1. 15 Dec, 2018 3 commits
  2. 13 Dec, 2018 2 commits
    • Peter Wu's avatar
      pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME · e32724e3
      Peter Wu authored
      find_token_modname_cb uses p11_kit_config_option to retrieve the module
      name, but its return value must be free'd.
      
      Other fixes:
      - Do not silently truncate the output buffer, return an error instead.
      - If the module name is unavailable, do not write "(null)" to the
        output. Write an empty string instead.
      - The module path can be of arbitrary length, so passing output=NULL to
        learn the length seems reasonable, except that snprintf crashed on a
        NULL pointer dereference.
      
      Fixes: 241f9f0b ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info")
      Signed-off-by: Peter Wu's avatarPeter Wu <peter@lekensteyn.nl>
      e32724e3
    • Peter Wu's avatar
      pkcs11: clarify gnutls_pkcs11_*_get_info output_size · 571d037c
      Peter Wu authored
      It was not clear whether @output_size contains the actual string length
      or the buffer length (including null terminator).
      Signed-off-by: Peter Wu's avatarPeter Wu <peter@lekensteyn.nl>
      571d037c
  3. 12 Dec, 2018 2 commits
  4. 06 Dec, 2018 2 commits
  5. 30 Nov, 2018 3 commits
  6. 28 Nov, 2018 1 commit
  7. 27 Nov, 2018 3 commits
    • Stephan Mueller's avatar
      DRBG: Use ACVP validated test vector in self test · 3e8d160e
      Stephan Mueller authored
      Due to removing all of the FIPS 140-2 continuous self test leftovers,
      the DRBG test vector must be updated as the very first DRBG block is not
      dropped any more.
      
      The test complies with the CAVP test definition specified in "The
      NIST SP 800-90A Deterministic Random Bit Generator Validation
      System (DRBGVS)" section 6.2.
      
      The test vector is obtained during a successful trial run using the
      NIST ACVP server. The following registration was used to generate the
      test vector:
      
            {
              "algorithm":"ctrDRBG",
              "prereqVals":[
                {
                  "algorithm":"AES",
                  "valValue":"same"
                }
              ],
              "predResistanceEnabled":[
                false
              ],
              "reseedImplemented":true,
              "capabilities":[
                {
                  "mode":"AES-256",
                  "derFuncEnabled":false,
                  "entropyInputLen":[
                    384
                  ],
                  "nonceLen":[
                    0
                  ],
                  "persoStringLen":[
                    0,
                    256
                  ],
                  "additionalInputLen":[
                    0,
                    256
                  ],
                  "returnedBitsLen":512
                }
              ]
            },
      Signed-off-by: Stephan Mueller's avatarStephan Mueller <smueller@chronox.de>
      3e8d160e
    • Nikos Mavrogiannopoulos's avatar
      Fix session description info printing · 07f5f270
      Nikos Mavrogiannopoulos authored
      This fixes a truncation issue in session description information printing
      for certain ciphersuites, and adds a limited testing of expected description
      strings for certain ciphersuites.
      Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@redhat.com>
      07f5f270
    • Nikos Mavrogiannopoulos's avatar
      Prevent applications from combining legacy versions of TLS with TLS1.3 · 8979d407
      Nikos Mavrogiannopoulos authored
      It can happen that an application due to a misconfiguration, enables TLS1.3
      in combination with TLS1.0 or TLS1.1 only. In that case a server which is
      unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol
      instead and that answer will be rejected by the client. With this change
      we ensure that TLS1.3 is not enabled in these problematic scenarios.
      
      Resolves: #621Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@redhat.com>
      8979d407
  8. 25 Nov, 2018 1 commit
  9. 21 Nov, 2018 1 commit
  10. 20 Nov, 2018 1 commit
  11. 19 Nov, 2018 2 commits
  12. 18 Nov, 2018 3 commits
  13. 17 Nov, 2018 1 commit
  14. 16 Nov, 2018 5 commits
  15. 15 Nov, 2018 4 commits
  16. 14 Nov, 2018 1 commit
  17. 12 Nov, 2018 5 commits