Page MenuHomeSolus

Update gnutls to 3.6.10

Authored by kyrios123 on Sep 30 2019, 4:11 PM.


  • libgnutls: Added support for deterministic ECDSA/DSA (RFC6979) Deterministic signing can be enabled by setting GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*() functions.
  • libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2 functions that will perform in-place encryption/decryption on data buffers.
  • libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function().
  • libgnutls: added interoperability tests with gnutls 2.12.x; addressed issue with large record handling due to random padding.
  • libgnutls: the server now selects the highest TLS protocol version, if TLS 1.3 is enabled and the client advertises an older protocol version first.
  • libgnutls: fix non-PIC assembly on i386.
  • libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode and MAC generation based on GOST 28147-89 (IMIT). For description of the modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in RFC 7836.
  • certtool: when outputting an encrypted private key do not insert the textual description of it. This fixes a regression since 3.6.5.

Signed-off-by: Pierre-Yves <>

Test Plan
  • gnutls-cli -d 5 -p 443
  • gnutls-cli -d 5 -p 993

Diff Detail

R1027 gnutls
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kyrios123 created this revision.Sep 30 2019, 4:11 PM
kyrios123 requested review of this revision.Sep 30 2019, 4:11 PM
JoshStrobl accepted this revision.Sep 30 2019, 4:30 PM
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Sep 30 2019, 4:30 PM
This revision was automatically updated to reflect the committed changes.