summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Corrected a leak in OpenPGP sub-packet parsing.Alex Gaynor2017-01-091-1/+3
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* Attempt to fix a leak in OpenPGP cert parsing.Alex Gaynor2017-01-091-1/+3
|
* Do not infinite loop if an EOF occurs while skipping a PGP packetAlex Gaynor2017-01-091-5/+16
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* opencdk: Fixes to prevent undefined behavior (found with libubsan)Nikos Mavrogiannopoulos2017-01-091-1/+1
|
* doc updatetmp-backported-fixes-to-3.3Nikos Mavrogiannopoulos2017-01-041-0/+3
|
* auth rsa: eliminated memory leak on pkcs-1 formatting attack pathNikos Mavrogiannopoulos2017-01-041-1/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-01-021-0/+4
|
* pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-gnutls_3_3_x-blacklisted-issuer-fixNikos Mavrogiannopoulos2016-12-311-0/+11
| | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set.
* certtool: improved error reporting on file errorNikos Mavrogiannopoulos2016-12-311-2/+2
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-201-1/+2
|
* gnutls_x509_ext_import_proxy: fix issue reading the policy languageNikos Mavrogiannopoulos2016-12-171-11/+11
| | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed.
* Merge branch 'tmp-gnutls_3_3_x-pkcs8-decrypt-fixes' into 'gnutls_3_3_x' Nikos Mavrogiannopoulos2016-12-1622-40/+818
|\ | | | | | | | | pkcs8 decrypt fixes backport for 3.3.x See merge request !189
| * tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixesNikos Mavrogiannopoulos2016-12-157-21/+549
| |
| * doc updateNikos Mavrogiannopoulos2016-12-141-0/+3
| |
| * tests: added test for PKCS#8 encrypted key decodingNikos Mavrogiannopoulos2016-12-143-1/+157
| | | | | | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.
| * tests: added test suite with PKCS#8 files that have invalid encryptionNikos Mavrogiannopoulos2016-12-149-1/+53
| |
| * PKCS#7 decrypt_data: merge all errors during decryption to ↵Nikos Mavrogiannopoulos2016-12-141-2/+3
| | | | | | | | GNUTLS_E_DECRYPTION_FAILED
| * pkcs8: ensure that the correct error code is returned on decryption failureNikos Mavrogiannopoulos2016-12-141-0/+1
| |
| * PKCS#5,7 decryption: added sanity check on padding sizeNikos Mavrogiannopoulos2016-12-141-2/+8
| | | | | | | | Relates #148
| * PKCS#5,7 decryption: fail without leak on unknown MACNikos Mavrogiannopoulos2016-12-141-1/+4
| |
| * PKCS#5,7 decryption: fail early on invalid block sizesNikos Mavrogiannopoulos2016-12-141-3/+13
| |
| * PKCS#5,7 decryption: enforce limits in the support parameter sizesNikos Mavrogiannopoulos2016-12-142-12/+30
|/ | | | | This allows to detect invalid parameters early rather than later. Relates #148
* doc updatetmp-gnutls_3_3_x-tpm-updateNikos Mavrogiannopoulos2016-12-131-0/+5
|
* tpmtool: Added --test-sign parameterNikos Mavrogiannopoulos2016-12-132-2/+83
|
* compiler warnings elimination and other bug fixesNikos Mavrogiannopoulos2016-12-131-11/+11
|
* tpmtool: added newline in error messagesNikos Mavrogiannopoulos2016-12-131-8/+8
|
* tpm: backported improvements from master branchNikos Mavrogiannopoulos2016-12-139-81/+290
| | | | | | * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop
* doc: updated to documentation of certtool [ci skip]Nikos Mavrogiannopoulos2016-12-091-3/+3
| | | | This corrects options which incorrectly mentioned they support URLs.
* Don't trash DER CRQ output with text dataNikos Mavrogiannopoulos2016-12-071-2/+2
| | | | Backported patch from master.
* doc updategnutls_3_3_x-set-idNikos Mavrogiannopoulos2016-11-291-1/+7
|
* tests: backported test suite for p11tool --set-id and --set-label optionsNikos Mavrogiannopoulos2016-11-291-0/+52
|
* p11tool: added --set-id and --set-label optionsNikos Mavrogiannopoulos2016-11-294-0/+79
|
* added gnutls_pkcs11_obj_set_info()Nikos Mavrogiannopoulos2016-11-295-0/+183
| | | | | This function allows setting information such as the CKA_ID and the CKA_LABEL of an object.
* tests: check whether PKCS #11 ID set on copy/generation is correctNikos Mavrogiannopoulos2016-11-291-2/+10
|
* p11tool: allow setting the CKA_ID on object initialization/generationNikos Mavrogiannopoulos2016-11-294-15/+54
|
* exported new functionsNikos Mavrogiannopoulos2016-11-291-0/+3
|
* pkcs11: enhanced key generation functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2016-11-292-16/+65
|
* enhanced copy functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2016-11-292-29/+110
|
* pkcs12: fixed the calculation of p_sizeNikos Mavrogiannopoulos2016-11-291-1/+1
| | | | Include the trailing zero into the size calculation.
* doc updateNikos Mavrogiannopoulos2016-11-281-0/+3
|
* tests: added pkcs12 check with openssl generated structure and long passwordNikos Mavrogiannopoulos2016-11-283-2/+2
|
* pkcs12: fixed the calculation of p_sizeNikos Mavrogiannopoulos2016-11-281-1/+1
| | | | That affects passwords which exceed 32 characters.
* _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning successNikos Mavrogiannopoulos2016-11-071-0/+1
| | | | | This will prevent verification to succeed if the system is in error state.
* doc updateNikos Mavrogiannopoulos2016-11-021-0/+8
|
* Terminate handshake if only unknown or disabled signatures are advertized by ↵Nikos Mavrogiannopoulos2016-10-272-8/+8
| | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1.
* doc updateNikos Mavrogiannopoulos2016-10-261-0/+9
|
* certificate status requestion response is optional according to RFC6066Nikos Mavrogiannopoulos2016-10-261-1/+1
|
* certtool: allow setting key purposes for non-CA certificatesNikos Mavrogiannopoulos2016-10-181-66/+69
| | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose.
* tests: added check to verify that the server will bail out after many alertsNikos Mavrogiannopoulos2016-10-142-1/+224
|
* tests: added check to verify that the server will bail out after receiving ↵Nikos Mavrogiannopoulos2016-10-142-1/+172
| | | | only alerts
View Lorry Controller Status