1. 24 Jul, 2017 1 commit
  2. 13 Jul, 2017 2 commits
  3. 28 Nov, 2016 2 commits
  4. 08 Sep, 2016 1 commit
  5. 31 Aug, 2016 2 commits
    • Simo Sorce's avatar
      Add Timing tests for MMA · 19490b84
      Simo Sorce authored
      This test is not very reliable and takes a long time so it is provided but
      diasabled by default.
      It is only useful to verify if any regression regarding MMA occurs, so it can
      be just run occasionally.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      19490b84
    • Simo Sorce's avatar
      CVE-2016-6298: Million Messages Attack mitigation · eb5be5bd
      Simo Sorce authored
      RFC 3218 describes an oracle attack called Million Messages Attack
      against RSA with PKCS1 v1.5 padding.
      
      Depending on how JWEs are used a server may become an Oracle, and the
      mitigation presecribed in RFC 3218 2.3.2 need to be implemented.
      
      Many thanks to Dennis Detering for his responsible disclosure and help
      verifying the mitigation approach.
      
      Resolves #65
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      Closes #66
      eb5be5bd
  6. 26 Aug, 2016 5 commits
  7. 25 Aug, 2016 2 commits
  8. 23 Aug, 2016 2 commits
  9. 16 Aug, 2016 1 commit
  10. 03 Aug, 2016 1 commit
  11. 15 Jul, 2016 9 commits
  12. 14 Jul, 2016 1 commit
  13. 12 Jul, 2016 1 commit
  14. 01 Jul, 2016 3 commits
  15. 18 May, 2016 2 commits
  16. 16 May, 2016 1 commit
  17. 02 May, 2016 1 commit
    • Simo Sorce's avatar
      Provide a better way to export public keys · 64d74272
      Simo Sorce authored
      This makes the same call export just the public keys if private_key is
      set to False.
      
      In hindsight if we had this from the start the default would be to export
      public keys and you'd have to actively pass a True value to export private
      ones, but I do not want to break applications now.
      
      Not only this API it is somewhat more natural (with the above caveat), it also
      allows to do exactlyu the same for JWK Sets with substantially no code
      changes.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      Close #21
      64d74272
  18. 18 Apr, 2016 1 commit
  19. 18 Feb, 2016 1 commit
  20. 20 Jan, 2016 1 commit