| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
In GnuTLS 3.6.0 we dropped support for openpgp keys, however
the CTYPE-OPENPGP is often seen in applications, sometimes
as -CTYPE-OPENPGP to ensure it is not enabled. We simply
ignore this priority string when seen, to avoid preventing
these applications from running.
Resolves #593
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
gnutls_priority_set: do not override the version after handshake is complete
See merge request gnutls/gnutls!777
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The sanity tests we moved prior to setting these priorities
and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned
consistently to indicate that the existing priorities were not
overwritten.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
When an application would re-set priorities prior to a rehandshake
we would override the negotiated version with the highest supported,
something which may lead to issues. This disables that unnecessary
version override. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1634736
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This makes it in par with gnutls-cli.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
gnutls-cli: reduce printed session information
See merge request gnutls/gnutls!784
|
| |
| |
| |
| |
| |
| |
| |
| | |
When connecting to a server we were printing a lot of duplicate
information that was already part of the "Description" string.
No longer print that information unless --verbose is given.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
self-tests: add GOST public key tests
Closes #492
See merge request gnutls/gnutls!788
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Test vectors provided in standard are not that usefull (they use
unsupported curves with a != -3), so these test vectors were generated
by hand.
Fixes #492
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for AES CMAC mac
Closes #351
See merge request gnutls/gnutls!786
|
| | |
| | |
| | |
| | | |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If nettle's CMAC is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
Selftests for symmetric GOST algorithms
See merge request gnutls/gnutls!787
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add tests for:
- GOST 28147-89 CFB cipher
- GOST R 34.11-94 hash function
- Streebog-256/-512 hash functions
- HMAC using GOST R 34.11-94/Streebog functions
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
gost28147-89 code contained c&p error, which resulted in using S-BOX
CryptoPro-A instead of -B, -C, -D. Fix that.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for AES CFB8 cipher
Closes #357
See merge request gnutls/gnutls!783
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If nettle's CFB8 is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
TLS 1.3: calculate ticket age based on higher precision time
See merge request gnutls/gnutls!785
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, the server treated the condition as error, while it is
possible that ob_ticket_age may have wrapped round by 2^32.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously we calculated ticket age from the current wall clock in
seconds, multiplying by 1000. This is conceptually wrong, because
ticket age is designed to be in milliseconds.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While gettime() is extensively used in the code, the library
previously hadn't provided a way to replace it for testing. This adds
a new internal function _gnutls_global_set_gettime_function and makes
use of it through virt-time.h.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ /
| |
| |
| |
| |
| | |
This is consistent with the coding guideline.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
fips140: aligned code with documentation
See merge request gnutls/gnutls!781
|
| |
| |
| |
| |
| |
| |
| | |
That is, we introduce the documented but unimplemented macros
GNUTLS_FIPS140_SET_LAX_MODE() and GNUTLS_FIPS140_SET_STRICT_MODE().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
p11tool: fix admin user PIN initialization
Closes #561
See merge request gnutls/gnutls!776
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Previously we would call gnutls_pkcs11_token_set_pin() without an
old PIN provided, which will result to the use of C_InitPIN() on the
underlying module. The C_InitPIN() in contrast with C_SetPIN() will
only work for the user and not for the administrator. As such, we
always provide the oldpin for when we change the admin's PIN.
Resolves #561
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Cleanup and fixes
Closes #453
See merge request gnutls/gnutls!779
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| |
| |
| | |
consistency reasons with its client couterpart.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| |
| |
| | |
certificate_credential_append_keypair().
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
update tlsfuzzer scripts to latest version
Closes #591
See merge request gnutls/gnutls!774
|
| |
| |
| |
| |
| |
| | |
Resolves: #591
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|