will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
+** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312).
+ The existing AEAD API that works in a scatter-gather fashion
+ (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
+ For further optimization, new function (gnutls_aead_cipher_set_key) has been
+ added to set key on the existing AEAD handle without re-allocation.
+
** The configure arguments for Brotli and Zstandard (zstd) support
have changed to reflect the previous help text: they are now
--with-brotli/--with-zstd respectively (#1342).
** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
+gnutls_aead_cipher_set_key: New function
* Version 3.7.4 (released 2022-03-17)
# The following should be removed in the new release, after updating the
# abi-dump repository:
+[suppress_function]
+name = gnutls_aead_cipher_set_key
GNUTLS_3_7_2@GNUTLS_3_7_2
GNUTLS_3_7_3@GNUTLS_3_7_3
GNUTLS_3_7_4@GNUTLS_3_7_4
+GNUTLS_3_7_5@GNUTLS_3_7_5
_gnutls_global_init_skip@GNUTLS_3_4
gnutls_aead_cipher_decrypt@GNUTLS_3_4
gnutls_aead_cipher_decryptv2@GNUTLS_3_6_10
gnutls_aead_cipher_encryptv2@GNUTLS_3_6_10
gnutls_aead_cipher_encryptv@GNUTLS_3_6_3
gnutls_aead_cipher_init@GNUTLS_3_4
+gnutls_aead_cipher_set_key@GNUTLS_3_7_5
gnutls_alert_get@GNUTLS_3_4
gnutls_alert_get_name@GNUTLS_3_4
gnutls_alert_get_strname@GNUTLS_3_4
FUNCS += functions/gnutls_aead_cipher_encryptv2.short
FUNCS += functions/gnutls_aead_cipher_init
FUNCS += functions/gnutls_aead_cipher_init.short
+FUNCS += functions/gnutls_aead_cipher_set_key
+FUNCS += functions/gnutls_aead_cipher_set_key.short
FUNCS += functions/gnutls_alert_get
FUNCS += functions/gnutls_alert_get.short
FUNCS += functions/gnutls_alert_get_name
APIMANS += gnutls_aead_cipher_encryptv.3
APIMANS += gnutls_aead_cipher_encryptv2.3
APIMANS += gnutls_aead_cipher_init.3
+APIMANS += gnutls_aead_cipher_set_key.3
APIMANS += gnutls_alert_get.3
APIMANS += gnutls_alert_get_name.3
APIMANS += gnutls_alert_get_strname.3
return ret;
}
+/**
+ * gnutls_aead_cipher_set_key:
+ * @handle: is a #gnutls_aead_cipher_hd_t type.
+ * @key: The key to be used for encryption
+ *
+ * This function will set a new key without re-initializing the
+ * context.
+ *
+ * Returns: Zero or a negative error code on error.
+ *
+ * Since: 3.7.5
+ **/
+int gnutls_aead_cipher_set_key(gnutls_aead_cipher_hd_t handle,
+ const gnutls_datum_t *key)
+{
+ const cipher_entry_st* e;
+ int ret;
+
+ e = cipher_to_entry(handle->ctx_enc.e->id);
+ if (e == NULL || e->type != CIPHER_AEAD) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ ret = handle->ctx_enc.setkey(handle->ctx_enc.handle,
+ key->data, key->size);
+ if (ret < 0) {
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
+ }
+
+ return ret;
+}
+
/**
* gnutls_aead_cipher_decrypt:
* @handle: is a #gnutls_aead_cipher_hd_t type.
int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle,
gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key);
+
+int gnutls_aead_cipher_set_key(gnutls_aead_cipher_hd_t handle,
+ const gnutls_datum_t *key);
+
int
gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle,
const void *nonce, size_t nonce_len,
*;
} GNUTLS_3_7_3;
+GNUTLS_3_7_5
+{
+ global:
+ gnutls_aead_cipher_set_key;
+ local:
+ *;
+} GNUTLS_3_7_4;
+
GNUTLS_FIPS140_3_4 {
global:
gnutls_cipher_self_test;
projects / thirdparty / gnutls.git / commitdiff
