[gnutls-devel] gnutls 3.6.5

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Dec 1 06:39:22 CET 2018


Hello, 
 I've just released gnutls 3.6.5. This is a bug fix release on the
3.6.x branch. It fixes several issues related to TLS1.3 support, and
addresses a moderate-severity issue related to RSA-encryption
ciphersuites. The issue affects usage of gnutls mainly in "cloud"
environments which we believe are an essential use case for crypto libs
today (see nettle's announcement for more information on the issue
[0]). Due to that fix the minimum required version of nettle is 3.4.1.

That release marks the 3.6.x as our stable branch, and replaces the
3.5.x branch. The detailed list of changes follows.

I'd like to thank everyone who was involved in the release
Ander Juaristi, Daiki Ueno, Dmitry Eremin-Solenikov, Simo Sorce,
Stefan Berger, Stephan Mueller, Tim Rühsen, Tom Vrancken as well
as Niels Mueller for his work on the nettle library which made this
release possible.

[0]. https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html


Changes
=======

* Version 3.6.5 (released 2018-12-01)

** libgnutls: Provide the option of transparent re-handshake/reauthentication
   when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).

** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)

** libgnutls: The priority functions will ignore and not enable TLS1.3 if
   requested with legacy TLS versions enabled but not TLS1.2. That is because
   if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
   servers which do not support TLS1.3 will negotiate TLS1.2 which will be
   rejected by the client as disabled (#621).

** libgnutls: Change RSA decryption to use a new side-channel silent function.
   This addresses a security issue where memory access patterns as well as timing
   on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
   attacks. Side-channel resistant code is slower due to the need to mask
   access and timings. When used in TLS the new functions cause RSA based
   handshakes to be between 13% and 28% slower on average (Numbers are indicative,
   the tests where performed on a relatively modern Intel CPU, results vary
   depending on the CPU and architecture used). This change makes nettle 3.4.1
   the minimum requirement of gnutls (#630). [CVSS: medium]

** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
   in the priority string. It is only accepted as legacy option and is ignored.

** libgnutls: Added support for EdDSA under PKCS#11 (#417)

** libgnutls: Added support for AES-CFB8 cipher (#357)

** libgnutls: Added support for AES-CMAC MAC (#351)

** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
   have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
   S-BOXes). They are fixed now.

** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
   keys parsing, as specified in R 50.1.112-2016.

** gnutls-serv: It applies the default settings when no --priority option is given,
   using gnutls_set_default_priority().

** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
   option (#561)

** certtool: Add parameter --no-text that prevents certtool from outputting
   text before PEM-encoded private key, public key, certificate, CRL or CSR.

** API and ABI modifications:
GNUTLS_AUTO_REAUTH: Added
GNUTLS_CIPHER_AES_128_CFB8: Added
GNUTLS_CIPHER_AES_192_CFB8: Added
GNUTLS_CIPHER_AES_256_CFB8: Added
GNUTLS_MAC_AES_CMAC_128: Added
GNUTLS_MAC_AES_CMAC_256: Added
gnutls_record_get_max_early_data_size: Added
gnutls_record_send_early_data: Added
gnutls_record_recv_early_data: Added
gnutls_db_check_entry_expire_time: Added
gnutls_anti_replay_set_add_function: Added
gnutls_anti_replay_init: Added
gnutls_anti_replay_deinit: Added
gnutls_anti_replay_set_window: Added
gnutls_anti_replay_enable: Added
gnutls_privkey_decrypt_data2: Added


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>;.  A list of GnuTLS mirrors can
be
found at <http://www.gnutls.org/download.html>;.

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos





More information about the Gnutls-devel mailing list