summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* tests: modified tests for the disablement of 3DESNikos Mavrogiannopoulos2017-02-052-10/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed support for the 3DES cipher by defaultNikos Mavrogiannopoulos2017-02-051-6/+0
| | | | | | | | | That is a legacy cipher that is no longer needed to be included as backup cipher. Resolves #120 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: optimize subject alternative name accesstmp-san-parsing-optimizationNikos Mavrogiannopoulos2017-02-053-47/+96
| | | | | | | | | | That reads SAN and IAN early on import, significantly reducing the running time of functions which iterate over the alternative names of a certificate, e.g., gnutls_x509_crt_check_hostname(). Relates #165 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .travis.yml: list all logs on failuretmp-travis7-fixNikos Mavrogiannopoulos2017-02-041-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enable all IDNA tests when compiled with libidn2Nikos Mavrogiannopoulos2017-02-047-11/+26
| | | | | | Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .travis.yml: updated instructions for travis buildstmp-travis5-fixNikos Mavrogiannopoulos2017-02-041-4/+4
| | | | | | Removed unbound and other minor fixes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extras/hex.h: do not use strlen as variable nametmp-fix-pkcs11-import-url4Nikos Mavrogiannopoulos2017-02-031-2/+2
| | | | | | That is, do not utilize a standard C function name as variable name. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pkcs11_obj_list_import_url4: always return an initialized pointerNikos Mavrogiannopoulos2017-02-031-0/+1
| | | | | | | | | When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, could have returned zero number of elements with a pointer that was uninitialized. Ensure that an initialized (i.e., null in that case), pointer is always returned. Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: use libidn2 on windows buildsNikos Mavrogiannopoulos2017-02-031-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_heartbeat_allowed: corrected type on dummy wrappertmp-tz-fixNikos Mavrogiannopoulos2017-02-021-1/+1
| | | | | | | | That is, when compiling without heartbeat support, compilation could fail due to the dummy wrapper not returning the right type. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Address test suite failure due to timezone differences.Nikos Mavrogiannopoulos2017-02-021-1/+1
| | | | | | Reported by Thorsten Glaser and Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-01-311-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_heartbeat_allowed: corrected return typeNikos Mavrogiannopoulos2017-01-312-2/+2
| | | | | | | This reflects better the fact that this function returns a boolean. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _idn2_to_unicode_8z8z: do not err on mixed IDNA domainsNikos Mavrogiannopoulos2017-01-281-4/+1
| | | | | | | | That is allow domains of the form 'großes.xn--fa-hia.de'. The drawback is that we may not err early on invalid formatted names. We however delegate any such decisions to libidn2. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README.md: added link to travis build for 3.5.x [ci skip]Nikos Mavrogiannopoulos2017-01-271-1/+1
| | | | | | | In addition to adding a link to travis build for 3.5.x branch removed link on 3.4.x branch. It is no longer active. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* heartbeat extension: doc updatetmp-libidn2Nikos Mavrogiannopoulos2017-01-261-2/+3
| | | | | | Document how to calculate the total TLS data transmitted. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* str-idna: improved error handlingNikos Mavrogiannopoulos2017-01-261-2/+5
| | | | | | | In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(), we also add support for case insensitive punycode header. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Updated auto-generated filesNikos Mavrogiannopoulos2017-01-263-0/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* str-idna: cleanups in IDNA handlingNikos Mavrogiannopoulos2017-01-261-9/+14
| | | | | | | | Ensure safe operation even with broken libidn2, and make sure that we properly allocate memory to caller, even on complex library configuration. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: added run-afl helper scriptNikos Mavrogiannopoulos2017-01-262-2/+47
| | | | | | | This script which allows running the fuzzying tests locally using american fuzzy lop. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: Added IDNA encoding/decoding fuzzying unitsNikos Mavrogiannopoulos2017-01-2612-1/+138
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Move IDNA functionality to str-idna.c from str-unicode.cNikos Mavrogiannopoulos2017-01-263-312/+340
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: use the exported API for IDNA testingNikos Mavrogiannopoulos2017-01-261-13/+28
| | | | | | | In addition group together the tests which require libidn2 >= 0.14. This allows the tests to succeed. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tools: depend on gnutls_idna_map() instead of using directly libidn/libidn2Nikos Mavrogiannopoulos2017-01-261-30/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Exported gnutls_idna_map() and gnutls_idna_reverse_map()Nikos Mavrogiannopoulos2017-01-265-44/+47
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: added run with IDNA2003Nikos Mavrogiannopoulos2017-01-261-0/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: simplified str-idnaNikos Mavrogiannopoulos2017-01-261-39/+58
| | | | | | | This separates the directions that are tested (utf-8 -> punycode and vice versa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* configure: added flag to force IDNA2003Nikos Mavrogiannopoulos2017-01-261-7/+18
| | | | | | | That allows to compile with libidn even if libidn2 is present, and can be used to check IDNA2003 support. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Add support for libidn2 (IDNA 2008 + TR46)Tim Rühsen2017-01-258-29/+195
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handlingtmp-better-abi-checkNikos Mavrogiannopoulos2017-01-251-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* minitasn1: updated to libtasn1 4.10Nikos Mavrogiannopoulos2017-01-252-4/+21
|
* configure: do not disable valgrind tests unless explicitly specifiedNikos Mavrogiannopoulos2017-01-251-4/+2
| | | | | | ... or unless we are in release build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: increased the number of releases to perform ABI checks withNikos Mavrogiannopoulos2017-01-254-3/+87239
| | | | | | That is added 3.4.0, 3.4.17 and 3.5.8. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: verify that a written certificate will inherit its ID from privkeytmp-assign-same-pkcs11-idNikos Mavrogiannopoulos2017-01-242-0/+167
| | | | | | | That is, whether p11tool will do the right thing and figure the proper ID to use for a certificate object, if the public key is available. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: re-use ID from corresponding objects when writing certificatesNikos Mavrogiannopoulos2017-01-241-3/+284
| | | | | | | | | | | That is when writing a certificate which has a corresponding public key, or private key in the token, ensure that we use the same ID for the objects. That eases the work of someone writing objects to certificates, and does not require him to manually detect the object IDs. Resolves #160 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: add Fedora/x86_64/no-toolsAlon Bar-Lev2017-01-231-0/+18
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* valgrind: support separate builddir for suppressions.valgrindAlon Bar-Lev2017-01-234-11/+9
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* configure: remove void statementAlon Bar-Lev2017-01-231-3/+0
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: skip tests that requires tools if tools are disabledAlon Bar-Lev2017-01-231-1/+5
| | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* doc: improved documentation on DH parameters [ci skip]Nikos Mavrogiannopoulos2017-01-222-14/+30
|
* Revert "tests: suite: pkcs11: skip if no softhsm"Nikos Mavrogiannopoulos2017-01-201-1/+1
| | | | | | This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea. The reason is to avoid having changes in softhsm packaging, result to skipping large parts of the test suite without someone noticing.
* _decode_pkcs8_dsa_key: ensure that the P value is non-zeroNikos Mavrogiannopoulos2017-01-191-0/+6
| | | | | | | | | | When decoding a DSA private key, and constructing the public key ensure that P is non-zero, and thus can be used as modulus. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added private key causing FPENikos Mavrogiannopoulos2017-01-193-2/+3
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a ↵Nikos Mavrogiannopoulos2017-01-191-0/+4
| | | | | | | | | | | | multiple of blocksize That prevents incorrect data reaching nettle which has only assertion checks (leading to an abort). Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#8 key which causes undefined behavior on importNikos Mavrogiannopoulos2017-01-193-2/+2
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aiaNikos Mavrogiannopoulos2017-01-192-0/+1
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: eliminated memory leak on gnutls_x509_ext_import_aiaNikos Mavrogiannopoulos2017-01-191-4/+10
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updatetmp-refuse-record-sendNikos Mavrogiannopoulos2017-01-182-1/+4
|
* tests: added check which ensures a client cannot receive during handshakeNikos Mavrogiannopoulos2017-01-182-1/+299
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added check which ensures a client cannot transmit during handshakeNikos Mavrogiannopoulos2017-01-182-1/+296
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status