Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: added a PKCS#8 encrypted key parsing test suite based on AFL [ci skip]tmp-afl | Nikos Mavrogiannopoulos | 2016-11-14 | 7 | -3/+116 |
| | | | | Relates #148 | ||||
* | tests: added a cert parsing test suite based on AFL [ci skip] | Nikos Mavrogiannopoulos | 2016-11-14 | 6 | -4/+119 |
| | |||||
* | tests: added a DN test suite based on AFL [ci skip] | Nikos Mavrogiannopoulos | 2016-11-14 | 10 | -0/+188 |
| | | | | | This is currently, expected to be run manually since AFL has infinite running time. | ||||
* | tests: added test suite with invalid PKCS#8 files | Nikos Mavrogiannopoulos | 2016-11-14 | 9 | -1/+53 |
| | |||||
* | PKCS#5,7 decryption: verify the correctness of padding | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -4/+16 |
| | | | | | | | That is, for block ciphers (i.e., cbc), verify that all the padding bytes match the expected contents according to RFC2898. Relates #148 | ||||
* | PKCS#5,7 decryption: added sanity check on padding size | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -2/+8 |
| | | | | Relates #148 | ||||
* | PKCS#5,7 decryption: fail without leak on unknown MAC | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -2/+4 |
| | |||||
* | PKCS#5,7 decryption: fail early on invalid block sizes | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -3/+13 |
| | |||||
* | PKCS#5,7 decryption: enforce limits in the support parameter sizes | Nikos Mavrogiannopoulos | 2016-11-14 | 3 | -12/+35 |
| | | | | | This allows to detect invalid parameters early rather than later. Relates #148 | ||||
* | updated auto-generated files for new functionstmp-rfc4514-updates | Nikos Mavrogiannopoulos | 2016-11-14 | 3 | -0/+28 |
| | |||||
* | pkcs7 output: use the new functions for DN output | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -1/+1 |
| | |||||
* | tests: account for the strict RFC4514 compliance reversal | Nikos Mavrogiannopoulos | 2016-11-14 | 2 | -4/+48 |
| | | | | | Test the new functions only for the strict RFC4514 compliance to output strings, and test the old functions for the legacy format. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -1/+14 |
| | |||||
* | x509 output: use the new functions for DN output | Nikos Mavrogiannopoulos | 2016-11-14 | 2 | -167/+60 |
| | |||||
* | cleanups in _gnutls_buffer_to_datum() | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -5/+9 |
| | |||||
* | certtool: use the new APIs for DN extraction | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -35/+31 |
| | |||||
* | _gnutls_x509_get_dn: when no data ensure we return ↵ | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -2/+6 |
| | | | | | | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE This aligns with the previous (prior to RFC4514 improvements) behavior of the function. | ||||
* | Introduced new functions to allow multiple DN parsing modes | Nikos Mavrogiannopoulos | 2016-11-14 | 10 | -176/+483 |
| | | | | | | | | The old DN parsing functions are changed to return the original non-fully compliant with RFC4514 string format, while the new ones return the compliant string by default. This allows applications which relied on the previous format to continue functioning without changes. | ||||
* | .gitlab-ci.yml: include root dir log files in all builds | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -0/+7 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -0/+3 |
| | |||||
* | gl: removed invalid module name | Nikos Mavrogiannopoulos | 2016-11-14 | 1 | -2/+1 |
| | |||||
* | tools: added explicit socket flag to skip TLS initializationtmp-tools-update | Nikos Mavrogiannopoulos | 2016-11-13 | 3 | -7/+10 |
| | | | | | This allows proper error recovery when SOCKET_FLAG_RAW is specified and initialize_session() fails. | ||||
* | gnutls-cli-debug: terminate sessions which cannot be re-used | Nikos Mavrogiannopoulos | 2016-11-13 | 3 | -6/+6 |
| | |||||
* | sockets: only use gnutls_bye on a valid socket session | Nikos Mavrogiannopoulos | 2016-11-13 | 1 | -1/+2 |
| | |||||
* | p11tool: --initialize will no longer reset user PIN | Nikos Mavrogiannopoulos | 2016-11-13 | 1 | -23/+1 |
| | | | | | | | That is because it only resetted the user PIN and not the admin PIN, while at the same time it had problems to cope with the case where the URL changed between token initialization and PIN setting (which is the case if --label is provided to --initialize). | ||||
* | p11tool: added options to initialize a user and admin's PIN | Nikos Mavrogiannopoulos | 2016-11-13 | 4 | -3/+70 |
| | |||||
* | gnutls_store_pubkey: document the default hosts format | Nikos Mavrogiannopoulos | 2016-11-11 | 1 | -0/+7 |
| | |||||
* | _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success | Nikos Mavrogiannopoulos | 2016-11-07 | 1 | -0/+1 |
| | | | | | This will prevent verification to succeed if the system is in error state. | ||||
* | fips140-2: moved PCT-test in wrap_nettle_generate_keys | Nikos Mavrogiannopoulos | 2016-11-07 | 2 | -94/+100 |
| | | | | | This allows it to run in any potential scenario, i.e., any call of _gnutls_pk_generate_keys(). | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-06 | 1 | -0/+3 |
| | |||||
* | .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9 | Nikos Mavrogiannopoulos | 2016-11-06 | 1 | -7/+5 |
| | |||||
* | bumped the version of the minimum required libtasn1 | Nikos Mavrogiannopoulos | 2016-11-06 | 1 | -1/+1 |
| | | | | | We now require the latest version that supports OIDs with elements that are longer than 32-bits. | ||||
* | tests: added check for the decoding of certificates with long OIDs | Nikos Mavrogiannopoulos | 2016-11-06 | 3 | -2/+238 |
| | | | | That is, OIDs which have an element which exceeds 2^32. | ||||
* | symbol-check: do not compare against symbols not exported by us | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -1/+1 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -0/+9 |
| | |||||
* | tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE set | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -4/+4 |
| | |||||
* | priorities: added CHACHA20-POLY1305 to SECURE set | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -0/+2 |
| | |||||
* | released 3.5.6 | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -1/+1 |
| | |||||
* | bumped versions | Nikos Mavrogiannopoulos | 2016-11-04 | 2 | -3/+3 |
| | |||||
* | symbols.last: updated auto-generated file | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -1/+0 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-04 | 1 | -0/+5 |
| | |||||
* | tests: added test to ensure that gnutls_rnd() is not called during ↵ | Nikos Mavrogiannopoulos | 2016-11-04 | 2 | -1/+70 |
| | | | | initialization | ||||
* | doc: explicitly state that rng self_test mustn't require rng initialization | Nikos Mavrogiannopoulos | 2016-11-04 | 2 | -2/+3 |
| | |||||
* | deprecated _gnutls_rnd() in favor of exported gnutls_rnd() | Nikos Mavrogiannopoulos | 2016-11-04 | 18 | -28/+25 |
| | |||||
* | rng: split initialization in preinit and init | Nikos Mavrogiannopoulos | 2016-11-04 | 7 | -41/+83 |
| | | | | | | | | This makes gnutls to initialize its random generator on the first call to gnutls_rnd(). That prevents blocking due to getrandom() on a constructor; that change allows to use gnutls-linked applications even in early boot in systems where getrandom() blocks waiting for entropy. | ||||
* | _gnutls_rnd_check: call _rnd_system_entropy_check directly | Nikos Mavrogiannopoulos | 2016-11-04 | 4 | -26/+3 |
| | |||||
* | x509: removed unused IDNA file | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -41/+0 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -0/+8 |
| | |||||
* | handshake: log advertized version | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -0/+2 |
| | |||||
* | algorithms.h: removed exported prototype from internal header | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -1/+0 |
| |