Commits · master · gnutls / GnuTLS

18 Jul, 2017 4 commits
- tlsfuzzer: enabled RSA-PSS checks on certificate verify · 1e93735a
```
Relates: #208

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 18, 2017
  1e93735a Browse Files
- tlsfuzzer: enabled test-extended-master-secret-extension.py · 1297ca4a
```
That allows testing the extended master secret behavior.

Resolves: #231

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 18, 2017
  1297ca4a Browse Files
- ext_master_secret: return proper error code on decoding error · 0b1de252
```
Proper meaning that it maps to the alert 'decode error' rather
than illegal parameter. According to tlsfuzzer the former is more
suitable.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 18, 2017
  0b1de252 Browse Files
- gnutls-cli: re-use priorities for both client and server on benchmarks · f330d46a
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 18, 2017
  f330d46a Browse Files
17 Jul, 2017 36 commits
- gnutls-cli: re-use priorities when measuring performance · 7280209b
```
This avoids measuring cache misses due to priority processing time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  7280209b Browse Files
- tests: enhanced SSL3.0 openssl detection in testcompat-openssl · 831d760b
```
That disables SSL 3.0 testing in openssl versions which cannot negotiated
it (see https://bugzilla.redhat.com/show_bug.cgi?id=1471783 for rationale)
and corrects a typo in the variable name and printed message.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  831d760b Browse Files
- .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat testing as well · 7076a689
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  7076a689 Browse Files
- tests: disable ARCFOUR interop tests if openssl doesn't support the cipher · 0d215b67
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  0d215b67 Browse Files
- tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0 · 532d368a
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  532d368a Browse Files
- Use gcc's attribute to mark fallthrough statements · f202dfc9
```
gcc7 is more verbose on fallthrough warnings, and this patch set
cleans up the current state by making use of the attribute when
necessary.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  f202dfc9 Browse Files
- configure: do not utilize the -Wno-format-truncation gcc warning · 4ea30df3
```
The warnings it produces have little value in our use of string functions.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  4ea30df3 Browse Files
- .gitlab-ci.yml: switched to fedora 26 for CI builds · 81b89334
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  81b89334 Browse Files
- tests: introduced tests on public key import-export · 2fc8b99d
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  2fc8b99d Browse Files
- tests: added sign/verification test using rfc8080 keys · 5eacd8d1
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  5eacd8d1 Browse Files
- tests: verify that a server with an ed25519 key will fail when client does not advertise it · b529460c
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  b529460c Browse Files
- tests: privkey-keygen: added unit test for Ed25519 keys · 137c45e8
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  137c45e8 Browse Files
- privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm · 30fd9938
```
In these schemes the hash algorithm is fixed in the signature algorithm
and thus the empty (unknown) value will act as a wildcard.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  30fd9938 Browse Files
- tests: added private key parameter verification in key-import-export checks · 0fbf1728
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  0fbf1728 Browse Files
- nettle: wrap_nettle_pk_verify_priv_params: verify whether public key matches private · e72027b0
```
This enables gnutls_privkey_verify_params() for Ed25519 keys.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  e72027b0 Browse Files
- CONTRIBUTING.md: specified rules on boolean functions · 96d8dd8b
```
Based on suggestion by Hubert Kario.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  96d8dd8b Browse Files
- priority: enabled Ed25519 signature by default · 3aa23a31
```
As our implementation interoperates with boringssl's implementation
of Ed25519, we can now enable it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  3aa23a31 Browse Files
- updated auto-generated files · 09c85d1e
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  09c85d1e Browse Files
- handshake: return better error code on unwanted algorithm · 3761340b
```
That is, when a signature algorithm is available which was not
asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM
instead of the UNKNOWN_ALGORITHM.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  3761340b Browse Files
- tests: added check on Ed25519 chain verification · d3b07f1a
```
This chain was generated using certtool, and passed verification
with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de)

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  d3b07f1a Browse Files
- gnutls-cli: added RSA-PSS signatures in benchmark · 14591c7e
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  14591c7e Browse Files
- doc update · 9bd4ceb3
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  9bd4ceb3 Browse Files
- privkey_sign_and_hash_data: added sanity check on param validity · 10e73e60
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  10e73e60 Browse Files
- gnutls-cli: added benchmark on X25519-Ed25519 key exchange · 1894f047
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  1894f047 Browse Files
- tests: pkcs7: added ed25519 basic signing and verification checks · 96573d79
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  96573d79 Browse Files
- privkey_sign_and_hash_data: handle prehashed signatures · c7882d14
```
This allows this function to handle ed25519, i.e., allows it
to operate for PKCS#7 signatures.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  c7882d14 Browse Files
- pkcs7: improved syntax in if-clause · 53313e4d
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  53313e4d Browse Files
- tests: enhanced OID tests for Ed25519 OIDs · 650f6257
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  650f6257 Browse Files
- tests: key-import-export: added Ed25519 key import/export checks · 2dc11c17
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  2dc11c17 Browse Files
- doc update · aae7c0be
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  aae7c0be Browse Files
- tests: replaced rsa-pss/eddsa certtool options with --key-type · e80dd2be
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  e80dd2be Browse Files
- certtool: introduced the --key-type option · 4f0e7e9a
```
This replaces the --rsa-pss and --eddsa options.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  4f0e7e9a Browse Files
- Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519 · 916e65e5
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  916e65e5 Browse Files
- tests: parse and interpret an EdDSA public key · f9d196b0
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  f9d196b0 Browse Files
- tests: added TLS handshake test with EdDSA25519 certificates · 82cb4b7c
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  82cb4b7c Browse Files
- Allowed Ed25519 signing in TLS handshakes · 55dbc95c
```
This follows draft-ietf-tls-rfc4492bis-17

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
```
  Nikos Mavrogiannopoulos committed Jul 17, 2017
  55dbc95c Browse Files