Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Corrected a leak in OpenPGP sub-packet parsing. | Alex Gaynor | 2017-01-09 | 1 | -1/+3 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | Attempt to fix a leak in OpenPGP cert parsing. | Alex Gaynor | 2017-01-09 | 1 | -1/+3 |
| | |||||
* | Do not infinite loop if an EOF occurs while skipping a PGP packet | Alex Gaynor | 2017-01-09 | 1 | -5/+16 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | opencdk: Fixes to prevent undefined behavior (found with libubsan) | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -1/+1 |
| | |||||
* | doc updatetmp-backported-fixes-to-3.3 | Nikos Mavrogiannopoulos | 2017-01-04 | 1 | -0/+3 |
| | |||||
* | auth rsa: eliminated memory leak on pkcs-1 formatting attack path | Nikos Mavrogiannopoulos | 2017-01-04 | 1 | -1/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -0/+4 |
| | |||||
* | pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-gnutls_3_3_x-blacklisted-issuer-fix | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -0/+11 |
| | | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. | ||||
* | certtool: improved error reporting on file error | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-20 | 1 | -1/+2 |
| | |||||
* | gnutls_x509_ext_import_proxy: fix issue reading the policy language | Nikos Mavrogiannopoulos | 2016-12-17 | 1 | -11/+11 |
| | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. | ||||
* | Merge branch 'tmp-gnutls_3_3_x-pkcs8-decrypt-fixes' into 'gnutls_3_3_x' | Nikos Mavrogiannopoulos | 2016-12-16 | 22 | -40/+818 |
|\ | | | | | | | | | pkcs8 decrypt fixes backport for 3.3.x See merge request !189 | ||||
| * | tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixes | Nikos Mavrogiannopoulos | 2016-12-15 | 7 | -21/+549 |
| | | |||||
| * | doc update | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+3 |
| | | |||||
| * | tests: added test for PKCS#8 encrypted key decoding | Nikos Mavrogiannopoulos | 2016-12-14 | 3 | -1/+157 |
| | | | | | | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. | ||||
| * | tests: added test suite with PKCS#8 files that have invalid encryption | Nikos Mavrogiannopoulos | 2016-12-14 | 9 | -1/+53 |
| | | |||||
| * | PKCS#7 decrypt_data: merge all errors during decryption to ↵ | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+3 |
| | | | | | | | | GNUTLS_E_DECRYPTION_FAILED | ||||
| * | pkcs8: ensure that the correct error code is returned on decryption failure | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+1 |
| | | |||||
| * | PKCS#5,7 decryption: added sanity check on padding size | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+8 |
| | | | | | | | | Relates #148 | ||||
| * | PKCS#5,7 decryption: fail without leak on unknown MAC | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -1/+4 |
| | | |||||
| * | PKCS#5,7 decryption: fail early on invalid block sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -3/+13 |
| | | |||||
| * | PKCS#5,7 decryption: enforce limits in the support parameter sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 2 | -12/+30 |
|/ | | | | | This allows to detect invalid parameters early rather than later. Relates #148 | ||||
* | doc updatetmp-gnutls_3_3_x-tpm-update | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -0/+5 |
| | |||||
* | tpmtool: Added --test-sign parameter | Nikos Mavrogiannopoulos | 2016-12-13 | 2 | -2/+83 |
| | |||||
* | compiler warnings elimination and other bug fixes | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -11/+11 |
| | |||||
* | tpmtool: added newline in error messages | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -8/+8 |
| | |||||
* | tpm: backported improvements from master branch | Nikos Mavrogiannopoulos | 2016-12-13 | 9 | -81/+290 |
| | | | | | | * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop | ||||
* | doc: updated to documentation of certtool [ci skip] | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -3/+3 |
| | | | | This corrects options which incorrectly mentioned they support URLs. | ||||
* | Don't trash DER CRQ output with text data | Nikos Mavrogiannopoulos | 2016-12-07 | 1 | -2/+2 |
| | | | | Backported patch from master. | ||||
* | doc updategnutls_3_3_x-set-id | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+7 |
| | |||||
* | tests: backported test suite for p11tool --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+52 |
| | |||||
* | p11tool: added --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -0/+79 |
| | |||||
* | added gnutls_pkcs11_obj_set_info() | Nikos Mavrogiannopoulos | 2016-11-29 | 5 | -0/+183 |
| | | | | | This function allows setting information such as the CKA_ID and the CKA_LABEL of an object. | ||||
* | tests: check whether PKCS #11 ID set on copy/generation is correct | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -2/+10 |
| | |||||
* | p11tool: allow setting the CKA_ID on object initialization/generation | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -15/+54 |
| | |||||
* | exported new functions | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+3 |
| | |||||
* | pkcs11: enhanced key generation functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -16/+65 |
| | |||||
* | enhanced copy functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -29/+110 |
| | |||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+1 |
| | | | | Include the trailing zero into the size calculation. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -0/+3 |
| | |||||
* | tests: added pkcs12 check with openssl generated structure and long password | Nikos Mavrogiannopoulos | 2016-11-28 | 3 | -2/+2 |
| | |||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -1/+1 |
| | | | | That affects passwords which exceed 32 characters. | ||||
* | _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success | Nikos Mavrogiannopoulos | 2016-11-07 | 1 | -0/+1 |
| | | | | | This will prevent verification to succeed if the system is in error state. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -0/+8 |
| | |||||
* | Terminate handshake if only unknown or disabled signatures are advertized by ↵ | Nikos Mavrogiannopoulos | 2016-10-27 | 2 | -8/+8 |
| | | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -0/+9 |
| | |||||
* | certificate status requestion response is optional according to RFC6066 | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -1/+1 |
| | |||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | ||||
* | tests: added check to verify that the server will bail out after many alerts | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+224 |
| | |||||
* | tests: added check to verify that the server will bail out after receiving ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+172 |
| | | | | only alerts |