Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixes | Nikos Mavrogiannopoulos | 2016-12-15 | 7 | -21/+549 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+3 |
| | |||||
* | tests: added test for PKCS#8 encrypted key decoding | Nikos Mavrogiannopoulos | 2016-12-14 | 3 | -1/+157 |
| | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. | ||||
* | tests: added test suite with PKCS#8 files that have invalid encryption | Nikos Mavrogiannopoulos | 2016-12-14 | 9 | -1/+53 |
| | |||||
* | PKCS#7 decrypt_data: merge all errors during decryption to ↵ | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+3 |
| | | | | GNUTLS_E_DECRYPTION_FAILED | ||||
* | pkcs8: ensure that the correct error code is returned on decryption failure | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+1 |
| | |||||
* | PKCS#5,7 decryption: added sanity check on padding size | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+8 |
| | | | | Relates #148 | ||||
* | PKCS#5,7 decryption: fail without leak on unknown MAC | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -1/+4 |
| | |||||
* | PKCS#5,7 decryption: fail early on invalid block sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -3/+13 |
| | |||||
* | PKCS#5,7 decryption: enforce limits in the support parameter sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 2 | -12/+30 |
| | | | | | This allows to detect invalid parameters early rather than later. Relates #148 | ||||
* | doc updatetmp-gnutls_3_3_x-tpm-update | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -0/+5 |
| | |||||
* | tpmtool: Added --test-sign parameter | Nikos Mavrogiannopoulos | 2016-12-13 | 2 | -2/+83 |
| | |||||
* | compiler warnings elimination and other bug fixes | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -11/+11 |
| | |||||
* | tpmtool: added newline in error messages | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -8/+8 |
| | |||||
* | tpm: backported improvements from master branch | Nikos Mavrogiannopoulos | 2016-12-13 | 9 | -81/+290 |
| | | | | | | * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop | ||||
* | doc: updated to documentation of certtool [ci skip] | Nikos Mavrogiannopoulos | 2016-12-09 | 1 | -3/+3 |
| | | | | This corrects options which incorrectly mentioned they support URLs. | ||||
* | Don't trash DER CRQ output with text data | Nikos Mavrogiannopoulos | 2016-12-07 | 1 | -2/+2 |
| | | | | Backported patch from master. | ||||
* | doc updategnutls_3_3_x-set-id | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+7 |
| | |||||
* | tests: backported test suite for p11tool --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+52 |
| | |||||
* | p11tool: added --set-id and --set-label options | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -0/+79 |
| | |||||
* | added gnutls_pkcs11_obj_set_info() | Nikos Mavrogiannopoulos | 2016-11-29 | 5 | -0/+183 |
| | | | | | This function allows setting information such as the CKA_ID and the CKA_LABEL of an object. | ||||
* | tests: check whether PKCS #11 ID set on copy/generation is correct | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -2/+10 |
| | |||||
* | p11tool: allow setting the CKA_ID on object initialization/generation | Nikos Mavrogiannopoulos | 2016-11-29 | 4 | -15/+54 |
| | |||||
* | exported new functions | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -0/+3 |
| | |||||
* | pkcs11: enhanced key generation functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -16/+65 |
| | |||||
* | enhanced copy functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2016-11-29 | 2 | -29/+110 |
| | |||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-29 | 1 | -1/+1 |
| | | | | Include the trailing zero into the size calculation. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -0/+3 |
| | |||||
* | tests: added pkcs12 check with openssl generated structure and long password | Nikos Mavrogiannopoulos | 2016-11-28 | 3 | -2/+2 |
| | |||||
* | pkcs12: fixed the calculation of p_size | Nikos Mavrogiannopoulos | 2016-11-28 | 1 | -1/+1 |
| | | | | That affects passwords which exceed 32 characters. | ||||
* | _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success | Nikos Mavrogiannopoulos | 2016-11-07 | 1 | -0/+1 |
| | | | | | This will prevent verification to succeed if the system is in error state. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-11-02 | 1 | -0/+8 |
| | |||||
* | Terminate handshake if only unknown or disabled signatures are advertized by ↵ | Nikos Mavrogiannopoulos | 2016-10-27 | 2 | -8/+8 |
| | | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -0/+9 |
| | |||||
* | certificate status requestion response is optional according to RFC6066 | Nikos Mavrogiannopoulos | 2016-10-26 | 1 | -1/+1 |
| | |||||
* | certtool: allow setting key purposes for non-CA certificates | Nikos Mavrogiannopoulos | 2016-10-18 | 1 | -66/+69 |
| | | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose. | ||||
* | tests: added check to verify that the server will bail out after many alerts | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+224 |
| | |||||
* | tests: added check to verify that the server will bail out after receiving ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 2 | -1/+172 |
| | | | | only alerts | ||||
* | tests: backported the common certs from master | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -11/+825 |
| | |||||
* | handshake: set a maximum number of warning messages that can be received per ↵ | Nikos Mavrogiannopoulos | 2016-10-14 | 3 | -9/+14 |
| | | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing. | ||||
* | record: disallow parsing of alert messages prior to session start | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+6 |
| | |||||
* | certtool: improve text on missing options for cert generation | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -1/+5 |
| | |||||
* | p11tool: avoid asking the security officer PIN twice on initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -0/+3 |
| | |||||
* | p11tool: improved messages on token initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -7/+15 |
| | |||||
* | p11tool: corrected check of PIN existance in token initialization | Nikos Mavrogiannopoulos | 2016-10-14 | 1 | -2/+2 |
| | |||||
* | tests: link tests which utilize nettle with nettlegnutls_3_3_25 | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -0/+2 |
| | |||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2016-10-09 | 2 | -0/+6 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -1/+1 |
| | |||||
* | TLS extensions: only cache the extension IDs from exts that the server supports | Nikos Mavrogiannopoulos | 2016-10-09 | 1 | -3/+9 |
| | | | | | | | That avoids imposing any artificial limits on the number of extensions that a server can handle. Resolves #136 | ||||
* | certtool: added safety net when generating a certificate request | Nikos Mavrogiannopoulos | 2016-10-07 | 1 | -1/+5 |
| | | | | | | That is, do not allow specifying --generate-request --load-pubkey without specifying --load-privkey. Previously if --load-pubkey would have been used, it would have been ignored, causing confusion to the users. |