summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* tests: added suite about PKCS#7 structure importtmp-pkcs7-check-improvementsNikos Mavrogiannopoulos2017-01-036-2/+149
|
* Simplified contribution policy [ci skip]Nikos Mavrogiannopoulos2017-01-023-12/+16
| | | | | | Also added a template to assist in the required steps to contribute. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_x509_get_signature: fix memory leak on error pathNikos Mavrogiannopoulos2017-01-021-1/+2
|
* tests: added test case with invalid X.509 certificateNikos Mavrogiannopoulos2017-01-022-1/+2
| | | | | | | | | This certificate causes a memory leak while printing. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 Relates #156
* valgrind: use different exit code to signify errortmp-add-invalid-key-testsNikos Mavrogiannopoulos2017-01-022-2/+2
| | | | | This allows the test suite to differentiate between valgrind and expected errors from tools.
* tests: cert-tests: force asan to return an error code other than one on failureNikos Mavrogiannopoulos2017-01-021-1/+1
|
* gnutls_pkcs8_info: addressed memory leak on error pathNikos Mavrogiannopoulos2017-01-021-3/+5
|
* certtool: pkcs8_info_int: fix memory leakNikos Mavrogiannopoulos2017-01-021-5/+7
|
* wrap_nettle_mpi_modm: bail on a modulus that is zeroNikos Mavrogiannopoulos2017-01-021-0/+3
| | | | Relates #156
* tests: added test for invalid private keysNikos Mavrogiannopoulos2017-01-023-2/+54
| | | | | Also force asan to return an error code other than one (the normally expected for invalid keys).
* x509: address leak in print_altname - cert printingNikos Mavrogiannopoulos2017-01-021-1/+3
|
* tests: added certificate to reproduce memory leakNikos Mavrogiannopoulos2017-01-022-1/+1
| | | | | | | Found by oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156
* tests: added test case with invalid PKCS#8 dataNikos Mavrogiannopoulos2017-01-023-2/+2
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 Relates #156
* nettle: added a safety net on wrap_nettle_cipher_setiv()Nikos Mavrogiannopoulos2017-01-026-7/+43
| | | | Return error if attempting to set invalid IV size.
* pkcs7 decrypt: require a valid IV size on all ciphersNikos Mavrogiannopoulos2017-01-021-4/+13
| | | | | | | That is, do not accept the IV size present in the structure as valid without checking. Relates #156
* fuzz: added a PBES1 PKCS#8 private key file into corpusNikos Mavrogiannopoulos2017-01-021-0/+0
|
* pkcs8: pkcs8_key_info() will correctly detect non-encrypted filesNikos Mavrogiannopoulos2017-01-021-2/+32
|
* certtool: don't print PKCS#8 information when outputting DER dataNikos Mavrogiannopoulos2017-01-021-2/+8
|
* Corrected a leak in OpenPGP sub-packet parsing.Alex Gaynor2017-01-023-1/+8
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* doc: fixed copyright date in gnutls.texiNikos Mavrogiannopoulos2017-01-021-2/+2
|
* gnutls_rnd: document the available values of level [ci skip]Nikos Mavrogiannopoulos2017-01-021-1/+3
| | | | This enables using the function by only checking the man page.
* pkcs11 verification: ensure that an issuer we retrieve is not blacklisttmp-fix-pkcs11-verificationNikos Mavrogiannopoulos2016-12-311-0/+11
| | | | | | | It may happen in p11-kit trust module that a trusted certificate is both in the trusted set, and the blacklisted set. To avoid accepting a certificate when in both sets, we always check whether a trusted issuer certificate is in the blacklisted set.
* Attempt to fix a leak in OpenPGP cert parsing.Alex Gaynor2016-12-313-1/+7
|
* tests: enable all the ciphersuite in openssl cli for DSS checksfix-compat-testsNikos Mavrogiannopoulos2016-12-311-3/+3
|
* certtool: improved error reporting on file errorNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: don't check against 3DES if disabled in opensslNikos Mavrogiannopoulos2016-12-311-3/+8
|
* tests: do not pass the -dhparams to openssl 1.1.0; it doesn't workNikos Mavrogiannopoulos2016-12-311-1/+8
|
* tests: simplified DH params formatNikos Mavrogiannopoulos2016-12-311-33/+9
| | | | Also switch to RFC7919 DH params.
* tests: corrected type in openssl compat testsNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: added common variable for DH parametersNikos Mavrogiannopoulos2016-12-313-31/+33
|
* tests: fixed paths in compat testsNikos Mavrogiannopoulos2016-12-311-2/+2
|
* tests: better termination checking in compat testsNikos Mavrogiannopoulos2016-12-312-3/+22
| | | | | This ensures that the exit code of all spawned processes is checked.
* cfg.mk: exclude devel/ subdirectory from syntax checksNikos Mavrogiannopoulos2016-12-311-1/+1
|
* certtool: properly report unencrypted PKCS#8 keys in --p8-infoNikos Mavrogiannopoulos2016-12-301-0/+4
|
* fuzz: added decrypted PKCS#8 keysNikos Mavrogiannopoulos2016-12-303-0/+0
|
* fuzz: added PKCS#8 keys with low iteration countNikos Mavrogiannopoulos2016-12-309-0/+3
| | | | | This makes sure that the fuzzer will not timeout while trying to decode keys.
* submodules: use the github mirror of opensslNikos Mavrogiannopoulos2016-12-281-1/+1
|
* Do not infinite loop if an EOF occurs while skipping a PGP packetAlex Gaynor2016-12-284-5/+59
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* Added a fuzzer for OpenPGP cert parsingAlex Gaynor2016-12-281-0/+47
| | | | Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
* fuzz: document the convention for initial valuesNikos Mavrogiannopoulos2016-12-281-0/+3
|
* fuzz: Added initial values for DN, PKCS8 and X.509 testsNikos Mavrogiannopoulos2016-12-2811-0/+5
|
* Added a parser for PKCS7 importing and printingAlex Gaynor2016-12-261-0/+47
|
* fuzz: added X.509 DN parserNikos Mavrogiannopoulos2016-12-242-1/+53
|
* fuzz: added PKCS#8 private key parserNikos Mavrogiannopoulos2016-12-241-0/+54
|
* configure: introduced --with-priority-string optiontmp-default-prio-stringNikos Mavrogiannopoulos2016-12-212-1/+7
| | | | | This allows specifying the priority string to be used with gnutls_set_default_priority() on configure time.
* priorities: reset the profile flags when appending new flagsNikos Mavrogiannopoulos2016-12-203-3/+14
| | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail.
* gnutls_session_set_verify_cert: doc updateNikos Mavrogiannopoulos2016-12-201-0/+6
|
* Revert "priorities: set the additional verify flags instead of appending them"Nikos Mavrogiannopoulos2016-12-191-1/+1
| | | | This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-12-191-0/+3
|
* Merge branch 'tmp-cert-updates' into 'master' Nikos Mavrogiannopoulos2016-12-196-193/+299
|\ | | | | | | | | Updates in certificate handling on certtool See merge request !181
View Lorry Controller Status