| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This will allow the test tool to operate even after openpgp certificates
are deprecated.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That allows disabling openpgp authentication and at the same time
retaining ABI compatibility with versions including openpgp.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Enhanced PKCS#12 encoding tests, with the encoding of a file
which contains a cert, a key and a CRL.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
In addition fallback to DER when --load-crl fails importing a PEM
encoded CRL due to PEM issues.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That tests gnutls_x509_crl_get_crt_serial().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
The new code re-uses the gnutls_x509_dn APIs instead of re-implementing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This allows parallelist and also helps identifying easier the
culprit on an error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While HMAC-MD5 is not yet broken, it is not used by any non-broken
or non-NULL ciphersuites (is only used with NULL and RC4), and as there
is not plan to introduce new ciphersuites with that MAC algorithm, there
is no point to include it in the default set of allowed algorithms.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This is an alias to GNUTLS_E_UNEXPECTED_PACKET_LENGTH. That
allows distinguishing the alert from GNUTLS_E_RECORD_OVERFLOW.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This allows running the test under FIPS140-2 mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, if an extension containing no signature algorithms is
encountered, treat that as an error. This is an RFC5246 requirement,
since the minimum "supported_signature_algorithms" length is 2.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This is the closest to use alert when no certificate is found; at least
it is closer according to tlsfuzzer and rfc5246 text on insuficient_security
alert.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
As we do not read the value directly, but rather assign to it
the remaining data, we ensure that there are no overflows if
we have additional data past the extensions field. The integer
can hold more than 2^24 which is the maximum handshake packet
size.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That is, do not return GNUTLS_E_REHANDSHAKE, while we are within
a handshake process.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
On the other hand, fail if an empty extensions field is seen, but
the client hello contains data nevertheless, or if the extensions
field is padded with additional unaccounted data.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Introduced GNUTLS_E_RECORD_OVERFLOW.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
That ensures that the right alert is send when illegal
parameters are received (e.g., zero length).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This enhances the testsuite by running all the tlsfuzzer
fuzzer tests which require no certificates from server.
https://github.com/tomato42/tlsfuzzer
|
|
|
|
|
|
|
|
| |
This allows running the complete test suite even when the library
is compiled in FIPS140-2 mode, as long as the run-time is not at
this mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This brings the FIPS generators in par with the non-FIPS chacha-based ones.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That combines the levels GNUTLS_RND_RANDOM and GNUTLS_RND_KEY, while
at the same time makes sure that backtracking is impossible on the
GNUTLS_RND_KEY level, by reinitializing the RNG after a call requesting
data for the GNUTLS_RND_KEY level.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Also move the random generator discussion to internals section.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That also corrects the fact that not all tests were run for all generators,
and allows to run the tests in parallel.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|