project: Update for 3.7.0 merge.

SMP/config.h

@@ -355,9 +355,6 @@ whether the gnulib module unistr/u8-mbtoucr shall be considered present. */
 whether the gnulib module unistr/u8-uctomb shall be considered present. */
 #define GNULIB_UNISTR_U8_UCTOMB 1
 
-/* Make sure we don't use old features in code. */
-#define GNUTLS_COMPAT_H 1
-
 /* We allow temporarily usage of deprecated functions - until they are
  removed. */
 #define GNUTLS_INTERNAL_BUILD 1
@@ -803,41 +800,35 @@ don't. */
  concept. */
 #define HAVE_MSVC_INVALID_PARAMETER_HANDLER 1
 
- /* Define to 1 if you have the `nettle_chacha_set_counter' function. */
-#define HAVE_NETTLE_CHACHA_SET_COUNTER 1
-
-/* Define to 1 if you have the `nettle_cmac128_update' function. */
-#define HAVE_NETTLE_CMAC128_UPDATE 1
-
-/* Define to 1 if you have the `nettle_cfb8_encrypt' function. */
-#define HAVE_NETTLE_CFB8_ENCRYPT 1
+ /* Define to 1 if you have the `nettle_cmac_magma_update' function. */
+#define HAVE_NETTLE_CMAC_MAGMA_UPDATE 1
 
-/* Define to 1 if you have the `nettle_xts_encrypt_message' function. */
-#define HAVE_NETTLE_XTS_ENCRYPT_MESSAGE 1
+ /* Define to 1 if you have the `nettle_cmac_kuznyechik_update' function. */
+#define HAVE_NETTLE_CMAC_KUZNYECHIK_UPDATE 1
 
 /* Define to 1 if you have the `nettle_get_gost_gc256b' function. */
 #define HAVE_NETTLE_GET_GOST_GC256B 1
 
 /* Define to 1 if you have the `nettle_get_gost_gc512a' function. */
 #define HAVE_NETTLE_GET_GOST_GC512A 1
 
+/* Define to 1 if you have the `nettle_secp_192r1' function. */
+#define HAVE_NETTLE_GET_SECP_192R1 1
+
 /* Define to 1 if you have the `nettle_gostdsa_sign' function. */
 #define HAVE_NETTLE_GOSTDSA_SIGN 1
 
-/* Define to 1 if you have the `nettle_gosthash94cp_update' function. */
-#define HAVE_NETTLE_GOSTHASH94CP_UPDATE 1
-
 /* Define to 1 if you have the `nettle_gost28147_set_key' function. */
-/*#undef HAVE_NETTLE_GOST28147_SET_KEY */
+#define HAVE_NETTLE_GOST28147_SET_KEY 1
 
-/* Define to 1 if you have the `nettle_streebog512_update' function. */
-/*#undef HAVE_NETTLE_STREEBOG512_UPDATE */
+/* Define to 1 if you have the `nettle_kuznyechik_set_key' function. */
+#define HAVE_NETTLE_KUZNYECHIK_SET_KEY 1
 
-/* Define to 1 if you have the `nettle_secp_192r1' function. */
-#define HAVE_NETTLE_GET_SECP_192R1 1
+/* Define to 1 if you have the `nettle_magma_set_key' function. */
+#define HAVE_NETTLE_MAGMA_SET_KEY 1
 
-/* Define to 1 if you have the `nettle_siv_cmac_aes128_set_ke' function. */
-#define HAVE_NETTLE_SIV_CMAC_AES128_SET_KEY 1
+/* Define to 1 if you have the `nettle_streebog512_update' function. */
+#define HAVE_NETTLE_STREEBOG512_UPDATE 1
 
 /* Define to 1 if you have the `nanosleep' function. */
 /* #undef HAVE_NANOSLEEP */

SMP/gnutls/gnutls.h

@@ -33,9 +33,8 @@
  * The low level cipher functionality is in gnutls/crypto.h.
  */
 
-
-#ifndef GNUTLS_H
-#define GNUTLS_H
+#ifndef GNUTLS_GNUTLS_H
+#define GNUTLS_GNUTLS_H
 
 /* Get ssize_t. */
 #ifdef _MSC_VER
@@ -57,13 +56,13 @@ extern "C" {
 #endif
 /* *INDENT-ON* */
 
-#define GNUTLS_VERSION "3.6.15"
+#define GNUTLS_VERSION "3.7.0"
 
 #define GNUTLS_VERSION_MAJOR 3
-#define GNUTLS_VERSION_MINOR 6
-#define GNUTLS_VERSION_PATCH 15
+#define GNUTLS_VERSION_MINOR 7
+#define GNUTLS_VERSION_PATCH 0
 
-#define GNUTLS_VERSION_NUMBER 0x03060f
+#define GNUTLS_VERSION_NUMBER 0x030700
 
 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
@@ -133,6 +132,8 @@ extern "C" {
  *                             cipher-stealing requires to know where the message actually terminates
  *                             in order to be able to compute where the stealing occurs.
  * @GNUTLS_CIPHER_GOST28147_TC26Z_CNT: GOST 28147-89 (Magma) cipher in CNT mode with TC26 Z S-box.
+ * @GNUTLS_CIPHER_MAGMA_CTR_ACPKM: GOST R 34.12-2015 (Magma) cipher in CTR-ACPKM mode.
+ * @GNUTLS_CIPHER_KUZNYECHIK_CTR_ACPKM: GOST R 34.12-2015 (Kuznyechik) cipher in CTR-ACPKM mode.
  * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported).
  * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported).
  * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported).
@@ -193,6 +194,8 @@ typedef enum gnutls_cipher_algorithm {
 	GNUTLS_CIPHER_AES_128_SIV = 37,
 	GNUTLS_CIPHER_AES_256_SIV = 38,
 	GNUTLS_CIPHER_AES_192_GCM = 39,
+	GNUTLS_CIPHER_MAGMA_CTR_ACPKM = 40,
+	GNUTLS_CIPHER_KUZNYECHIK_CTR_ACPKM = 41,
 
 	/* used only for PGP internals. Ignored in TLS/SSL
 	 */
@@ -315,6 +318,8 @@ typedef enum {
  * @GNUTLS_MAC_GOST28147_TC26Z_IMIT: The GOST 28147-89 working in IMIT mode with TC26 Z S-box.
  * @GNUTLS_MAC_SHAKE_128: Reserved; unimplemented.
  * @GNUTLS_MAC_SHAKE_256: Reserved; unimplemented.
+ * @GNUTLS_MAC_MAGMA_OMAC: GOST R 34.12-2015 (Magma) in OMAC (CMAC) mode.
+ * @GNUTLS_MAC_KUZNYECHIK_OMAC: GOST R 34.12-2015 (Kuznyechik) in OMAC (CMAC) mode.
  *
  * Enumeration of different Message Authentication Code (MAC)
  * algorithms.
@@ -350,7 +355,9 @@ typedef enum {
 	GNUTLS_MAC_AES_GMAC_256 = 207,
 	GNUTLS_MAC_GOST28147_TC26Z_IMIT = 208,
 	GNUTLS_MAC_SHAKE_128 = 209,
-	GNUTLS_MAC_SHAKE_256 = 210
+	GNUTLS_MAC_SHAKE_256 = 210,
+	GNUTLS_MAC_MAGMA_OMAC = 211,
+	GNUTLS_MAC_KUZNYECHIK_OMAC = 212
 } gnutls_mac_algorithm_t;
 
 /**
@@ -3193,6 +3200,101 @@ void gnutls_anti_replay_set_add_function(gnutls_anti_replay_t,
 void gnutls_anti_replay_set_ptr(gnutls_anti_replay_t, void *ptr);
 
 
+/**
+ * gnutls_record_encryption_level_t:
+ * @GNUTLS_ENCRYPTION_LEVEL_INITIAL: initial level that doesn't involve any
+ *    encryption
+ * @GNUTLS_ENCRYPTION_LEVEL_EARLY: early traffic secret is installed
+ * @GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE: handshake traffic secret is installed
+ * @GNUTLS_ENCRYPTION_LEVEL_APPLICATION: application traffic secret is installed
+ *
+ * Enumeration of different levels of record encryption currently in place.
+ * This is used by gnutls_handshake_set_read_function() and
+ * gnutls_handshake_write().
+ *
+ * Since: 3.7.0
+ */
+typedef enum {
+	GNUTLS_ENCRYPTION_LEVEL_INITIAL,
+	GNUTLS_ENCRYPTION_LEVEL_EARLY,
+	GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE,
+	GNUTLS_ENCRYPTION_LEVEL_APPLICATION
+} gnutls_record_encryption_level_t;
+
+  /**
+   * gnutls_handshake_read_func:
+   * @session: the current session
+   * @htype: the type of the handshake message (#gnutls_handshake_description_t)
+   * @level: #gnutls_record_encryption_level_t
+   * @data: the (const) data that was being sent
+   * @data_size: the size of data
+   *
+   * Function prototype for handshake intercepting hooks. It is set using
+   * gnutls_handshake_set_read_function().
+   *
+   * Returns: Non zero on error.
+   * Since: 3.7.0
+   */
+typedef int (*gnutls_handshake_read_func) (gnutls_session_t session,
+					   gnutls_record_encryption_level_t level,
+					   gnutls_handshake_description_t htype,
+					   const void *data, size_t data_size);
+
+void
+gnutls_handshake_set_read_function(gnutls_session_t session,
+				   gnutls_handshake_read_func func);
+
+int
+gnutls_handshake_write(gnutls_session_t session,
+		       gnutls_record_encryption_level_t level,
+		       const void *data, size_t data_size);
+
+  /**
+   * gnutls_handshake_secret_func:
+   * @session: the current session
+   * @level: the encryption level
+   * @secret_read: the secret used for reading, can be %NULL if not set
+   * @secret_write: the secret used for writing, can be %NULL if not set
+   * @secret_size: the size of the secrets
+   *
+   * Function prototype for secret hooks. It is set using
+   * gnutls_handshake_set_secret_function().
+   *
+   * Returns: Non zero on error.
+   * Since: 3.7.0
+   */
+typedef int (*gnutls_handshake_secret_func) (gnutls_session_t session,
+					     gnutls_record_encryption_level_t level,
+					     const void *secret_read,
+					     const void *secret_write,
+					     size_t secret_size);
+
+void
+gnutls_handshake_set_secret_function(gnutls_session_t session,
+				     gnutls_handshake_secret_func func);
+
+  /**
+   * gnutls_alert_read_func:
+   * @session: the current session
+   * @level: #gnutls_record_encryption_level_t
+   * @alert_level: the level of the alert
+   * @alert_desc: the alert description
+   *
+   * Function prototype for alert intercepting hooks. It is set using
+   * gnutls_alert_set_read_function().
+   *
+   * Returns: Non zero on error.
+   * Since: 3.7.0
+   */
+typedef int (*gnutls_alert_read_func) (gnutls_session_t session,
+				       gnutls_record_encryption_level_t level,
+				       gnutls_alert_level_t alert_level,
+				       gnutls_alert_description_t alert_desc);
+
+void
+gnutls_alert_set_read_function(gnutls_session_t session,
+			       gnutls_alert_read_func func);
+
 /* FIPS140-2 related functions */
 unsigned gnutls_fips140_mode_enabled(void);
 
@@ -3495,4 +3597,4 @@ void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags);
 
 #include <gnutls/compat.h>
 
-#endif				/* GNUTLS_H */
+#endif /* GNUTLS_GNUTLS_H */

SMP/libgnutls.def

@@ -11,6 +11,7 @@ gnutls_alert_get_name
 gnutls_alert_get_strname
 gnutls_alert_send
 gnutls_alert_send_appropriate
+gnutls_alert_set_read_function
 gnutls_alpn_get_selected_protocol
 gnutls_alpn_set_protocols
 gnutls_anon_allocate_client_credentials
@@ -256,7 +257,10 @@ gnutls_handshake_set_max_packet_length
 gnutls_handshake_set_post_client_hello_function
 gnutls_handshake_set_private_extensions
 gnutls_handshake_set_random
+gnutls_handshake_set_read_function
+gnutls_handshake_set_secret_function
 gnutls_handshake_set_timeout
+gnutls_handshake_write
 gnutls_hash
 gnutls_hash_copy
 gnutls_hash_deinit
@@ -708,6 +712,7 @@ gnutls_session_set_ptr
 gnutls_session_set_verify_cert2
 gnutls_session_set_verify_cert
 gnutls_session_set_verify_function
+gnutls_session_set_verify_output_function
 gnutls_session_supplemental_register
 gnutls_session_ticket_enable_client
 gnutls_session_ticket_enable_server
@@ -1168,12 +1173,15 @@ gnutls_x509_trust_list_deinit
 gnutls_x509_trust_list_get_issuer
 gnutls_x509_trust_list_get_issuer_by_dn
 gnutls_x509_trust_list_get_issuer_by_subject_key_id
+gnutls_x509_trust_list_get_ptr
 gnutls_x509_trust_list_init
 gnutls_x509_trust_list_iter_deinit
 gnutls_x509_trust_list_iter_get_ca
 gnutls_x509_trust_list_remove_cas
 gnutls_x509_trust_list_remove_trust_file
 gnutls_x509_trust_list_remove_trust_mem
+gnutls_x509_trust_list_set_getissuer_function
+gnutls_x509_trust_list_set_ptr
 gnutls_x509_trust_list_verify_crt2
 gnutls_x509_trust_list_verify_crt
 gnutls_x509_trust_list_verify_named_crt