| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
This step is required both in tags and commit runs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
| |
That prevents returning NULL to functions which require a string.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
|
|
| |
It was pointed out by morozov@eags.ru.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal
run (when library is compiled with FIPS140-2 support but not enabled
on run time), and also run tests under a run-time that simulates
FIPS140-2 support.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This allows the test suite to be run in FIPS140-2 mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This is affected utilization of generated RSA keys under FIPS140-2 mode
which utilizes provable generation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
These certificates contain invalid secret key sub-packets.
These trigger invalid memory accesses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reduces the attack surface on the parsers, and prevents any bugs
in the secret key parser to be exploitable by inserting secret key
sub-packets into an openpgp certificate.
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
That also removes the incorrect mapping to IDNA punycode when the
input is not printable.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This allows reading longer than 128-byte fields interactively.
The new limit is 512-bytes.
Relates #179
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, fix a bug which prevented critical extensions to be stored
if no other free-form extensions were specified.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
That was defined to be gnutls_certificate_verify_flags, and
it allows passing verification flags, such as flags to allow
broken algorithms.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is done at is_broken_allowed(), and in fact checking them in
is_level_acceptable() creates a conflict when overrides like flag
GNUTLS_VERIFY_ALLOW_BROKEN is used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This flag allows operation of the function even with broken algorithms.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
This triggers an invalid memory access:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
That ensures that there is no read past the end of buffer.
Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
Relates: #159
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, if --starttls-proto is provided the default port
selected will be converted to host byte order as expected.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, instead of the public key ID. The key PIN due to HPKP
is now more widely used than hex-based key IDs.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, print the value used by the HPKP protocol as per
RFC7469.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
This introduces a test on PIN input to retrieve an object using
pin-value and pin-source (file).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
|
|
|
| |
Reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=1425884
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
We do not require a specific stack size, and there is legacy
code which utilizes large stack sizes. As such remove the
warnings to allow for a warning free compilation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
That triggers a heap buffer overflow:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
