Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | ciphersuites: removed unused function | Nikos Mavrogiannopoulos | 2017-06-08 | 1 | -15/+0 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | nettle/cipher: document that ctx_ptr is 16-byte aligned, and use void* to ↵ | Nikos Mavrogiannopoulos | 2017-06-08 | 1 | -4/+6 | |
| | | | | | | avoid compiler assumptions Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | certtool: corrected typo in strcmp() use | Nikos Mavrogiannopoulos | 2017-06-08 | 1 | -2/+2 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | _gnutls_x509_privkey_reinit: ensure fields will not be re-used | Nikos Mavrogiannopoulos | 2017-06-08 | 1 | -0/+2 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | certtool: improved error message when public key cannot be figured [ci skip] | Nikos Mavrogiannopoulos | 2017-06-08 | 1 | -1/+1 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | updated auto-generated files for new signing APItmp-enhance-signing-apis | Nikos Mavrogiannopoulos | 2017-06-07 | 4 | -2/+8 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | handshake: simplify handshake by using the new signing API | Nikos Mavrogiannopoulos | 2017-06-07 | 1 | -37/+8 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: introduced unit tests of the new signing API | Nikos Mavrogiannopoulos | 2017-06-07 | 2 | -0/+431 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | abstract API: introduced new signing functions | Nikos Mavrogiannopoulos | 2017-06-07 | 5 | -24/+166 | |
| | | | | | | | | | That is, the gnutls_privkey_sign_data2() and gnutls_privkey_sign_hash2(). The new functions perform signing with input the signature algorithm instead of the hash algorithm; that allows to use algorithms where the hash algorithm is not used, or the public key algorithm may be different than the key's. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | pkix: removed unused definition | Nikos Mavrogiannopoulos | 2017-06-07 | 1 | -2/+0 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | gnutls_privkey_st: removed unused elementtmp-multi-updates | Nikos Mavrogiannopoulos | 2017-06-07 | 2 | -2/+1 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | gnutls_session_get_desc: improved ciphersuite description | Nikos Mavrogiannopoulos | 2017-06-07 | 1 | -13/+34 | |
| | | | | | | | That is, separated the key exchange from the signature algorithm used by the server, and list them in different fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: key-import-export: use cert-common.h | Nikos Mavrogiannopoulos | 2017-06-07 | 1 | -33/+7 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: simplified CPPFLAGS of tests using internal gnutls funcs | Nikos Mavrogiannopoulos | 2017-06-07 | 1 | -25/+5 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: key-exchange: added error checking in gnutls_certificate_set_x509_key_memtmp-more-rsa-pss-related-changes | Nikos Mavrogiannopoulos | 2017-06-06 | 1 | -3/+12 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | _gnutls_check_key_cert_match: account for RSA and RSA-PSS mismatches | Nikos Mavrogiannopoulos | 2017-06-06 | 1 | -2/+13 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | certtool: fix DER export with --p7-info | Nikos Mavrogiannopoulos | 2017-06-06 | 1 | -8/+10 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | updated auto-generated filestmp-psktool-updates | Nikos Mavrogiannopoulos | 2017-06-05 | 2 | -63/+109 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | doc update | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -3/+5 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | psktool: minor documentation updates | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -2/+2 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: added basic functionality check for psktool | Nikos Mavrogiannopoulos | 2017-06-05 | 2 | -1/+88 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | psktool: increased default key size to 256-bits | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -1/+1 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | psktool: do not assume any default key file | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -4/+4 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | clarify documentation and arguments for psktool | Daniel Kahn Gillmor | 2017-06-05 | 2 | -11/+18 | |
| | | | | | | | | | | | * psktool's -p argument should really be short for --pskfile, not --passwd. there is no passwd involved. * the example documentation switches names halfway through, which is confusing. * there is no prompt for a password. do not mention it in the example. | |||||
* | tests: added unit test to verify that certificates with non-DER strict time ↵tmp-tolerate-certs-with-invalid-time | Nikos Mavrogiannopoulos | 2017-06-05 | 5 | -117/+72 | |
| | | | | | | | | fields are accepted Also removed the old strict compliance DER test. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | Tolerate DER time encoding errors | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -1/+6 | |
| | | | | | | | | | | | | It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: enhanced OID tests with OIDs for SHA3 | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -0/+4 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: enhanced OID tests with OIDs for RSA-PSS | Nikos Mavrogiannopoulos | 2017-06-05 | 1 | -0/+7 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | .gitlab-ci.yml: added aarch64 build based on Debiantmp-aarch64-ci | Nikos Mavrogiannopoulos | 2017-06-04 | 2 | -1/+25 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | |||||
* | _gnutls_PRF: was made inline function | Nikos Mavrogiannopoulos | 2017-06-01 | 2 | -32/+22 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: added low-level unit tests on TLS 1.0 and 1.2 PRFs | Nikos Mavrogiannopoulos | 2017-06-01 | 4 | -2/+245 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | prf: implement the TLS 1.0 and 1.2 PRFs using nettle | Nikos Mavrogiannopoulos | 2017-06-01 | 6 | -216/+336 | |
| | | | | | | | That simplifies the existing PRF code and moves it in the crypto-backend component. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | doc: refer to the site for commercial support options | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -31/+2 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: mini-record-retvals: include AES-CBC tests | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -0/+1 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: eliminated build warnings | Nikos Mavrogiannopoulos | 2017-05-31 | 5 | -11/+8 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: combined tables of sign-verify teststmp-rsa-pss-round-two | Nikos Mavrogiannopoulos | 2017-05-31 | 7 | -175/+89 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | Only accept known public key algorithms in the GNUTLS_PRIVKEY_EXT private keys | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -0/+8 | |
| | | | | | | | The reason is that this API, assumes very low level primitives which are not available for the newer RSA-PSS private keys. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | |||||
* | _gnutls_privkey_*_sign_params: added support for GNUTLS_PRIVKEY_EXT keys | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -0/+4 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | |||||
* | tests: added basic test on "external" keys with gnutls_privkey_import_ext2() | Nikos Mavrogiannopoulos | 2017-05-31 | 2 | -1/+289 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | |||||
* | gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data() | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -86/+28 | |
| | | | | | | That will allow this function to operate with the new key types. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: added unit tests for the gnutls_x509_* sign/verify APIs | Nikos Mavrogiannopoulos | 2017-05-31 | 4 | -154/+345 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: added tests signature validation using the sign/verify_data APIs | Nikos Mavrogiannopoulos | 2017-05-31 | 2 | -1/+201 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | Separated use of GNUTLS_PRIVKEY_FLAG_PROVABLE and ↵ | Nikos Mavrogiannopoulos | 2017-05-31 | 3 | -4/+4 | |
| | | | | | | | | GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | _gnutls_privkey_find_sign_params: renamed and simplified | Nikos Mavrogiannopoulos | 2017-05-31 | 7 | -72/+53 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | gnutls_privkey_sign_hash: removed duplicate code | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -15/+1 | |
| | | | | | | The same code was available in _gnutls_privkey_find_sign_params(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal errors | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -2/+3 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tls-sig: re-organize and simplify the TLS signature generation and verification | Nikos Mavrogiannopoulos | 2017-05-31 | 5 | -237/+310 | |
| | | | | | | | | That makes sure that the high level APIs are used when possible, and separate the TLS 1.2 from other code paths. This will allow supporting signature schemes like EdDSA and others. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | tests: modify tests to allow signatures with SHA1 | Nikos Mavrogiannopoulos | 2017-05-31 | 7 | -22/+29 | |
| | | | | | | | There were several tests that were utilizing SHA1 signatures but were not failing due to the bug in gnutls_pubkey_verify_hash2(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with ↵ | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -0/+2 | |
| | | | | | | non-RSA keys Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | gnutls_pubkey_verify_hash2: check for broken signature algorithms | Nikos Mavrogiannopoulos | 2017-05-31 | 1 | -2/+16 | |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |