summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: added a PKCS#8 encrypted key parsing test suite based on AFL [ci skip]tmp-aflNikos Mavrogiannopoulos2016-11-147-3/+116
| | | | Relates #148
* tests: added a cert parsing test suite based on AFL [ci skip]Nikos Mavrogiannopoulos2016-11-146-4/+119
|
* tests: added a DN test suite based on AFL [ci skip]Nikos Mavrogiannopoulos2016-11-1410-0/+188
| | | | | This is currently, expected to be run manually since AFL has infinite running time.
* tests: added test suite with invalid PKCS#8 filesNikos Mavrogiannopoulos2016-11-149-1/+53
|
* PKCS#5,7 decryption: verify the correctness of paddingNikos Mavrogiannopoulos2016-11-141-4/+16
| | | | | | | That is, for block ciphers (i.e., cbc), verify that all the padding bytes match the expected contents according to RFC2898. Relates #148
* PKCS#5,7 decryption: added sanity check on padding sizeNikos Mavrogiannopoulos2016-11-141-2/+8
| | | | Relates #148
* PKCS#5,7 decryption: fail without leak on unknown MACNikos Mavrogiannopoulos2016-11-141-2/+4
|
* PKCS#5,7 decryption: fail early on invalid block sizesNikos Mavrogiannopoulos2016-11-141-3/+13
|
* PKCS#5,7 decryption: enforce limits in the support parameter sizesNikos Mavrogiannopoulos2016-11-143-12/+35
| | | | | This allows to detect invalid parameters early rather than later. Relates #148
* updated auto-generated files for new functionstmp-rfc4514-updatesNikos Mavrogiannopoulos2016-11-143-0/+28
|
* pkcs7 output: use the new functions for DN outputNikos Mavrogiannopoulos2016-11-141-1/+1
|
* tests: account for the strict RFC4514 compliance reversalNikos Mavrogiannopoulos2016-11-142-4/+48
| | | | | Test the new functions only for the strict RFC4514 compliance to output strings, and test the old functions for the legacy format.
* doc updateNikos Mavrogiannopoulos2016-11-141-1/+14
|
* x509 output: use the new functions for DN outputNikos Mavrogiannopoulos2016-11-142-167/+60
|
* cleanups in _gnutls_buffer_to_datum()Nikos Mavrogiannopoulos2016-11-141-5/+9
|
* certtool: use the new APIs for DN extractionNikos Mavrogiannopoulos2016-11-141-35/+31
|
* _gnutls_x509_get_dn: when no data ensure we return ↵Nikos Mavrogiannopoulos2016-11-141-2/+6
| | | | | | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE This aligns with the previous (prior to RFC4514 improvements) behavior of the function.
* Introduced new functions to allow multiple DN parsing modesNikos Mavrogiannopoulos2016-11-1410-176/+483
| | | | | | | | The old DN parsing functions are changed to return the original non-fully compliant with RFC4514 string format, while the new ones return the compliant string by default. This allows applications which relied on the previous format to continue functioning without changes.
* .gitlab-ci.yml: include root dir log files in all buildsNikos Mavrogiannopoulos2016-11-141-0/+7
|
* doc updateNikos Mavrogiannopoulos2016-11-141-0/+3
|
* gl: removed invalid module nameNikos Mavrogiannopoulos2016-11-141-2/+1
|
* tools: added explicit socket flag to skip TLS initializationtmp-tools-updateNikos Mavrogiannopoulos2016-11-133-7/+10
| | | | | This allows proper error recovery when SOCKET_FLAG_RAW is specified and initialize_session() fails.
* gnutls-cli-debug: terminate sessions which cannot be re-usedNikos Mavrogiannopoulos2016-11-133-6/+6
|
* sockets: only use gnutls_bye on a valid socket sessionNikos Mavrogiannopoulos2016-11-131-1/+2
|
* p11tool: --initialize will no longer reset user PINNikos Mavrogiannopoulos2016-11-131-23/+1
| | | | | | | That is because it only resetted the user PIN and not the admin PIN, while at the same time it had problems to cope with the case where the URL changed between token initialization and PIN setting (which is the case if --label is provided to --initialize).
* p11tool: added options to initialize a user and admin's PINNikos Mavrogiannopoulos2016-11-134-3/+70
|
* gnutls_store_pubkey: document the default hosts formatNikos Mavrogiannopoulos2016-11-111-0/+7
|
* _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning successNikos Mavrogiannopoulos2016-11-071-0/+1
| | | | | This will prevent verification to succeed if the system is in error state.
* fips140-2: moved PCT-test in wrap_nettle_generate_keysNikos Mavrogiannopoulos2016-11-072-94/+100
| | | | | This allows it to run in any potential scenario, i.e., any call of _gnutls_pk_generate_keys().
* doc updateNikos Mavrogiannopoulos2016-11-061-0/+3
|
* .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9Nikos Mavrogiannopoulos2016-11-061-7/+5
|
* bumped the version of the minimum required libtasn1Nikos Mavrogiannopoulos2016-11-061-1/+1
| | | | | We now require the latest version that supports OIDs with elements that are longer than 32-bits.
* tests: added check for the decoding of certificates with long OIDsNikos Mavrogiannopoulos2016-11-063-2/+238
| | | | That is, OIDs which have an element which exceeds 2^32.
* symbol-check: do not compare against symbols not exported by usNikos Mavrogiannopoulos2016-11-041-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+9
|
* tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE setNikos Mavrogiannopoulos2016-11-041-4/+4
|
* priorities: added CHACHA20-POLY1305 to SECURE setNikos Mavrogiannopoulos2016-11-041-0/+2
|
* released 3.5.6Nikos Mavrogiannopoulos2016-11-041-1/+1
|
* bumped versionsNikos Mavrogiannopoulos2016-11-042-3/+3
|
* symbols.last: updated auto-generated fileNikos Mavrogiannopoulos2016-11-041-1/+0
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+5
|
* tests: added test to ensure that gnutls_rnd() is not called during ↵Nikos Mavrogiannopoulos2016-11-042-1/+70
| | | | initialization
* doc: explicitly state that rng self_test mustn't require rng initializationNikos Mavrogiannopoulos2016-11-042-2/+3
|
* deprecated _gnutls_rnd() in favor of exported gnutls_rnd()Nikos Mavrogiannopoulos2016-11-0418-28/+25
|
* rng: split initialization in preinit and initNikos Mavrogiannopoulos2016-11-047-41/+83
| | | | | | | | This makes gnutls to initialize its random generator on the first call to gnutls_rnd(). That prevents blocking due to getrandom() on a constructor; that change allows to use gnutls-linked applications even in early boot in systems where getrandom() blocks waiting for entropy.
* _gnutls_rnd_check: call _rnd_system_entropy_check directlyNikos Mavrogiannopoulos2016-11-044-26/+3
|
* x509: removed unused IDNA fileNikos Mavrogiannopoulos2016-11-021-41/+0
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-11-021-0/+8
|
* handshake: log advertized versionNikos Mavrogiannopoulos2016-11-021-0/+2
|
* algorithms.h: removed exported prototype from internal headerNikos Mavrogiannopoulos2016-11-021-1/+0
|
View Lorry Controller Status