- 07 Dec, 2018 1 commit
-
-
Dmitry Eremin-Solenikov authored
Fix gnutls_handshake_set_timeout() for values < 1000 See merge request !834
-
- 06 Dec, 2018 1 commit
-
-
Tim Rühsen authored
handshake-timeout.c now tests for <1000ms timeout and for >=1000ms timeout. The test duration decreased from 45s to 1.2s. Signed-off-by:Tim Rühsen <tim.ruehsen@gmx.de>
-
- 05 Dec, 2018 2 commits
-
-
Nikos Mavrogiannopoulos authoredbootstrap: only update the required submodules for building See merge request !836
-
Nikos Mavrogiannopoulos authored
Although we have few submodules they are not all required for building and testing. This patch modified bootstrap.conf not to update all of them, but only the necessary for building and testing. Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com>
-
- 02 Dec, 2018 1 commit
-
-
- 01 Dec, 2018 3 commits
-
-
Andreas Metzler authored
Signed-off-by:Andreas Metzler <ametzler@bebt.de>
-
-
-
- 30 Nov, 2018 6 commits
-
-
Simo Sorce authoredThis patch tries to make the code have the same time and memory access aptterns across all branches of the decryption function so that timining or cache side channels are minimized or neutralized. To do so it uses a new nettle rsa decryption function that is side-channel silent. Signed-off-by:
Simo Sorce <simo@redhat.com> -
Nikos Mavrogiannopoulos authored
Signed-off-by:Nikos Mavrogiannopoulos <nmav@redhat.com> -
Nikos Mavrogiannopoulos authored
Fixed the documentation of the function to reflect reality. This function did not accept the GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro. Signed-off-by:Nikos Mavrogiannopoulos <nmav@redhat.com> -
-
-
Nikos Mavrogiannopoulos authored
DRBG: Remove all traces of FIPS 140-2 continuous self test See merge request !820
-
- 29 Nov, 2018 4 commits
-
-
-
Dmitry Eremin-Solenikov authored
It looks like Mac OS X's grep has issues with applying basic regexps with alternation operator inside. Use several grep calls in pipeline to achieve the same result. Signed-off-by:Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-
Dmitry Eremin-Solenikov authored
Signed-off-by: -
Dmitry Eremin-Solenikov authored
lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA Closes #626 See merge request !823
-
- 28 Nov, 2018 3 commits
-
-
Dmitry Eremin-Solenikov authored
pkcs11 support code uses several definitions from forthcoming PKCS#11 standard version. Older p11-kit versions do not provide these definitions. Detect and disable code supporting EdDSA if compiling GnuTLS with older p11-kit library. Closes #626Signed-off-by:
-
-
Dmitry Eremin-Solenikov authored
Use --outfile instead of output redirection to stop CR from sneaking into temp file. Extra CR symbols make grep choke on that file. Signed-off-by:
-
- 27 Nov, 2018 6 commits
-
-
Stephan Mueller authored
Due to removing all of the FIPS 140-2 continuous self test leftovers, the DRBG test vector must be updated as the very first DRBG block is not dropped any more. The test complies with the CAVP test definition specified in "The NIST SP 800-90A Deterministic Random Bit Generator Validation System (DRBGVS)" section 6.2. The test vector is obtained during a successful trial run using the NIST ACVP server. The following registration was used to generate the test vector: { "algorithm":"ctrDRBG", "prereqVals":[ { "algorithm":"AES", "valValue":"same" } ], "predResistanceEnabled":[ false ], "reseedImplemented":true, "capabilities":[ { "mode":"AES-256", "derFuncEnabled":false, "entropyInputLen":[ 384 ], "nonceLen":[ 0 ], "persoStringLen":[ 0, 256 ], "additionalInputLen":[ 0, 256 ], "returnedBitsLen":512 } ] }, Signed-off-by:Stephan Mueller <smueller@chronox.de>
-
Nikos Mavrogiannopoulos authored
This fixes a truncation issue in session description information printing for certain ciphersuites, and adds a limited testing of expected description strings for certain ciphersuites. Signed-off-by:Nikos Mavrogiannopoulos <nmav@redhat.com> -
-
Nikos Mavrogiannopoulos authored
Prevent applications from combining legacy versions of TLS with TLS1.3 Closes #621 See merge request !815
-
Nikos Mavrogiannopoulos authored
It can happen that an application due to a misconfiguration, enables TLS1.3 in combination with TLS1.0 or TLS1.1 only. In that case a server which is unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol instead and that answer will be rejected by the client. With this change we ensure that TLS1.3 is not enabled in these problematic scenarios. Resolves: #621Signed-off-by:
Nikos Mavrogiannopoulos <nmav@redhat.com> -
Dmitry Eremin-Solenikov authored
certtool: don't output textual information if --no-text was given Closes #487 See merge request !810
-
- 26 Nov, 2018 10 commits
-
-
Dmitry Eremin-Solenikov authored
Signed-off-by: -
Dmitry Eremin-Solenikov authored
Disable text output if --no-text option was given for --p7-info and --p12-info. Signed-off-by: -
Dmitry Eremin-Solenikov authored
Print all pkcs12-info output to outfile, rather than stderr. Signed-off-by: -
Dmitry Eremin-Solenikov authored
Signed-off-by: -
Dmitry Eremin-Solenikov authored
Change privkey/certificate/CRL/CSR handling to disable text output if --no-text option was given. Closes #487Signed-off-by:
-
Stefan Berger authored
Use kill_proc to terminate a process by first sending it SIGTERM, waiting max. 1 second and then use SIGKILL. Signed-off-by:Stefan Berger <stefanb@linux.ibm.com>
-
Stefan Berger authored
The dash shell doesn't seem to understand &>/dev/null, so use >/dev/null to quiet down the help screen check. Signed-off-by: -
-
Daiki Ueno authored
Signed-off-by:Daiki Ueno <dueno@redhat.com>
-
Daiki Ueno authored
Signed-off-by:
-
- 25 Nov, 2018 1 commit
-
-
Stephan Mueller authored
The removal allows the CAVS / ACVP test required for a successful FIPS 140-2 validation to pass. Signed-off-by:
-
- 24 Nov, 2018 2 commits
-
-
Daiki Ueno authored
Signed-off-by: -
Tim Rühsen authored
Signed-off-by:
-
