Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | .gitlab-ci.yml: keep the artifacts on failureartifacts-on-failure | Nikos Mavrogiannopoulos | 2016-07-07 | 1 | -1/+46 |
| | |||||
* | write_nss_key_log: write the premaster secret while it is still valid | Nikos Mavrogiannopoulos | 2016-07-07 | 1 | -2/+2 |
| | |||||
* | updated libtasn1 | Nikos Mavrogiannopoulos | 2016-07-07 | 1 | -1/+1 |
| | |||||
* | released 3.5.2gnutls_3_5_2 | Nikos Mavrogiannopoulos | 2016-07-06 | 1 | -1/+4 |
| | |||||
* | cfg.mk: reduced the generated changelog size | Nikos Mavrogiannopoulos | 2016-07-05 | 1 | -1/+1 |
| | |||||
* | bumped version | Nikos Mavrogiannopoulos | 2016-07-05 | 2 | -2/+2 |
| | |||||
* | tests: ignore any memory leaks from libcrypto | Nikos Mavrogiannopoulos | 2016-07-05 | 2 | -1/+3 |
| | |||||
* | doc update | Nikos Mavrogiannopoulos | 2016-07-05 | 1 | -0/+3 |
| | |||||
* | asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2h | Nikos Mavrogiannopoulos | 2016-07-05 | 28 | -3655/+11077 |
| | | | | | | This improves the performance of AES-GCM significantly by taking advantage of AVX and MOVBE instructions where available. This utilizes Andy Polyakov's code under BSD license. | ||||
* | tests: when testing with openssl disallow any CPU optimizations | Nikos Mavrogiannopoulos | 2016-07-05 | 1 | -0/+1 |
| | | | | | This ensures that we test our optimized code (which is mostly openssl based), with code that is not identical. | ||||
* | tests: added openssl compatibility tests for AES-GCM cipher | Nikos Mavrogiannopoulos | 2016-07-05 | 8 | -7/+191 |
| | |||||
* | dane: corrected the license of libdane files | Nikos Mavrogiannopoulos | 2016-07-05 | 2 | -2/+2 |
| | | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni. | ||||
* | tests: ignore leaks due to p11-kit in test suite | Nikos Mavrogiannopoulos | 2016-07-04 | 2 | -1/+3 |
| | | | | | This addresses issue in "pkcs11-privkey-fork" which failed when compiled under asan due to leaks in p11-kit after fork. | ||||
* | tests: added check to ensure that pkcs11 objects will be reopened on fork | Nikos Mavrogiannopoulos | 2016-07-04 | 4 | -2/+206 |
| | | | | | | | This checks whether C_Initialize() and C_OpenSession() will be called again when using a PKCS#11 module. Resolves #95 | ||||
* | pkcs11: on object import always check for a support public key algorithm | Nikos Mavrogiannopoulos | 2016-07-04 | 1 | -6/+8 |
| | |||||
* | gnutls_aead_cipher_decrypt: corrected the return value of ptext_len | Nikos Mavrogiannopoulos | 2016-07-01 | 2 | -2/+2 |
| | | | | That is, do not account the tag_size into the plaintext. | ||||
* | doc update | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -0/+3 |
| | |||||
* | configure: check for libdl irrespective of FIPS140 configuration | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -1/+2 |
| | | | | This allows to link to libdl for the tests that require it. | ||||
* | tests: account pkcs11/pkcs11-mock-ext.h in Makefile | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -1/+1 |
| | |||||
* | tests: link pkcs11-import-url-privkey with libdl | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -0/+1 |
| | | | | That is because it uses dlopen(). | ||||
* | more files to ignore | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -0/+12 |
| | |||||
* | tests: avoid compiler warning from pkcs11-pubkey-import | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -1/+1 |
| | |||||
* | tests: added check to verify the tolerance of broken C_GetAttributes | Nikos Mavrogiannopoulos | 2016-06-30 | 4 | -2/+170 |
| | | | | | | | | That is, test gnutls_pkcs11_obj_list_import_url4() when importing private keys from tokens that return CKR_OK on sensitive objects, and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108 | ||||
* | pkcs11_get_attribute_avalue: correctly handle a -1 value length from ↵ | Nikos Mavrogiannopoulos | 2016-06-30 | 1 | -0/+6 |
| | | | | | | | | | C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108 | ||||
* | pkcs11_get_attribute_avalue: do not assign values on failure | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -0/+1 |
| | | | | | | | When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108. | ||||
* | tests: use datefudge in name-constraints test | Nikos Mavrogiannopoulos | 2016-06-29 | 1 | -1/+6 |
| | | | | This avoids the expiration of the used certificate to affect the test. | ||||
* | tests: link libpkcs11mock1 with gnulibip-name-constraints | Nikos Mavrogiannopoulos | 2016-06-28 | 1 | -0/+1 |
| | | | | This allows it to use gnulib for strndup where it is needed. | ||||
* | p11tool: do not return from void functions | Nikos Mavrogiannopoulos | 2016-06-28 | 1 | -2/+2 |
| | | | | | This fixes a compilation issue with solaris compiler. Reported by Peter Eriksson. | ||||
* | doc: mention the boolean functions in the gnutls API | Nikos Mavrogiannopoulos | 2016-06-24 | 1 | -6/+9 |
| | |||||
* | tests: removed remainders of pkcs11 tests from suite/ | Nikos Mavrogiannopoulos | 2016-06-24 | 1 | -1/+1 |
| | |||||
* | gnutls_pkcs11_crt_is_known: changed to unsigned type | Nikos Mavrogiannopoulos | 2016-06-24 | 2 | -2/+2 |
| | |||||
* | tests: pkcs11-is-known: check that no flags enforce compare | Nikos Mavrogiannopoulos | 2016-06-23 | 1 | -4/+21 |
| | |||||
* | gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE ↵ | Nikos Mavrogiannopoulos | 2016-06-23 | 1 | -3/+3 |
| | | | | unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given | ||||
* | tests: moved pkcs11-softhsm test suite into pkcs11/ | Nikos Mavrogiannopoulos | 2016-06-23 | 11 | -6/+9 |
| | |||||
* | find_cert_cb: minor cleanups in find_cert_cb | Nikos Mavrogiannopoulos | 2016-06-23 | 1 | -29/+29 |
| | |||||
* | tests: added more unit tests for gnutls_pkcs11_crt_is_known() | Nikos Mavrogiannopoulos | 2016-06-23 | 1 | -1/+169 |
| | |||||
* | dn2: updated to account for serial number being printed | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -3/+5 |
| | |||||
* | tests: corrected create-chain.sh to remove the ocsp_signing_key from ↵ | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -3/+0 |
| | | | | generated certs | ||||
* | tests: replaced tls feature extension checks | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -412/+402 |
| | | | | | The previous checks had incorrect key purpose check on the final (root) certificate. | ||||
* | enhanced debugging messages for cert verification | Nikos Mavrogiannopoulos | 2016-06-22 | 2 | -0/+4 |
| | |||||
* | x509: print serial number in compact output | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -0/+13 |
| | |||||
* | tests: include softhsm.h into dist files | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -1/+1 |
| | |||||
* | pkcs11: correctly encode the serial number when searching for certificate | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -16/+9 |
| | | | | | | In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number. | ||||
* | pkcs11: correctly account check_found_cert() | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -0/+1 |
| | |||||
* | gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905 | Nikos Mavrogiannopoulos | 2016-06-22 | 1 | -1/+1 |
| | |||||
* | gnutls-cli: benchmark the memcpy performance to compare with ciphers | Nikos Mavrogiannopoulos | 2016-06-21 | 3 | -33/+108 |
| | | | | | Also ensure that we use different memory areas for each operation to avoid measuring better performance due to caching. | ||||
* | doc update [ci skip] | Nikos Mavrogiannopoulos | 2016-06-21 | 1 | -0/+12 |
| | |||||
* | doc: corrected typo | Nikos Mavrogiannopoulos | 2016-06-19 | 1 | -1/+1 |
| | |||||
* | Sync with TP. | Nikos Mavrogiannopoulos | 2016-06-19 | 1 | -0/+13 |
| | |||||
* | Typo fixes (found by lintian): extention, reencode | Andreas Metzler | 2016-06-19 | 4 | -8/+8 |
| |