summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* cfg.mk: reduced the generated changelog sizeNikos Mavrogiannopoulos2016-07-051-1/+1
|
* bumped versionNikos Mavrogiannopoulos2016-07-052-2/+2
|
* tests: ignore any memory leaks from libcryptoNikos Mavrogiannopoulos2016-07-052-1/+3
|
* doc updateNikos Mavrogiannopoulos2016-07-051-0/+3
|
* asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2hNikos Mavrogiannopoulos2016-07-0528-3655/+11077
| | | | | | This improves the performance of AES-GCM significantly by taking advantage of AVX and MOVBE instructions where available. This utilizes Andy Polyakov's code under BSD license.
* tests: when testing with openssl disallow any CPU optimizationsNikos Mavrogiannopoulos2016-07-051-0/+1
| | | | | This ensures that we test our optimized code (which is mostly openssl based), with code that is not identical.
* tests: added openssl compatibility tests for AES-GCM cipherNikos Mavrogiannopoulos2016-07-058-7/+191
|
* dane: corrected the license of libdane filesNikos Mavrogiannopoulos2016-07-052-2/+2
| | | | | | The license was always LGPL version 2.1, and these files mentioned LGPL version 3. Reported by Thomas Petazzoni.
* tests: ignore leaks due to p11-kit in test suiteNikos Mavrogiannopoulos2016-07-042-1/+3
| | | | | This addresses issue in "pkcs11-privkey-fork" which failed when compiled under asan due to leaks in p11-kit after fork.
* tests: added check to ensure that pkcs11 objects will be reopened on forkNikos Mavrogiannopoulos2016-07-044-2/+206
| | | | | | | This checks whether C_Initialize() and C_OpenSession() will be called again when using a PKCS#11 module. Resolves #95
* pkcs11: on object import always check for a support public key algorithmNikos Mavrogiannopoulos2016-07-041-6/+8
|
* gnutls_aead_cipher_decrypt: corrected the return value of ptext_lenNikos Mavrogiannopoulos2016-07-012-2/+2
| | | | That is, do not account the tag_size into the plaintext.
* doc updateNikos Mavrogiannopoulos2016-06-301-0/+3
|
* configure: check for libdl irrespective of FIPS140 configurationNikos Mavrogiannopoulos2016-06-301-1/+2
| | | | This allows to link to libdl for the tests that require it.
* tests: account pkcs11/pkcs11-mock-ext.h in MakefileNikos Mavrogiannopoulos2016-06-301-1/+1
|
* tests: link pkcs11-import-url-privkey with libdlNikos Mavrogiannopoulos2016-06-301-0/+1
| | | | That is because it uses dlopen().
* more files to ignoreNikos Mavrogiannopoulos2016-06-301-0/+12
|
* tests: avoid compiler warning from pkcs11-pubkey-importNikos Mavrogiannopoulos2016-06-301-1/+1
|
* tests: added check to verify the tolerance of broken C_GetAttributesNikos Mavrogiannopoulos2016-06-304-2/+170
| | | | | | | | That is, test gnutls_pkcs11_obj_list_import_url4() when importing private keys from tokens that return CKR_OK on sensitive objects, and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108
* pkcs11_get_attribute_avalue: correctly handle a -1 value length from ↵Nikos Mavrogiannopoulos2016-06-301-0/+6
| | | | | | | | | C_GetAttributeValue That is, work-around modules which do not return an error on sensitive objects. Relates #108
* pkcs11_get_attribute_avalue: do not assign values on failureNikos Mavrogiannopoulos2016-06-291-0/+1
| | | | | | | When C_GetAttributeValue() returns size but does not return data then pkcs11_get_attribute_avalue() would set the return data pointer to a free'd value. This is against the convention expected by callers, i.e, set data to NULL. Reported by Anthony Alba in #108.
* tests: use datefudge in name-constraints testNikos Mavrogiannopoulos2016-06-291-1/+6
| | | | This avoids the expiration of the used certificate to affect the test.
* tests: link libpkcs11mock1 with gnulibip-name-constraintsNikos Mavrogiannopoulos2016-06-281-0/+1
| | | | This allows it to use gnulib for strndup where it is needed.
* p11tool: do not return from void functionsNikos Mavrogiannopoulos2016-06-281-2/+2
| | | | | This fixes a compilation issue with solaris compiler. Reported by Peter Eriksson.
* doc: mention the boolean functions in the gnutls APINikos Mavrogiannopoulos2016-06-241-6/+9
|
* tests: removed remainders of pkcs11 tests from suite/Nikos Mavrogiannopoulos2016-06-241-1/+1
|
* gnutls_pkcs11_crt_is_known: changed to unsigned typeNikos Mavrogiannopoulos2016-06-242-2/+2
|
* tests: pkcs11-is-known: check that no flags enforce compareNikos Mavrogiannopoulos2016-06-231-4/+21
|
* gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE ↵Nikos Mavrogiannopoulos2016-06-231-3/+3
| | | | unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
* tests: moved pkcs11-softhsm test suite into pkcs11/Nikos Mavrogiannopoulos2016-06-2311-6/+9
|
* find_cert_cb: minor cleanups in find_cert_cbNikos Mavrogiannopoulos2016-06-231-29/+29
|
* tests: added more unit tests for gnutls_pkcs11_crt_is_known()Nikos Mavrogiannopoulos2016-06-231-1/+169
|
* dn2: updated to account for serial number being printedNikos Mavrogiannopoulos2016-06-221-3/+5
|
* tests: corrected create-chain.sh to remove the ocsp_signing_key from ↵Nikos Mavrogiannopoulos2016-06-221-3/+0
| | | | generated certs
* tests: replaced tls feature extension checksNikos Mavrogiannopoulos2016-06-221-412/+402
| | | | | The previous checks had incorrect key purpose check on the final (root) certificate.
* enhanced debugging messages for cert verificationNikos Mavrogiannopoulos2016-06-222-0/+4
|
* x509: print serial number in compact outputNikos Mavrogiannopoulos2016-06-221-0/+13
|
* tests: include softhsm.h into dist filesNikos Mavrogiannopoulos2016-06-221-1/+1
|
* pkcs11: correctly encode the serial number when searching for certificateNikos Mavrogiannopoulos2016-06-221-16/+9
| | | | | | In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial number to TLV DER from LV DER. This is the encoding we use when storing that number.
* pkcs11: correctly account check_found_cert()Nikos Mavrogiannopoulos2016-06-221-0/+1
|
* gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905Nikos Mavrogiannopoulos2016-06-221-1/+1
|
* gnutls-cli: benchmark the memcpy performance to compare with ciphersNikos Mavrogiannopoulos2016-06-213-33/+108
| | | | | Also ensure that we use different memory areas for each operation to avoid measuring better performance due to caching.
* doc update [ci skip]Nikos Mavrogiannopoulos2016-06-211-0/+12
|
* doc: corrected typoNikos Mavrogiannopoulos2016-06-191-1/+1
|
* Sync with TP.Nikos Mavrogiannopoulos2016-06-191-0/+13
|
* Typo fixes (found by lintian): extention, reencodeAndreas Metzler2016-06-194-8/+8
|
* tests: added check for handshake packet reconstructionNikos Mavrogiannopoulos2016-06-162-1/+387
| | | | | This tests whether a split handshake packet is properly reconstructed if the parts are switched.
* dtls: corrected reconstruction of handshake packets received out of orderNikos Mavrogiannopoulos2016-06-161-4/+4
| | | | | | That is, when the handshake packet is split into multiple different chunks and received out of order, make sure that reconstruction occurs properly. Reported by Guillaume Roguez.
* Corrected the writing of serial number in PKCS#11 modulesNikos Mavrogiannopoulos2016-06-161-4/+9
| | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek.
* ext: ecc: replaced SUPPORTED ECC POINT FORMATS with better formatted nameNikos Mavrogiannopoulos2016-06-151-1/+1
|
View Lorry Controller Status