From JonasZhou at zhaoxin.com Tue Sep 1 03:53:36 2020 From: JonasZhou at zhaoxin.com (Jonas Zhou(SH-RD)) Date: Tue, 1 Sep 2020 01:53:36 +0000 Subject: [gnutls-help] Add detection of extended instruction set on zhaoxin CPU Message-ID: <9141471e881e435595d87d92be92f23d@zhaoxin.com> Hi All I am Jonas, from zhaoxin company(cpu inherited via). I want to optimize the performance of gnutls on zhaoxin cpu. The code I changed is as follows: 1. Modify the variable or function name that contains via 2. Add detection of extended instruction set on zhaoxin CPU(ssse3, shani, aesni, pclmul, avx) Can I do this? Best Regard Jonas Zhou ????? ????????????????????????????????????????????????????? CONFIDENTIAL NOTE: This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ueno at gnu.org Fri Sep 4 09:29:11 2020 From: ueno at gnu.org (Daiki Ueno) Date: Fri, 04 Sep 2020 09:29:11 +0200 Subject: [gnutls-help] gnutls 3.6.15 Message-ID: <871rjiuhiw.fsf-ueno@gnu.org> Hello, We've just released gnutls 3.6.15. This is a security and bug fix release on the stable 3.6.x branch. We'd like to thank everyone who contributed in this release: Alexander Sosedkin, Daniel Lenski, Fiona Klute, Frantisek Krenzelok, James Bottomley, Lei Maohui, Petr Pavlu, Steve Lhomme, and Vitezslav Cizek. The detailed list of changes follows: * Version 3.6.15 (releases 2020-09-04) ** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. The server sending a "no_renegotiation" alert in an unexpected timing, followed by an invalid second handshake was able to cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium] ** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now indicates that with a false return value (!1306). ** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked accordingly to SP800-56A rev 3 (!1295, !1299). ** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than the size of the internal base64 blob (#1025). The new behavior aligns to the existing documentation. ** libgnutls: Certificate verification failue due to OCSP must-stapling is not honered is now correctly marked with the GNUTLS_CERT_INVALID flag (!1317). The new behavior aligns to the existing documentation. ** libgnutls: The audit log message for weak hashes is no longer printed twice (!1301). ** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is disabled in the priority string. Previously, even when TLS 1.2 is explicitly disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is enabled (#1054). ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from < ftp://ftp.gnutls.org/gcrypt/gnutls/>;. A list of GnuTLS mirrors can be found at < http://www.gnutls.org/download.html> Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.15.tar.xz Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.15.tar.xz.sig Note that it has been signed with my openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno uid [ultimate] Daiki Ueno sub rsa4096 2010-02-04 [E] Regards, -- Daiki Ueno, on behalf of the GnuTLS development team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: