Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: enhance with checks to verify that textual IPs are not matchedtmp-hostname-verif-updates | Nikos Mavrogiannopoulos | 2017-04-30 | 1 | -0/+85 |
| | | | | | | | | That verifies that the hostname check verification function will not succeed if given textual IPs, and the certificate contains textual IPs in DNSname or in the CN fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_x509_crt_check_hostname2: no match dns fields against IPs | Nikos Mavrogiannopoulos | 2017-04-30 | 1 | -9/+11 |
| | | | | | | | | | | Previously we were checking textual IP address matching against the DNS fields. This match was non-standard and was intended to work around few broken servers. However that also led to not evaluating and IP constraints for that IP. No longer follow that broken behavior. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: check against symbols present only in IDNA2003 | Nikos Mavrogiannopoulos | 2017-04-30 | 1 | -1/+9 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_idna_map: fallback to IDNA2008 transitional encoding on failure | Nikos Mavrogiannopoulos | 2017-04-30 | 1 | -1/+7 |
| | | | | | | | This aligns with the behavior of firefox, which maps to IDNA2008, and fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | fuzz: fix leaks in PKCS#12 fuzzer | Nikos Mavrogiannopoulos | 2017-04-28 | 1 | -4/+10 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs12: release CRL data on error path | Nikos Mavrogiannopoulos | 2017-04-28 | 1 | -0/+4 |
| | | | | | | | This addresses issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc: added gnutls_ext_flags_t enumerationtmp-pkcs12-cleanups | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -0/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | _gnutls_base64_decode: corrected leak on decoding error | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -5/+8 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: fixed expected error code in base64 check | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: ensure no leaks on pkcs12_info() error paths | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -0/+4 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added reproducer for mem leak in PKCS#12 decoding | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -2/+16 |
| | | | | | | | This relates to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents | Nikos Mavrogiannopoulos | 2017-04-25 | 3 | -3/+5 |
| | | | | | | | | This makes sure we deinitialize previously available elements. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | cleanups in _pkcs12_decode_safe_contents | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -14/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs12: clean ups in PKCS#12 parsing | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -2/+10 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Added explicit check for the bounds of the generated 'd'. | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -0/+6 |
| | | | | | | This is according to FIPS186-4 sec. B.3.1. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | fips140-2: enhanced check of generated parameters | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -4/+12 |
| | | | | | | | That is, replaced all assert() calls with if statements to allow gracefull fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-mini | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -1/+1 |
| | | | | | | Relates #197 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added base64 reproducer of mem leak | Nikos Mavrogiannopoulos | 2017-04-25 | 1 | -3/+15 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2017-04-24 | 1 | -3/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip] | Nikos Mavrogiannopoulos | 2017-04-23 | 2 | -7/+23 |
| | | | | | | | | This flag is expected to be used by applications which handle custom extensions that are not currently supported in gnutls, but support for them may be added in the future. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | _gnutls_base64_decode: addressed memory leak in decodingtmp-base64-decode-fix | Nikos Mavrogiannopoulos | 2017-04-21 | 1 | -4/+8 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pem_base64_decode: allow decoding raw base64 data | Nikos Mavrogiannopoulos | 2017-04-21 | 2 | -11/+31 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: check whether gnutls_pem_base64_decode2 decodes with null argument | Nikos Mavrogiannopoulos | 2017-04-21 | 1 | -0/+28 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Revert "gnutls_pem_base64_decode: allow decoding raw base64 data" | Nikos Mavrogiannopoulos | 2017-04-21 | 1 | -16/+1 |
| | | | | This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884. | ||||
* | doc: clarifications on custom thread override [ci skip] | Nikos Mavrogiannopoulos | 2017-04-20 | 2 | -3/+8 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | fuzz: added PEM base64 decoder and encoder fuzzers [ci skip] | Nikos Mavrogiannopoulos | 2017-04-20 | 5 | -2/+114 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | fuzz: openpgp fuzzer always succeeds when no support is present [ci skip] | Nikos Mavrogiannopoulos | 2017-04-19 | 1 | -3/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | lib/system/fastopen: simplified TCP fast open for OSX | Nikos Mavrogiannopoulos | 2017-04-14 | 1 | -10/+20 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | lib/system/fastopen: Add TCP Fast Open for OSXtmp-fast-open-macosx | Tim Rühsen | 2017-04-11 | 1 | -1/+13 |
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> | ||||
* | doc: removed incorrect commenttmp-test-suite-improvements | Nikos Mavrogiannopoulos | 2017-04-08 | 1 | -2/+0 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | gnutls_dh_get_pubkey: fixed operation under PSK authentication | Nikos Mavrogiannopoulos | 2017-04-08 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: test gnutls_dh_get_pubkey in PSK auth | Nikos Mavrogiannopoulos | 2017-04-08 | 1 | -18/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: combined and enhanced DH params tests | Nikos Mavrogiannopoulos | 2017-04-08 | 3 | -56/+58 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: added DH parameter check in X.509 auth | Nikos Mavrogiannopoulos | 2017-04-08 | 3 | -6/+393 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: added basic test on gnutls_dh_params_cpy | Nikos Mavrogiannopoulos | 2017-04-08 | 1 | -5/+10 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: test gnutls_dh_get_pubkey in anonymous auth | Nikos Mavrogiannopoulos | 2017-04-08 | 1 | -2/+38 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | doc update | Nikos Mavrogiannopoulos | 2017-04-08 | 2 | -2/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: added basic unit test on gnutls_random_art() | Nikos Mavrogiannopoulos | 2017-04-08 | 2 | -1/+142 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | doc: fixed documentation for various function parameters | Nikos Mavrogiannopoulos | 2017-04-07 | 7 | -11/+10 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | .gitlab-ci.yml: removed the coverage run under pkcs11 trust store | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -4/+1 |
| | | | | | | It was causing inaccurate total coverage numbers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedoratmp-fix-pkcs11-trust-store | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+13 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: use gnutls_global_init instead of global_init | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -1/+1 |
| | | | | | | | | The reason is to force initialization of the PKCS#11 backend, and thus support for any PKCS#11 trust store when setup. This fixes running the test suite in Fedora. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added checks with certificates that contain invalid time fieldtmp-increase-tests | Nikos Mavrogiannopoulos | 2017-04-07 | 7 | -2/+49 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | x509/time: reject invalid dates in local mktime() | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -0/+4 |
| | | | | | | Resolves #135 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: added newline in error message | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added basic check for systemkey tool | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -1/+44 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | systemkey: improved error message on unsupported systems | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+5 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: enhanced tofu trustdb checks | Nikos Mavrogiannopoulos | 2017-04-07 | 2 | -3/+42 |
| | | | | | | | Include checks which store and load commitments from the user's home directory. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: do not run pkgconfig test in systems with invalid libidn flags | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -0/+7 |
| | | | | | | | This prevents our test from failing, due to invalid flags found in a dependency of ours. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc: fixed tpmtool and psktool documentation | Nikos Mavrogiannopoulos | 2017-04-07 | 1 | -2/+5 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |