| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Extract internal functions used by both PKCS#12 and PKCS#8 to handle
PBE-based encryption of the data.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Use _gnutls_pkcs7_en/decrypt_int() to implement
_gnutls_pkcs_raw_en/decrypt_data().
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Add support for parsing, decrypting and encrypting EncryptedData
PKCS7/CMS files.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Add SEQUENCE for RC2 CBC parameters. It includes IV and a magic
describing RC2 key bits.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Move functions that write PKCS7 attributes to pkcs7-attrs.c, they will
be reused by encrypted/enveloped files support.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
| |
Add function returning gnutls_cipher_algorithm_t by corresponding OID.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
| |
Add support for creating and verifying DigestedData CMS files.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
As a first step towards supporting different PKCS7 content types, add
support for plain Data Content Type.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Rename data fields to use word 'content' rather than 'signed'. Other
PKCS#7 types have different usage types for these data elements.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
| |
Rearrange functions splitting pkcs7 signed support to separate file.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| | |
cipher: Ensure correct alignment
See merge request gnutls/gnutls!1633
|
| | |
| |
| |
| |
| |
| | |
Unsigned math is required to calculate the current alignment.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
|
| |/
|
|
|
|
|
|
|
| |
According to RFC9622 4.2, the "tls-exporter" channel binding is only
usable when the handshake is bound to a unique master secret. This
adds a check whether either TLS 1.3 or extended master secret
extension is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
accelerated: clear AVX bits if it cannot be queried through XSAVE
Closes #1282
See merge request gnutls/gnutls!1631
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
Architectures Software Developer’s Manual".
GnuTLS previously only followed that algorithm when registering the
crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
that the extension bits are propagated to _gnutls_x86_cpuid_s.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| | |
Closes #1398
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
|
| |\ \
| | |
| | |
| | |
| | | |
restrict allowlisting api to before priority string initialization
See merge request gnutls/gnutls!1533
|
| | | |
| | |
| | |
| | |
| | |
| | | |
(in a separate commit so that it's easier to compare)
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
fips: mark RSA SigVer operation approved for known modulus sizes
See merge request gnutls/gnutls!1630
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
SP800-131A rev2 suggests certain RSA modulus sizes under 2048
bits (1024, 1280, 1536, and 1792) may continue to be used for
signature verification but not for signature generation. This loosen
the current service indicator report to approve them.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Previously we checked RSA modulus size clamped to byte unit instead of
bits. This makes the check stricter by explicitly calculating the
modulus size in bits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clang 15 made "incompatible pointer to integer conversion" an error
instead of a plain warning. This fixes errors like these:
system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion]
HCRYPTHASH hHash = NULL;
^ ~~~~
Signed-off-by: Martin Storsjo <martin@martin.st>
|
| |/
|
|
| |
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In
the decryption code path with PBES1, algorithm checks for FIPS was not
applied, because it used internal functions that bypass those checks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
| |
Signed-off-by: Simon Josefsson <simon@josefsson.org>
|
| |
|
|
|
|
|
|
|
|
| |
session->internals.pull_func is set to system_read during gnutls_init()
so check for user set pull/push function added in commit mentioned
bellow will never pass.
source: 2d3cba6bb21acb40141180298f3924c73c7de8f8
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |\
| |
| |
| |
| | |
Make gnutls-cli work with KTLS
See merge request gnutls/gnutls!1617
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If gnutls_transport_set_pull_function or
gnutls_transport_set_push_function is used, we can't assume the
underlying transport handle is an FD.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
|
|
|
|
|
|
| |
This adds a couple of functions gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3, which add or remove padding as necessary if
the length of the plaintext is not a multiple of the block size.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\
| |
| |
| |
| |
| |
| | |
Suppress compile time warnings on Fedora 36
Closes #1386
See merge request gnutls/gnutls!1606
|
| | |
| |
| |
| |
| |
| | |
Spotted by gcc-analyzer 12.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| | |
Signed-off-by: Brad Smith <brad@comstyle.com>
|
| | |
| |
| |
| |
| |
| |
| | |
According to SP800-38D 5.2.1.1, input data length of AES-GCM
encryption function must be less than or equal to 2^39-256 bits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Self-test code exercise lots of different FIPS-related code with
side-effects. So, in order to prevent it from losing information when
executing inside another context, we create an appropriated one.
If the self-test fails, then the library is placed in error state, so it
doesn't matter for other contexts.
Signed-off-by: Richard Maciel Costa <richard.costa@suse.com>
|
| |/
|
|
|
| |
Co-authored-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |\
| |
| |
| |
| | |
Minor fixes on KTLS
See merge request gnutls/gnutls!1604
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the
same socket is used for both sending and receiving, GNUTLS_KTLS_SEND
was unconditionally set. This fixes the conditions and also adds more
logging.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| | |
| |
| |
| |
| |
| |
| | |
As gnutls_handshake can be repeatedly called upon non-blocking setup,
we shouldn't try to call setsockopt for KTLS upon every call.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |\ \
| | |
| | |
| | |
| | | |
nettle: restrict output size of HKDF-Expand to 255 * HashLen
See merge request gnutls/gnutls!1602
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RFC 5869 2.3 requires that requested output length of HKDF-Expand to
be equal to or less than 255 times hash output size.
Inspired by the report by Guido Vranken in:
https://lists.gnupg.org/pipermail/gcrypt-devel/2022-June/005328.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |/
|
|
|
|
|
|
|
|
| |
Previously, the only way to monitor the FIPS context transtion was to
increase logging level to debug (2), which produces unrelated output.
This changes the minimum logging level to audit (1) for when the
transition happens.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
KTLS will be disabled by default when build with `--enable-ktls` to
enable it, use config file option `ktls = true` in [global] section.
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS140-3 IG 10.3.E Periodic Self-Testing says:
At security levels 1 and 2, acceptable means for initiating the
periodic self-tests include a provided service, resetting, rebooting
or power cycling.
Neither resetting, rebooting, nor power-cycling is suitable because
those involve operations outside of the module. Therefore this patch
adds a new API to manually run the substance of FIPS140 self-tests.
Suggeested by Richard Costa and Stephan Mueller in:
https://gitlab.com/gnutls/gnutls/-/issues/1364
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
