summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* _gnutls_recv_server_certificate_status: use the same type in subtracted valuestmp-int-overflow-fixesNikos Mavrogiannopoulos2017-08-141-2/+2
| | | | | | | | | | This ensures that there are no issues with subtracting those values. Note that the second is read from an uint24_t and thus it is always positive regardless its type. Resolves #245 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_proc_srp_client_kx: use same type in subtracted valuesNikos Mavrogiannopoulos2017-08-141-1/+1
| | | | | | | | | | This ensures that there are no issues with subtracting those values. Note that the second is read from an uint16_t and thus it is always positive regardless its type. Resolves #244 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: improved detection of 64-bit systemstmp-added-x86-buildNikos Mavrogiannopoulos2017-08-113-2/+7
| | | | | | | We now use the ${ac_cv_sizeof_unsigned_long_int} variable which gives the numbers used in the host system, not the build one. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for new x86 hostNikos Mavrogiannopoulos2017-08-113-1/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 buildNikos Mavrogiannopoulos2017-08-111-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: explicitly initialize and deinitialize the library [ci skip]Nikos Mavrogiannopoulos2017-08-1114-0/+44
| | | | | | This enables the fuzzers to run even when statically linked. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: eliminated unnecessary function wrappersNikos Mavrogiannopoulos2017-08-111-48/+17
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_int.h: reduce memory occupied by ext_dataNikos Mavrogiannopoulos2017-08-111-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_int.h: reduced the maximum number of epoch states we keepNikos Mavrogiannopoulos2017-08-111-1/+1
| | | | | | | There was no need to keep 16 epochs, as we typically we have only one or two active. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_int.h: removed unused variable from stateNikos Mavrogiannopoulos2017-08-112-6/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extensions: simplified requirements from send callbackNikos Mavrogiannopoulos2017-08-114-16/+27
| | | | | | | The callback no longer needs to return the number of sent data; they are now calculated by the caller. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ext/ecc: renamed Supported curves extensionNikos Mavrogiannopoulos2017-08-101-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-serv: --require-client-cert no longer implies --verify-client-certNikos Mavrogiannopoulos2017-08-103-3/+4
| | | | | | | That is, it is now possible to require a client certificate without verifying it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* CONTRIBUTING.md: corrected typo [ci skip]Nikos Mavrogiannopoulos2017-08-101-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-08-101-38/+75
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filestmp-fix-versioningNikos Mavrogiannopoulos2017-08-091-40/+41
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* CONTRIBUTING.md: added section on symbol versioningNikos Mavrogiannopoulos2017-08-092-0/+48
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* libgnutls.map: separated symbols introduced in 3.6.0Nikos Mavrogiannopoulos2017-08-091-4/+16
| | | | | | | | This separation assists tools like rpm which can detect the right version of the library to use, by using the symbol version. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for private key import leakNikos Mavrogiannopoulos2017-08-093-4/+3
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rnd: use time_t for prng_reseed_timeNikos Mavrogiannopoulos2017-08-091-1/+1
| | | | | | | This ensures that all time comparisons are done under the same type. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key importNikos Mavrogiannopoulos2017-08-091-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for memory leak in SRP serverNikos Mavrogiannopoulos2017-08-092-0/+1
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_srp_verifier: corrected memory leakNikos Mavrogiannopoulos2017-08-091-0/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for memory leak in RSA-PSKNikos Mavrogiannopoulos2017-08-092-0/+1
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rsa-psk: corrected memory leak on invalid decryptNikos Mavrogiannopoulos2017-08-091-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* updated auto-generated filestmp-p11tool-generate-updateNikos Mavrogiannopoulos2017-08-092-462/+495
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: --generate-xxx options were replaced by generate-privkeyNikos Mavrogiannopoulos2017-08-095-23/+47
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix memleaks in gnutls_x509_trust_list_add_crls()Tim Rühsen2017-08-081-5/+14
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fix memleak in gnutls_x509_crl_list_import()Tim Rühsen2017-08-081-0/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* publickey: fixed incorrect assignmentNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* mac: simplified iteration functionsNikos Mavrogiannopoulos2017-08-081-17/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* corrected input to gnutls_sign_supports_pk_algorithmNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extensions: corrected flag checkNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated for new rsa-pss key in doc/credentialstmp-check-rsa-pss-usageNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cert selection: prioritize RSA-PSS certs over RSANikos Mavrogiannopoulos2017-08-084-9/+48
| | | | | | | | | | | | | | | | RSA and RSA-PSS can both be used for RSA-PSS operations, and as such without prioritizing RSA-PSS certificates it is unknown which certificate will be used for an RSA-PSS operation. The reason we want to have only RSA-PSS keys used for RSA-PSS operations is to cover the use case where a server uses a legacy RSA certificate for clients that don't support RSA-PSS and an RSA-PSS certificate for the rest, thus separating the keys used for these client groups. That separation ensures that any issue on PKCS#1 1.5 (legacy RSA), would not affect sessions which use RSA-PSS. Resolves #243 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_certificate_credentials_t: combine privkey into cert_st structureNikos Mavrogiannopoulos2017-08-084-96/+61
| | | | | | | | This reduces the number of applications and allows for easier use of the structure information, as they are now self-contained for most uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigsNikos Mavrogiannopoulos2017-08-084-28/+183
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: eliminated unused variableNikos Mavrogiannopoulos2017-08-082-7/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added negative tests in provable-privkeyNikos Mavrogiannopoulos2017-08-081-0/+30
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pk_params_st: separate flags/qbits and curveNikos Mavrogiannopoulos2017-08-0817-63/+69
| | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check whether validation parameters are lost on key re-importNikos Mavrogiannopoulos2017-08-071-0/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: improved documentation on --provable optionNikos Mavrogiannopoulos2017-08-071-2/+11
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: create mapping between --load-x and --info optionsNikos Mavrogiannopoulos2017-08-071-12/+31
| | | | | | | | | That allows using: certtool --certificate-info --load-certificate FILE and certtool --certificate-info --infile FILE Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: removed definitions of non-existing functionsNikos Mavrogiannopoulos2017-08-071-3/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: updated for the new provable private key formatNikos Mavrogiannopoulos2017-08-075-465/+417
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_x509_privkey_verify_seed: improved error on missing validation parametersNikos Mavrogiannopoulos2017-08-074-3/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* certtool: silence warnings related to --pkcs8Nikos Mavrogiannopoulos2017-08-071-3/+5
| | | | | | There is no reason to bug the user with such details by default. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: better print provable key validation parametersNikos Mavrogiannopoulos2017-08-071-6/+9
| | | | | | | That is, include hash in the printable set, and keep spaces from next fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: provable private keys are always exported in PKCS#8 formNikos Mavrogiannopoulos2017-08-073-21/+15
| | | | | | That allows the provable parameters to be included. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: no longer emit the previous custom format for provable parametersNikos Mavrogiannopoulos2017-08-076-112/+24
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status