summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* x509: store and read provable seed in PKCS#8 form of keyNikos Mavrogiannopoulos2017-08-076-10/+201
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added information on OID registryNikos Mavrogiannopoulos2017-08-071-0/+22
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkix.asn: removed unused DomainParametersNikos Mavrogiannopoulos2017-08-072-20/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: separated PKIX1 attributes parsing code for cert request handlingNikos Mavrogiannopoulos2017-08-074-266/+335
| | | | | | This allows other code to utilize it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_fbase64_decode will always return non-zerotmp-base64-reject-zero-lengthNikos Mavrogiannopoulos2017-08-074-6/+5
| | | | | | | That is, document that fact and update its callers to remove checks for zero. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_base64_decode: reject all zero-length string encodings on decodingNikos Mavrogiannopoulos2017-08-061-4/+19
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checkingNikos Mavrogiannopoulos2017-08-061-1/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* _decode_pkcs8_rsa_key: signal error in RSA privkey decodingNikos Mavrogiannopoulos2017-08-061-0/+1
| | | | | | | Addresses oss-fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added reproducer for private key crashNikos Mavrogiannopoulos2017-08-063-2/+3
| | | | | | | Found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added unit test of gnutls_x509_crt_list_importtmp-added-unit-test-gnutls_x509_crt_list_importNikos Mavrogiannopoulos2017-08-062-1/+366
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added reproducer applications for psk and srp fuzzerstmp-oss-fuzz-updatesNikos Mavrogiannopoulos2017-08-056-7/+471
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* updated auto-generated filestmp-various-cleanupsNikos Mavrogiannopoulos2017-08-043-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_server_fuzzer: added ed25519 key/certNikos Mavrogiannopoulos2017-08-044-0/+81
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* removed references for "new" semantics of PEM base64 encode and decodeNikos Mavrogiannopoulos2017-08-042-59/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* base64: reverted the raw semantics from the PEM encoding/decoding functionsNikos Mavrogiannopoulos2017-08-041-22/+0
| | | | | | | Keeping the complex semantics with NULL headers would most likely cause issues in the future. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* base64: test the new base64 encoding and decoding functionsNikos Mavrogiannopoulos2017-08-041-0/+125
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errorsNikos Mavrogiannopoulos2017-08-041-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* base64: introduced new functions for base64 encodingNikos Mavrogiannopoulos2017-08-043-1/+73
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: gnutls_x509_privkey_import: enhanced to test DER key importNikos Mavrogiannopoulos2017-08-041-1/+47
| | | | | | | It seems that this function was not tested for multiple cases of private keys in DER mode. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER formNikos Mavrogiannopoulos2017-08-041-6/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* sign/digest: separate "brokenness" of signatures and hash algorithmsNikos Mavrogiannopoulos2017-08-047-51/+57
| | | | | | | That is, allow digital signatures to be marked as broken irrespective of their used hash, and restrict hash brokenness to preimage resistance. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* sign: use C99 syntax for signature algorithm's tableNikos Mavrogiannopoulos2017-08-041-97/+252
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: enable multiple undefined sub-sanitizersNikos Mavrogiannopoulos2017-08-041-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filestmp-rsa-pss-detectionNikos Mavrogiannopoulos2017-08-043-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kitNikos Mavrogiannopoulos2017-08-044-216/+257
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test for gnutls_x509_privkey_importNikos Mavrogiannopoulos2017-08-042-0/+175
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added TLS negotiation with various keys under PKCS#11Nikos Mavrogiannopoulos2017-08-042-1/+374
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509_privkey: handle keys which can only have PKCS#8 form transparentlyNikos Mavrogiannopoulos2017-08-041-9/+26
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for errors returned due to early signature selectionNikos Mavrogiannopoulos2017-08-042-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added check for the negotiation of ext keysNikos Mavrogiannopoulos2017-08-043-1/+359
| | | | | | | | | | That is, check whether we can negotiate TLS with ext abstract key types, and whether the algorithms which cannot be used with that key type, gracefully fail. Relates #234 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or ↵Nikos Mavrogiannopoulos2017-08-041-0/+3
| | | | | | GNUTLS_PK_EDDSA_ED25519 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_check_key_cert_match: use the new API for signingNikos Mavrogiannopoulos2017-08-041-7/+9
| | | | | | | This ensures that the same signature algorithm is used for signing and verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* privkey: return less specific but more appropriate error on invalid pks for ↵Nikos Mavrogiannopoulos2017-08-041-1/+1
| | | | | | ext keys Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* prior to negotiating a signature check compatibility with private keyNikos Mavrogiannopoulos2017-08-048-23/+85
| | | | | | | | | | | | | That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: mark RSA PKCS#11 key which can do RSA-PSSNikos Mavrogiannopoulos2017-08-041-1/+12
| | | | | | | | Also refuse to sign with RSA-PSS if the mechanism is not supported. Relates #208 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: select a signature algorithm earlyNikos Mavrogiannopoulos2017-08-043-6/+60
| | | | | | | | | | | | That is, select the signature algorithm at the point the certificate and ciphersuites are decided. Also ensure that a compatible signature algorithm with the ciphersuite and the key is selected. That prevents situations where a ciphersuite and a certificate are negotiated, but later on the handshake we figure that there are no common signature algorithms. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added basic unit test of gnutls_pkcs11_token_check_mechanismNikos Mavrogiannopoulos2017-08-041-0/+12
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pkcs11_token_check_mechanism: introduced function to check token for ↵Nikos Mavrogiannopoulos2017-08-045-0/+83
| | | | | | a particular mechanism Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filesNikos Mavrogiannopoulos2017-08-045-1418/+1641
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: print error on invalid public key parameters on certificateNikos Mavrogiannopoulos2017-08-042-18/+36
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pk_get_oid: return early on unknown algorithmNikos Mavrogiannopoulos2017-08-041-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check whether the gnutls_x509_*_set_spki will reject invalid valuesNikos Mavrogiannopoulos2017-08-041-0/+12
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for gnutls_x509_spki_get_rsa_pss_paramsNikos Mavrogiannopoulos2017-08-043-33/+41
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added unit test of generation of legal and illegal rsa-pss parametersNikos Mavrogiannopoulos2017-08-041-0/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* spki: combined all exported functions to a single set and getNikos Mavrogiannopoulos2017-08-045-125/+57
| | | | | | | | This simplifies setting parameters for a particular key type, as well as getting them. The advantage is that they are set atomically, preventing an inadverterly half-filled structure. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata typeNikos Mavrogiannopoulos2017-08-041-4/+19
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMSNikos Mavrogiannopoulos2017-08-044-5/+8
| | | | | | | This is being use to indicate errors in the public key parameters such as the RSA-PSS salt size or digest algorithm. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key ↵Nikos Mavrogiannopoulos2017-08-043-16/+26
| | | | | | | | | | generation This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE on the key generation process. The flag is now only used during key signing which is also its documented purpose. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_privkey_set_spki: check validity of parameters setNikos Mavrogiannopoulos2017-08-041-0/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_cr*_set_spki: check for validity of parameters setNikos Mavrogiannopoulos2017-08-042-54/+90
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status