summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* tolerate non-valid UTF8 passwords when decryptingNikos Mavrogiannopoulos2016-11-208-22/+39
|
* tests: addressed compiler warningsNikos Mavrogiannopoulos2016-11-202-3/+2
|
* _gnutls_utf8_to_ucs2: normalize to NFC UTF16 outputNikos Mavrogiannopoulos2016-11-201-4/+13
|
* openssl_hash_password: normalize the password prior to useNikos Mavrogiannopoulos2016-11-201-14/+29
|
* TPM: normalize the password prior to useNikos Mavrogiannopoulos2016-11-201-7/+45
|
* _gnutls_calc_srp_sha: normalize the password prior to useNikos Mavrogiannopoulos2016-11-201-5/+18
|
* gnutls_x509_crq_set_challenge_password: normalize the password prior to useNikos Mavrogiannopoulos2016-11-201-4/+18
|
* PKCS#7/8: normalize the password according to rfc7613Nikos Mavrogiannopoulos2016-11-205-36/+77
|
* gnutls.pc: use the LT version of the lib variablesNikos Mavrogiannopoulos2016-11-201-1/+1
|
* Use libunistring when present instead of iconv()Nikos Mavrogiannopoulos2016-11-203-28/+157
| | | | | That allows us to rely to a single provider for unicode functionality.
* tests: added unit tests for gnutls_utf8_password_normalize()Nikos Mavrogiannopoulos2016-11-202-1/+84
|
* Added function for UTF-8 normalization based on RFC7613Nikos Mavrogiannopoulos2016-11-206-1/+164
| | | | This introduces gnutls_utf8_password_normalize() and a dependency on libunistring.
* tests: added test suite with PKCS#8 files that have invalid encryptiontmp-pkcs7-fixesNikos Mavrogiannopoulos2016-11-149-1/+53
|
* PKCS#5,7 decryption: verify the correctness of paddingNikos Mavrogiannopoulos2016-11-141-4/+16
| | | | | | | That is, for block ciphers (i.e., cbc), verify that all the padding bytes match the expected contents according to RFC2898. Relates #148
* PKCS#5,7 decryption: added sanity check on padding sizeNikos Mavrogiannopoulos2016-11-141-2/+8
| | | | Relates #148
* PKCS#5,7 decryption: fail without leak on unknown MACNikos Mavrogiannopoulos2016-11-141-2/+4
|
* PKCS#5,7 decryption: fail early on invalid block sizesNikos Mavrogiannopoulos2016-11-141-3/+13
|
* PKCS#5,7 decryption: enforce limits in the support parameter sizesNikos Mavrogiannopoulos2016-11-143-12/+35
| | | | | This allows to detect invalid parameters early rather than later. Relates #148
* updated auto-generated files for new functionstmp-rfc4514-updatesNikos Mavrogiannopoulos2016-11-143-0/+28
|
* pkcs7 output: use the new functions for DN outputNikos Mavrogiannopoulos2016-11-141-1/+1
|
* tests: account for the strict RFC4514 compliance reversalNikos Mavrogiannopoulos2016-11-142-4/+48
| | | | | Test the new functions only for the strict RFC4514 compliance to output strings, and test the old functions for the legacy format.
* doc updateNikos Mavrogiannopoulos2016-11-141-1/+14
|
* x509 output: use the new functions for DN outputNikos Mavrogiannopoulos2016-11-142-167/+60
|
* cleanups in _gnutls_buffer_to_datum()Nikos Mavrogiannopoulos2016-11-141-5/+9
|
* certtool: use the new APIs for DN extractionNikos Mavrogiannopoulos2016-11-141-35/+31
|
* _gnutls_x509_get_dn: when no data ensure we return ↵Nikos Mavrogiannopoulos2016-11-141-2/+6
| | | | | | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE This aligns with the previous (prior to RFC4514 improvements) behavior of the function.
* Introduced new functions to allow multiple DN parsing modesNikos Mavrogiannopoulos2016-11-1410-176/+483
| | | | | | | | The old DN parsing functions are changed to return the original non-fully compliant with RFC4514 string format, while the new ones return the compliant string by default. This allows applications which relied on the previous format to continue functioning without changes.
* .gitlab-ci.yml: include root dir log files in all buildsNikos Mavrogiannopoulos2016-11-141-0/+7
|
* doc updateNikos Mavrogiannopoulos2016-11-141-0/+3
|
* gl: removed invalid module nameNikos Mavrogiannopoulos2016-11-141-2/+1
|
* tools: added explicit socket flag to skip TLS initializationtmp-tools-updateNikos Mavrogiannopoulos2016-11-133-7/+10
| | | | | This allows proper error recovery when SOCKET_FLAG_RAW is specified and initialize_session() fails.
* gnutls-cli-debug: terminate sessions which cannot be re-usedNikos Mavrogiannopoulos2016-11-133-6/+6
|
* sockets: only use gnutls_bye on a valid socket sessionNikos Mavrogiannopoulos2016-11-131-1/+2
|
* p11tool: --initialize will no longer reset user PINNikos Mavrogiannopoulos2016-11-131-23/+1
| | | | | | | That is because it only resetted the user PIN and not the admin PIN, while at the same time it had problems to cope with the case where the URL changed between token initialization and PIN setting (which is the case if --label is provided to --initialize).
* p11tool: added options to initialize a user and admin's PINNikos Mavrogiannopoulos2016-11-134-3/+70
|
* gnutls_store_pubkey: document the default hosts formatNikos Mavrogiannopoulos2016-11-111-0/+7
|
* _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning successNikos Mavrogiannopoulos2016-11-071-0/+1
| | | | | This will prevent verification to succeed if the system is in error state.
* fips140-2: moved PCT-test in wrap_nettle_generate_keysNikos Mavrogiannopoulos2016-11-072-94/+100
| | | | | This allows it to run in any potential scenario, i.e., any call of _gnutls_pk_generate_keys().
* doc updateNikos Mavrogiannopoulos2016-11-061-0/+3
|
* .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9Nikos Mavrogiannopoulos2016-11-061-7/+5
|
* bumped the version of the minimum required libtasn1Nikos Mavrogiannopoulos2016-11-061-1/+1
| | | | | We now require the latest version that supports OIDs with elements that are longer than 32-bits.
* tests: added check for the decoding of certificates with long OIDsNikos Mavrogiannopoulos2016-11-063-2/+238
| | | | That is, OIDs which have an element which exceeds 2^32.
* symbol-check: do not compare against symbols not exported by usNikos Mavrogiannopoulos2016-11-041-1/+1
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+9
|
* tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE setNikos Mavrogiannopoulos2016-11-041-4/+4
|
* priorities: added CHACHA20-POLY1305 to SECURE setNikos Mavrogiannopoulos2016-11-041-0/+2
|
* released 3.5.6Nikos Mavrogiannopoulos2016-11-041-1/+1
|
* bumped versionsNikos Mavrogiannopoulos2016-11-042-3/+3
|
* symbols.last: updated auto-generated fileNikos Mavrogiannopoulos2016-11-041-1/+0
|
* doc updateNikos Mavrogiannopoulos2016-11-041-0/+5
|
View Lorry Controller Status