summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* doc updatetmp-refuse-record-sendNikos Mavrogiannopoulos2017-01-182-1/+4
|
* tests: added check which ensures a client cannot receive during handshakeNikos Mavrogiannopoulos2017-01-182-1/+299
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added check which ensures a client cannot transmit during handshakeNikos Mavrogiannopoulos2017-01-182-1/+296
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: cleanup error reporting in handshake-false-startNikos Mavrogiannopoulos2017-01-181-19/+19
|
* Refuse to receive data during handshakeNikos Mavrogiannopoulos2017-01-181-0/+8
| | | | | | | | | This prevents buggy applications from receiving non-authenticated data that may have arrived during the handshake. Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Refuse to send data during handshakeNikos Mavrogiannopoulos2017-01-182-1/+9
| | | | | | | | | That prevents buggy applications from transmitting sensitive data during handshake. Resolves #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Disable AVX support when it is not supported by the CPUtmp-fix-movbe-runNikos Mavrogiannopoulos2017-01-181-2/+31
| | | | | | This mostly affects virtual systems. Reported by Frank Chen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* opencdk: improved error code checking in the stream reading functionsNikos Mavrogiannopoulos2017-01-171-2/+3
| | | | | | This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* minitasn1: updated to latest git versionNikos Mavrogiannopoulos2017-01-164-14/+20
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: removed references to OpenPGP functions and enumerationstmp-deprecate-openpgpNikos Mavrogiannopoulos2017-01-163-230/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: removed documentation related to OpenPGP and guileNikos Mavrogiannopoulos2017-01-151-118/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: removed documentation related to OpenPGPNikos Mavrogiannopoulos2017-01-1510-691/+25
| | | | | | Also added section explaining why OpenPGP is being deprecated. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* openpgp.h: all openpgp functionality was marked as deprecatedNikos Mavrogiannopoulos2017-01-151-77/+77
| | | | | | | | | | | | | This is to prevent new applications using that functionality. As the OpenPGP certificate for HTTPS (or TLS in general) never got any traction, GnuTLS is the only implementation supporting it, and the quality of the OpenPGP supporting code is questionable, we deprecate that code with the intention to drop it completely when an opportunity is given. Relates #102 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added missing fileNikos Mavrogiannopoulos2017-01-091-1/+1
|
* CONTRIBUTING.md: Improve instructions on git-template [ci skip]Nikos Mavrogiannopoulos2017-01-091-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: remove bash usageAlon Bar-Lev2017-01-0516-18/+16
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: suite: chain: support separate builddirAlon Bar-Lev2017-01-051-1/+3
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: skip tests that requires tools if tools are disabledAlon Bar-Lev2017-01-0520-0/+121
| | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: update [ci skip]Alon Bar-Lev2017-01-051-1/+15
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: sort()Alon Bar-Lev2017-01-051-354/+354
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* opencdk: added error checking in the stream reading functionstmp-fix-openpgp-issuesNikos Mavrogiannopoulos2017-01-041-5/+35
| | | | | | | This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-042-35/+9
| | | | | | | This triggers an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: cdk_pk_get_keyid: fix stack overflowNikos Mavrogiannopoulos2017-01-041-1/+7
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+7
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+7
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: read_attribute: added more precise checks when reading streamNikos Mavrogiannopoulos2017-01-041-11/+29
| | | | | | | | That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+8
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: openpgp-cert-parser: simplifiedNikos Mavrogiannopoulos2017-01-041-8/+16
|
* auth rsa: eliminated memory leak on pkcs-1 formatting attack pathNikos Mavrogiannopoulos2017-01-041-1/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for server issuesNikos Mavrogiannopoulos2017-01-045-4/+123
| | | | | | | | This allows to reproduce issues found on server side, by adding a transcript in server-interesting. Currently it contains values found using oss-fuzz. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _decode_pkcs8_dsa_key: fixed memory leak on error pathNikos Mavrogiannopoulos2017-01-041-5/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* decode_private_key_info: eliminate memory leaks on error pathNikos Mavrogiannopoulos2017-01-041-3/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_x509_read_dsa_params: update params structure parameters size on ↵Nikos Mavrogiannopoulos2017-01-042-22/+29
| | | | | | | | | successful read That will allow proper deinitialization of the parameters even if the structure fill up doesn't succeed. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test with private key that causes memory leakNikos Mavrogiannopoulos2017-01-043-2/+2
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_pkcs12_string_to_key: avoid division by zero when salt_size = 0Nikos Mavrogiannopoulos2017-01-041-3/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test with PKCS#8 key that signals FPENikos Mavrogiannopoulos2017-01-043-2/+4
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: skip tests that requires tools if tools are disabledAlon Bar-Lev2017-01-0444-10/+260
| | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: cert-tests: pkcs12 drop builddir usageAlon Bar-Lev2017-01-042-4/+2
| | | | | | sync with other tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: suite: pkcs11: skip if no softhsmAlon Bar-Lev2017-01-041-1/+1
| | | | | | similar to other tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gnutls_x509_ext_import_policies: fixed memory leak on error pathtmp-client-test-suiteNikos Mavrogiannopoulos2017-01-031-3/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid X.509 certNikos Mavrogiannopoulos2017-01-032-1/+1
| | | | | | | This triggers a memory leak. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509 output: fixed memory leak in AIA extension printingNikos Mavrogiannopoulos2017-01-031-2/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid X.509 certNikos Mavrogiannopoulos2017-01-032-1/+1
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: document how to enhance the testsuite with issues foundNikos Mavrogiannopoulos2017-01-031-2/+21
|
* status_request: eliminated leak on error pathNikos Mavrogiannopoulos2017-01-031-5/+10
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* proc_server_kx: eliminated leak on error pathNikos Mavrogiannopoulos2017-01-031-0/+3
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for client issuesNikos Mavrogiannopoulos2017-01-036-2/+122
| | | | | | | | | | | This allows to reproduce issues found on client handling, by adding a transcript in client-interesting. Currently it contains values found using oss-fuzz. The client3.disabled transcript is disabled because it depends on a fix in nettle. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: do not run key-tests under leak sanitizerNikos Mavrogiannopoulos2017-01-031-1/+1
| | | | | | | | | The reason is that we cannot distinguish between a memory leak on application failure (which is followed by exit- thus should be ignored) and an address sanitizer issue (which should never be ignored). As such we disable leak detection with asan and rely on valgrind. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: illegal-rsa: don't hide stderrNikos Mavrogiannopoulos2017-01-031-2/+2
|
* tests: added suite for checking PKCS#7 structure importNikos Mavrogiannopoulos2017-01-036-2/+149
| | | | | The initial (problematic) structures have been obtained from oss-fuzz project.
View Lorry Controller Status