| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This is a behavioral change of the API but it conforms to
the RFC4648 expectations.
Resolves: #834
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This commit was breaking CI on FreeBSD systems.
This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Previously we would omit the CRL distribution points from a non-self
signed CA certificate, even if contained in the template.
Resolves: #765
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
That allows running the tests individually without make or setting
top_builddir variable.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
If a gnutls_prf*() function is called before the handshake is completed,
return GNUTLS_E_INVALID_REQUEST instead of crashing.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
|
|
|
|
|
|
| |
This seems to have impacted windows compilation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
It cannot be compiled in f30.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Fix curve size being incorrectly set to 64 instead of 32 for several
GOST curves.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
| |
GnuTLS is depending already on uint64_t being a properly defined type.
So there is no need to have a special byte-array type for 8-byte
integers. Use uint64_t instead, thus simplifying a code quite heavily.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
prf: add Streebog PRF support
See merge request gnutls/gnutls!1088
|
| |
| |
| |
| |
| |
| |
| | |
Add support and tests for PRF generated using both Streebog versions.
This is necessary for adding GOST TLS ciphersuites support.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
session tickets: parse extension during session resumption
Closes #841
See merge request gnutls/gnutls!1087
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is possible for a server to send a new session ticket during
TLS1.2 resumption. To be able to parse it as client we need to
check the extension during resumption as well.
Resolves: #841
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
P11tool improvements
See merge request gnutls/gnutls!1071
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Verify some of PKCS#11 mechanism flags.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
tests/psk-file: fix heizenbug in last test
See merge request gnutls/gnutls!1090
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently last test case in psk-file expects that the server will
terminate connection with fatal error and close connection. Client will
receive GNUTLS_E_PUSH_ERROR error. However on slow boxes (or under qemu)
client is able to receive server's fatal alert thus returning unexpected
error. To make this behaviour predictable make server wait for client to
read all data and actually close connection on it's own.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Correct GOST server certificates:
- use only Digital Signature Key Usage,
- use new format for 512-bit curve key and certificate.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|/
|
|
|
|
| |
Add certificate example using simplified (new) GOSTParameters structure.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers
See merge request gnutls/gnutls!1085
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, those functions failed to write the output to the buffers
if the buffer length is not multiple of cipher block size. This makes
sure that the cached data is always flushed.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This eliminates the need of special handling of final block. Also
adds more tests in exceptional cases.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
| |
gnutls-serv.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
|
|
| |
Test was renamed from mini-alignment to cipher-alignment.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
|
|
|
|
|
|
| |
Resolves: #840
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
x509: add support for Russian extensions defined for qualified certificate
See merge request gnutls/gnutls!1075
|
| |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \
| | |
| | |
| | |
| | | |
tests: add verbose logging to server-kx-neg tests
See merge request gnutls/gnutls!1078
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for verbose logging to tls*-server-kx-neg tests.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
ocsp: test suite and doc improvements
Closes #836
See merge request gnutls/gnutls!1066
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This checks whether gnutls_ocsp_status_request_is_checked() is functional
on server-side verification.
Relates: #829
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This tests gnutls_certificate_verify_peers2() operation in server
side.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
This ensures that this function has functional tests.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ext/supported_versions: reorder client precedence if necessary
Closes #837
See merge request gnutls/gnutls!1074
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
If the client advertises TLS < 1.2 before TLS 1.3 and the server is
configured with TLS 1.3 enabled, the server should select TLS 1.3;
otherwise the client will disconnect when seeing downgrade sentinel.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When TLS1.3 was introduced, gnutls_session_get_data2 was modified
to assume that the callbacks set included the timeout one which was
not previously necessary except for some special cases. This corrects
that issue and makes sure that gnutls_session_get_data2() does not
fail (but not necessarily succeed), if that timeout callback is not
set.
Resolves: #823
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
That is, ensure that the registered cipher is called at least
once in the program. That is, to make this test fail if the registration
API ever become deprecated/no-op.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, it no longer uses the deprecated API, and it is also
removed to cipher-alignment for clarity.
Resolves: #835
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Based on the relicense of the original project:
https://github.com/Pkcs11Interop/pkcs11-mock
Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The atypical padding check is complementary to the existing
GnuTLS 2.12.x interop test.
This commit also upgrades to the latest version, and adds new TLS1.3
tests as well.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This enables this test in debian build.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and
gnutls_aead_cipher_decrypt(), that works on data buffers.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
| |
This adds an iterator interface over giovec_t array, extracting a
fixed sized block.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|