From ueno at gnu.org Wed Mar 9 08:45:27 2022 From: ueno at gnu.org (Daiki Ueno) Date: Wed, 09 Mar 2022 08:45:27 +0100 Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases Message-ID: <87tuc7sh60.fsf-ueno@gnu.org> Hello, During the last year we were a bit silent in terms of new releases, though each release had a handful of features. For a quicker turnaround in testing, we aim to make releases more often in this year (the current plan is bi-monthly). The next release (3.7.4) is scheduled around March 15, and my colleague Zoltan will be taking care of the release management. The milestone is maintained at: https://gitlab.com/gnutls/gnutls/-/milestones/33#tab-issues Feel free to bring up any issues that we should fix in this release. Also I would appreciate if anyone is willing to volunteer for the future releases :-) Regards, -- Daiki Ueno From zfridric at redhat.com Thu Mar 17 17:31:09 2022 From: zfridric at redhat.com (Zoltan Fridrich) Date: Thu, 17 Mar 2022 17:31:09 +0100 Subject: [gnutls-help] gnutls 3.7.4 Message-ID: Hello, We have just released gnutls-3.7.4. This is a bug fix and enhancement release on the 3.7.x branch. We would like to thank everyone who contributed in this release: Alexander Sosedkin, Andreas Metzler, Craig, Daiki Ueno, Dimitris Apostolou, ePirat, Franti?ek Kren?elok, Jan Palus, Seppo Yli-Olli, Tobias Heider and Zoltan Fridrich. The detailed list of changes follows: * Version 3.7.4 (released 2022-03-17) ** libgnutls: Added support for certificate compression as defined in RFC8879. ** certtool: Added option --compress-cert that allows users to specify compression methods for certificate compression.** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280.** libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant.** libgnutls: Added function to retrieve the name of the current ciphersuite from session (#1291). ** API and ABI modifications:GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum memberGNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum membergnutls_compress_certificate_get_selected_method: Addedgnutls_compress_certificate_set_methods: Added Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found athttp://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220Chttps://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig Note that it has been signed with my openpgp key: pub ed25519 2021-12-23 [SC] [expires: 2023-12-23] 5D46CB0F763405A7053556F47A75A648B3F9220C uid [ultimate] Zoltan Fridrich sub cv25519 2021-12-23 [E] [expires: 2023-12-23] and Daiki Uenos openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno > uid [ultimate] Daiki Ueno > sub rsa4096 2010-02-04 [E] Regards, Zoltan -------------- next part -------------- An HTML attachment was scrubbed... URL: From nicolas at babelouest.org Sat Mar 19 16:55:02 2022 From: nicolas at babelouest.org (Nicolas Mora) Date: Sat, 19 Mar 2022 11:55:02 -0400 Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases In-Reply-To: <87tuc7sh60.fsf-ueno@gnu.org> References: <87tuc7sh60.fsf-ueno@gnu.org> Message-ID: <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org> Hello, Le 2022-03-09 ? 02 h 45, Daiki Ueno a ?crit?: > > Also I would appreciate if anyone is willing to volunteer for the future > releases :-) > I'd like to help with the future releases. I have a pending MR (gnutls_ecdh_compute_key) which is currently on hold [1]. I was asking for help to use internal functions [2]. I also have made 2 MRs in Nettle library, one for AES keywrap [3], which has been merged and should be in a future release, the other one for RSA OAEP [4], which hasn't been merged yet. When those last 2 will be available in Nettle, I can make MRs to add AES keywrap and RSA OAEP in GnuTLS too. I'd like those functionalities in GnuTLS so GnuTLS would support all key management algorithm in the JOSE standard [5]. Besides that, I can help with other needs the library would have, not only the one I want :-) /Nicolas [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1395 [2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1395#note_748478374 [3] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/19 [4] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20 [5] https://datatracker.ietf.org/doc/html/rfc7518#section-4 From Massimo.Miletto at gru.bitron-ind.com Mon Mar 21 07:47:00 2022 From: Massimo.Miletto at gru.bitron-ind.com (Miletto Massimo) Date: Mon, 21 Mar 2022 06:47:00 +0000 Subject: [gnutls-help] Remove from the mailing list Message-ID: <0cc6666fbb9d493c82f9abf4ae85447f@gru.bitron-ind.com> CONFIDENTIALITY |Internal | Confidential | Restricted | Hello, Can you remove my email (Massimo.miletto at gru.bitron-ind.com) from the mailing list? Thanks Massimo Miletto -------------- next part -------------- An HTML attachment was scrubbed... URL: From ueno at gnu.org Mon Mar 21 15:16:05 2022 From: ueno at gnu.org (Daiki Ueno) Date: Mon, 21 Mar 2022 15:16:05 +0100 Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases In-Reply-To: <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org> (Nicolas Mora's message of "Sat, 19 Mar 2022 11:55:02 -0400") References: <87tuc7sh60.fsf-ueno@gnu.org> <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org> Message-ID: <87tubr2xy2.fsf-ueno@gnu.org> Hello Nicolas, Nicolas Mora writes: > Le 2022-03-09 ? 02 h 45, Daiki Ueno a ?crit?: >> Also I would appreciate if anyone is willing to volunteer for the >> future >> releases :-) >> > I'd like to help with the future releases. Thank you; that would be great! > I have a pending MR (gnutls_ecdh_compute_key) which is currently on > hold [1]. I was asking for help to use internal functions [2]. Sorry for the inactivity on the MR; let me give it back to you soon. > I also have made 2 MRs in Nettle library, one for AES keywrap [3], > which has been merged and should be in a future release, the other one > for RSA OAEP [4], which hasn't been merged yet. > > When those last 2 will be available in Nettle, I can make MRs to add > AES keywrap and RSA OAEP in GnuTLS too. I think these are becoming more relevant in terms of FIPS, given the sunset of PKCS#1 padding usage (in particular for key wrapping). > I'd like those functionalities in GnuTLS so GnuTLS would support all > key management algorithm in the JOSE standard [5]. > > Besides that, I can help with other needs the library would have, not > only the one I want :-) I have recently started a wiki page to collect non-trivial project ideas: https://gitlab.com/gnutls/gnutls/-/wikis/Projects-for-newcomers Feel free to add any other ideas there :-) Regards, -- Daiki Ueno From nicolas at babelouest.org Tue Mar 22 01:24:06 2022 From: nicolas at babelouest.org (Nicolas Mora) Date: Mon, 21 Mar 2022 20:24:06 -0400 Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases In-Reply-To: <87tubr2xy2.fsf-ueno@gnu.org> References: <87tuc7sh60.fsf-ueno@gnu.org> <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org> <87tubr2xy2.fsf-ueno@gnu.org> Message-ID: Hello, Le 2022-03-21 ? 10 h 16, Daiki Ueno a ?crit?: >> I have a pending MR (gnutls_ecdh_compute_key) which is currently on >> hold [1]. I was asking for help to use internal functions [2]. > > Sorry for the inactivity on the MR; let me give it back to you soon. > Thanks! >> When those last 2 will be available in Nettle, I can make MRs to add >> AES keywrap and RSA OAEP in GnuTLS too. > > I think these are becoming more relevant in terms of FIPS, given the > sunset of PKCS#1 padding usage (in particular for key wrapping). > I don't know what "sunset of PKCS#1 padding usage" means, but if it leads to having all the JWA available in GnuTLS, I'm up for it! :-) This also raises a question about FIPS, the ES256k (Digital Signature with secp256k1 Curve Key) is not present in GnuTLS, I don't remember where I saw that, but I recall it's because secp256k1 curve isn't available in the FIPS standards. Is that so? > > I have recently started a wiki page to collect non-trivial project ideas: > https://gitlab.com/gnutls/gnutls/-/wikis/Projects-for-newcomers > > Feel free to add any other ideas there :-) > Thanks, I'm not an expert in cryptographic algorithms and standard, but if I have other ideas, I'll add to this wiki! /Nicolas