| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
That fixes issue detecting connection termination from gnutls-serv
in chacha20 test.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That avoids false positives in error detection in 'crq' test due to
SECP224R1 not being supported in our CI platforms.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
On unknown algorithms, it is not always possible to parse the SPKI
field. Instead avoid printing errors.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
This eliminates a misleading code that assumed that the called functions
will return the appended size. Always return zero on success which is
what the existing callers assume.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, if DSA-SHA1 is allowed, do not propagate errors from
gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather
ignore such errors.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
It will no longer close the session prior to peer processing
all messages. This prevents the peer stopping processing
prior to all messages being received.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
It will no longer use a stream socket as this can does not work
well with damaged records (they may end up merged).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Previously we assumed that an active session had always a version
set, however there have been reports of evolution crashing in
that particular point. Although, this could have been due to
memory corruption, be careful and check for invalid input.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
Previously we were using a rough calculation of the max recv size
based on maximum values. Now we calculate the exact maximum value once
the epoch is initialized and enforce it throughout the session.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This eases testing using tlsfuzzer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This makes gnutls-serv useful for few tlsfuzzer test cases.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
We no longer support compression.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As the contents of the priority cache grows, it makes sense to shared
these structures across many sessions (in server side) rather than
copying them to a session. All overrides of the priority contents
were moved to session->internals. On client side where gnutls_priority_set_direct()
is more commonly used, ensure that the set priority is deinitialized.
That also introduces gnutls_priority_set2() which does not copy the priority
contents by default.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This verifies that the expected algorithm (cipher) is negotiated.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
This verifies whether the ciphersuite negotiation will detect and
reject incompatible data present in credentials.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The new names better reflect the reality with signature algorithms
in TLS 1.3, and correct the initial naming error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
Similarly to ciphersuites, that also utilizes a cache of signature algorithms
on the priority structure which is used to quickly generate the signature
algorithm list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This takes advantage of the ciphersuite cache in priorities structure
while keeping the same ciphersuite selection checks in place.
The previous ciphersuite selection checks kept:
* Removing SRP ciphersuites when no SRP credentials are set
* Removing ciphersuites when no corresponding to KX credentials were set
* SCSV addition in SSL 3.0 and fallback SCSV
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This eliminates all the back and forth loops in the previous code
while keeping the same ciphersuite selection checks in place.
The ciphersuite selection tests that were kept:
* Check if key exchange supports the server public key and key usage flags
* Check if DH or other parameters required for the ciphersuite are present
* Find appropriate certificate for the credentials and ciphersuite
* Check whether a curve is negotiated for the ECDH ciphersuites
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
That optimizes linear search for the common options.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
These were identified using callcatcher.
http://www.skynet.ie/~caolan/Packages/callcatcher.html
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This allows updating the fuzzer corpus from openssl using a single
command.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
Also updated to read the prefixed boringssl corpus files.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
Also updated to read the prefixed boring ssl corpus files.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|