Opened 4 years ago
Closed 4 years ago
New point version.
** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
of digest or MAC context. Copying contexts for externally-registered digest and MAC
contexts is unupported (#787).
** Marked the crypto implementation override APIs as deprecated. These APIs are rarely
used, are for a niche use case, but have significant side effects, such as preventing
any internal re-organization and extension of the internal cipher API. The APIs remain
functional though a compiler warning will be issued, and a future minor version update
may transform them to a no-op while keeping ABI compatibility (#789).
** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).
** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash().
** libgnutls: Added support for Generalname registeredID.
** The priority configuration was enhanced to allow more elaborate
system-wide configuration of the library (#587).
The following changes were included:
- The file is read as an ini file with '#' indicating a comment.
- The section "[priorities]" or global follows the existing semantics of
the configuration file, and allows to specify system-wide priority strings
which are accessed with the '@' prefix.
- The section "[overrides]" is added with the parameters "insecure-hash",
"insecure-sig", "insecure-sig-for-cert", "disabled-curve",
"disabled-version", "min-verification-profile", "tls-disabled-cipher",
"tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit
specific algorithms or options globally. Existing algorithms in the
library can be marked as disabled and insecure, but no hard-coded
insecure algorithm can be marked as secure (so that the configuration
cannot be abused to make the system vulnerable).
- Unknown sections or options are skipped with a debug message, unless
the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
set to 1.
** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
- 0x20: Enable SHA_NI instruction set
** API and ABI modifications:
Fixed at revision 21872.
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2022 Gerard Beekmans.