Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: added reproducer applications for psk and srp fuzzerstmp-oss-fuzz-updates | Nikos Mavrogiannopoulos | 2017-08-05 | 6 | -7/+471 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | updated auto-generated filestmp-various-cleanups | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -0/+8 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | gnutls_server_fuzzer: added ed25519 key/cert | Nikos Mavrogiannopoulos | 2017-08-04 | 4 | -0/+81 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | removed references for "new" semantics of PEM base64 encode and decode | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -59/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | base64: reverted the raw semantics from the PEM encoding/decoding functions | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -22/+0 |
| | | | | | | | Keeping the complex semantics with NULL headers would most likely cause issues in the future. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | base64: test the new base64 encoding and decoding functions | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+125 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -3/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | base64: introduced new functions for base64 encoding | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -1/+73 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: gnutls_x509_privkey_import: enhanced to test DER key import | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -1/+47 |
| | | | | | | | It seems that this function was not tested for multiple cases of private keys in DER mode. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -6/+10 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | sign/digest: separate "brokenness" of signatures and hash algorithms | Nikos Mavrogiannopoulos | 2017-08-04 | 7 | -51/+57 |
| | | | | | | | That is, allow digital signatures to be marked as broken irrespective of their used hash, and restrict hash brokenness to preimage resistance. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | sign: use C99 syntax for signature algorithm's table | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -97/+252 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | .gitlab-ci.yml: enable multiple undefined sub-sanitizers | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -2/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | updated auto-generated filestmp-rsa-pss-detection | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -0/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit | Nikos Mavrogiannopoulos | 2017-08-04 | 4 | -216/+257 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit test for gnutls_x509_privkey_import | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -0/+175 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added TLS negotiation with various keys under PKCS#11 | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -1/+374 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509_privkey: handle keys which can only have PKCS#8 form transparently | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -9/+26 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: updated for errors returned due to early signature selection | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -2/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added check for the negotiation of ext keys | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -1/+359 |
| | | | | | | | | | | That is, check whether we can negotiate TLS with ext abstract key types, and whether the algorithms which cannot be used with that key type, gracefully fail. Relates #234 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+3 |
| | | | | | | GNUTLS_PK_EDDSA_ED25519 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | _gnutls_check_key_cert_match: use the new API for signing | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -7/+9 |
| | | | | | | | This ensures that the same signature algorithm is used for signing and verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | privkey: return less specific but more appropriate error on invalid pks for ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -1/+1 |
| | | | | | | ext keys Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | prior to negotiating a signature check compatibility with private key | Nikos Mavrogiannopoulos | 2017-08-04 | 8 | -23/+85 |
| | | | | | | | | | | | | | That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: mark RSA PKCS#11 key which can do RSA-PSS | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -1/+12 |
| | | | | | | | | Also refuse to sign with RSA-PSS if the mechanism is not supported. Relates #208 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | handshake: select a signature algorithm early | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -6/+60 |
| | | | | | | | | | | | | That is, select the signature algorithm at the point the certificate and ciphersuites are decided. Also ensure that a compatible signature algorithm with the ciphersuite and the key is selected. That prevents situations where a ciphersuite and a certificate are negotiated, but later on the handshake we figure that there are no common signature algorithms. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added basic unit test of gnutls_pkcs11_token_check_mechanism | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+12 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pkcs11_token_check_mechanism: introduced function to check token for ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 5 | -0/+83 |
| | | | | | | a particular mechanism Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2017-08-04 | 5 | -1418/+1641 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509/output: print error on invalid public key parameters on certificate | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -18/+36 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pk_get_oid: return early on unknown algorithm | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: check whether the gnutls_x509_*_set_spki will reject invalid values | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+12 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: updated for gnutls_x509_spki_get_rsa_pss_params | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -33/+41 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit test of generation of legal and illegal rsa-pss parameters | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+18 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | spki: combined all exported functions to a single set and get | Nikos Mavrogiannopoulos | 2017-08-04 | 5 | -125/+57 |
| | | | | | | | | This simplifies setting parameters for a particular key type, as well as getting them. The advantage is that they are set atomically, preventing an inadverterly half-filled structure. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -4/+19 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS | Nikos Mavrogiannopoulos | 2017-08-04 | 4 | -5/+8 |
| | | | | | | | This is being use to indicate errors in the public key parameters such as the RSA-PSS salt size or digest algorithm. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -16/+26 |
| | | | | | | | | | | generation This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE on the key generation process. The flag is now only used during key signing which is also its documented purpose. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_privkey_set_spki: check validity of parameters set | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+9 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_cr*_set_spki: check for validity of parameters set | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -54/+90 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | _gnutls_x509_check_pubkey_params: removed unnecessary parameter | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -6/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added check for import of RSA-PSS key with invalid salt | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -0/+147 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pubkey_import_x509: propagate errors from ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -1/+5 |
| | | | | | | gnutls_x509_crt_get_pk_algorithm Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | _rsa_pss_verify_digest: verify the validity of the salt_size length on ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+2 |
| | | | | | | verification Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_privkey_import: immediately exit on GNUTLS_E_PK_INVALID_PRIVKEY | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -0/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | wrap_nettle_pk_fixup: check RSA PSS parameters for validity on import | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -2/+14 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -21/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added unit test for the SPKI abstract functions | Nikos Mavrogiannopoulos | 2017-08-04 | 2 | -1/+138 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: chainverify: included negative and positive tests with RSA-PSS signed ↵ | Nikos Mavrogiannopoulos | 2017-08-04 | 3 | -11/+883 |
| | | | | | | chains Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pct_test: use local SPKI structure to override parameters if not set | Nikos Mavrogiannopoulos | 2017-08-04 | 1 | -3/+9 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |