| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When checking datefudge availability under cross-compiling environment
with a binfmt wrapper, it is not sufficient to check against the host
executable. This instead uses a test executable compiled for the
target architecture.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds --keymatexport and --keymatexportsize options to both
gnutls-serv and gnutls-cli. Those would be useful for testing
interoperability with other implementations.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a new function gnutls_prf_early, which shall be called in a
handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test
needs to be run in a datefudge wrapper as the early secrets depend on
the current time (through PSK).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
TLS 1.3 Early Secret and the derived keys are calculated upon a PSK
being selected, thus the code fits better in ext/pre_shared_key.c.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Use libabigail for tracking ABI changes
See merge request gnutls/gnutls!972
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These have output ABI format compatibility and that means we can
take snapshots to test ABI against. We also hard-code explicitly
the SONAME version to ensure no accidental SONAME bumps happen.
This patch also moves symbols.last in the devel/ subdirectory
and no internal files are shipped.
Relates: #292
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This was available before 3.6.4, and was incorrectly removed.
It was found using libabigail tools.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
doc: Add documentation for GNUTLS_CERT_IGNORE
See merge request gnutls/gnutls!983
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Extend test cert to 2049-05-27
See merge request gnutls/gnutls!979
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
instead of expiring in 2024-02-29
This update did not trigger y2038 bugs on 32-bit systems.
Without this patch, one test fails after 2024:
doit:124: rsa pss key: gnutls_x509_crt_verify_data2 |
FAIL x509sign-verify (exit status: 1)
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Fix WIN32 custom push/pull functions
Closes #751
See merge request gnutls/gnutls!978
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Reported-by: J. Ali Harlow (@j_ali on Gitlab.com)
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
Fix link errors with gcc-9
See merge request gnutls/gnutls!966
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against
libcrypto. This fixes a build error with gcc9 which passes the linker
option --as-needed by default.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gnutls_cipher_suite_get_name and gnutls_session_get_master_secret
are marked as TLS1.2 or earlier-only as they cannot be used with
TLS 1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
They served no purpose.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/ /
| |
| |
| |
| |
| |
| | |
That is because the same variable name is used by local
variables as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
tests: fix race condition in tls13/post-handshake-with-cert-pkcs11
See merge request gnutls/gnutls!977
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The test had a strange setup of server/client processes: the server
runs in a child process and the client runs in a parent process. The
intention behind this was to detect softhsm availability in the parent
process and exit with 77 if missing. However, there was a potential
race when the server exits and proceeds to the next call of start().
This fixes the process setup and moves the softhsm detection at the
program startup.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
build: allow override guile system location
Closes #748
See merge request gnutls/gnutls!968
|
| | |
| | |
| | |
| | |
| | |
| | | |
Reduce confusion between the upstream terms and the gnutls terms.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
guile has three settings acquired from system:
* GUILE_SITE
* GUILE_SITE_CCACHE
* GUILE_EXTENSION
The <guile-2.2 m4 macro exposed only GUILE_SITE while build tried to guess the
other variables based on the $libdir of the gnutls which may be different.
The >=guile-2.2 m4 macro provides all settings for build to use as default,
while allowing to override each.
Resolves: #748
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\ \
| |/
|/|
| |
| | |
Pass CI commit check if branches are 'even'
See merge request gnutls/gnutls!975
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| |/
|/|
| |
| | |
tests: cert-tests: crl: cleanup files
See merge request gnutls/gnutls!973
|
|/
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\
| |
| |
| |
| | |
ci: refresh the cache due to failures in debian
See merge request gnutls/gnutls!974
|
|/
|
|
| |
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
CONTRIBUTING.md: document unit testing method of internal functions [ci skip]
Closes #749
See merge request gnutls/gnutls!971
|
|/
|
|
|
|
| |
Resolves: #749
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
cert auth: reject auth if no signature algorithm is usable in TLS 1.3
Closes #730
See merge request gnutls/gnutls!967
|
| |
| |
| |
| |
| |
| |
| | |
This adds a test that exercise the client's auth rejection logic,
using the RSA-PSS disabled PKCS #11 token.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the
use of the CKM_RSA_PKCS_PSS mechanism. That way we can simulate the
situation where the certificate is RSA while the private key cannot be
used for RSA-PSS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, when there is no overlap between usable signature
algorithms and the "signature_algorithms" extension in Certificate
Request, the client failed in sending Certificate Verify, followed by
a connection close. In TLS 1.3, it is possible to keep the connection
but reject the authentication by not sending Certificate Verify.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Previously, while the flag HSK_CRT_SENT was checked in
_gnutls13_send_certificate_verify, the flag was never set anywhere.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
nettle: include config.h before checking for definitions
See merge request gnutls/gnutls!970
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This makes sure that we don't include the internal backport
if compiled with a version of nettle that includes that code.
We also exclude nettle/backport from the static analyzer's list
as it contains files outside our control (from nettle project).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
[OSCP] Fix : null pointer resp
See merge request gnutls/gnutls!969
|
| | |
| | |
| | |
| | | |
Signed-off-by: Elta Koepp <elta_koepp@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we
don't need to zero it again via a volatile trick later in this function.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
|
| |
| |
| |
| |
| |
| | |
That is, because there are no diffs to check.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
Fix check_if_signed
See merge request gnutls/gnutls!964
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the target branch we check against by adding upstream as remote.
Drop the use of set -e as this causes the shell to immediately exit on
errors instead of allowing the code to check the failure and report what
it faled about.
Also print which commits are being checked and what information was found
so that a CI failure can be better diagnosed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
|
| |
If nettle's XTS is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|