Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | fuzz: added basic Makefile to assist in reproducing [ci skip] | Nikos Mavrogiannopoulos | 2017-01-03 | 2 | -0/+78 | |
| | | | | Also updated README.md | |||||
* | Simplified contribution policy [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 3 | -12/+16 | |
| | | | | | | Also added a template to assist in the required steps to contribute. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | |||||
* | _gnutls_x509_get_signature: fix memory leak on error path | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+2 | |
| | ||||||
* | tests: added test case with invalid X.509 certificate | Nikos Mavrogiannopoulos | 2017-01-02 | 2 | -1/+2 | |
| | | | | | | | | | This certificate causes a memory leak while printing. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 Relates #156 | |||||
* | valgrind: use different exit code to signify errortmp-add-invalid-key-tests | Nikos Mavrogiannopoulos | 2017-01-02 | 2 | -2/+2 | |
| | | | | | This allows the test suite to differentiate between valgrind and expected errors from tools. | |||||
* | tests: cert-tests: force asan to return an error code other than one on failure | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+1 | |
| | ||||||
* | gnutls_pkcs8_info: addressed memory leak on error path | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -3/+5 | |
| | ||||||
* | certtool: pkcs8_info_int: fix memory leak | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -5/+7 | |
| | ||||||
* | wrap_nettle_mpi_modm: bail on a modulus that is zero | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -0/+3 | |
| | | | | Relates #156 | |||||
* | tests: added test for invalid private keys | Nikos Mavrogiannopoulos | 2017-01-02 | 3 | -2/+54 | |
| | | | | | Also force asan to return an error code other than one (the normally expected for invalid keys). | |||||
* | x509: address leak in print_altname - cert printing | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+3 | |
| | ||||||
* | tests: added certificate to reproduce memory leak | Nikos Mavrogiannopoulos | 2017-01-02 | 2 | -1/+1 | |
| | | | | | | | Found by oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156 | |||||
* | tests: added test case with invalid PKCS#8 data | Nikos Mavrogiannopoulos | 2017-01-02 | 3 | -2/+2 | |
| | | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 Relates #156 | |||||
* | nettle: added a safety net on wrap_nettle_cipher_setiv() | Nikos Mavrogiannopoulos | 2017-01-02 | 6 | -7/+43 | |
| | | | | Return error if attempting to set invalid IV size. | |||||
* | pkcs7 decrypt: require a valid IV size on all ciphers | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -4/+13 | |
| | | | | | | | That is, do not accept the IV size present in the structure as valid without checking. Relates #156 | |||||
* | fuzz: added a PBES1 PKCS#8 private key file into corpus | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -0/+0 | |
| | ||||||
* | pkcs8: pkcs8_key_info() will correctly detect non-encrypted files | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -2/+32 | |
| | ||||||
* | certtool: don't print PKCS#8 information when outputting DER data | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -2/+8 | |
| | ||||||
* | Corrected a leak in OpenPGP sub-packet parsing. | Alex Gaynor | 2017-01-02 | 3 | -1/+8 | |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | |||||
* | doc: fixed copyright date in gnutls.texi | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -2/+2 | |
| | ||||||
* | gnutls_rnd: document the available values of level [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -1/+3 | |
| | | | | This enables using the function by only checking the man page. | |||||
* | pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-fix-pkcs11-verification | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -0/+11 | |
| | | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. | |||||
* | Attempt to fix a leak in OpenPGP cert parsing. | Alex Gaynor | 2016-12-31 | 3 | -1/+7 | |
| | ||||||
* | tests: enable all the ciphersuite in openssl cli for DSS checksfix-compat-tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+3 | |
| | ||||||
* | certtool: improved error reporting on file error | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 | |
| | ||||||
* | tests: don't check against 3DES if disabled in openssl | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -3/+8 | |
| | ||||||
* | tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -1/+8 | |
| | ||||||
* | tests: simplified DH params format | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -33/+9 | |
| | | | | Also switch to RFC7919 DH params. | |||||
* | tests: corrected type in openssl compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 | |
| | ||||||
* | tests: added common variable for DH parameters | Nikos Mavrogiannopoulos | 2016-12-31 | 3 | -31/+33 | |
| | ||||||
* | tests: fixed paths in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 | |
| | ||||||
* | tests: better termination checking in compat tests | Nikos Mavrogiannopoulos | 2016-12-31 | 2 | -3/+22 | |
| | | | | | This ensures that the exit code of all spawned processes is checked. | |||||
* | cfg.mk: exclude devel/ subdirectory from syntax checks | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -1/+1 | |
| | ||||||
* | certtool: properly report unencrypted PKCS#8 keys in --p8-info | Nikos Mavrogiannopoulos | 2016-12-30 | 1 | -0/+4 | |
| | ||||||
* | fuzz: added decrypted PKCS#8 keys | Nikos Mavrogiannopoulos | 2016-12-30 | 3 | -0/+0 | |
| | ||||||
* | fuzz: added PKCS#8 keys with low iteration count | Nikos Mavrogiannopoulos | 2016-12-30 | 9 | -0/+3 | |
| | | | | | This makes sure that the fuzzer will not timeout while trying to decode keys. | |||||
* | submodules: use the github mirror of openssl | Nikos Mavrogiannopoulos | 2016-12-28 | 1 | -1/+1 | |
| | ||||||
* | Do not infinite loop if an EOF occurs while skipping a PGP packet | Alex Gaynor | 2016-12-28 | 4 | -5/+59 | |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | |||||
* | Added a fuzzer for OpenPGP cert parsing | Alex Gaynor | 2016-12-28 | 1 | -0/+47 | |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | |||||
* | fuzz: document the convention for initial values | Nikos Mavrogiannopoulos | 2016-12-28 | 1 | -0/+3 | |
| | ||||||
* | fuzz: Added initial values for DN, PKCS8 and X.509 tests | Nikos Mavrogiannopoulos | 2016-12-28 | 11 | -0/+5 | |
| | ||||||
* | Added a parser for PKCS7 importing and printing | Alex Gaynor | 2016-12-26 | 1 | -0/+47 | |
| | ||||||
* | fuzz: added X.509 DN parser | Nikos Mavrogiannopoulos | 2016-12-24 | 2 | -1/+53 | |
| | ||||||
* | fuzz: added PKCS#8 private key parser | Nikos Mavrogiannopoulos | 2016-12-24 | 1 | -0/+54 | |
| | ||||||
* | configure: introduced --with-priority-string optiontmp-default-prio-string | Nikos Mavrogiannopoulos | 2016-12-21 | 2 | -1/+7 | |
| | | | | | This allows specifying the priority string to be used with gnutls_set_default_priority() on configure time. | |||||
* | priorities: reset the profile flags when appending new flags | Nikos Mavrogiannopoulos | 2016-12-20 | 3 | -3/+14 | |
| | | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail. | |||||
* | gnutls_session_set_verify_cert: doc update | Nikos Mavrogiannopoulos | 2016-12-20 | 1 | -0/+6 | |
| | ||||||
* | Revert "priorities: set the additional verify flags instead of appending them" | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -1/+1 | |
| | | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2. | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-19 | 1 | -0/+3 | |
| | ||||||
* | Merge branch 'tmp-cert-updates' into 'master' | Nikos Mavrogiannopoulos | 2016-12-19 | 6 | -193/+299 | |
|\ | | | | | | | | | Updates in certificate handling on certtool See merge request !181 |