| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
| |
session->security_parameters.max_early_data_size is initially set to 0.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
[ci skip]
That clarifiesthe intention, and adds warning of using this flag when
multiple threads are involved. Based on suggestion by Michael Catanzaro.
Relates: #615
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
tests: tpm: Add a test case for tpmtool
See merge request gnutls/gnutls!807
|
| |
| |
| |
| | |
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|\ \
| | |
| | |
| | |
| | | |
Improve support of GOST private keys parsing
See merge request gnutls/gnutls!802
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use size_t for size variables instead of mp_limb_t (data type rather
than size type).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for yet another representation of GOST private keys:
LE-formatted number encoded into pkcs-8-PrivateKeyInfo.privateKey
without any additional encapsulation.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
New Russian reccomendation defines 'key masking' in the form of
several concatenated numbers, which must be multiplied modulo Q to get
private key.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
updates in anti-replay subsystem
Closes #610
See merge request gnutls/gnutls!805
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The new function was not sharing anything with the existing
gnutls_db_* backend, and moving it to anti_replay structure
is more clean and allows for deviations from the old API
conventions (e.g., now we can pass pointers for efficiency
and pass the expiration time as part of the call).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
| |
CMS specification explicitly allows BER encoding in CMS files. RFC 4134
example 4.5 uses BER indefinite encoding.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
tpm: Fix memory leak in encode_tpmkey_url
See merge request gnutls/gnutls!800
|
| |
| |
| |
| |
| |
| |
| |
| | |
When returning the key URL in encode_tpm_key_url we do not need to allocate
a separate buffer for the URL since we return the allocated buffer from
_gnutls_buffer_to_datum().
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
add support for 0-RTT
Closes #127
See merge request gnutls/gnutls!775
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements ClientHello recording outlined in section 8.2 of RFC
8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a way to store an entry if it is not found in the database,
so that the implementation can provide atomic test-and-set.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This would be particularly useful when the same database is used to
store long-lived TLS 1.2 session data and short-lived TLS 1.3
anti-replay entries. Note that the existing gnutls_db_check_entry
doesn't fit in this use-case, as it takes gnutls_session_t as the
argument.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed for implementing freshness checks outlined in 8.3 of
RFC 8446.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This introduces gnutls_record_get_max_early_data_size(),
gnutls_record_send_early_data(), and gnutls_record_recv_early_data()
functions.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This plumbers early data handling in the handshake processes, which
consists of:
- traffic key updates taking into account of client_early_traffic_secret
- early data buffering in both server and client
- the EndOfEarlyData message handling
- making use of max_early_data_size extension in NewSessionTicket
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
max_early_data_size sent as part of NST should be recorded and
restored when the session data is set back on the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "discard" label previously used assumes that the decrypted record
is already added to record_recv_buffer. It is not the case when
rejecting early data. Release the allocated memory manually and
return early.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary for handling early data. Previously,
_gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT,
while the client only sets EPOCH_WRITE_CURRENT when sending early
data. This allows caller to specify from which epoch the parameters
are copied.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is necessary to compute client_early_traffic_secret and
early_exporter_master_secret in TLS 1.3.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
.gitlab-ci.yml: move to fedora29 for CI
Closes #607
See merge request gnutls/gnutls!794
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| |
| |
| |
| | |
This was identified by clang analyzer's on _gnutls_x509_dn_to_string
and _gnutls_x509_decode_string.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| |
| |
| | |
gnutls_priority_init: ignore CTYPE-OPENPGP options
Closes #593
See merge request gnutls/gnutls!789
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In GnuTLS 3.6.0 we dropped support for openpgp keys, however
the CTYPE-OPENPGP is often seen in applications, sometimes
as -CTYPE-OPENPGP to ensure it is not enabled. We simply
ignore this priority string when seen, to avoid preventing
these applications from running.
Resolves #593
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|/
|
|
|
|
|
| |
Previously it had assumed that TLS 1.2 servers don't send the
extension, while actually it can be present in ServerHello.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The sanity tests we moved prior to setting these priorities
and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned
consistently to indicate that the existing priorities were not
overwritten.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When an application would re-set priorities prior to a rehandshake
we would override the negotiated version with the highest supported,
something which may lead to issues. This disables that unnecessary
version override. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1634736
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Test vectors provided in standard are not that usefull (they use
unsupported curves with a != -3), so these test vectors were generated
by hand.
Fixes #492
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
If nettle's CMAC is not available, use a vendored in version from master.
This is necessary as long as we need to link against 3.4 for ABI
compatibility reasons.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add tests for:
- GOST 28147-89 CFB cipher
- GOST R 34.11-94 hash function
- Streebog-256/-512 hash functions
- HMAC using GOST R 34.11-94/Streebog functions
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
gost28147-89 code contained c&p error, which resulted in using S-BOX
CryptoPro-A instead of -B, -C, -D. Fix that.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| |
| |
| | |
Add support for AES CFB8 cipher
Closes #357
See merge request gnutls/gnutls!783
|