| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This mostly affects virtual systems. Reported by Frank Chen.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
This addresses an out of memory error. Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That addresses heap read overflows found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Relates #156
|
|
|
|
|
|
|
| |
That is, do not accept the IV size present in the structure as valid
without checking.
Relates #156
|
| |
|
|
|
|
| |
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
| |
This enables using the function by only checking the man page.
|
|
|
|
|
| |
This allows specifying the priority string to be used with
gnutls_set_default_priority() on configure time.
|
|
|
|
|
|
| |
That is, to avoid causing issues to applications calling gnutls_*priority_set()
multiple times with different parameters. In that case if multiple profiles are
used the outcome could be undefined. Now, the last call will prevail.
|
| |
|
|
|
|
| |
This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.
|
|
|
|
|
| |
Fix issue with multiple calls to priority functions
See merge request !195
|
|
|
|
|
|
|
| |
Updates in X.509 certificate handling
Relates to #156
See merge request !192
|
|
|
|
|
|
| |
GNUTLS_E_DECRYPTION_FAILED
This makes the function's return values simpler to handle.
|
| |
|
| |
|
|
|
|
| |
This is a more sensible error code to return on invalid packet.
|
|
|
|
| |
This allows the build to succeed when compiled without libidn.
|
|
|
|
|
|
| |
This reflects the documented returned value type (bool), and
allows the compiler to warn on accidental checks for negative
value.
|
|
|
|
|
|
| |
The email and hostname values are required to be in ASCII form by PKIX.
We instead ignore these names, if their values are outside the ASCII
printable character set.
|
|
|
|
|
| |
This ensures that all fields of parameters are copied. Inspired
by patch of Dmitry Eremin-Solenikov.
|
| |
|
| |
|
|
|
|
|
|
|
| |
That takes into account space available due to padding, and
allows it to be included for use in the gnutls_get_data_mtu().
Resolves #140
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several problems with the key handling in the tpm code.
The first, and most serious, is that we should make sure we understand
the authorization requirements of a key *before* using it. The reason
for this is that the TPM has a dictionary attack defence and is
programmed to lock up after a certain number of authorization failures
(which can be very small). If we try first without authorization, we
may lock up the TPM. The fix for this is to check whether
authorization is required and supply it before using the key.
Secondly, if the key does require authorization but no password is
supplied we should return immediately, since we know the TPM will give
us an authorization error anyway.
Thirdly, we should unconditionally read the policy of the key rather
than checking if a policy exists: Policies are tied to key objects, so
if there is an old policy in s->tpm_key_policy, but we're creating a
new key, the key it belonged to will be closed, meaning the policy
will be invalid. Fix this by always setting the policy each time we
get a new key object.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
|
|
|
|
|
|
| |
When calling import_tpm_key() once it initializes the key, but
a second call fails due to the key being already initialized. Ensure
that failure of import_tpm_key() leaves the key on a clear state.
Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.
|
|
|
|
| |
It is no longer used by the library.
|
| |
|
|
|
|
|
| |
They must be exported and re-imported if intended to be used for
signing or verification.
|
| |
|
|
|
|
|
| |
Also document that in previous versions a positive number could
be returned on success. Reported by Adrien Beraud.
|
|
|
|
|
| |
This will now tolerate violations in server certificate, if
%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set.
|
|
|
|
|
|
| |
There were redundant checks when a certificate was obtained, as
well as prior to performing operations with certificates/pubkeys.
Kept the checks prior to operations.
|
| |
|
|
|
|
|
|
|
|
| |
Previous this function would return garbage during handshake, because
parameters were not considered established, however there are valid
uses of this function during it. For that reason this function is
modified to return a correct value even during handshake (after
a hello is being exchanged).
|
|
|
|
| |
Reported by Dmitry Eremin-Solenikov.
|