summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handlingtmp-better-abi-checkNikos Mavrogiannopoulos2017-01-251-0/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* minitasn1: updated to libtasn1 4.10Nikos Mavrogiannopoulos2017-01-252-4/+21
|
* configure: do not disable valgrind tests unless explicitly specifiedNikos Mavrogiannopoulos2017-01-251-4/+2
| | | | | | ... or unless we are in release build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Makefile.am: increased the number of releases to perform ABI checks withNikos Mavrogiannopoulos2017-01-254-3/+87239
| | | | | | That is added 3.4.0, 3.4.17 and 3.5.8. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: verify that a written certificate will inherit its ID from privkeytmp-assign-same-pkcs11-idNikos Mavrogiannopoulos2017-01-242-0/+167
| | | | | | | That is, whether p11tool will do the right thing and figure the proper ID to use for a certificate object, if the public key is available. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* p11tool: re-use ID from corresponding objects when writing certificatesNikos Mavrogiannopoulos2017-01-241-3/+284
| | | | | | | | | | | That is when writing a certificate which has a corresponding public key, or private key in the token, ensure that we use the same ID for the objects. That eases the work of someone writing objects to certificates, and does not require him to manually detect the object IDs. Resolves #160 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* .gitlab-ci.yml: add Fedora/x86_64/no-toolsAlon Bar-Lev2017-01-231-0/+18
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* valgrind: support separate builddir for suppressions.valgrindAlon Bar-Lev2017-01-234-11/+9
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* configure: remove void statementAlon Bar-Lev2017-01-231-3/+0
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: skip tests that requires tools if tools are disabledAlon Bar-Lev2017-01-231-1/+5
| | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* doc: improved documentation on DH parameters [ci skip]Nikos Mavrogiannopoulos2017-01-222-14/+30
|
* Revert "tests: suite: pkcs11: skip if no softhsm"Nikos Mavrogiannopoulos2017-01-201-1/+1
| | | | | | This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea. The reason is to avoid having changes in softhsm packaging, result to skipping large parts of the test suite without someone noticing.
* _decode_pkcs8_dsa_key: ensure that the P value is non-zeroNikos Mavrogiannopoulos2017-01-191-0/+6
| | | | | | | | | | When decoding a DSA private key, and constructing the public key ensure that P is non-zero, and thus can be used as modulus. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added private key causing FPENikos Mavrogiannopoulos2017-01-193-2/+3
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a ↵Nikos Mavrogiannopoulos2017-01-191-0/+4
| | | | | | | | | | | | multiple of blocksize That prevents incorrect data reaching nettle which has only assertion checks (leading to an abort). Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#8 key which causes undefined behavior on importNikos Mavrogiannopoulos2017-01-193-2/+2
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aiaNikos Mavrogiannopoulos2017-01-192-0/+1
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* x509: eliminated memory leak on gnutls_x509_ext_import_aiaNikos Mavrogiannopoulos2017-01-191-4/+10
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updatetmp-refuse-record-sendNikos Mavrogiannopoulos2017-01-182-1/+4
|
* tests: added check which ensures a client cannot receive during handshakeNikos Mavrogiannopoulos2017-01-182-1/+299
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added check which ensures a client cannot transmit during handshakeNikos Mavrogiannopoulos2017-01-182-1/+296
| | | | | | Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: cleanup error reporting in handshake-false-startNikos Mavrogiannopoulos2017-01-181-19/+19
|
* Refuse to receive data during handshakeNikos Mavrogiannopoulos2017-01-181-0/+8
| | | | | | | | | This prevents buggy applications from receiving non-authenticated data that may have arrived during the handshake. Relates #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Refuse to send data during handshakeNikos Mavrogiannopoulos2017-01-182-1/+9
| | | | | | | | | That prevents buggy applications from transmitting sensitive data during handshake. Resolves #158 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Disable AVX support when it is not supported by the CPUtmp-fix-movbe-runNikos Mavrogiannopoulos2017-01-181-2/+31
| | | | | | This mostly affects virtual systems. Reported by Frank Chen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* opencdk: improved error code checking in the stream reading functionsNikos Mavrogiannopoulos2017-01-171-2/+3
| | | | | | This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* minitasn1: updated to latest git versionNikos Mavrogiannopoulos2017-01-164-14/+20
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: removed references to OpenPGP functions and enumerationstmp-deprecate-openpgpNikos Mavrogiannopoulos2017-01-163-230/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: removed documentation related to OpenPGP and guileNikos Mavrogiannopoulos2017-01-151-118/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* doc: removed documentation related to OpenPGPNikos Mavrogiannopoulos2017-01-1510-691/+25
| | | | | | Also added section explaining why OpenPGP is being deprecated. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* openpgp.h: all openpgp functionality was marked as deprecatedNikos Mavrogiannopoulos2017-01-151-77/+77
| | | | | | | | | | | | | This is to prevent new applications using that functionality. As the OpenPGP certificate for HTTPS (or TLS in general) never got any traction, GnuTLS is the only implementation supporting it, and the quality of the OpenPGP supporting code is questionable, we deprecate that code with the intention to drop it completely when an opportunity is given. Relates #102 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added missing fileNikos Mavrogiannopoulos2017-01-091-1/+1
|
* CONTRIBUTING.md: Improve instructions on git-template [ci skip]Nikos Mavrogiannopoulos2017-01-091-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: remove bash usageAlon Bar-Lev2017-01-0516-18/+16
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: suite: chain: support separate builddirAlon Bar-Lev2017-01-051-1/+3
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests: skip tests that requires tools if tools are disabledAlon Bar-Lev2017-01-0520-0/+121
| | | | | | building with --disable-tools should not cause test failure. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: update [ci skip]Alon Bar-Lev2017-01-051-1/+15
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* gitignore: sort()Alon Bar-Lev2017-01-051-354/+354
| | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* opencdk: added error checking in the stream reading functionstmp-fix-openpgp-issuesNikos Mavrogiannopoulos2017-01-041-5/+35
| | | | | | | This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-042-35/+9
| | | | | | | This triggers an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: cdk_pk_get_keyid: fix stack overflowNikos Mavrogiannopoulos2017-01-041-1/+7
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+7
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+7
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: read_attribute: added more precise checks when reading streamNikos Mavrogiannopoulos2017-01-041-11/+29
| | | | | | | | That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added test case with invalid openpgp certNikos Mavrogiannopoulos2017-01-043-1/+8
| | | | | | | This triggers a memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: openpgp-cert-parser: simplifiedNikos Mavrogiannopoulos2017-01-041-8/+16
|
* auth rsa: eliminated memory leak on pkcs-1 formatting attack pathNikos Mavrogiannopoulos2017-01-041-1/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added reproducer for server issuesNikos Mavrogiannopoulos2017-01-045-4/+123
| | | | | | | | This allows to reproduce issues found on server side, by adding a transcript in server-interesting. Currently it contains values found using oss-fuzz. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _decode_pkcs8_dsa_key: fixed memory leak on error pathNikos Mavrogiannopoulos2017-01-041-5/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* decode_private_key_info: eliminate memory leaks on error pathNikos Mavrogiannopoulos2017-01-041-3/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status