Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests: backported crt_apis from master branchtmp-gnutls_3_3_x_backport_crt_apis_check | Nikos Mavrogiannopoulos | 2017-02-28 | 2 | -1/+298 |
| | | | | | | | | In addition to other APIs, this explicitly tests gnutls_x509_crt_set_subject_unique_id() and gnutls_x509_crt_set_issuer_unique_id(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | certtool: increased buffer for reading from user | Nikos Mavrogiannopoulos | 2017-02-28 | 1 | -5/+6 |
| | | | | | | | | | This allows reading longer than 128-byte fields interactively. The new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: added PKCS#11 test for pin inputgnutls_3_3_x-pin-value | Nikos Mavrogiannopoulos | 2017-02-22 | 2 | -1/+200 |
| | | | | | | | This introduces a test on PIN input to retrieve an object using pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: utils: added ability to use tmpfiles | Nikos Mavrogiannopoulos | 2017-02-22 | 2 | -0/+79 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: backported PKCS#11 test | Nikos Mavrogiannopoulos | 2017-02-22 | 3 | -2/+263 |
| | | | | | | | In addition to public key import checks, this test ensures that the pin-value attribute is functional. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update | Nikos Mavrogiannopoulos | 2017-02-22 | 1 | -0/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Use p11_kit_uri_get_pin_value() if available in p11-kit | Nikos Mavrogiannopoulos | 2017-02-22 | 2 | -0/+23 |
| | | | | | | This allows parsing the pin-value attribute of the PKCS#11 URI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | nettle/pk: added error checking in _rsa_params_to_pubkey | Nikos Mavrogiannopoulos | 2017-02-22 | 1 | -1/+3 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | nettle/pk: corrected memcpy of Q in DSA params | Nikos Mavrogiannopoulos | 2017-02-21 | 1 | -2/+2 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update | Nikos Mavrogiannopoulos | 2017-02-21 | 1 | -0/+9 |
| | |||||
* | opencdk/read-packet.c: corrected typo in type cast | Nikos Mavrogiannopoulos | 2017-02-21 | 1 | -1/+1 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | cdk_pkt_read: enforce packet limits | Nikos Mavrogiannopoulos | 2017-02-21 | 1 | -0/+9 |
| | | | | | | | | | | | | That ensures that there are no overflows in the subsequent calculations. Resolves the oss-fuzz found bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | gnutls_pkcs11_obj_list_import_url2: Always return an initialized pointer | Nikos Mavrogiannopoulos | 2017-02-03 | 1 | -0/+1 |
| | | | | | | | | | When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, could have returned zero number of elements with a pointer that was uninitialized. Ensure that an initialized (i.e., null in that case), pointer is always returned. Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | opencdk: improved error code checking in the stream reading functions | Nikos Mavrogiannopoulos | 2017-01-18 | 1 | -2/+3 |
| | | | | | | This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | tests: do not run key-tests and cert-tests under leak sanitizergnutls_3_3_26 | Nikos Mavrogiannopoulos | 2017-01-09 | 2 | -0/+2 |
| | | | | | | | | | The reason is that we cannot distinguish between a memory leak on application failure (which is followed by exit- thus should be ignored) and an address sanitizer issue (which should never be ignored). As such we disable leak detection with asan and rely on valgrind. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tests: added missing file | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -1/+1 |
| | |||||
* | .gitlab-ci.yml: Build and Check - separate build dir (x86): force build in ↵ | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -0/+1 |
| | | | | | | | | gitlab shared runners In the Centos7 based runners there is an issue running autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | tools: use stamp files to allow parallel build of autogen files | Nikos Mavrogiannopoulos | 2017-01-09 | 2 | -20/+53 |
| | | | | | | | Autogen seems to output on the creates files gradually, something that makes 'make' believe that the command is complete prior to the output file being fully populated. The current approach uses stamp files to ensure that no incomplete files are used for compilation. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -2/+2 |
| | |||||
* | updated auto-generated files | Nikos Mavrogiannopoulos | 2017-01-09 | 4 | -2/+19 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2017-01-09 | 2 | -3/+3 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -0/+6 |
| | |||||
* | opencdk: added error checking in the stream reading functions | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -5/+35 |
| | | | | | | | This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | opencdk: cdk_pk_get_keyid: fix stack overflow | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -1/+7 |
| | | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | opencdk: read_attribute: added more precise checks when reading stream | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -11/+29 |
| | | | | | | | | That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Corrected a leak in OpenPGP sub-packet parsing. | Alex Gaynor | 2017-01-09 | 1 | -1/+3 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | Attempt to fix a leak in OpenPGP cert parsing. | Alex Gaynor | 2017-01-09 | 1 | -1/+3 |
| | |||||
* | Do not infinite loop if an EOF occurs while skipping a PGP packet | Alex Gaynor | 2017-01-09 | 1 | -5/+16 |
| | | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com> | ||||
* | opencdk: Fixes to prevent undefined behavior (found with libubsan) | Nikos Mavrogiannopoulos | 2017-01-09 | 1 | -1/+1 |
| | |||||
* | doc updatetmp-backported-fixes-to-3.3 | Nikos Mavrogiannopoulos | 2017-01-04 | 1 | -0/+3 |
| | |||||
* | auth rsa: eliminated memory leak on pkcs-1 formatting attack path | Nikos Mavrogiannopoulos | 2017-01-04 | 1 | -1/+6 |
| | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2017-01-02 | 1 | -0/+4 |
| | |||||
* | pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-gnutls_3_3_x-blacklisted-issuer-fix | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -0/+11 |
| | | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set. | ||||
* | certtool: improved error reporting on file error | Nikos Mavrogiannopoulos | 2016-12-31 | 1 | -2/+2 |
| | |||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-12-20 | 1 | -1/+2 |
| | |||||
* | gnutls_x509_ext_import_proxy: fix issue reading the policy language | Nikos Mavrogiannopoulos | 2016-12-17 | 1 | -11/+11 |
| | | | | | If the language was set but the policy wasn't, that could lead to a double free, as the value returned to the user was freed. | ||||
* | Merge branch 'tmp-gnutls_3_3_x-pkcs8-decrypt-fixes' into 'gnutls_3_3_x' | Nikos Mavrogiannopoulos | 2016-12-16 | 22 | -40/+818 |
|\ | | | | | | | | | pkcs8 decrypt fixes backport for 3.3.x See merge request !189 | ||||
| * | tests: backported rsa-md5-collision check from mastertmp-gnutls_3_3_x-pkcs8-decrypt-fixes | Nikos Mavrogiannopoulos | 2016-12-15 | 7 | -21/+549 |
| | | |||||
| * | doc update | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+3 |
| | | |||||
| * | tests: added test for PKCS#8 encrypted key decoding | Nikos Mavrogiannopoulos | 2016-12-14 | 3 | -1/+157 |
| | | | | | | | | | | This also verifies that the return value when attempting to decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. | ||||
| * | tests: added test suite with PKCS#8 files that have invalid encryption | Nikos Mavrogiannopoulos | 2016-12-14 | 9 | -1/+53 |
| | | |||||
| * | PKCS#7 decrypt_data: merge all errors during decryption to ↵ | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+3 |
| | | | | | | | | GNUTLS_E_DECRYPTION_FAILED | ||||
| * | pkcs8: ensure that the correct error code is returned on decryption failure | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -0/+1 |
| | | |||||
| * | PKCS#5,7 decryption: added sanity check on padding size | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -2/+8 |
| | | | | | | | | Relates #148 | ||||
| * | PKCS#5,7 decryption: fail without leak on unknown MAC | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -1/+4 |
| | | |||||
| * | PKCS#5,7 decryption: fail early on invalid block sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 1 | -3/+13 |
| | | |||||
| * | PKCS#5,7 decryption: enforce limits in the support parameter sizes | Nikos Mavrogiannopoulos | 2016-12-14 | 2 | -12/+30 |
|/ | | | | | This allows to detect invalid parameters early rather than later. Relates #148 | ||||
* | doc updatetmp-gnutls_3_3_x-tpm-update | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -0/+5 |
| | |||||
* | tpmtool: Added --test-sign parameter | Nikos Mavrogiannopoulos | 2016-12-13 | 2 | -2/+83 |
| | |||||
* | compiler warnings elimination and other bug fixes | Nikos Mavrogiannopoulos | 2016-12-13 | 1 | -11/+11 |
| |