summaryrefslogtreecommitdiff
path: root/devel
Commit message (Collapse)AuthorAgeFilesLines
* global: add API to retrieve library configuration at run timeDaiki Ueno2022-01-162-0/+4
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* fips: add functions to inspect thread-local FIPS operation stateDaiki Ueno2022-01-072-0/+23
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* KTLS: APIFrantisek Krenzelok2021-12-152-0/+4
| | | | | | | ktls is enabled by default, we can check if inicialization was succesfull with gnutls_transport_is_ktls_enabled Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
* Update symbolsaja-certificate-transparencyAnder Juaristi2021-12-041-0/+6
| | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
* devel: Suppress new API functionsAnder Juaristi2021-12-041-0/+21
| | | | Signed-off-by: Ander Juaristi <a@juaristi.eus>
* Merge branch 'wip/dueno/abi-check-latest' into 'master'František Krenželok2021-12-022-2/+13
|\ | | | | | | | | build: stop running abi-dump-latest at "make files-update" See merge request gnutls/gnutls!1491
| * devel/libgnutls.abignore: ignore drbg_aes_* functionsDaiki Ueno2021-11-301-0/+10
| | | | | | | | | | | | | | These functions are only defined when compiled with --enable-fips140-mode. Signed-off-by: Daiki Ueno <ueno@gnu.org>
| * release-steps: "make abi-dump-latest" at release timeDaiki Ueno2021-11-271-2/+3
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | priority: support allowlisting in configuration fileDaiki Ueno2021-11-292-0/+20
|/ | | | | | | | | | | | This adds a new mode of interpreting the [overrides] section. If "override-mode" is set to "allowlisting" in the [global] section, all the algorithms (hashes, signature algorithms, curves, and versions) are initially marked as insecure/disabled. Then the user can enable them by specifying allowlisting keywords such as "secure-hash" in the [overrides] section. Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
* devel: update release procedure taking into account of abi-dumpDaiki Ueno2021-10-262-20/+39
| | | | | | | As the *.abi files have been moved into a separate repository, we need an extra step to update the repository for new release. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* devel: make use of abidw --drop-private-typesDaiki Ueno2021-10-181-0/+0
| | | | | | This will produce more compact abixml output. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* devel: move .abi files into a separate repositoryDaiki Ueno2021-10-186-64724/+0
| | | | | | | | Changes to the .abi files are a bit too noisy to track in the main repository. This moves the files out of this repository and embed it as a git submodule. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* Merge branch 'tmp-abi-check' into 'master'Daiki Ueno2021-09-101-0/+16
|\ | | | | | | | | devel: provide external git diff driver for *.abi files See merge request gnutls/gnutls!1214
| * devel: provide external git diff driver for *.abi files [ci skip]tmp-abi-checkDaiki Ueno2020-05-301-0/+16
| | | | | | | | | | | | | | | | This adds an external diff driver for *.abi files, that shows only interesting changes in those files. This would be useful when adding a new API. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | mem: instrument with ASan memory poisoning as well as valgrindDaiki Ueno2021-08-091-3/+0
| | | | | | | | | | | | | | This makes it possible to catch undefined memory access in the more lightweight CI runs. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | devel: suppress cppcheck 2.5 false-positivesDaiki Ueno2021-08-041-0/+13
| | | | | | | | | | | | | | This fixes errors and warnings as well as some style issues spotted by cppcheck 2.5. Others are recorded in the suppressions file. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | release-steps: remove unnecessary stepsDaiki Ueno2021-05-291-6/+4
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | nettle: update git submodule to 3.7.2 releaseDaiki Ueno2021-05-281-0/+0
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | devel: update libtasn1 submoduleDaiki Ueno2021-05-272-2/+3
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | gnutls_early_{cipher,prf_hash}_get: new functionsDaiki Ueno2021-05-132-0/+5
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | devel: regenerate abidw dump filesDaiki Ueno2021-05-133-31699/+49911
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Introduce new tls channel binding types into gnutls_channel_binding_tRuslan N. Marchenko2021-05-011-0/+2
| | | | | | | | | | | | | | | | | | This commit adds two new tls channel binding types into enum gnutls_channel_binding_t: * tls-server-end-point * tls-exporter Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
* | devel: Update openssl submoduleAnderson Toshiyuki Sasaki2020-11-241-0/+0
| | | | | | | | | | | | | | Update openssl submodule to current OpenSSL_1_1_1-stable branch (8e813c085a). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
* | crypto-backend: remove ability of overriding ciphersDaiki Ueno2020-11-201-0/+1
| | | | | | | | | | | | | | Those functions has been deprecated in 3.6.9 as they do not have active use cases. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | alert: add callback to intercept alert messagesDaiki Ueno2020-11-192-0/+2
| | | | | | | | | | | | | | This adds gnutls_alert_set_read_function(), to allow QUIC implementations to be notified when an alert message is sent. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | handshake: add callback to get notified with traffic secret changeDaiki Ueno2020-11-192-0/+2
| | | | | | | | | | | | | | | | For the use with QUIC, the change of traffic secrets must be notified _after_ a new epoch is set up for reading or writing, and we can't simply reuse the keylog mechanism. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | handshake: add functions to read/write handshake messages directlyDaiki Ueno2020-11-192-0/+4
| | | | | | | | | | | | | | | | This adds a couple of functions, gnutls_handshake_set_read_function() and gnutls_handshake_write(), to allow QUIC implementations to directly interact with the TLS state machine. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | Merge branch 'cert_validation' into 'master'Daiki Ueno2020-11-102-0/+2
|\ \ | | | | | | | | | | | | | | | | | | Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications Closes #1012 See merge request gnutls/gnutls!1339
| * | Adds a new API gnutls_session_set_verify_output_function() that allows TLS ↵Sahana Prasad2020-11-102-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | applications to have a way to pass the gnutls_verify_output_function() as a callback so that the full path of the certificate chain to the trusted root can be avaiable as output. Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | | build: hard require nettle 3.6Daiki Ueno2020-11-042-284/+0
|/ / | | | | | | | | | | | | This allows us to remove several backports, including XTS, CFB8, raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | fips: add self-tests for TLS-PRFDaiki Ueno2020-10-081-0/+1
| | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires to run a single instance of each KDF mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | fips: add self-tests for PBKDF2Daiki Ueno2020-10-061-0/+1
| | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the underlying MAC algorithm. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | fips: add self-tests for HKDFDaiki Ueno2020-10-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises HKDF-Extract and HKDF-Expand operations with HMAC-SHA-256 as the underlying MAC. Although HKDF is non-approved, it would be sensible to do that as it will be approved in FIPS140-3. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | src/cli: adds new option '--ca-auto-retrieve' that can be used with ↵Sahana Prasad2020-09-022-0/+4
| | | | | | | | | | | | | | | | | | | | gnutls-cli to automatically download missing intermediate CAs in a certificate chain lib/cred-cert.c : adds set and get APIs to get user data in the gnutls_x509_trust_list_set_getissuer_function() callback. Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | mangle gnutls-built ecc_scalar_randomSteve Lhomme2020-08-141-1/+7
| | | | | | | | | | | | | | | | | | | | | | GNUTLS builds ecc-random.c but ecc_scalar_random() is a public API. So we mangle the internal version we build. ecc_mod_random is unaffected as it's an internal API that is mangled by GNUTLS. Fixes #1016 Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
* | RELEASES.md: move the release steps to devel/ [ci skip]tmp-doc-fixesDaiki Ueno2020-06-071-0/+24
| | | | | | | | | | | | | | As the information is only useful to developers, having it under devel/ rather than in the tarball is more releavant. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | lib: add Magma/Kuznyechik OMAC supportDmitry Eremin-Solenikov2020-06-071-0/+2
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | lib: add Magma/Kuznyechik ciphers supportDmitry Eremin-Solenikov2020-06-071-0/+2
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | nettle/gost: add CMAC-64/Magma/Kuznyechik codeDmitry Eremin-Solenikov2020-06-071-1/+14
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | devel/libgnutls-latest-x86_64.abi, doc, NEWS, and manpage updatesSahana Prasad2020-06-032-0/+3
| | | | | | | | Signed-off-by: Sahana Prasad <sahana@redhat.com>
* | lib: add support for AES-192-GCMDmitry Baryshkov2020-05-271-0/+1
| | | | | | | | | | | | Add support for AES-192 in GCM mode. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'tmp-vendor-minitasn1' into 'master'Dmitry Baryshkov2020-05-242-0/+67
|\ \ | | | | | | | | | | | | Vendor-in libtasn1 sources in a form of minitasn1 See merge request gnutls/gnutls!1247
| * | build: vendor in libtasn1 codetmp-vendor-minitasn1Dmitry Baryshkov2020-05-241-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | Instead of keeping the minitasn1 source in Git, vendor in it during bootstrap as we do with Nettle code. This also upgrades included minitasn1 to latest version (4.16.0). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| * | devel: add libtasn1 submoduleDmitry Baryshkov2020-05-141-0/+0
| | | | | | | | | | | | | | | | | | | | | GnuTLS maintains a part of libtasn1 sources in form of minitasn1 import. Add libtasn1 submodule to ease synchronization with libtasn1. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | | pkcs7: add function to display signature informationDmitry Baryshkov2020-05-142-0/+2
|/ / | | | | | | | | | | | | Basically export print_pkcs7_info() in a way usable by external applications. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | nettle: expose SIV-CMAC through the AEAD interfaceDaiki Ueno2020-05-042-0/+6
| | | | | | | | | | | | | | | | | | This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}* functions. Note that they can only used with the AEAD interface and authentication tags are prepended (not appended) to the ciphertext. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | nettle: vendor in SIV-CMAC implementationDaiki Ueno2020-05-041-1/+19
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | nettle: avoid manual backports of CFB8, CMAC, and XTSDaiki Ueno2020-05-041-0/+30
| | | | | | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | nettle: rename import-chacha-from-nettle.sh to import-from-nettle.shDaiki Ueno2020-05-041-7/+7
| | | | | | | | | | | | This script will handle other backports except ECC as well. Signed-off-by: Daiki Ueno <ueno@gnu.org>
* | gost: use gostdsa-vko from nettle 3.6rc3Dmitry Baryshkov2020-04-281-0/+1
| | | | | | | | | | | | | | Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko), use this function from imported nettle sources. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
View Lorry Controller Status