| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* psktool's -p argument should really be short for --pskfile, not
--passwd. there is no passwd involved.
* the example documentation switches names halfway through, which is
confusing.
* there is no prompt for a password. do not mention it in the
example.
|
|
|
|
|
|
|
|
| |
fields are accepted
Also removed the old strict compliance DER test.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that openssl generated certificates may contain invalid
formatted times, and gnutls will no longer parse them. Ignore such
formatting errors when DER decoding.
We should reconsider this in the future (#207)
Resolves #196
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That simplifies the existing PRF code and moves it in the
crypto-backend component.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The reason is that this API, assumes very low level primitives which
are not available for the newer RSA-PSS private keys.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That will allow this function to operate with the new key types.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE
For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
The same code was available in _gnutls_privkey_find_sign_params().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That makes sure that the high level APIs are used when possible, and
separate the TLS 1.2 from other code paths. This will allow supporting
signature schemes like EdDSA and others.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
There were several tests that were utilizing SHA1 signatures but were
not failing due to the bug in gnutls_pubkey_verify_hash2().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
non-RSA keys
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This flag is not required for verification since the signature algorithm
is sufficient to detect RSA-PSS without requiring any flags.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Previously --generate-privkey wouldn't ask for password unless --pkcs8
was explicitly given. Keep that behavior, and do not ask for any password
even if we need to export to PKCS#8 for some key types. Always require
the --pkcs8 option to encrypt with password.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This option could accomodate future enhancements/additions in
certificate signining.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
These tests fail because tls-fuzzer currently does not properly implement
RSA-PSS.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
An RSA-PSS key has additional parameters which cannot be stored
in the "standard" PKCS#1 format. For that when asked to generate
an RSA-PSS key, we export to the PKCS#8 form.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
Previously it was expecting a different alert code than gnutls returned.
Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR)
on malformed signatures.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This makes server respond with GNUTLS_A_DECRYPT_ERROR on malformed signatures,
which is the expected behavior. Hinted by Hubert Kario.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That allows including all the existing signatures including DSA.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That includes tests with RSA and RSA-PSS server and client certificates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That is in addition to GNUTLS_PK_RSA
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
GOST VKO and PSS keys would support several public keys, so change
the previous 1:1 kx->pk mapping into 1:many.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|