Skip to content

Release 0.6

Latest
Compare
Choose a tag to compare
@simo5 simo5 released this 22 Nov 17:47
· 10 commits to main since this release

##Notable Changes

  • TLS 1.3 is now supported via token handling (KDFs etc..)
  • A new feature to prevent PIN lockouts when the token correctly signals authentication attempts depletion via token info.
  • Several issues with handling keys related to run a full end-to-end TLS connection on the token have been fixed
  • Most cases when early loading was needed have ben resolved, HTTP and Bind for example work without specifying early loading for the provider
  • Several memory leaks have been resolved
  • Several new tests including a whole new token (kryoptic) are tested now, as well as tlsfuzzer against a TLS server deferring all operations to the tokens.

What's Changed

  • Fix types for old 32 bit systems by @simo5 in #406
  • Fetch CKA_ALWAYS_AUTHENTICATE only for priv keys by @simo5 in #407
  • Small re-organization of documentation files by @The-Mule in #391
  • Sundry fixes/changes by @simo5 in #408
  • Update HOWTO.md by @karamellpelle in #411
  • Fix CID 500198: Integer handling issues by @simo5 in #415
  • Add testing against kryoptic in CI by @simo5 in #413
  • Libssh test fix by @Jakuje in #412
  • Off-by-one error in pool consistency check by @glguy in #420
  • Set the raw point for ECDH public data params by @simo5 in #417
  • Use a single tool for setting up the token by @simo5 in #418
  • Return OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY by @simo5 in #423
  • tests: Fix ASAN build on macOS by @neverpanic in #425
  • Extend the ttls test to be able to test different configurations by @Jakuje in #422
  • Test operations with pem keys by @simo5 in #428
  • Enable Ed25519 tests (and other forgotten ones) for kryoptic by @Jakuje in #431
  • Add CKA_DERIVE flag in server's private key template by @kshitizvars in #424
  • tests: No longer skip tests reading EC keys from cert by @Jakuje in #434
  • Add basic Ed448 tests by @Jakuje in #433
  • Allow fallback to pulling cert when checking private/public key consistency by @simo5 in #435
  • Refactor setup by @simo5 in #436
  • Increased size of EC_PRIVKEY_TMPL_SIZE by @kshitizvars in #439
  • fix: p11prov_tls_constant_time_depadding bug corrected by @sebastienandert in #440
  • Add support for importing keys into the token as session ephemeral keys by @simo5 in #441
  • tests: get rid of unnecessary redirection by @The-Mule in #447
  • Add TLS13-KDF by @simo5 in #446
  • Sundry fixes by @simo5 in #448
  • Integration test improvements (bind with kryoptic and disabling early initialization) by @The-Mule in #450
  • Passing CK_P11PROV_IMPORTED_HANDLE while creating mock public key by @kshitizvars in #449
  • tests: Run more TLS tests when forcing all server operations on token by @Jakuje in #453
  • Add documentation for URIs in PEM files by @simo5 in #456
  • Add code to prevent locking the token by mistake by @simo5 in #457
  • Add basic tlsfuzzer tests by @Jakuje in #459
  • Fix memory leaks when tokens are missing by @simo5 in #463
  • Support TLS operation with EdDSA keys by @Jakuje in #465
  • Fix memory leak of ctx_pool.contexts by @neverpanic in #471
  • tests: Use LeakSanitizer to catch future memory leaks by @Jakuje in #472

New Contributors

Full Changelog: v0.5...v0.6