summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixesNikos Mavrogiannopoulos2016-12-157-21/+549
|
* doc updateNikos Mavrogiannopoulos2016-12-141-0/+3
|
* tests: added test for PKCS#8 encrypted key decodingNikos Mavrogiannopoulos2016-12-143-1/+157
| | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.
* tests: added test suite with PKCS#8 files that have invalid encryptionNikos Mavrogiannopoulos2016-12-149-1/+53
|
* PKCS#7 decrypt_data: merge all errors during decryption to ↵Nikos Mavrogiannopoulos2016-12-141-2/+3
| | | | GNUTLS_E_DECRYPTION_FAILED
* pkcs8: ensure that the correct error code is returned on decryption failureNikos Mavrogiannopoulos2016-12-141-0/+1
|
* PKCS#5,7 decryption: added sanity check on padding sizeNikos Mavrogiannopoulos2016-12-141-2/+8
| | | | Relates #148
* PKCS#5,7 decryption: fail without leak on unknown MACNikos Mavrogiannopoulos2016-12-141-1/+4
|
* PKCS#5,7 decryption: fail early on invalid block sizesNikos Mavrogiannopoulos2016-12-141-3/+13
|
* PKCS#5,7 decryption: enforce limits in the support parameter sizesNikos Mavrogiannopoulos2016-12-142-12/+30
| | | | | This allows to detect invalid parameters early rather than later. Relates #148
* doc updatetmp-gnutls_3_3_x-tpm-updateNikos Mavrogiannopoulos2016-12-131-0/+5
|
* tpmtool: Added --test-sign parameterNikos Mavrogiannopoulos2016-12-132-2/+83
|
* compiler warnings elimination and other bug fixesNikos Mavrogiannopoulos2016-12-131-11/+11
|
* tpmtool: added newline in error messagesNikos Mavrogiannopoulos2016-12-131-8/+8
|
* tpm: backported improvements from master branchNikos Mavrogiannopoulos2016-12-139-81/+290
| | | | | | * Load libtspi dynamically using dlopen - prevents direct linking with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop
* doc: updated to documentation of certtool [ci skip]Nikos Mavrogiannopoulos2016-12-091-3/+3
| | | | This corrects options which incorrectly mentioned they support URLs.
* Don't trash DER CRQ output with text dataNikos Mavrogiannopoulos2016-12-071-2/+2
| | | | Backported patch from master.
* doc updategnutls_3_3_x-set-idNikos Mavrogiannopoulos2016-11-291-1/+7
|
* tests: backported test suite for p11tool --set-id and --set-label optionsNikos Mavrogiannopoulos2016-11-291-0/+52
|
* p11tool: added --set-id and --set-label optionsNikos Mavrogiannopoulos2016-11-294-0/+79
|
* added gnutls_pkcs11_obj_set_info()Nikos Mavrogiannopoulos2016-11-295-0/+183
| | | | | This function allows setting information such as the CKA_ID and the CKA_LABEL of an object.
* tests: check whether PKCS #11 ID set on copy/generation is correctNikos Mavrogiannopoulos2016-11-291-2/+10
|
* p11tool: allow setting the CKA_ID on object initialization/generationNikos Mavrogiannopoulos2016-11-294-15/+54
|
* exported new functionsNikos Mavrogiannopoulos2016-11-291-0/+3
|
* pkcs11: enhanced key generation functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2016-11-292-16/+65
|
* enhanced copy functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2016-11-292-29/+110
|
* pkcs12: fixed the calculation of p_sizeNikos Mavrogiannopoulos2016-11-291-1/+1
| | | | Include the trailing zero into the size calculation.
* doc updateNikos Mavrogiannopoulos2016-11-281-0/+3
|
* tests: added pkcs12 check with openssl generated structure and long passwordNikos Mavrogiannopoulos2016-11-283-2/+2
|
* pkcs12: fixed the calculation of p_sizeNikos Mavrogiannopoulos2016-11-281-1/+1
| | | | That affects passwords which exceed 32 characters.
* _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning successNikos Mavrogiannopoulos2016-11-071-0/+1
| | | | | This will prevent verification to succeed if the system is in error state.
* doc updateNikos Mavrogiannopoulos2016-11-021-0/+8
|
* Terminate handshake if only unknown or disabled signatures are advertized by ↵Nikos Mavrogiannopoulos2016-10-272-8/+8
| | | | | | the peer That is, do not attempt to proceed assuming that the peer supports SHA-1.
* doc updateNikos Mavrogiannopoulos2016-10-261-0/+9
|
* certificate status requestion response is optional according to RFC6066Nikos Mavrogiannopoulos2016-10-261-1/+1
|
* certtool: allow setting key purposes for non-CA certificatesNikos Mavrogiannopoulos2016-10-181-66/+69
| | | | | | That is, allow setting code signing, or time stamping key purpose in certificates that are not marked as CA. The previous restriction served no purpose.
* tests: added check to verify that the server will bail out after many alertsNikos Mavrogiannopoulos2016-10-142-1/+224
|
* tests: added check to verify that the server will bail out after receiving ↵Nikos Mavrogiannopoulos2016-10-142-1/+172
| | | | only alerts
* tests: backported the common certs from masterNikos Mavrogiannopoulos2016-10-141-11/+825
|
* handshake: set a maximum number of warning messages that can be received per ↵Nikos Mavrogiannopoulos2016-10-143-9/+14
| | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing.
* record: disallow parsing of alert messages prior to session startNikos Mavrogiannopoulos2016-10-141-1/+6
|
* certtool: improve text on missing options for cert generationNikos Mavrogiannopoulos2016-10-141-1/+5
|
* p11tool: avoid asking the security officer PIN twice on initializationNikos Mavrogiannopoulos2016-10-141-0/+3
|
* p11tool: improved messages on token initializationNikos Mavrogiannopoulos2016-10-141-7/+15
|
* p11tool: corrected check of PIN existance in token initializationNikos Mavrogiannopoulos2016-10-141-2/+2
|
* tests: link tests which utilize nettle with nettlegnutls_3_3_25Nikos Mavrogiannopoulos2016-10-091-0/+2
|
* updated auto-generated filesNikos Mavrogiannopoulos2016-10-092-0/+6
|
* doc updateNikos Mavrogiannopoulos2016-10-091-1/+1
|
* TLS extensions: only cache the extension IDs from exts that the server supportsNikos Mavrogiannopoulos2016-10-091-3/+9
| | | | | | | That avoids imposing any artificial limits on the number of extensions that a server can handle. Resolves #136
* certtool: added safety net when generating a certificate requestNikos Mavrogiannopoulos2016-10-071-1/+5
| | | | | | That is, do not allow specifying --generate-request --load-pubkey without specifying --load-privkey. Previously if --load-pubkey would have been used, it would have been ignored, causing confusion to the users.
View Lorry Controller Status