summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: crt_apis: added tests for writing/reading unique IDstmp-testsuite-unique-idNikos Mavrogiannopoulos2017-02-281-17/+49
| | | | | | | | | | That is check the functionality of: - gnutls_x509_crt_get_subject_unique_id - gnutls_x509_crt_get_issuer_unique_id - gnutls_x509_crt_set_issuer_unique_id - gnutls_x509_crt_set_subject_unique_id Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added _gnutls_idna_email_reverse_mapNikos Mavrogiannopoulos2017-02-283-1/+68
| | | | | | | This allows printing the reverse map of an IDNA-encoded email. Modified x509/output to include this decoding for RFC822Name. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: Cleanup in IDNA name printingNikos Mavrogiannopoulos2017-02-281-34/+34
| | | | | | | That also removes the incorrect mapping to IDNA punycode when the input is not printable. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test for interactive creation of a requesttmp-long-dns-generationNikos Mavrogiannopoulos2017-02-283-1/+112
| | | | | | Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: removed limits in interactive inputNikos Mavrogiannopoulos2017-02-281-17/+60
| | | | | | | | | | That removes the limits when reading most of the interactive input. The read_str() function due to its dependence on static variable remains with a limit, but will output an error if the input string exceeds size. Resolves #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: increased buffer for reading from userNikos Mavrogiannopoulos2017-02-281-5/+6
| | | | | | | | | This allows reading longer than 128-byte fields interactively. The new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added certificate generation with very long DNS and CN nameNikos Mavrogiannopoulos2017-02-284-30/+172
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_crt_get_extension_info: fixed function to comply with documented ↵Nikos Mavrogiannopoulos2017-02-271-1/+6
| | | | | | | | | approach That is, do not include the trailing NULL byte size in the size of the object identifier. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: store critical extensions even if no other extension are presentNikos Mavrogiannopoulos2017-02-271-1/+2
| | | | | | | That is, fix a bug which prevented critical extensions to be stored if no other free-form extensions were specified. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/name_constraints: documented return values and corrected return typeNikos Mavrogiannopoulos2017-02-271-4/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_ocsp_resp_verify_direct, gnutls_ocsp_resp_verify: defined flags argumenttmp-prepare-for-sha1-banNikos Mavrogiannopoulos2017-02-241-5/+5
| | | | | | | | That was defined to be gnutls_certificate_verify_flags, and it allows passing verification flags, such as flags to allow broken algorithms. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* is_level_acceptable: no longer checks for broken algorithmsNikos Mavrogiannopoulos2017-02-241-1/+1
| | | | | | | | This is done at is_broken_allowed(), and in fact checking them in is_level_acceptable() creates a conflict when overrides like flag GNUTLS_VERIFY_ALLOW_BROKEN is used. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_store_commitment: introduced flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKENNikos Mavrogiannopoulos2017-02-242-2/+6
| | | | | | This flag allows operation of the function even with broken algorithms. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKENNikos Mavrogiannopoulos2017-02-241-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/fuzz: added necessary casts for compilation [ci skip]Nikos Mavrogiannopoulos2017-02-243-4/+5
| | | | | | Also added the IDNA targets to makefile's default target. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/fuzz: include string.h for strlen() [ci skip]Nikos Mavrogiannopoulos2017-02-242-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* devel/fuzz: IDNA fuzzers: removed printf [ci skip]Nikos Mavrogiannopoulos2017-02-232-2/+2
| | | | | | | see request in: https://github.com/google/oss-fuzz/issues/417 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-02-233-2/+3
| | | | | | | This triggers an invalid memory access: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: read_attribute: account buffer sizeNikos Mavrogiannopoulos2017-02-231-1/+1
| | | | | | | | | | | That ensures that there is no read past the end of buffer. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls-cli-debug: fixed protocol to port discoveryNikos Mavrogiannopoulos2017-02-231-1/+2
| | | | | | | That is, if --starttls-proto is provided the default port selected will be converted to host byte order as expected. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pk.c: fixed memory leak on DSS signature decodingtmp-fix-client-memleakNikos Mavrogiannopoulos2017-02-231-1/+1
| | | | | | | Detected using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added client reproducer for memory leakNikos Mavrogiannopoulos2017-02-232-1/+2
| | | | | | | | That reproduces a memory leak detected in the client code path. Detected using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: update to take into account the removal of random arttmp-print-public-key-pinNikos Mavrogiannopoulos2017-02-2310-120/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: No longer include public key's random artNikos Mavrogiannopoulos2017-02-231-12/+0
| | | | | | | | | | | That is in order to reduce bloat in the output, which already contains many identifiers for public key. See mailing list discussion at: https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008324.html https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008329.html Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated to include the pin-sha256 in outputNikos Mavrogiannopoulos2017-02-2312-0/+24
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: updated to take into account the pin-sha256 oneline outputNikos Mavrogiannopoulos2017-02-231-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: print key PIN on oneline outputNikos Mavrogiannopoulos2017-02-231-4/+4
| | | | | | | That is, instead of the public key ID. The key PIN due to HPKP is now more widely used than hex-based key IDs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/output: print the public key PIN of a certificateNikos Mavrogiannopoulos2017-02-233-0/+27
| | | | | | | That is, print the value used by the HPKP protocol as per RFC7469. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: don't warn when 'uri' is specified on templateNikos Mavrogiannopoulos2017-02-231-0/+1
| | | | | | | Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1425884 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: ubsan build: fixed artifacts pathNikos Mavrogiannopoulos2017-02-231-4/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: split starttls.sh into multiple scriptsNikos Mavrogiannopoulos2017-02-2311-145/+351
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: pkcs11-import-with-pin: removed invalid conditional macroNikos Mavrogiannopoulos2017-02-221-4/+0
|
* tests: added PKCS#11 test for pin inputNikos Mavrogiannopoulos2017-02-222-1/+199
| | | | | | | This introduces a test on PIN input to retrieve an object using pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* SECURITY.md: updated after comments from Daniel Berrange [ci skip]Nikos Mavrogiannopoulos2017-02-221-1/+8
|
* Removed unnecessary entries in pkix.asn and gnutls.asntmp-minimize-pkix-asnNikos Mavrogiannopoulos2017-02-224-171/+37
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle/pk: corrected memcpy of Q in DSA paramsNikos Mavrogiannopoulos2017-02-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* crypto.h: improved documentation of randomness levelsNikos Mavrogiannopoulos2017-02-211-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle/pk: use the appropriate level of randomness for each operationNikos Mavrogiannopoulos2017-02-211-14/+36
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* srp: use nonce level for SRP password randomizationNikos Mavrogiannopoulos2017-02-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: document the use of assert()Nikos Mavrogiannopoulos2017-02-211-0/+21
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: removed protocol/ directoryNikos Mavrogiannopoulos2017-02-21205-270483/+0
| | | | | | | | While it was used during the first years of development, today it is way more easy to access protocol documents via the IETF web site. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added SECURITY.md, a description of the security issue handling processNikos Mavrogiannopoulos2017-02-211-0/+32
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: require clang analyzer build to be warning freeNikos Mavrogiannopoulos2017-02-211-3/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure: no longer use -Wframe-larger-thanNikos Mavrogiannopoulos2017-02-201-1/+0
| | | | | | | | We do not require a specific stack size, and there is legacy code which utilizes large stack sizes. As such remove the warnings to allow for a warning free compilation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* pkcs11: avoid calling memcpy will null optionsNikos Mavrogiannopoulos2017-02-201-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* preinitialize variables to work-around warnings with clangNikos Mavrogiannopoulos2017-02-204-2/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* eliminated dead code as indicated by clang scan-buildNikos Mavrogiannopoulos2017-02-209-11/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs7: corrected error checking in write_signer_idNikos Mavrogiannopoulos2017-02-201-6/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* preinitialize variables to work-around warnings with clang's scan-buildNikos Mavrogiannopoulos2017-02-205-13/+16
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* eliminated various clang warnings with non-null argumentsNikos Mavrogiannopoulos2017-02-2010-4/+23
| | | | | | | That is, use assert() to ensure that known to be non-null variables will be used as input to functions requiring non-null. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status