| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This new gnulib check does not work with GNU awk 5.0.1 and GNU make 4.2.1.
References:
https://lists.gnu.org/archive/html/bug-gnulib/2019-05/msg00095.html
https://lists.gnu.org/archive/html/bug-gnulib/2019-06/msg00040.html
https://lists.gnu.org/archive/html/bug-gnulib/2019-07/msg00046.html
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes #926
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
testcompat-openssl: improve testing against secured OpenSSL versions.
See merge request gnutls/gnutls!1168
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
In Debian, and soon Ubuntu, OpenSSL is compiled with SECLEVEL=2 and
requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
and thus enabling testing more compatability combinations.
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
| |\ \
| |/
|/|
| |
| | |
nettle/gost: gost28147: require calling set_param before set_key
See merge request gnutls/gnutls!1188
|
| | |
| |
| |
| |
| |
| |
| | |
Require selecting parameter set before setting the key. There is no need
to provide default setting, if a param is always selected anyway.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
crypto-api: add generic crypto functions for KDF
Closes #851 and #813
See merge request gnutls/gnutls!1186
|
| | |
| |
| |
| |
| |
| |
| | |
The MAC algorithm used in the PBKDF2 is actually prohibited in the
FIPS mode and previously there wasn't a check for that.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This exposes HKDF and PBKDF2 functions from the library. Instead of
defining a single KDF interface as in PKCS #11, this patch defines 3
distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2
derivation, so that we can take advantage of compile time checking of
necesssary parameters.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
session_pack: fix leak in error path
See merge request gnutls/gnutls!1185
|
| |/
|
|
|
|
|
| |
If called at the wrong time, it allocates the buffer sb and forgets to
clear it.
Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
nettle/gost: support use GOST DSA support from master branch
See merge request gnutls/gnutls!1183
|
| | |
| |
| |
| |
| |
| | |
Use GOST DSA and GOST curves provided by Nettle's master branch.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
pkcs12: do not go try calculating pbkdf2 with 0 iterations
See merge request gnutls/gnutls!1182
|
| | |/
| |
| |
| |
| |
| |
| | |
Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to
GnuTLS PKCS12 GOST code to check that iter is not 0.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \
| |/
|/|
| |
| | |
add support for local threads with studio and ibm compilers
See merge request gnutls/gnutls!1181
|
| |/
|
|
| |
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
|
| |\
| |
| |
| |
| | |
Avoid pushd/popd bashism in testsuite
See merge request gnutls/gnutls!1180
|
| | |
| |
| |
| | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
| |
This test requires a TLS-1.3-only server as its tests clash with
extensions supported by a TLS-1.2 server. Ensure that the extensions
that overlap with TLS-1.2 are not manipulated as we don't have
a pure TLS-1.3-only implementation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Use 'make -j' with higher values for CI builds and tests
Closes #897
See merge request gnutls/gnutls!1154
|
| | |
| |
| |
| |
| |
| | |
This fixes issues on the CI cross-runners with 'make -jN', N > 1.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| |
| |
| |
| | |
This speeds up the Gitlab CI runners. E.g. measured timings of the
Debian.x86_64 runner show ~40% speedup (down from 38 to 23 minutes).
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
tlsfuzzer: updated to latest upstream
Closes #907
See merge request gnutls/gnutls!1179
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds new tests, reduces running time, and removes test-tls13-obsolete-curves.py.
The latter introduced too pendantic tests on curves we don't implement,
and requires significant changes to passing with limited benefit. For example
it requires the server to error on mismatching entries (and we simply ignore
them). As its value is low (we do not target to be a reference implementation
for testing broken clients), it was removed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
| |
On unknown curves or illegal parameters, make sure we return the
right error code which will translate to the appropriate alert.
Resolves: #907
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
fuzz: update ed448 fuzzer traces and other fuzz improvements
See merge request gnutls/gnutls!1177
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The fuzzer files for ed448 were the reverse for client and server.
Enhanced the fuzzer tools to run a single fuzzer, and added more
clear documentation on how to generate and manually test the fuzzer
outputs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| |/
|/|
| |
| | |
Create files in gl/ licenced lgpl2+ instead of lgpl3+
See merge request gnutls/gnutls!1178
|
| |/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| | |
lib/nettle/gost: restore compatibility with nettle master
See merge request gnutls/gnutls!1176
|
| | |
| |
| |
| |
| |
| |
| | |
Remove --disable-gost switch from the test using Nettle's master branch
as GnuTLS is now compatible again with nettle/master.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |/
|
|
|
|
| |
Use newer format of ecc curve data if curve448 support is detected.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
There are shared windows runners in gitlab, that will fail
running our jobs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
x509: include digestParamSet into GOST 512-bit curves A and B params
See merge request gnutls/gnutls!1173
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Old implementations do not understand PublicKeyParams with omitted
digestParamSet. So include the field for old 512-bit curves to improve
compatibility with old implementations.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
algorithms: implement X448 key exchange and Ed448 signature scheme
See merge request gnutls/gnutls!984
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
