summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: backported crt_apis from master branchtmp-gnutls_3_3_x_backport_crt_apis_checkNikos Mavrogiannopoulos2017-02-282-1/+298
| | | | | | | | In addition to other APIs, this explicitly tests gnutls_x509_crt_set_subject_unique_id() and gnutls_x509_crt_set_issuer_unique_id(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: increased buffer for reading from userNikos Mavrogiannopoulos2017-02-281-5/+6
| | | | | | | | | This allows reading longer than 128-byte fields interactively. The new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added PKCS#11 test for pin inputgnutls_3_3_x-pin-valueNikos Mavrogiannopoulos2017-02-222-1/+200
| | | | | | | This introduces a test on PIN input to retrieve an object using pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: utils: added ability to use tmpfilesNikos Mavrogiannopoulos2017-02-222-0/+79
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: backported PKCS#11 testNikos Mavrogiannopoulos2017-02-223-2/+263
| | | | | | | In addition to public key import checks, this test ensures that the pin-value attribute is functional. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-02-221-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Use p11_kit_uri_get_pin_value() if available in p11-kitNikos Mavrogiannopoulos2017-02-222-0/+23
| | | | | | This allows parsing the pin-value attribute of the PKCS#11 URI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle/pk: added error checking in _rsa_params_to_pubkeyNikos Mavrogiannopoulos2017-02-221-1/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* nettle/pk: corrected memcpy of Q in DSA paramsNikos Mavrogiannopoulos2017-02-211-2/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc updateNikos Mavrogiannopoulos2017-02-211-0/+9
|
* opencdk/read-packet.c: corrected typo in type castNikos Mavrogiannopoulos2017-02-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cdk_pkt_read: enforce packet limitsNikos Mavrogiannopoulos2017-02-211-0/+9
| | | | | | | | | | | | That ensures that there are no overflows in the subsequent calculations. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pkcs11_obj_list_import_url2: Always return an initialized pointerNikos Mavrogiannopoulos2017-02-031-0/+1
| | | | | | | | | When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, could have returned zero number of elements with a pointer that was uninitialized. Ensure that an initialized (i.e., null in that case), pointer is always returned. Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: improved error code checking in the stream reading functionsNikos Mavrogiannopoulos2017-01-181-2/+3
| | | | | | This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: do not run key-tests and cert-tests under leak sanitizergnutls_3_3_26Nikos Mavrogiannopoulos2017-01-092-0/+2
| | | | | | | | | The reason is that we cannot distinguish between a memory leak on application failure (which is followed by exit- thus should be ignored) and an address sanitizer issue (which should never be ignored). As such we disable leak detection with asan and rely on valgrind. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: added missing fileNikos Mavrogiannopoulos2017-01-091-1/+1
|
* .gitlab-ci.yml: Build and Check - separate build dir (x86): force build in ↵Nikos Mavrogiannopoulos2017-01-091-0/+1
| | | | | | | | gitlab shared runners In the Centos7 based runners there is an issue running autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tools: use stamp files to allow parallel build of autogen filesNikos Mavrogiannopoulos2017-01-092-20/+53
| | | | | | | Autogen seems to output on the creates files gradually, something that makes 'make' believe that the command is complete prior to the output file being fully populated. The current approach uses stamp files to ensure that no incomplete files are used for compilation.
* doc update [ci skip]Nikos Mavrogiannopoulos2017-01-091-2/+2
|
* updated auto-generated filesNikos Mavrogiannopoulos2017-01-094-2/+19
|
* bumped versionNikos Mavrogiannopoulos2017-01-092-3/+3
|
* doc update [ci skip]Nikos Mavrogiannopoulos2017-01-091-0/+6
|
* opencdk: added error checking in the stream reading functionsNikos Mavrogiannopoulos2017-01-091-5/+35
| | | | | | | This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: cdk_pk_get_keyid: fix stack overflowNikos Mavrogiannopoulos2017-01-091-1/+7
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* opencdk: read_attribute: added more precise checks when reading streamNikos Mavrogiannopoulos2017-01-091-11/+29
| | | | | | | | That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Corrected a leak in OpenPGP sub-packet parsing.Alex Gaynor2017-01-091-1/+3
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* Attempt to fix a leak in OpenPGP cert parsing.Alex Gaynor2017-01-091-1/+3
|
* Do not infinite loop if an EOF occurs while skipping a PGP packetAlex Gaynor2017-01-091-5/+16
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* opencdk: Fixes to prevent undefined behavior (found with libubsan)Nikos Mavrogiannopoulos2017-01-091-1/+1
|
* doc updatetmp-backported-fixes-to-3.3Nikos Mavrogiannopoulos2017-01-041-0/+3
|
* auth rsa: eliminated memory leak on pkcs-1 formatting attack pathNikos Mavrogiannopoulos2017-01-041-1/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc update [ci skip]Nikos Mavrogiannopoulos2017-01-021-0/+4
|
* pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-gnutls_3_3_x-blacklisted-issuer-fixNikos Mavrogiannopoulos2016-12-311-0/+11
| | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set.
* certtool: improved error reporting on file errorNikos Mavrogiannopoulos2016-12-311-2/+2
|
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-201-1/+2
|
* gnutls_x509_ext_import_proxy: fix issue reading the policy languageNikos Mavrogiannopoulos2016-12-171-11/+11
| | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed.
* Merge branch 'tmp-gnutls_3_3_x-pkcs8-decrypt-fixes' into 'gnutls_3_3_x' Nikos Mavrogiannopoulos2016-12-1622-40/+818
|\ | | | | | | | | pkcs8 decrypt fixes backport for 3.3.x See merge request !189
| * tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixesNikos Mavrogiannopoulos2016-12-157-21/+549
| |
| * doc updateNikos Mavrogiannopoulos2016-12-141-0/+3
| |
| * tests: added test for PKCS#8 encrypted key decodingNikos Mavrogiannopoulos2016-12-143-1/+157
| | | | | | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.
| * tests: added test suite with PKCS#8 files that have invalid encryptionNikos Mavrogiannopoulos2016-12-149-1/+53
| |
| * PKCS#7 decrypt_data: merge all errors during decryption to ↵Nikos Mavrogiannopoulos2016-12-141-2/+3
| | | | | | | | GNUTLS_E_DECRYPTION_FAILED
| * pkcs8: ensure that the correct error code is returned on decryption failureNikos Mavrogiannopoulos2016-12-141-0/+1
| |
| * PKCS#5,7 decryption: added sanity check on padding sizeNikos Mavrogiannopoulos2016-12-141-2/+8
| | | | | | | | Relates #148
| * PKCS#5,7 decryption: fail without leak on unknown MACNikos Mavrogiannopoulos2016-12-141-1/+4
| |
| * PKCS#5,7 decryption: fail early on invalid block sizesNikos Mavrogiannopoulos2016-12-141-3/+13
| |
| * PKCS#5,7 decryption: enforce limits in the support parameter sizesNikos Mavrogiannopoulos2016-12-142-12/+30
|/ | | | | This allows to detect invalid parameters early rather than later. Relates #148
* doc updatetmp-gnutls_3_3_x-tpm-updateNikos Mavrogiannopoulos2016-12-131-0/+5
|
* tpmtool: Added --test-sign parameterNikos Mavrogiannopoulos2016-12-132-2/+83
|
* compiler warnings elimination and other bug fixesNikos Mavrogiannopoulos2016-12-131-11/+11
|
View Lorry Controller Status