Fix python2 compatibility issue with X509 DER parsing by etvahala · Pull Request #117 · trevp/tlslite

etvahala · 2018-03-01T08:50:19Z

The documentation for X509.parseBinary claims to support python2 str as an input.
The input string is correctly converted to bytearray, but the array is not
passed to the ASN1Parser - the parser gets the original string and
fails with Type error when attempting to logical-or the characters with an integer.

increase timeouts for test connections

Add more strong pseudoprimes in tests

DHE small subgroup checks

the CRT leaks are as applicable to ServerKeyExchange as they are to CertificateVerify, if only harder to exploit

also fixes the incorrect generator for 3072-bit params, it was 2, but should be 5. Keep the old params in the list, but don't use them for creating the verifier values (see makeVerifier)

rfc 7919 mandates that in case the client advertised any ffdhe groups (including unrecognised ones), if server can't find a fallback cipher, it needs to fail connection with insufficient_security alert

AES init speedup

Parser fixes

# Conflicts: # tlslite/utils/codec.py

DHE improvements

Because NSS zero-pads the key share in SKE message, the writeParams and thus hash calculation for the message won't match and the signature verification will fail this patch extends the message parser to store the length of the field together with value and recreate it on write

Python3 m2crypto

some travis hosts are very slow, so try to workaround it by insreasing timeouts in tests

TLS 1.3 padding support

increase timeouts for iteraction

a lot of methods use parameters names that use camelCase, which is unpythonic, add a decorator that will allow renaming them without breaking backwards compatibility

use the new pylint generated pylintrc as a guide, update rgx

basic TLS 1.3 client support - no HRR, no session resumption

the protocol requires that key_share extension be always present, even if the list in it would be empty (on penalty of a round-trip-time)

TLS 1.3 first part

deprecate non-pythonic names

In python 3.7, async and await are new reserved keywords which cannot be used as variable names or arguments. This commit renames some parameters called async to comply with that. It also updates metadata identifiers to state python 3.7 support as well as runs with mentioned version on travis.

Fixes for python 3.7 support

tomato42 · 2018-03-01T10:19:42Z

Could you file it against tomato42/tlslite-ng? this fork is essentially abandoned

etvahala · 2018-03-01T11:43:36Z

Sure, filed as tlsfuzzer/tlslite-ng#223

The documentation for X509.parseBinary claims to support python2 str as an input. The input string is correctly converted to bytearray, but the array is not passed to the ASN1Parser - the parser gets the original string and fails with Type error when attempting to logical-or the characters with an integer.

tomato42 and others added 30 commits November 8, 2016 15:31

increase timeouts for test connections

c820e49

Merge pull request #147 from tomato42/longer-timeouts

0ff8d46

increase timeouts for test connections

Merge pull request #144 from tomato42/strong-pseudoprimes

aa2c0ef

Add more strong pseudoprimes in tests

Merge pull request #139 from tomato42/dhe-small-subgroup

6fea5df

DHE small subgroup checks

method for finding first matching element

9873105

wrap the ugly next() construct to get first matching element

669b2bf

verify signatures created in cert verify

17ec70a

the CRT leaks are as applicable to ServerKeyExchange as they are to CertificateVerify, if only harder to exploit

less code duplication in keyexchange

9bbf2db

fix formatting of goodGroupParameters initializer

3859eea

also fixes the incorrect generator for 3072-bit params, it was 2, but should be 5. Keep the old params in the list, but don't use them for creating the verifier values (see makeVerifier)

cleanup comment

9db7c07

method to provide security estimate for DH and RSA keys

ddfccf7

move divceil to utils module

7bb5a65

keyExchange with customizable DH parameters

e9b899c

add dhParams to handshake settings

c034161

parsing OpenSSL dhparam output file

52b6279

support loading DH params from file in tls.py

bde265b

add groups from RFC 7919

f3ca624

support for ffdhe in keyexchange

93e336b

add ffdhe groups in handshakesettings

c493b2e

server side of FFDHE negotiation (RFC7919)

c3e3824

add ffdhe support to client side

00b30f4

correct alert for no shared ffdhe groups

0c3c575

rfc 7919 mandates that in case the client advertised any ffdhe groups (including unrecognised ones), if server can't find a fallback cipher, it needs to fail connection with insufficient_security alert

Merge pull request #125 from tomato42/aes-init-speedup

4811c93

AES init speedup

Merge pull request #141 from tomato42/parser-fixes

b4baebf

Parser fixes

fix docstring typo

a7d3128

Merge pull request #124 from tomato42/codec-speedup

31fe6a5

# Conflicts: # tlslite/utils/codec.py

mark as 0.7.0-alpha2

d69c210

Merge pull request #146 from tomato42/ffdhe

f24b10a

DHE improvements

post-merge README update

f27245c

tomato42 and others added 27 commits February 9, 2018 13:24

also test with m2crypto on py3

a152c26

Merge pull request #204 from tomato42/py3-m2crypto

06bb34f

Python3 m2crypto

increase timeouts for iteraction

b2e3b89

some travis hosts are very slow, so try to workaround it by insreasing timeouts in tests

TLS 1.3 padding support

5deb128

Merge pull request #217 from ep69/tls-1.3-padding

3e0b221

TLS 1.3 padding support

Merge pull request #215 from tomato42/more-time

8077633

increase timeouts for iteraction

decorator for deprecating method parameter names

042c729

a lot of methods use parameters names that use camelCase, which is unpythonic, add a decorator that will allow renaming them without breaking backwards compatibility

deprecating class fields and methods

0efc3fc

update pylintrc - forbid camelCase names

34e74cc

use the new pylint generated pylintrc as a guide, update rgx

add deprecations module to docs

9c48f12

fix names in tlslite.defragmenter

1e4c092

handling of Encrypted Extensions in record layer

9d23e4b

handling of TLS 1.3 Certificate and Finished in record layer

85686eb

unittest based integration test - connection

4cc7620

handling of New Session Ticket in tls record layer

1ddee5c

key shares for client hello in handshake settings

ee67802

save received session tickets after handshake

750f155

simple TLS 1.3 client

a677251

basic TLS 1.3 client support - no HRR, no session resumption

Parsing of Hello Retry Request in TLS record layer

68fb5cd

TLS 1.3 client handshake with Hello Retry Request

a1f9963

do not advertise TLS 1.3 version if TLS 1.2 is maxVersion

a344a50

Add support for 1-RTT TLS 1.3 handshake on server side

ea68bea

always send key_share, even if no shares present

852fa4e

the protocol requires that key_share extension be always present, even if the list in it would be empty (on penalty of a round-trip-time)

Merge pull request #220 from tomato42/tls-1.3-first-part

7b66cb4

TLS 1.3 first part

Merge pull request #218 from tomato42/pythonic_names

811d145

deprecate non-pythonic names

Merge pull request #221 from tomato42/postlund-py37_fixes

a493cfd

Fixes for python 3.7 support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix python2 compatibility issue with X509 DER parsing#117

Fix python2 compatibility issue with X509 DER parsing#117
etvahala wants to merge 696 commits intotrevp:masterfrom
etvahala:master

etvahala commented Mar 1, 2018

Uh oh!

tomato42 commented Mar 1, 2018

Uh oh!

etvahala commented Mar 1, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Conversation

etvahala commented Mar 1, 2018

Uh oh!

tomato42 commented Mar 1, 2018

Uh oh!

etvahala commented Mar 1, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants