Fix python2 compatibility issue with X509 DER parsing #117
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
increase timeouts for test connections
Add more strong pseudoprimes in tests
DHE small subgroup checks
the CRT leaks are as applicable to ServerKeyExchange as they are to CertificateVerify, if only harder to exploit
also fixes the incorrect generator for 3072-bit params, it was 2, but should be 5. Keep the old params in the list, but don't use them for creating the verifier values (see makeVerifier)
rfc 7919 mandates that in case the client advertised any ffdhe groups (including unrecognised ones), if server can't find a fallback cipher, it needs to fail connection with insufficient_security alert
AES init speedup
# Conflicts: # tlslite/utils/codec.py
DHE improvements
Because NSS zero-pads the key share in SKE message, the writeParams and thus hash calculation for the message won't match and the signature verification will fail this patch extends the message parser to store the length of the field together with value and recreate it on write
Python3 m2crypto
some travis hosts are very slow, so try to workaround it by insreasing timeouts in tests
TLS 1.3 padding support
increase timeouts for iteraction
a lot of methods use parameters names that use camelCase, which is unpythonic, add a decorator that will allow renaming them without breaking backwards compatibility
use the new pylint generated pylintrc as a guide, update rgx
basic TLS 1.3 client support - no HRR, no session resumption
the protocol requires that key_share extension be always present, even if the list in it would be empty (on penalty of a round-trip-time)
TLS 1.3 first part
deprecate non-pythonic names
In python 3.7, async and await are new reserved keywords which cannot be used as variable names or arguments. This commit renames some parameters called async to comply with that. It also updates metadata identifiers to state python 3.7 support as well as runs with mentioned version on travis.
Fixes for python 3.7 support
|
Could you file it against tomato42/tlslite-ng? this fork is essentially abandoned |
|
Sure, filed as tlsfuzzer/tlslite-ng#223 |
The documentation for X509.parseBinary claims to support python2 str as an input. The input string is correctly converted to bytearray, but the array is not passed to the ASN1Parser - the parser gets the original string and fails with Type error when attempting to logical-or the characters with an integer.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The documentation for X509.parseBinary claims to support python2 str as an input.
The input string is correctly converted to bytearray, but the array is not
passed to the ASN1Parser - the parser gets the original string and
fails with Type error when attempting to logical-or the characters with an integer.