summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* .gitlab-ci.yml: keep the artifacts on failureartifacts-on-failureNikos Mavrogiannopoulos2016-07-071-1/+46
|
* write_nss_key_log: write the premaster secret while it is still validNikos Mavrogiannopoulos2016-07-071-2/+2
|
* updated libtasn1Nikos Mavrogiannopoulos2016-07-071-1/+1
|
* released 3.5.2gnutls_3_5_2Nikos Mavrogiannopoulos2016-07-061-1/+4
|
* cfg.mk: reduced the generated changelog sizeNikos Mavrogiannopoulos2016-07-051-1/+1
|
* bumped versionNikos Mavrogiannopoulos2016-07-052-2/+2
|
* tests: ignore any memory leaks from libcryptoNikos Mavrogiannopoulos2016-07-052-1/+3
|
* doc updateNikos Mavrogiannopoulos2016-07-051-0/+3
|
* asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2hNikos Mavrogiannopoulos2016-07-0528-3655/+11077
| | | | | | This improves the performance of AES-GCM significantly by taking advantage of AVX and MOVBE instructions where available. This utilizes Andy Polyakov's code under BSD license.
* tests: when testing with openssl disallow any CPU optimizationsNikos Mavrogiannopoulos2016-07-051-0/+1
| | | | | This ensures that we test our optimized code (which is mostly openssl based), with code that is not identical.
* tests: added openssl compatibility tests for AES-GCM cipherNikos Mavrogiannopoulos2016-07-058-7/+191
|
* dane: corrected the license of libdane filesNikos Mavrogiannopoulos2016-07-052-2/+2
| | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni.
* tests: ignore leaks due to p11-kit in test suiteNikos Mavrogiannopoulos2016-07-042-1/+3
| | | | | This addresses issue in "pkcs11-privkey-fork" which failed when compiled under asan due to leaks in p11-kit after fork.
* tests: added check to ensure that pkcs11 objects will be reopened on forkNikos Mavrogiannopoulos2016-07-044-2/+206
| | | | | | | This checks whether C_Initialize() and C_OpenSession() will be called again when using a PKCS#11 module. Resolves #95
* pkcs11: on object import always check for a support public key algorithmNikos Mavrogiannopoulos2016-07-041-6/+8
|
* gnutls_aead_cipher_decrypt: corrected the return value of ptext_lenNikos Mavrogiannopoulos2016-07-012-2/+2
| | | | That is, do not account the tag_size into the plaintext.
* doc updateNikos Mavrogiannopoulos2016-06-301-0/+3
|
* configure: check for libdl irrespective of FIPS140 configurationNikos Mavrogiannopoulos2016-06-301-1/+2
| | | | This allows to link to libdl for the tests that require it.
* tests: account pkcs11/pkcs11-mock-ext.h in MakefileNikos Mavrogiannopoulos2016-06-301-1/+1
|
* tests: link pkcs11-import-url-privkey with libdlNikos Mavrogiannopoulos2016-06-301-0/+1
| | | | That is because it uses dlopen().
* more files to ignoreNikos Mavrogiannopoulos2016-06-301-0/+12
|
* tests: avoid compiler warning from pkcs11-pubkey-importNikos Mavrogiannopoulos2016-06-301-1/+1
|
* tests: added check to verify the tolerance of broken C_GetAttributesNikos Mavrogiannopoulos2016-06-304-2/+170
| | | | | | | | That is, test gnutls_pkcs11_obj_list_import_url4() when importing private keys from tokens that return CKR_OK on sensitive objects, and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108
* pkcs11_get_attribute_avalue: correctly handle a -1 value length from ↵Nikos Mavrogiannopoulos2016-06-301-0/+6
| | | | | | | | | C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108
* pkcs11_get_attribute_avalue: do not assign values on failureNikos Mavrogiannopoulos2016-06-291-0/+1
| | | | | | | When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108.
* tests: use datefudge in name-constraints testNikos Mavrogiannopoulos2016-06-291-1/+6
| | | | This avoids the expiration of the used certificate to affect the test.
* tests: link libpkcs11mock1 with gnulibip-name-constraintsNikos Mavrogiannopoulos2016-06-281-0/+1
| | | | This allows it to use gnulib for strndup where it is needed.
* p11tool: do not return from void functionsNikos Mavrogiannopoulos2016-06-281-2/+2
| | | | | This fixes a compilation issue with solaris compiler. Reported by Peter Eriksson.
* doc: mention the boolean functions in the gnutls APINikos Mavrogiannopoulos2016-06-241-6/+9
|
* tests: removed remainders of pkcs11 tests from suite/Nikos Mavrogiannopoulos2016-06-241-1/+1
|
* gnutls_pkcs11_crt_is_known: changed to unsigned typeNikos Mavrogiannopoulos2016-06-242-2/+2
|
* tests: pkcs11-is-known: check that no flags enforce compareNikos Mavrogiannopoulos2016-06-231-4/+21
|
* gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE ↵Nikos Mavrogiannopoulos2016-06-231-3/+3
| | | | unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
* tests: moved pkcs11-softhsm test suite into pkcs11/Nikos Mavrogiannopoulos2016-06-2311-6/+9
|
* find_cert_cb: minor cleanups in find_cert_cbNikos Mavrogiannopoulos2016-06-231-29/+29
|
* tests: added more unit tests for gnutls_pkcs11_crt_is_known()Nikos Mavrogiannopoulos2016-06-231-1/+169
|
* dn2: updated to account for serial number being printedNikos Mavrogiannopoulos2016-06-221-3/+5
|
* tests: corrected create-chain.sh to remove the ocsp_signing_key from ↵Nikos Mavrogiannopoulos2016-06-221-3/+0
| | | | generated certs
* tests: replaced tls feature extension checksNikos Mavrogiannopoulos2016-06-221-412/+402
| | | | | The previous checks had incorrect key purpose check on the final (root) certificate.
* enhanced debugging messages for cert verificationNikos Mavrogiannopoulos2016-06-222-0/+4
|
* x509: print serial number in compact outputNikos Mavrogiannopoulos2016-06-221-0/+13
|
* tests: include softhsm.h into dist filesNikos Mavrogiannopoulos2016-06-221-1/+1
|
* pkcs11: correctly encode the serial number when searching for certificateNikos Mavrogiannopoulos2016-06-221-16/+9
| | | | | | In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number.
* pkcs11: correctly account check_found_cert()Nikos Mavrogiannopoulos2016-06-221-0/+1
|
* gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905Nikos Mavrogiannopoulos2016-06-221-1/+1
|
* gnutls-cli: benchmark the memcpy performance to compare with ciphersNikos Mavrogiannopoulos2016-06-213-33/+108
| | | | | Also ensure that we use different memory areas for each operation to avoid measuring better performance due to caching.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-06-211-0/+12
|
* doc: corrected typoNikos Mavrogiannopoulos2016-06-191-1/+1
|
* Sync with TP.Nikos Mavrogiannopoulos2016-06-191-0/+13
|
* Typo fixes (found by lintian): extention, reencodeAndreas Metzler2016-06-194-8/+8
|
View Lorry Controller Status