Add a gnutls backend for GHmac (!903) · Merge requests · GNOME / GLib

Colin Walters requested to merge walters/glib:hmac-gnutls into master Jun 07, 2019

For RHEL we want apps to use FIPS-certified crypto libraries, and HMAC apparently counts as "keyed" and hence needs to be validated.

https://bugzilla.redhat.com/show_bug.cgi?id=1630260

This is a build-time option that backs the GHmac API with GnuTLS. Most distributors ship glib-networking built with GnuTLS, and most apps use glib-networking, so this isn't a net-new library in most cases.

However, a fun wrinkle is that the GnuTLS HMAC API doesn't expose the necessary bits to implement g_hmac_copy(); OpenSSL does. I chose to just make that abort for now since I didn't find apps using it.

Edited Jun 07, 2019 by Colin Walters

Add a gnutls backend for GHmac

Merge request reports