summaryrefslogtreecommitdiff
path: root/devel
Commit message (Collapse)AuthorAgeFilesLines
* src/cli: adds new option '--ca-auto-retrieve' that can be used with ↵Sahana Prasad2020-09-022-0/+4
| | | | | | | | | | gnutls-cli to automatically download missing intermediate CAs in a certificate chain lib/cred-cert.c : adds set and get APIs to get user data in the gnutls_x509_trust_list_set_getissuer_function() callback. Signed-off-by: Sahana Prasad <sahana@redhat.com>
* mangle gnutls-built ecc_scalar_randomSteve Lhomme2020-08-141-1/+7
| | | | | | | | | | | GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we mangle the internal version we build. ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS. Fixes #1016 Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
* RELEASES.md: move the release steps to devel/ [ci skip]tmp-doc-fixesDaiki Ueno2020-06-071-0/+24
| | | | | | | As the information is only useful to developers, having it under devel/ rather than in the tarball is more releavant. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* lib: add Magma/Kuznyechik OMAC supportDmitry Eremin-Solenikov2020-06-071-0/+2
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* lib: add Magma/Kuznyechik ciphers supportDmitry Eremin-Solenikov2020-06-071-0/+2
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* nettle/gost: add CMAC-64/Magma/Kuznyechik codeDmitry Eremin-Solenikov2020-06-071-1/+14
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* devel/libgnutls-latest-x86_64.abi, doc, NEWS, and manpage updatesSahana Prasad2020-06-032-0/+3
| | | | Signed-off-by: Sahana Prasad <sahana@redhat.com>
* lib: add support for AES-192-GCMDmitry Baryshkov2020-05-271-0/+1
| | | | | | Add support for AES-192 in GCM mode. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* Merge branch 'tmp-vendor-minitasn1' into 'master'Dmitry Baryshkov2020-05-242-0/+67
|\ | | | | | | | | Vendor-in libtasn1 sources in a form of minitasn1 See merge request gnutls/gnutls!1247
| * build: vendor in libtasn1 codetmp-vendor-minitasn1Dmitry Baryshkov2020-05-241-0/+67
| | | | | | | | | | | | | | | | Instead of keeping the minitasn1 source in Git, vendor in it during bootstrap as we do with Nettle code. This also upgrades included minitasn1 to latest version (4.16.0). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * devel: add libtasn1 submoduleDmitry Baryshkov2020-05-141-0/+0
| | | | | | | | | | | | | | GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import. Add libtasn1 submodule to ease synchronization with libtasn1. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | pkcs7: add function to display signature informationDmitry Baryshkov2020-05-142-0/+2
|/ | | | | | | Basically export print_pkcs7_info() in a way usable by external applications. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* nettle: expose SIV-CMAC through the AEAD interfaceDaiki Ueno2020-05-042-0/+6
| | | | | | | | | This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}* functions. Note that they can only used with the AEAD interface and authentication tags are prepended (not appended) to the ciphertext. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* nettle: vendor in SIV-CMAC implementationDaiki Ueno2020-05-041-1/+19
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* nettle: avoid manual backports of CFB8, CMAC, and XTSDaiki Ueno2020-05-041-0/+30
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* nettle: rename import-chacha-from-nettle.sh to import-from-nettle.shDaiki Ueno2020-05-041-7/+7
| | | | | | This script will handle other backports except ECC as well. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* gost: use gostdsa-vko from nettle 3.6rc3Dmitry Baryshkov2020-04-281-0/+1
| | | | | | | Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko), use this function from imported nettle sources. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* nettle: update imported source to nettle 3.6rc3Dmitry Baryshkov2020-04-282-0/+1
| | | | | | | | Update imported nettle version to 3.6rc3. This will bring in updated gmp-glue code and a possiblity to use gostdsa-vko imported from nettle sources. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* gnutls_ext_get_name2: new functionDaiki Ueno2020-04-212-0/+3
| | | | | | | | This adds a generalized version of gnutls_ext_get_name, which can retrieve the name of the extension, even if it is registered per session. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* build: attempt to fix build issues on FreeBSDtmp-fix-ecc-freebsdDmitry Baryshkov2020-04-161-7/+15
| | | | | | | BSD sed does not like \n and \0 in string substitution. Workaround this by using sed magic. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* gitlab CI: when calling cppcheck ignore lib/nettle/ecc rather than ↵Dmitry Baryshkov2020-04-151-2/+10
| | | | | | lib/nettle/curve448 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* nettle: vendor in poly1305 codeDmitry Baryshkov2020-04-141-1/+3
| | | | | | | | | Nettle's poly1305 code ended up with internal symbol _poly1305_block in public header. This causes issues on Nettle version changes. Since those symbols are going to become nettle-internal, vendor in relevant source file. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* nettle: use new imported source files for GOST DSADmitry Baryshkov2020-04-141-0/+1
| | | | | | | Provide GOST support using source files copied by script rather than manually crafted by me. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* build: import-curve448 -> import-eccDmitry Baryshkov2020-04-141-14/+14
| | | | | | | As the script now imports not just Curve448, but also gost code, rename the script, target directory and symbols to follow that. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* devel: modify curve448 script to import gost sourcesDmitry Baryshkov2020-04-131-13/+54
| | | | | | | Curve448 script already imports several ecc sources into GnuTLS tree. Modify it to also vendor in GOST-related ecc files. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* import-chacha: fix several additional symbol clashesDmitry Baryshkov2020-04-131-1/+3
| | | | | | | Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* curve448: import write-le64.c which defines internal symbolDmitry Baryshkov2020-04-131-0/+2
| | | | Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* import-curve448: fix several additional symbol clashesDmitry Baryshkov2020-04-131-1/+5
| | | | | | | Fix sed script used to rename symbols to remove few additional symbols sitting in _nettle_FOO namespace. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* Merge branch 'tmp-get-keylog-func' into 'master'Daiki Ueno2020-03-252-0/+2
|\ | | | | | | | | gnutls_session_get_keylog_function: new function See merge request gnutls/gnutls!1220
| * gnutls_session_get_keylog_function: new functiontmp-get-keylog-funcDaiki Ueno2020-03-222-0/+2
| | | | | | | | | | | | | | | | This adds a way to retrieve the keylog function set by gnutls_session_set_keylog_function() to allow application protocols to implement custom logging facility. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Update filesAnder Juaristi2020-03-232-5077/+5568
| | | | | | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
* | psk: Allow non-NULL PSK usernamesAnder Juaristi2020-03-231-0/+4
|/ | | | | | | | | | | | | | | | | | | | | | | This commit closes #586. Two new functions are introduced: gnutls_psk_server_get_username2() and gnutls_psk_set_client_username2(), which are identical in behavior to those named similarly (without the final '2'), but allow arbitrary gnutls datums (not strings) to be used as usernames. Two new callback functions are also introduced, with their respective setters: gnutls_psk_set_server_credentials_function2() and gnutls_psk_set_client_credentials_function2(). In addition, the password file format is extended so that non-string usernames can be specified. A leading '#' character tells GnuTLS that the username should be interpreted as a raw byte string (encoded in HEX). Example: #deadbeef:9e32cf7786321a828ef7668f09fb35db Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
* state: add function to get the current hash algorithmtmp-prf-getDaiki Ueno2020-03-192-0/+2
| | | | | | | | This is particularly useful when the application applies key derivation function by itself with the same underlying hash algorithm as the session. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* abi: add enum values for GNUTLS_CIPHER_CHACHA20_*tmp-chachaDaiki Ueno2020-03-191-0/+2
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: vendor in ChaCha20 implementation from nettleDaiki Ueno2020-03-192-0/+83
| | | | | | | This enables to use bundled ChaCha20 implementation if the system nettle doesn't have nettle_chacha_set_counter. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* keylogfile: simplify the callback mechanismtmp-keylog-funcDaiki Ueno2020-02-222-2/+2
| | | | | | | | | | This partially reverts commit 97117556 with a simpler interface. The original intention of having the callback mechanism was to reuse it for monitoring QUIC encryption changes. However, it turned out to be insufficient because such changes must be emitted after a new epoch is ready. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* keylogfile: generalize with a callbacktmp-keylog-hookDaiki Ueno2020-02-072-0/+2
| | | | | | | | | This refactors the keylogfile mechanism by adding a callback to get notified when a new secret is derived and installed. That way, consumers can implement custom logging feature per session, which is particularly useful in QUIC implementation. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* crypto-api: add generic crypto functions for KDFDaiki Ueno2020-02-042-0/+7
| | | | | | | | | | This exposes HKDF and PBKDF2 functions from the library. Instead of defining a single KDF interface as in PKCS #11, this patch defines 3 distinct functions for HKDF-Extract, HKDF-Expand, and PBKDF2 derivation, so that we can take advantage of compile time checking of necesssary parameters. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* algorithms: implement X448 key exchange and Ed448 signature schemeDaiki Ueno2020-01-232-6/+26
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: vendor in Curve448 and Ed448 implementationDaiki Ueno2020-01-232-0/+154
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp-ocsp-check' into 'master'903-add-crl-and-crq-fuzzersNikos Mavrogiannopoulos2020-01-091-0/+5
|\ | | | | | | | | | | | | Provide flag to identify sessions that an OCSP response was requested Closes #829 See merge request gnutls/gnutls!1131
| * gnutls_ocsp_status_request_is_checked: mark explicitly as unsigned the ↵Nikos Mavrogiannopoulos2019-12-161-0/+5
| | | | | | | | | | | | | | | | return type Also some documentation updates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | crypto-api: add gnutls_hmac_get_key_size() functionDmitry Eremin-Solenikov2019-12-272-0/+2
| | | | | | | | | | | | Add gnutls_hmac_get_key_size() to retrieve MAC key size. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | updated auto-generated filesNikos Mavrogiannopoulos2019-12-193-1640/+1702
|/ | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* abi: updated to latest const changes and added NEWS entrytmp-more-const-1Nikos Mavrogiannopoulos2019-12-105-10001/+10682
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Add const to function arguments in lib/x509Tim Rühsen2019-12-071-0/+5
| | | | | | | This change does not introduce functionality changes. It just adds const promises to the caller. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Add support for VKO GOST key exchangeDmitry Eremin-Solenikov2019-11-081-0/+1
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Declare groups corresponding to GOST curvesDmitry Eremin-Solenikov2019-11-071-0/+7
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* lib: define more GOST curvesDmitry Eremin-Solenikov2019-10-061-1/+6
| | | | | | | Declare GOST curves from GOST R 34.10-2001 and GOST R 34.10-2012 (test curves) and GOST curves defined by TC26 itself. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* nettle: provide GOST 28147-89 IMIT MAC supportDmitry Eremin-Solenikov2019-09-281-0/+1
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
View Lorry Controller Status