Tmp fix macosx link #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In wrap_nettle_pk_generate_keys() set params->algo before calling pct_test() as GOST sign/verify use that field. Reported-by: Daiki Ueno Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation See merge request gnutls/gnutls!1159
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Fix tests execution when FIPS mode is compiled but not enforced. See merge request gnutls/gnutls!1164
Extend GOST priority settings and documentation See merge request gnutls/gnutls!1160
Add test counting GOST ciphersuites and ciphers available. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
tests/priorities: add tests for GOST ciphersuites enablement See merge request gnutls/gnutls!1166
gnutls-cli: Log all stapled OCSP responses when running with --verbose See merge request gnutls/gnutls!1165
tests: replace invalid extension OIDs with valid ones See merge request gnutls/gnutls!1153
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
libgnutls: Add system-wide default-priority-string override. See merge request gnutls/gnutls!1158
In client side ensure we see a request for OCSP from servers before sending one. Relates: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
When gnutls-cli-debug is run on systems where a particular algorithm is disabled, ensure that we don't stop the testing; in that case we ignore the test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special function to generate MAC key. Pass correct key length (fixed to be 32) when generating PKCS#12 files protected with Streebog (currently it incorrectly uses 64 there). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and digest functions. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Old implementations do not understand PublicKeyParams with omitted digestParamSet. So include the field for old 512-bit curves to improve compatibility with old implementations. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
gnutls-cli-debug: ignore tests when algorithms are unavailable See merge request gnutls/gnutls!1170
fuzz in gost pkcs7/8/12 files See merge request gnutls/gnutls!1172
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
The TLS1.3 protocol requires the server to advertise an empty OCSP status request extension on its certificate verify message for an OCSP response to be sent by the client. We now always send this extension to allow clients attaching those responses. Resolves: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
x509: add OGRNIP DN entry definition used by qualified GOST certificates See merge request gnutls/gnutls!1174
tls13: fix issues with client OCSP responses Closes #876 See merge request gnutls/gnutls!1169
pkcs12: use correct key length when using STREEBOG-512 See merge request gnutls/gnutls!1171
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This is similar to the build/gnutls target in nettle's own gitlab CI. The only difference is that this will build/test all branches of GnuTLS against the master branch of nettle. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Otherwise the build process wouldn't be able to find -lgmp. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
New make target 'update-copyright-year' Closes #980 See merge request gnutls/gnutls!1241
nettle: expose SIV-CMAC through the AEAD interface Closes #974 and #463 See merge request gnutls/gnutls!1238
Nettle's RSA signing, encryption and decryption functions still require randomness for blinding, so fallback to use a fixed buffer in selftests where entropy might not be available. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This introduces the --waitresumption command line option which makes the client to wait for the resumption data until a ticket is received under TLS1.3. The client will block if no ticket is received. The new option has no effect if the option --resume is not provided. This is useful to force the client to wait for the resumption data when the server takes long to send the ticket, allowing the session resumption to be tested. This is a common scenario in CI systems where the testing machines have limited resources. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This introduces a wrapper for the CRYPTOGAMS AES-XTS implementation already present in the generated assembly code. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
gnutls-cli: Add option to wait longer for resumption data See merge request gnutls/gnutls!1232
accelerated: use AES-NI for AES-XTS when available See merge request gnutls/gnutls!1244
Make oid to name conversion functions generic enough by allowing caller to specify a pointer to OID table. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import. Add libtasn1 submodule to ease synchronization with libtasn1. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
fips: leftover fixes See merge request gnutls/gnutls!1243
Try printing symbolic names for well-known OIDs when printing PKCS7 signature info. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Basically export print_pkcs7_info() in a way usable by external applications. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Use new function to remove code duplication. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add ability to print names for several pre-defined Certificate policies. Currently the list is populated with anyPolicy from X.509 and CA/B policies. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add Russian Security Class certificate policies (per draft-deremin-rfc4491-bis). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
PKCS7 attribute printing update See merge request gnutls/gnutls!1246
Decode certificate policies OIDs See merge request gnutls/gnutls!1245
Always print authorityCertIssuer/SerialNumber. Currently it is output only if keyIdentifier is not present. Fixes #991 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Add support for Common Name certificate extension. Fixes #989 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Since 5d03564 we use CertOpenStore(). To properly link it needs to be linked with the crypt32.dll. https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore This library was missing from the pkg-config library. It exists in thirdparty_libadd to link gnutls as a DLL. Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
Instead of keeping the minitasn1 source in Git, vendor in it during bootstrap as we do with Nettle code. This also upgrades included minitasn1 to latest version (4.16.0). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
x509: aki: always print authorityCert info Closes #991 See merge request gnutls/gnutls!1249
x509: support commonName extension Closes #989 See merge request gnutls/gnutls!1250
Vendor-in libtasn1 sources in a form of minitasn1 See merge request gnutls/gnutls!1247
…s returned from the server check that ticket_len > 0 prior to calling gnutls_realloc_fast Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>
Update session_ticket.c to add support for zero length session tickets returned from the server See merge request gnutls/gnutls!1260
win32: link with crypt32 See merge request gnutls/gnutls!1257
Several Xcode/SDK versions provide FD_SET implementation that does not work with -no_weak_links. Check that this option does not break FD_SET usage. Fixes #966 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.