* Version 3.6.3 (unreleased)
-** libgnutls: Introduced function to switch the current FIPS140-2 operational
- mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2
- operations.
-
-** libgnutls: Introduced support for draft-ietf-tls-tls13-26. It includes version
+** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version
negotiation, post handshake authentication, length hiding, multiple OCSP support,
consistent ciphersuite support across protocols, hello retry requests, ability
to adjust key shares via gnutls_init() flags, certificate authorities extension,
and key usage limits. TLS1.3 support needs to be explicitly enabled via a
priority string.
+** libgnutls: Introduced function to switch the current FIPS140-2 operational
+ mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2
+ operations.
+
** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836.
This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12,
and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA
} \
}
-#define KEY_EXP_VALUE "\x81\x7a\x37\xc6\xa3\x2b\x83\x47\x3b\xad\x03\xa6\xd4\x6d\xac\xe3\x1c\x9d\xa4\xdc\x8e\x0c\x77\xf8\x1c\x5e\x5d\xe5\xca\x1c\xbc\x89\x4c\x37"
-#define HELLO_VALUE "\x10\x3e\xef\x5e\x62\x1d\x03\x95\xfc\x8f\x59\xc7\x7d\xdc\x14\x7e\xcf\x46\x86\x2f\xfb\x1c\x5a\x16\x6a\xf5\x38\x69\xa8\x3c\x85"
+#define KEY_EXP_VALUE "\x2b\x6f\x94\xc8\xbc\xa0\x59\x4b\x61\xc8\x23\x12\x01\x8e\xb2\x3a\xdf\x48\x06\x98\x96\xaf\xf9\xe7\xcf\xd5\xa4\x56\x29\x6b\x84\xd3\xfc\x81"
+#define HELLO_VALUE "\x93\x78\x2d\x00\x88\x02\xd8\xd1\x75\xfe\x1d\xae\x99\x13\xf4\x36\xe0\x10\xc9\xfc\xae\xb8\xc0\x72\xd2\x99\x6e\xc3\x71\xf5\x1b"
+#define CONTEXT_VALUE "\x1e\x95\x2e\xa5\xb9\xff\xe4\xb0\xbe\xa3\x8b\x1f\x6c\x31\x74\x62\x4f\x9d\x0b\xf8\x1d\x5f\x3d\xa5\xa7\x45\x07\x99\xea\xfc\xa2"
+#define NULL_CONTEXT_VALUE "\x2f\x7e\x07\x52\xd4\x23\x0b\x7a\xa0\x7e\x2f\xad\xb5\xcc\xcf\x63\x8f\x6c\x27\x7e\xbb\x9e\xb8\xd3\xa0\x92\x3d\xd0\xaa\xe4\xb0"
static void check_prfs(gnutls_session_t session)
{
unsigned char key_material[512];
TRY(13, "key expansion", 0, NULL, 34, (uint8_t*)KEY_EXP_VALUE);
TRY(6, "hello", 0, NULL, 31, (uint8_t*)HELLO_VALUE);
- TRY(7, "context", 5, "abcd\xfa", 31, (uint8_t*)"\xbc\x23\xe3\xf4\x29\xdb\x48\x20\x48\x8c\x37\xd9\xd4\xe0\xcf\x88\xc3\x3d\x7b\x12\x59\xfb\xad\x8e\x4d\x8c\x53\x58\xf4\xe6\xef");
- TRY(12, "null-context", 0, "", 31, (uint8_t*)"\x89\x89\x1f\x2f\x6c\x35\x26\x0b\xe9\x1c\x7b\xb7\x27\x5e\x7c\x41\xfb\xa0\x11\x9c\xd7\xe6\xd5\xdc\x2a\xcc\x54\x23\x3f\x52\x9f");
+ TRY(7, "context", 5, "abcd\xfa", 31, (uint8_t*)CONTEXT_VALUE);
+ TRY(12, "null-context", 0, "", 31, (uint8_t*)NULL_CONTEXT_VALUE);
/* Try whether calling gnutls_prf() with non-null context or server-first
* param, will fail */
#ifdef TLS13_FINAL_VERSION
if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) {
#else
- if (msg->data[pos] != 0x7f || msg->data[pos+1] != 26) {
+ if (msg->data[pos] != 0x7f || msg->data[pos+1] != 28) {
#endif
fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]);
}
projects / thirdparty / gnutls.git / commitdiff
