnect),
it is possible that gnutls_session_get_desc will print a string like
this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
With this change we ensure that we do not print null values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
See merge request gnutls/gnutls!1034
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds a continuous random number generator test as defined in FIPS
140-2 4.9.2, by iteratively fetching fixed sized block from the system
and comparing consecutive blocks.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
lib: add support for AES-GMAC
Closes #781
See merge request gnutls/gnutls!1036
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
requires nonce, but it was not supplied.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Calling set_nonce before set_key is plain incorrect. For GMAC key is not
initialized. For UMAC set_key will reset nonce to empty.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add support for computing AES-GMAC using MAC API, as requested by Samba
for SMB3 support.
Resolves: #781
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix gnutls_x509_crt_list_import2() documentation
Closes #794
See merge request gnutls/gnutls!1037
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
That checks whether the return code of gnutls_x509_crt_list_import()
contains the number of loaded certificates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
options
Resolves: #794
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Updated asm files to latest version under cryptogams license
See merge request gnutls/gnutls!989
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We were not setting the third array member correctly, though
this didn't have any impact to previous implementations as they
did not rely on it. This also moves away from the custom implementation
of cpuid (which was limited), and we now rely on the compiler's
version.
This effectively enables support for SHA_NI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
gnutls_hmac_copy() API
Closes #787
See merge request gnutls/gnutls!1035
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
During the test suite run we require that all supported
MAC and hash algorithms implement the copy function.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This implements the new API to all internal implementations.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add gnutls_hash_copy() function for copying message digest context.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
necessary for SMB3 support.
Resolves: #787
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
GOST ciphersuites requires continuously computing MAC of all the
previously sent or received data. The easies way to support that is to
add support for copy function, that creates MAC instance with the same
internal state.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enhance the configuration file capabilities
Closes #587
See merge request gnutls/gnutls!1013
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This introduces the inih copylib, and makes our configuration
file parsing more flexible.
Relates: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Corrected call for updating ABI files
See merge request gnutls/gnutls!1033
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Karsten Ohme <k_o_@users.sourceforge.net>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Marked the crypto backend registration APIs as deprecated
Closes #789
See merge request gnutls/gnutls!1032
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is to warn for a future conversion of these APIs to a no-op.
Resolves: #789
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
tests: improve record_size_limit tests
See merge request gnutls/gnutls!1023
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The option changes the behavior of the server, it would make sense to
check both with and without %ALLOW_SMALL_RECORDS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously those tests assumed varying sizes of connection information
gnutls-serv sends. This is too brittle and if the default algorithm
has changed the tests need to be updated.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
By default, the gnutls-server --http responds with the connection
information. While this is useful for manual testing, fixed content
would be more desirable for automated testing.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new test against the server to check if
%ALLOW_SMALL_RECORDS is required to continue communicating with the
server. The test is in two parts: one to check if the server accepts
records with the default size (512 bytes) and the other is to check if
%ALLOW_SMALL_RECORDS helps if the previuos test fails.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a means to set maximum record size to receive. If the size
is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
also needs to be specified.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
CONTRIBUTING.md: Fix syntax error [ci skip]
See merge request gnutls/gnutls!1028
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
See merge request gnutls/gnutls!1025
|
