| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test_sig() always uses the same key for RSA, DSA, and ECDSA regardless
of the value provided in the "bits" parameter. Therefore, avoid
printing specific information (number of bits or name of the curve).
Changes test_sig() to use 2048 bits key for DSA; deleted hardcoded 512
bits DSA key;
Avoid calling test_sig() multiple times for ECDSA: the same key is
used regardless of the curve provided in the parameters.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Remove the flag check from the end of the macros. This change allows
more than one test to run in sequence when GNUTLS_SELF_TEST_FLAG_ALL is
not set. Move the flags checks to run the minimal set of tests required
for FIPS and keep the previous behaviour for GOST (run the first test
for each algorithm).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Previously a new signature was generated only for deterministic
algorithms (i.e. only RSA). With this, a new signature is always
generated (and compared with a stored signature for deterministic
algorithms). The signature verification is tested for both generated
and stored signatures.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the function used in the test to override gnutls_rnd() to
fill the given buffer with a different value each time it is called.
This allows the test to run when FIPS mode is enabled.
Previously the rng-no-onload test could get stuck if FIPS mode was
enabled. This happened if gnutls_rnd() function was called during
global_init() in a loop that checks the generated value (e.g. if ECDSA
signature generation is called during self tests).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
| |
For RSA, compare the generated signature with a stored known value in
test_sig().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
| |
The objective of moving these values to the top is to allow them to be
used by other functions, in particular test_sig().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
fix nettle 3.5 issues/warnings
Closes #835
See merge request gnutls/gnutls!1067
|
| |
| |
| |
| |
| |
| |
| |
| | |
That is, ensure that the registered cipher is called at least
once in the program. That is, to make this test fail if the registration
API ever become deprecated/no-op.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, it no longer uses the deprecated API, and it is also
removed to cipher-alignment for clarity.
Resolves: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
We already depend on nettle 3.4.1 which provides that symbol,
ensure that we use it consistently.
Relates: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
pkcs11-mock: updated license based on upstream project [ci skip]
See merge request gnutls/gnutls!1065
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on the relicense of the original project:
https://github.com/Pkcs11Interop/pkcs11-mock
Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
Add support for Guile 3.0
See merge request gnutls/gnutls!1020
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac: Add 3.0 to 'GUILE_PKG', as well as the
previously-supported versions.
* doc/gnutls-guile.texi (Guile Preparations): Update list of supported
versions.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|/
|
|
|
|
|
|
| |
This makes sure we don't load the user's ~/.guile.
* doc/Makefile.am (GUILE_FOR_BUILD): Pass '-q'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\
| |
| |
| |
| | |
maint: Include Guile's M4 macros.
See merge request gnutls/gnutls!1061
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| | |
as well.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| | |
'configure'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures 'GUILE_PKG' & co. behaves as we want. Previously we had
problem in CI when using 'guile.m4' coming from potentially old distro
packages, as discussed in issue !1020:
https://gitlab.com/gnutls/gnutls/merge_requests/1020#note_194443890
* m4/guile.m4: New file, from Guile's 'stable-2.2' branch,
commit 9846178c69445142ef0b9432417453d2d4de6635.
* .x-sc_prohibit_test_minus_ao: New file.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Do not forbid excess random padding in TLS1.x CBC ciphersuites
Closes #811
See merge request gnutls/gnutls!1054
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The atypical padding check is complementary to the existing
GnuTLS 2.12.x interop test.
This commit also upgrades to the latest version, and adds new TLS1.3
tests as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since some point in 3.6.x we updated the calculation of maximum record size,
however that did not include the possibility of random record padding available
for CBC ciphersuites which exceeds the maximum. This commit allows for larger
sizes for these ciphersuites to account for random padding as applied by
gnutls 2.12.x.
Resolves: #811
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
| |
| |
| |
| |
| | |
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
gnutls_int.h: make DECR_LEN neutral to signedness
See merge request gnutls/gnutls!1056
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
DECR_LEN was previously implemented in a way that it first decrements
the given length and then checks whether the result is negative. This
requires the caller to properly coerce the length argument to a signed
integer, before invoking the macro.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
priority: fix loop which removes systemwide disabled KX algos
See merge request gnutls/gnutls!1064
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fix c&p error in KX-removal loop.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
gnutls-cli-debug: fix early break for no version supported check
See merge request gnutls/gnutls!1063
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently gnutls-cli-debug code hardodes index of tests, after which it
will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
the server. However this number is hardcoded and thus easy to break.
This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
Two tests were added in front of tests lists without updating this
index.
So let's make this check robust by adding another test which will return
fatal error if no known protocols are supported. While we are at it,
also simplify tests loop by removing internal loop completely and
controlling opening/closing a socket with a flag.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Raw public key fuzzing tests
Closes #687
See merge request gnutls/gnutls!1062
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
guile: Update the list of certificate status values.
See merge request gnutls/gnutls!1060
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* guile/modules/gnutls/build/enums.scm (%certificate-status-enum): Add
'gnutls_certificate_status_t' values that were missing.
* guile/src/core.c (scm_gnutls_peer_certificate_status): Add
'MATCH_STATUS' clauses to handle them.
* guile/modules/gnutls.in: Export them.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ \
| | |
| | |
| | |
| | | |
Fix typo in gnutls_db_set_cache_expiration() docs
See merge request gnutls/gnutls!1057
|
|/ /
| |
| |
| |
| |
| | |
21600 seconds is six hours.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
crypto-api: add gnutls_aead_cipher_{en,de}cryptv2
Closes #718
See merge request gnutls/gnutls!1052
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
gnutls_aead_cipher_decrypt(), that works on data buffers.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This replaces the macros AUTH_UPDATE and ENCRYPT used in
gnutls_aead_cipher_encryptv() with the iov_iter interface.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
This adds an iterator interface over giovec_t array, extracting a
fixed sized block.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
pk: implement deterministic ECDSA/DSA for provable signing
Closes #94
See merge request gnutls/gnutls!1051
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This exposes the deterministic ECDSA/DSA functionality through the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|