[gnutls-help] gnutls 3.8.4

Zoltan Fridrich zfridric at redhat.com
Wed Mar 20 10:35:16 CET 2024


We have just released gnutls-3.8.4. This is a bug fix and enhancement 
release on the 3.8.x branch.

We would like to thank everyone who contributed in this release:
Avinash Sonawane, Xin Long, Alexander Sosedkin, Sahil Siddiq, Ramesh 
Adhikari, Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki Ueno and 
Zoltan Fridrich

The detailed list of changes follows:

* Version 3.8.4 (released 2024-03-18)

** libgnutls: RSA-OAEP encryption scheme is now supported To use it with 
an unrestricted RSA private key, one would need to initialize a 
gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and 
attach it to the private key. It is also possible to import restricted 
private keys if they are stored in PKCS#8 format.

** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by 
George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] 

** libgnutls: Fixed a bug where certtool crashed when verifying a 
certificate chain with more than 16 certificates. Reported by William 
Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: 
medium] [CVE-2024-28835]

** libgnutls: Compression libraries are now loaded dynamically as needed 
instead of all being loaded during gnutls library initialization. As a 
result, the library initialization should be faster.

** build: The gnutls library can now be linked with the static library 
of GMP. Note that in order for this to work libgmp.a needs to be 
compiled with -fPIC and libhogweed in Nettle also has to be linked to 
the static library of GMP. This can be used to prevent custom memory 
allocators from being overriden by other applications.

** API and ABI modifications:
gnutls_x509_spki_get_rsa_oaep_params: New function.
gnutls_x509_spki_set_rsa_oaep_params: New function.
GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.

Getting the Software
GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/>
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html <http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

Here are OpenPGP detached signatures signed using key:

Note that it has been signed with my openpgp key:
pub   ed25519 2021-12-23 [SC] [expires: 2027-01-01]
uid           [ultimate] Zoltan Fridrich <zfridric at redhat.com>
sub   cv25519 2021-12-23 [E] [expires: 2027-01-01]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x7A75A648B3F9220C.asc
Type: application/pgp-keys
Size: 1054 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.sig>

More information about the Gnutls-help mailing list