summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: enhance with checks to verify that textual IPs are not matchedtmp-hostname-verif-updatesNikos Mavrogiannopoulos2017-04-301-0/+85
| | | | | | | | That verifies that the hostname check verification function will not succeed if given textual IPs, and the certificate contains textual IPs in DNSname or in the CN fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_x509_crt_check_hostname2: no match dns fields against IPsNikos Mavrogiannopoulos2017-04-301-9/+11
| | | | | | | | | | Previously we were checking textual IP address matching against the DNS fields. This match was non-standard and was intended to work around few broken servers. However that also led to not evaluating and IP constraints for that IP. No longer follow that broken behavior. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check against symbols present only in IDNA2003Nikos Mavrogiannopoulos2017-04-301-1/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_idna_map: fallback to IDNA2008 transitional encoding on failureNikos Mavrogiannopoulos2017-04-301-1/+7
| | | | | | | This aligns with the behavior of firefox, which maps to IDNA2008, and fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: fix leaks in PKCS#12 fuzzerNikos Mavrogiannopoulos2017-04-281-4/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs12: release CRL data on error pathNikos Mavrogiannopoulos2017-04-281-0/+4
| | | | | | | This addresses issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: added gnutls_ext_flags_t enumerationtmp-pkcs12-cleanupsNikos Mavrogiannopoulos2017-04-251-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_base64_decode: corrected leak on decoding errorNikos Mavrogiannopoulos2017-04-251-5/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: fixed expected error code in base64 checkNikos Mavrogiannopoulos2017-04-251-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: ensure no leaks on pkcs12_info() error pathsNikos Mavrogiannopoulos2017-04-251-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for mem leak in PKCS#12 decodingNikos Mavrogiannopoulos2017-04-251-2/+16
| | | | | | | This relates to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contentsNikos Mavrogiannopoulos2017-04-253-3/+5
| | | | | | | | This makes sure we deinitialize previously available elements. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cleanups in _pkcs12_decode_safe_contentsNikos Mavrogiannopoulos2017-04-251-14/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs12: clean ups in PKCS#12 parsingNikos Mavrogiannopoulos2017-04-251-2/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added explicit check for the bounds of the generated 'd'.Nikos Mavrogiannopoulos2017-04-251-0/+6
| | | | | | This is according to FIPS186-4 sec. B.3.1. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fips140-2: enhanced check of generated parametersNikos Mavrogiannopoulos2017-04-251-4/+12
| | | | | | | That is, replaced all assert() calls with if statements to allow gracefull fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-miniNikos Mavrogiannopoulos2017-04-251-1/+1
| | | | | | Relates #197 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added base64 reproducer of mem leakNikos Mavrogiannopoulos2017-04-251-3/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-04-241-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip]Nikos Mavrogiannopoulos2017-04-232-7/+23
| | | | | | | | This flag is expected to be used by applications which handle custom extensions that are not currently supported in gnutls, but support for them may be added in the future. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* _gnutls_base64_decode: addressed memory leak in decodingtmp-base64-decode-fixNikos Mavrogiannopoulos2017-04-211-4/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pem_base64_decode: allow decoding raw base64 dataNikos Mavrogiannopoulos2017-04-212-11/+31
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check whether gnutls_pem_base64_decode2 decodes with null argumentNikos Mavrogiannopoulos2017-04-211-0/+28
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Revert "gnutls_pem_base64_decode: allow decoding raw base64 data"Nikos Mavrogiannopoulos2017-04-211-16/+1
| | | | This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884.
* doc: clarifications on custom thread override [ci skip]Nikos Mavrogiannopoulos2017-04-202-3/+8
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: added PEM base64 decoder and encoder fuzzers [ci skip]Nikos Mavrogiannopoulos2017-04-205-2/+114
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: openpgp fuzzer always succeeds when no support is present [ci skip]Nikos Mavrogiannopoulos2017-04-191-3/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system/fastopen: simplified TCP fast open for OSXNikos Mavrogiannopoulos2017-04-141-10/+20
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* lib/system/fastopen: Add TCP Fast Open for OSXtmp-fast-open-macosxTim Rühsen2017-04-111-1/+13
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* doc: removed incorrect commenttmp-test-suite-improvementsNikos Mavrogiannopoulos2017-04-081-2/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_dh_get_pubkey: fixed operation under PSK authenticationNikos Mavrogiannopoulos2017-04-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: test gnutls_dh_get_pubkey in PSK authNikos Mavrogiannopoulos2017-04-081-18/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: combined and enhanced DH params testsNikos Mavrogiannopoulos2017-04-083-56/+58
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added DH parameter check in X.509 authNikos Mavrogiannopoulos2017-04-083-6/+393
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added basic test on gnutls_dh_params_cpyNikos Mavrogiannopoulos2017-04-081-5/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: test gnutls_dh_get_pubkey in anonymous authNikos Mavrogiannopoulos2017-04-081-2/+38
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc updateNikos Mavrogiannopoulos2017-04-082-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added basic unit test on gnutls_random_art()Nikos Mavrogiannopoulos2017-04-082-1/+142
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: fixed documentation for various function parametersNikos Mavrogiannopoulos2017-04-077-11/+10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: removed the coverage run under pkcs11 trust storeNikos Mavrogiannopoulos2017-04-071-4/+1
| | | | | | It was causing inaccurate total coverage numbers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedoratmp-fix-pkcs11-trust-storeNikos Mavrogiannopoulos2017-04-071-1/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: use gnutls_global_init instead of global_initNikos Mavrogiannopoulos2017-04-071-1/+1
| | | | | | | | The reason is to force initialization of the PKCS#11 backend, and thus support for any PKCS#11 trust store when setup. This fixes running the test suite in Fedora. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added checks with certificates that contain invalid time fieldtmp-increase-testsNikos Mavrogiannopoulos2017-04-077-2/+49
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509/time: reject invalid dates in local mktime()Nikos Mavrogiannopoulos2017-04-071-0/+4
| | | | | | Resolves #135 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: added newline in error messageNikos Mavrogiannopoulos2017-04-071-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added basic check for systemkey toolNikos Mavrogiannopoulos2017-04-072-1/+44
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* systemkey: improved error message on unsupported systemsNikos Mavrogiannopoulos2017-04-071-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: enhanced tofu trustdb checksNikos Mavrogiannopoulos2017-04-072-3/+42
| | | | | | | Include checks which store and load commitments from the user's home directory. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: do not run pkgconfig test in systems with invalid libidn flagsNikos Mavrogiannopoulos2017-04-071-0/+7
| | | | | | | This prevents our test from failing, due to invalid flags found in a dependency of ours. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: fixed tpmtool and psktool documentationNikos Mavrogiannopoulos2017-04-071-2/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status