* Version 3.6.0 (released 2017-08-21)
** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and
fuzzying toolkit, allowing for corner case testing, and ensuring that the
behavior of the library will not change across releases.
https://github.com/tomato42/tlsfuzzer
** libgnutls: Introduced a lock-free random generator which operates per-thread
and eliminates random-generator related bottlenecks in multi-threaded operation.
Resolves gitlab issue #141.
http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html
** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA.
The goal is to reduce code needed in cache (CHACHA is also used for TLS),
and the number of primitives used by the library. That does not affect the
AES-DRBG random generator used in FIPS140-2 mode.
** libgnutls: Added support for RSA-PSS key type as well as signatures in
certificates, and TLS key exchange. Contributed by Daiki Ueno.
RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys,
but not vice-versa. The feature includes:
* RSA-PSS key generation and key handling (in PKCS#8 form)
* RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech)
* Handling of RSA-PSS subjectPublicKeyInfo parameters, when present
in either the private key or certificate.
* RSA-PSS signing and verification of PKIX certificates
* RSA-PSS signing and verification of TLS 1.2 handshake
* RSA-PSS signing and verification of PKCS#7 structures
* RSA-PSS and RSA key combinations for TLS credentials. That is, when
multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS
TLS signatures, to contain risks of cross-protocol attacks between the algorithms.
* RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa)
Note that RSA-PSS signatures with SHA1 are (intentionally) not supported.
** libgnutls: Added support for Ed25519 signing in certificates and TLS key
exchange following draft-ietf-tls-rfc4492bis-17. The feature includes:
* Ed25519 key generation and key handling (in PKCS#8 form)
* Ed25519 signing and verification of PKIX certificates
* Ed25519 signing and verification of TLS 1.2 handshake
* Ed25519 signing and verification of PKCS#7 structures
** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17.
** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919.
That makes the DH parameters negotiation more robust and less prone to errors
due to insecure parameters. Servers are no longer required to specific explicit
DH parameters, though if they do these parameters will be used. Group
selection can be done via priority strings. The introduced strings are
GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and
GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that
the 6144 group from RFC7919 is not supported.
** libgnutls: Introduced various sanity checks on certificate import. Refuse
to import certificates which have fractional seconds in Time fields, X.509v1
certificates which have the unique identifiers set, and certificates with illegal
version numbers. All of these are prohibited by RFC5280.
** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags
in the crt structure. The only flag supported at the moment is
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity
checks on import.
** libgnutls: PKIX certificates with unknown critical extensions are rejected
on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This
behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
to verification functions. Resolves gitlab issue #177.
** libgnutls: Refuse to generate a certificate with an illegal version, or an
illegal serial number. That is, gnutls_x509_crt_set_version() and
gnutls_x509_crt_set_serial(), will fail on input considered to be invalid
in RFC5280.
** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv()
prior to handshake being complete are now refused. Addresses gitlab issue #158.
** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their
password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC.
** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values.
** libgnutls: Added new callback setting function to gnutls_privkey_t for external
keys. The new function (gnutls_privkey_import_ext4), allows signing in addition
to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519
keys.
** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1
priority string options. These allows enabling all broken and SHA1-based signature
algorithms in certificate verification, respectively.
** libgnutls: 3DES-CBC is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+3DES-CBC".
** libgnutls: SHA1 was marked as insecure for signing certificates. Verification
of certificates signed with SHA1 is now considered insecure and will
fail, unless flags intended to enable broken algorithms are set. Other uses
of SHA1 are still allowed. This can be reverted on compile time with the configure
flag --enable-sha1-support.
** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification
of certificates signed with RIPEMD160 hash algorithm is now considered insecure and
will fail, unless flags intended to enable broken algorithms are set.
** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes.
These curves were rarely used for that purpose, provide no advantage over
x25519 and were deprecated by TLS 1.3.
** libgnutls: Removed support for DEFLATE, or any other compression method.
** libgnutls: OpenPGP authentication was removed; the resulting library is ABI
compatible, with the openpgp related functions being stubs that fail
on invocation.
** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled
only with libidn2 which provides IDNA2008.
** certtool: The option '--load-ca-certificate' can now accept PKCS#11
URLs in addition to files.
** certtool: The option '--load-crl' can now be used when generating PKCS#12
files (i.e., in conjunction with '--to-p12' option).
** certtool: Keys with provable RSA and DSA parameters are now only read and
exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes support for the previous a non-standard key format.
** certtool: Added support for generating, printing and handling RSA-PSS and
Ed25519 keys and certificates.
** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now
deprecated, replaced by the --key-type option.
** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were
replaced by the --generate-privkey option.
** psktool: Generate 256-bit keys by default.
** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and
--alpn-fatal options, allowing testing of ALPN negotiation.
** API and ABI modifications:
gnutls_encode_rs_value: Added
gnutls_decode_rs_value: Added
gnutls_base64_encode2: Added
gnutls_base64_decode2: Added
gnutls_x509_crt_set_flags: Added
gnutls_x509_crt_check_ip: Added
gnutls_x509_ext_import_inhibit_anypolicy: Added
gnutls_x509_ext_export_inhibit_anypolicy: Added
gnutls_x509_crt_get_inhibit_anypolicy: Added
gnutls_x509_crt_set_inhibit_anypolicy: Added
gnutls_pubkey_export_rsa_raw2: Added
gnutls_pubkey_export_dsa_raw2: Added
gnutls_pubkey_export_ecc_raw2: Added
gnutls_privkey_export_rsa_raw2: Added
gnutls_privkey_export_dsa_raw2: Added
gnutls_privkey_export_ecc_raw2: Added
gnutls_x509_spki_init: Added
gnutls_x509_spki_deinit: Added
gnutls_x509_spki_get_pk_algorithm: Added
gnutls_x509_spki_set_pk_algorithm: Added
gnutls_x509_spki_get_digest_algorithm: Added
gnutls_x509_spki_set_digest_algorithm: Added
gnutls_x509_spki_get_salt_size: Added
gnutls_x509_spki_set_salt_size: Added
gnutls_x509_crt_set_spki: Added
gnutls_x509_crt_get_spki: Added
gnutls_x509_privkey_get_spki: Added
gnutls_x509_privkey_set_spki: Added
gnutls_x509_crq_get_spki: Added
gnutls_x509_crq_set_spki: Added
gnutls_pubkey_set_spki: Added
gnutls_pubkey_get_spki: Added
gnutls_privkey_set_spki: Added
gnutls_privkey_get_spki: Added
gnutls_privkey_import_ext4: Added
GNUTLS_EXPORT_FLAG_NO_LZ: Added
GNUTLS_DT_IP_ADDRESS: Added
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added
GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_SFLAGS_RFC7919: Added
* Version 3.5.15 (released 2017-08-21)
** libgnutls: Disable hardware acceleration on aarch64/ilp32 mode. There is
no assembler code included for this CPU mode.
** certtool: Keys with provable RSA and DSA parameters are now only exported
in PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes the need for a non-standard key format.
** API and ABI modifications:
No changes since last version.
* Version 3.5.14 (released 2017-07-04)
** libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
operation. Detect that state and try to login.
** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
a login will be forced. This improves operation on certain Safenet HSMs.
** libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte
first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
some HSMs which do not accept an integer with a leading zero. This
improves operation with certain Atos HSMs.
** libgnutls: Fixed issue discovering certain OCSP signers, and improved the
discovery of OCSP signer in the case where the Subject Public Key
identifier field matches. Resolves gitlab issue #223.
** gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if
certificate verification fails.
** API and ABI modifications:
No changes since last version.
While here, remove empty line from PLIST.
* Version 3.5.13 (released 2017-06-07)
** libgnutls: fixed issue with AES-GCM in-place encryption and decryption in
aarch64. Resolves gitlab issue #204.
** libgnutls: no longer parse the ResponseID field of the status response
TLS extension. The field is not used by GnuTLS nor is made available to
calling applications. That addresses a null pointer dereference on server
side caused by packets containing the ResponseID field. Reported
by Hubert Kario. [GNUTLS-SA-2017-4]
** libgnutls: tolerate certificates which do not have strict DER time encoding.
It is possible using 3rd party tools to generate certificates with time fields
that do not conform to DER requirements. Since 3.4.x these certificates were rejected
and cannot be used with GnuTLS, however that caused problems with existing private
certificate infrastructures, which were relying on such certificates (see gitlab
issue #196). Tolerate reading and using these certificates.
** minitasn1: updated to libtasn1 4.11.
** certtool: allow multiple certificates to be used in --p7-sign with
the --load-certificate option. Patch by Karl Tarbe.
Pkgsrc changes:
Adapt PLIST.
Upstream changes:
* Version 3.5.12 (released 2017-05-11)
** libgnutls: enabled TCP Fast open for MacOSX. Patch by Tim Ruehsen.
** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses
against DNS fields of certificate (CN or DNSname). The previous behavior
was to tolerate some misconfigured servers, but that was non-standard
and skipped any IP constraints present in higher level certificates.
** libgnutls: when converting to IDNA2008, fallback to IDNA2003
(i.e., transitional encoding) if the domain cannot be converted.
That provides maximum compatibility with browsers like firefox
that perform the same conversion.
** libgnutls: fix issue in RSA-PSK client callback which resulted
in no username being sent to the peer. Patch by Nicolas Dufresne.
** libgnutls: fix regression causing stapled extensions in trust modules not
to be considered.
** certtool: introduced the email_protection_key option. This
option was introduced in documentation for certtool without an
implementation of it. It is a shortcut for option 'key_purpose_oid
= 1.3.6.1.5.5.7.3.4'.
** certtool: made printing of key ID and key PIN consistent between
certificates, public keys, and private keys. That is the private
key printing now uses the same format as the rest.
** gnutls-cli: introduced the --sni-hostname option. This allows overriding the
hostname advertised to the peer.
** API and ABI modifications:
No changes since last version.
* Version 3.5.11 (released 2017-04-07)
** gnutls.pc: do not include libtool options into Libs.private.
** libgnutls: Fixed issue when rehandshaking without a client certificate in
a session which initially used one. Reported by Frantisek Sumsal.
** libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP
certificate parsing. Issues found using oss-fuzz project and were fixed
by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
** libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access.
That allows PKCS#11 operations such as signing to be performed with the
same object from multiple threads.
** libgnutls: Added support for MacOSX key chain for obtaining
trust store's root CA certificates. That is,
gnutls_x509_trust_list_add_system_trust() and
gnutls_certificate_set_x509_system_trust() will load the certificates
from the key chain. That also means that we no longer check for a
default trust store file in configure when building on MacOSX (unless
explicitly asked to). Patch by David Caldwell.
** libgnutls: when disabling OpenPGP authentication, the resulting library
is ABI compatible (with openpgp related functions being stubs that fail
on invocation).
** API and ABI modifications:
No changes since last version.
* Version 3.5.10 (released 2017-03-06)
** gnutls.pc: do not include libidn2 in Requires.private. The
libidn2 versions available do not include libidn2.pc, thus the
inclusion was causing pkg-config issues. Instead we include
-lidn2 in Libs.private when compile against libidn2.
** libgnutls: optimized access to subject alternative names (SANs)
in parsed certificates. The previous implementation assumed a
small number of SANs in a certificate, with repeated calls to
ASN.1 decoding of the extension without any intermediate caching.
That caused delays in certificates with a long list of names in
functions such as gnutls_x509_crt_check_hostname(). With the
current code, the SANs are parsed once on certificate import.
Resolves gitlab issue #165.
** libgnutls: Addressed integer overflow resulting to invalid memory
write in OpenPGP certificate parsing. Issue found using oss-fuzz
project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A]
** libgnutls: Addressed read of 1 byte past the end of buffer in OpenPGP
certificate parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
** libgnutls: Addressed crashes in OpenPGP certificate parsing, related
to private key parser. No longer allow OpenPGP certificates (public keys)
to contain private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B]
** libgnutls: Addressed large allocation in OpenPGP certificate parsing, that
could lead in out-of-memory condition. Issue found using oss-fuzz project,
and was fixed by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C]
** libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
when printing certificate information.
** libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify()
flags can be set from the gnutls_certificate_verify_flags enumeration.
This allows the functions to pass the same flags available for certificates
to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or
GNUTLS_VERIFY_ALLOW_BROKEN).
** libgnutls: gnutls_store_commitment() can accept flag
GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate
in applications which use SHA1 for example, after SHA1 is deprecated.
** certtool: No longer ignore the 'add_critical_extension' template option if
the 'add_extension' option is not present.
** gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the
starttls-proto command. Patch by Robert Scheck.
** API and ABI modifications:
No changes since last version.
** libgnutls: Removed any references to OpenPGP functionality in documentation,
and marked all functions in openpgp.h as deprecated. That functionality
is considered deprecated and should not be used for other reason than
backwards compatibility.
** libgnutls: Improve detection of AVX support. In certain cases when
when the instruction was available on the host, but not on a VM running
gnutls, detection could fail causing illegal instruction usage.
** libgnutls: Added support for IDNA2008 for internationalized DNS names.
If gnutls is compiled using libidn2 (the latest version is recommended),
it will support IDNA2008 instead of the now obsolete IDNA2003 standard.
Resolves gitlab issue 150. Based on patch by Tim Ruehsen.
** p11tool: re-use ID from corresponding objects when writing certificates.
That is, when writing a certificate which has a corresponding public key,
or private key in the token, ensure that we use the same ID for the
certificate.
** API and ABI modifications:
gnutls_idna_map: Added
gnutls_idna_reverse_map: Added
* Version 3.5.8 (released 2016-01-09)
** libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
functions will not leave the verification profiles field to an
undefined state. The last call will take precedence.
** libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
** libgnutls: Introduced option to override the default priority string
used by the library. The intention is to allow support of system-wide
priority strings (as set with --with-system-priority-file). The
configure option is --with-default-priority-string.
** libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
This prevents crashes when decrypting malformed PKCS#8 keys.
** libgnutls: Fix crash on the loading of malformed private keys with certain
parameters set to zero.
** libgnutls: Fix double free in certificate information printing. If the PKIX
extension proxy was set with a policy language set but no policy specified,
that could lead to a double free.
** libgnutls: Addressed memory leaks in client and server side error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks in X.509 certificate printing error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
** libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
(issues found using oss-fuzz project)
** API and ABI modifications:
No changes since last version.
* Version 3.5.7 (released 2016-12-8)
** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128
and SECURE256 priority strings.
** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly
operate with OIDs which have elements that exceed 2^32.
** libgnutls: The DN decoding functions output the traditional DN format
rather than the strict RFC4514 compliant textual DN. This reverts the
3.5.6 introduced change, and allows applications which depended on the
previous format to continue to function. Introduced new functions which
output the strict format by default, and can revert to the old one using
a flag.
** libgnutls: Improved TPM key handling. Check authorization requirements
prior to using a key and fix issue on loop for PIN input. Patches by
James Bottomley.
** libgnutls: In all functions accepting UTF-8 passwords, ensure that
passwords are normalized according to RFC7613. When invalid UTF-8
passwords are detected, they are only tolerated for decryption.
This introduces a libunistring dependency on GnuTLS. A version of
libunistring is included in the library for the platforms that do
not ship it; it can be used with the '--with-included-unistring'
option to configure script.
** libgnutls: When setting a subject alternative name in a certificate
which is in UTF-8 format, it will transparently be converted to IDNA form
prior to storing.
** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print()
will print the SHA256 key-ID instead of a certificate fingerprint.
** libgnutls: enhance the PKCS#7 verification capabilities. In the case
signers that are not discoverable using the trust list or input, use
the stored list as pool to generate a trusted chain to the signer.
** libgnutls: Improved MTU calculation precision for the CBC ciphersuites
under DTLS.
** libgnutls: [added missing news entry since 3.5.0]
No longer tolerate certificate key usage violations for
TLS signature verification, and decryption. That is GnuTLS will fail
to connect to servers which incorrectly use a restricted to signing certificate
for decryption, or vice-versa. This reverts the lax behavior introduced
in 3.1.0, due to several such broken servers being available. The %COMPAT
priority keyword can be used to work-around connecting on these servers.
** certtool: When exporting a CRQ in DER format ensure no text data are
intermixed. Patch by Dmitry Eremin-Solenikov.
** certtool: Include the SHA-256 variant of key ID in --certificate-info
options.
** p11tool: Introduced the --initialize-pin and --initialize-so-pin
options.
** API and ABI modifications:
gnutls_utf8_password_normalize: Added
gnutls_ocsp_resp_get_responder2: Added
gnutls_x509_crt_get_issuer_dn3: Added
gnutls_x509_crt_get_dn3: Added
gnutls_x509_rdn_get2: Added
gnutls_x509_dn_get_str2: Added
gnutls_x509_crl_get_issuer_dn3: Added
gnutls_x509_crq_get_dn3: Added
* Version 3.5.6 (released 2016-11-04)
** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
** libgnutls: Introduced a function group to set known DH parameters
using groups from RFC7919.
** libgnutls: Added more strict RFC4514 textual DN encoding and decoding.
Now the generated textual DN is in reverse order according to RFC4514,
and functions which generate a DN from strings such gnutls_x509_crt_set_*dn()
set the expected DN (reverse of the provided string).
** libgnutls: Introduced time and constraints checks in the end certificate
in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
functions.
** libgnutls: Set limits on the maximum number of alerts handled. That is,
applications using gnutls could be tricked into an busy loop if the
peer sends continuously alert messages. Applications which set a maximum
handshake time (via gnutls_handshake_set_timeout) will eventually recover
but others may remain in a busy loops indefinitely. This is related but
not identical to CVE-2016-8610, due to the difference in alert handling
of the libraries (gnutls delegates that handling to applications).
** libgnutls: Reverted the change which made the gnutls_certificate_set_*key*
functions return an index (introduced in 3.5.5), to avoid affecting programs
which explicitly check success of the function as equality to zero. In order
for these functions to return an index an explicit call to gnutls_certificate_set_flags
with the GNUTLS_CERTIFICATE_API_V2 flag is now required.
** libgnutls: Reverted the behavior of sending a status request extension even
without a response (introduced in 3.5.5). That is, we no longer reply to a
client's hello with a status request, with a status request extension. Although
that behavior is legal, it creates incompatibility issues with releases in
the gnutls 3.3.x branch.
** libgnutls: Delayed the initialization of the random generator at
the first call of gnutls_rnd(). This allows applications to load
on systems which getrandom() would block, without blocking until
real random data are needed.
** certtool: --get-dh-params will output parameters from the RFC7919
groups.
** p11tool: improvements in --initialize option.
** API and ABI modifications:
GNUTLS_CERTIFICATE_API_V2: Added
GNUTLS_NO_TICKETS: Added
gnutls_pkcs7_get_embedded_data_oid: Added
gnutls_anon_set_server_known_dh_params: Added
gnutls_certificate_set_known_dh_params: Added
gnutls_psk_set_server_known_dh_params: Added
gnutls_x509_crt_check_key_purpose: Added
* Version 3.5.5 (released 2016-10-09)
** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file()
to allow importing multiple OCSP request files, one for each chain
provided.
** libgnutls: The gnutls_certificate_set_key* functions return an
index of the added chain. That index can be used either with
gnutls_certificate_set_ocsp_status_request_file(), or with
gnutls_certificate_get_crt_raw() and friends.
** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations
for the aarch64 architecture. Uses Andy Polyakov's assembly code.
** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key()
failures due to key mismatch. This prevents leaks or double freeing
on such failures.
** libgnutls: Increased the maximum size of the handshake message hash.
This will allow the library to cope better with larger packets, as
the ones offered by current TLS 1.3 drafts.
** libgnutls: Allow to use client certificates despite them containing
disallowed algorithms for a session. That allows for example a client
to use DSA-SHA1 due to his old DSA certificate, without requiring him
to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
** libgnutls: Reverted AESNI code on x86 to earlier version as the
latest version was creating position depending code. Added checks
in the CI to detect position depending code early.
** guile: Update code to the I/O port API of Guile >= 2.1.4
This makes sure the GnuTLS bindings will work with the forthcoming 2.2
stable series of Guile, of which 2.1 is a preview.
** API and ABI modifications:
gnutls_certificate_set_ocsp_status_request_function2: Added
gnutls_session_ext_register: Added
gnutls_session_supplemental_register: Added
GNUTLS_E_PK_INVALID_PUBKEY: Added
GNUTLS_E_PK_INVALID_PRIVKEY: Added
configure test because the type in stddef.h is guarded by a c11 macro
(most likely).
Force the configure test to pass.
From David Shao in PR pkg/51793 (originally from FreeBSD ports).
* Version 3.5.4 (released 2016-09-08)
** libgnutls: Corrected the comparison of the serial size in OCSP response.
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't (GNUTLS-SA-2016-3).
Reported by Stefan Buehler.
** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop.
** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This
is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0.
** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256
as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0.
** libgnutls: Added support for internationalized passwords in PKCS#12 files.
Previous versions would only encrypt or decrypt using passwords from the ASCII
set.
** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA
keys. The signature is now written as unsigned integers into the DSASignatureValue
structure. Previously signed integers could be written depending on what
the underlying module would produce. Addresses #122.
** gnutls-cli: Fixed starttls regression from 3.5.3.
** API and ABI modifications:
GNUTLS_E_MALFORMED_CIDR: Added
gnutls_x509_cidr_to_rfc5280: Added
gnutls_oid_to_mac: Added
* Version 3.5.3 (released 2016-08-09)
** libgnutls: Added support for TCP fast open (RFC7413), allowing
to reduce by one round-trip the handshake process. Based on proposal and
patch by Tim Ruehsen.
** libgnutls: Adopted a simpler with less memory requirements DTLS sliding
window implementation. Based on Fridolin Pokorny's implementation for
AF_KTLS.
** libgnutls: Use getrandom where available via the syscall interface.
This works around an issue of not-using getrandom even if it exists
since glibc doesn't declare such function.
** libgnutls: Fixed DNS name constraints checking in the case of empty
intersection of domain names in the chain. Report and fix by Martin Ukrop.
** libgnutls: Fixed name constraints checking in the case of chains
where the higher level certificates contained different types of
constraints than the ones present in the lower intermediate CAs.
Report and fix by Martin Ukrop.
** libgnutls: Dropped support for the EGD random generator.
** libgnutls: Allow the decoding of raw elements (starting with #)
in RFC4514 DN string decoding.
** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
ignoring flags if all certificates in the list fit within the
initially allocated memory. Patch by Tim Kosse.
** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt()
to return invalid pointers when returned more than a single certificate.
Report and fix by Stefan Sørensen.
** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain,
even when the extra_certs was non-null. Report and fix by Stefan Sørensen.
** certtool: Added the "add_extension" and "add_critical_extension"
template options. This allows specifying arbitrary extensions into
certificates and certificate requests.
** gnutls-cli: Added the --fastopen option.
** API and ABI modifications:
GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added
gnutls_x509_crq_set_extension_by_oid: Added
gnutls_x509_dn_set_str: Added
gnutls_transport_set_fastopen: Added
* Version 3.5.2 (released 2016-07-06)
** libgnutls: Address issue when utilizing the p11-kit trust store
for certificate verification (GNUTLS-SA-2016-2).
** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
Guillaume Roguez.
** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
from SafeNet Network HSM. Reported by Anthony Alba in #108.
** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report
and fix by Stanislav Židek.
** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE
instructions. Uses Andy Polyakov's assembly code.
** API and ABI modifications:
No changes since last version.
* Version 3.5.1 (released 2016-06-14)
** libgnutls: The SSL 3.0 protocol support can completely be removed
using a compile time option. The configure option is --disable-ssl3-support.
** libgnutls: The SSL 2.0 client hello support can completely be removed
using a compile time option. The configure option is --disable-ssl2-support.
** libgnutls: Added support for OCSP Must staple PKIX extension. That is,
implemented the RFC7633 TLSFeature for OCSP status request extension.
Feature implemented by Tim Kosse.
** libgnutls: More strict OCSP staple verification. That is, no longer
ignore invalid or too old OCSP staples. The previous behavior was
to rely on application use gnutls_ocsp_status_request_is_checked(),
while the new behavior is to include OCSP verification by default
and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error.
** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
improves interoperability with several old intermediate CA certificates
carrying these legacy OIDs.
** libgnutls: Re-read the system wide priority file when needed. Patch by
Daniel P. Berrange.
** libgnutls: Allow for fallback in system-specific initial keywords
(prefixed with '@'). That allows to specify a keyword such as
"@KEYWORD1,KEYWORD2" which will use the first available of these
two keywords. Patch by Daniel P. Berrange.
** libgnutls: The SSLKEYLOGFILE environment variable can be used to log
session keys. These session keys are compatible with the NSS Key Log
Format and can be used to decrypt the session for debugging using
wireshark.
** API and ABI modifications:
GNUTLS_CERT_INVALID_OCSP_STATUS: Added
gnutls_x509_crt_set_crq_extension_by_oid: Added
gnutls_x509_ext_import_tlsfeatures: Added
gnutls_x509_ext_export_tlsfeatures: Added
gnutls_x509_tlsfeatures_add: Added
gnutls_x509_tlsfeatures_init: Added
gnutls_x509_tlsfeatures_deinit: Added
gnutls_x509_tlsfeatures_get: Added
gnutls_x509_crt_get_tlsfeatures: Added
gnutls_x509_crt_set_tlsfeatures: Added
gnutls_x509_crq_get_tlsfeatures: Added
gnutls_x509_crq_set_tlsfeatures: Added
gnutls_ext_get_name: Added
* Version 3.5.0 (released 2016-05-09)
** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA,
based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07).
This curve is disabled by default as it is still on specification status. It
can be enabled using the priority string modifier +CURVE-X25519.
** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01)
by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73).
** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable
RSA and DSA parameter generation from a seed.
** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
cipher is prioritized after AES-GCM.
** libgnutls: On a rehandshake ensure that the certificate of the peer or
its username remains the same as in previous handshakes. That is to protect
applications which do not check user credentials on rehandshakes. The
threat to address depends on the application protocol. Primarily it
protects against applications which authenticate the peer initially and
perform accounting using the session's information, from being misled
by a rehandshake which switches the peer's identity. Applications can
disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in
gnutls_init().
** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate
parsing errors in the extensions field and treat it as a typical Hello
message structure. Reported by Hubert Kario (#40).
** libgnutls: Old and unsupported version numbers in client hellos are
rejected with a "protocol_version" alert message. Reported by Hubert
Kario (#42).
** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*()
functions, only on non-resumed sessions. This brings the API in par with
its usage (#79).
** libgnutls: Follow RFC5280 strictly in name constraints computation. The
permitted subtrees is intersected with any previous values. Report and
patch by Daiki Ueno.
** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on
session resumption. Reported by Hubert Kario (#69).
** libgnutls: Consider the max-record TLS extension even when under DTLS.
Reported by Peter Dettman (#61).
** libgnutls: Replaced writev() system call with sendmsg().
** libgnutls: Replaced select() system call with poll() on POSIX systems.
** libgnutls: Preload the system priority file on library load. This allows
applications that chroot() to also use the system priorities.
** libgnutls: Applications are allowed to override the built-in key and
certificate URLs.
** libgnutls: The gnutls.h header marks constant and pure functions explictly.
** certtool: Added the ability to sign certificates using SHA3.
** certtool: Added the --provable and --verify-allow-broken options.
** gnutls-cli: The --dane option will cause verification failure if gnutls is not
compiled with DANE support.
** crywrap: The tool was unbundled from gnutls' distribution. It can be found at
https://github.com/nmav/crywrap
** guile: .go files are now built and installed
** guile: Fix compatibility issue of the test suite with Guile 2.1
** guile: When --with-guile-site-dir is passed, modules are installed in a
versioned directory, typically $(datadir)/guile/site/2.0
** guile: Tests no longer leave zombie processes behind
** API and ABI modifications:
GNUTLS_FORCE_CLIENT_CERT: Added
GNUTLS_ENABLE_FALSE_START: Added
GNUTLS_INDEFINITE_TIMEOUT: Added
GNUTLS_ALPN_SERVER_PRECEDENCE: Added
GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added
GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added
gnutls_check_version_numeric: Added
gnutls_x509_crt_equals: Added
gnutls_x509_crt_equals2: Added
gnutls_x509_crt_set_subject_alt_othername: Added
gnutls_x509_crt_set_issuer_alt_othername: Added
gnutls_x509_crt_get_signature_oid: Added
gnutls_x509_crt_get_pk_oid: Added
gnutls_x509_crq_set_subject_alt_othername: Added
gnutls_x509_crq_get_pk_oid: Added
gnutls_x509_crq_get_signature_oid: Added
gnutls_x509_crl_get_signature_oid: Added
gnutls_x509_privkey_generate2: Added
gnutls_x509_privkey_get_seed: Added
gnutls_x509_privkey_verify_seed: Added
gnutls_privkey_generate2: Added
gnutls_privkey_get_seed: Added
gnutls_privkey_verify_seed: Added
gnutls_decode_ber_digest_info: Added
gnutls_encode_ber_digest_info: Added
gnutls_dh_params_import_dsa: Added
gnutls_session_get_master_secret: Added
* Version 3.4.3 (released 2015-07-12)
** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
dates prior to 2050.
** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
was done only when cryptodev was enabled).
** libgnutls: Removed support for pthread_atfork() as it has undefined
semantics when used with dlopen(), and may lead to a crash.
** libgnutls: corrected failure when importing plain files
with gnutls_x509_privkey_import2(), and a password was provided.
** libgnutls: Don't reject certificates if a CA has the URI or IP address
name constraints, and the end certificate doesn't have an IP address
name or a URI set.
** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
** p11tool: Added --list-token-urls option, and print the token module name
in list-tokens.
** API and ABI modifications:
gnutls_ecc_curve_get_oid: Added
gnutls_digest_get_oid: Added
gnutls_pk_get_oid: Added
gnutls_sign_get_oid: Added
gnutls_ecc_curve_get_id: Added
gnutls_oid_to_digest: Added
gnutls_oid_to_pk: Added
gnutls_oid_to_sign: Added
gnutls_oid_to_ecc_curve: Added
gnutls_pkcs7_get_signature_count: Added
* Version 3.4.2 (released 2015-06-16)
** libgnutls: DTLS blocking API is more robust against infinite blocking,
and will notify of more possible timeouts.
** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
by Manuel Pegourie-Gonnard.
** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
allows to disable SIGPIPE for writes done within gnutls.
** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
of structures. API moved to gnutls/pkcs7.h header.
** certtool: Added options to generate PKCS #7 bundles and signed
structures.
** API and ABI modifications:
gnutls_x509_dn_get_str: Added
gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added
gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added
gnutls_x509_crt_verify_data2: Added
gnutls_pkcs7_get_crt_raw2: Added
gnutls_pkcs7_signature_info_deinit: Added
gnutls_pkcs7_get_signature_info: Added
gnutls_pkcs7_verify_direct: Added
gnutls_pkcs7_verify: Added
gnutls_pkcs7_get_crl_raw2: Added
gnutls_pkcs7_sign: Added
gnutls_pkcs7_attrs_deinit: Added
gnutls_pkcs7_add_attr: Added
gnutls_pkcs7_get_attr: Added
gnutls_pkcs7_print: Added
* Version 3.4.1 (released 2015-05-03)
** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.
** libgnutls: Check for invalid length in the X.509 version field. Without
the check certificates with invalid length would be detected as having an
arbitrary version. Reported by Hanno Böck.
** libgnutls: Handle DNS name constraints with a leading dot. Patch by
Fotis Loukos.
** libgnutls: Updated system-keys support for windows to compile in more
versions of mingw. Patch by Tim Kosse.
** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
by default. That caused issues with non-blocking programs.
** certtool: It can generate SHA256 key IDs.
** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
** configure: re-enabled the --enable-local-libopts flag
** API and ABI modifications:
gnutls_x509_crt_get_pk_ecc_raw: Added
* Version 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
was already defunc as support for the EXPORT ciphersuites was removed in
GnuTLS 3.2.0.
** libgnutls: Added API to utilize system specific private keys in
"gnutls/system-keys.h". It is currently provided as technology preview
and is restricted to windows CNG keys.
** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
RFC6125 comparison of hostnames. That introduces a dependency on libidn.
** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).
** libgnutls: Depend on nettle 3.1.
** libgnutls: Use getrandom() or getentropy() when available. That
avoids the complexity of file descriptor handling and issues with
applications closing all open file descriptors on startup.
** libgnutls: Use pthread_atfork() to detect fork when available.
** libgnutls: If a key purpose (extended key usage) is specified for verification,
it is applied into intermediate certificates. The verification result
GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.
** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
combination with PKCS #11, or TPM URLs, it will utilize the provided
password as PIN if required. That removes the requirement for the
application to set a callback for PINs in that case.
** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
restricted to the corresponding protocols only, and the VERS-ALL
string is introduced to catch all possible protocols.
** libgnutls: Added helper functions to obtain information on PKCS #8
structures.
** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
** libgnutls: Added functions to export and set the record state. That
allows for gnutls_record_send() and recv() to be offloaded (to kernel,
hardware or any other subsystem).
** libgnutls: Added the ability to register application specific URL
types, which express certificates and keys using gnutls_register_custom_url().
** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().
** libgnutls: Added gnutls_ext_register() to register custom extensions.
Contributed by Thierry Quemerais.
** libgnutls: Added gnutls_supplemental_register() to register custom
supplemental data handshake messages. Contributed by Thierry Quemerais.
** libgnutls-openssl: it is no longer built by default.
** certtool: Added --p8-info option, which will print PKCS #8 information
even if the password is not available.
** certtool: --key-info option will print PKCS #8 encryption information
when available.
** certtool: Added the --key-id and --fingerprint options.
** certtool: Added the --verify-hostname, --verify-email and --verify-purpose
options to be used in certificate chain verification, to simulate verification
for specific hostname and key purpose (extended key usage).
** certtool: --p12-info option will print PKCS #12 MAC and cipher information
when available.
** certtool: it will print the A-label (ACE) names in addition to UTF-8.
** p11tool: added options --set-id and --set-label.
** gnutls-cli: added options --priority-list and --save-cert.
** guile: Deprecated priority API has been removed. The old priority API,
which had been deprecated for some time, is now gone; use 'set-session-priorities!'
instead.
** guile: Remove RSA parameters and related procedures. This API had been
deprecated.
** guile: Fix compilation on MinGW. Previously only the static version of the
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
** API and ABI modifications:
gnutls_record_get_state: Added
gnutls_record_set_state: Added
gnutls_aead_cipher_init: Added
gnutls_aead_cipher_decrypt: Added
gnutls_aead_cipher_encrypt: Added
gnutls_aead_cipher_deinit: Added
gnutls_pkcs12_generate_mac2: Added
gnutls_pkcs12_mac_info: Added
gnutls_pkcs12_bag_enc_info: Added
gnutls_pkcs8_info: Added
gnutls_pkcs_schema_get_name: Added
gnutls_pkcs_schema_get_oid: Added
gnutls_pcert_export_x509: Added
gnutls_pcert_export_openpgp: Added
gnutls_pcert_import_x509_list: Added
gnutls_pkcs11_privkey_cpy: Added
gnutls_x509_crq_get_signature_algorithm: Added
gnutls_x509_trust_list_iter_get_ca: Added
gnutls_x509_trust_list_iter_deinit: Added
gnutls_x509_trust_list_get_issuer_by_dn: Added
gnutls_pkcs11_get_raw_issuer_by_dn: Added
gnutls_certificate_get_trust_list: Added
gnutls_privkey_export_x509: Added
gnutls_privkey_export_pkcs11: Added
gnutls_privkey_export_openpgp: Added
gnutls_privkey_import_ext3: Added
gnutls_certificate_get_x509_key: Added
gnutls_certificate_get_x509_crt: Added
gnutls_certificate_get_openpgp_key: Added
gnutls_certificate_get_openpgp_crt: Added
gnutls_record_discard_queued: Added
gnutls_session_ext_master_secret_status: Added
gnutls_priority_string_list: Added
gnutls_dh_params_import_raw2: Added
gnutls_memset: Added
gnutls_memcmp: Added
gnutls_pkcs12_bag_set_privkey: Added
gnutls_ocsp_resp_get_responder_raw_id: Added
gnutls_system_key_iter_deinit: Added
gnutls_system_key_iter_get_info: Added
gnutls_system_key_delete: Added
gnutls_system_key_add_x509: Added
gnutls_system_recv_timeout: Added
gnutls_register_custom_url: Added
gnutls_pkcs11_obj_list_import_url3: Added
gnutls_pkcs11_obj_list_import_url4: Added
gnutls_pkcs11_obj_set_info: Added
gnutls_crypto_register_cipher: Added
gnutls_crypto_register_aead_cipher: Added
gnutls_crypto_register_mac: Added
gnutls_crypto_register_digest: Added
gnutls_ext_register: Added
gnutls_supplemental_register: Added
gnutls_supplemental_recv: Added
gnutls_supplemental_send: Added
gnutls_openpgp_crt_check_email: Added
gnutls_x509_crt_check_email: Added
gnutls_handshake_set_hook_function: Modified
gnutls_pkcs11_privkey_generate3: Added
gnutls_pkcs11_copy_x509_crt2: Added
gnutls_pkcs11_copy_x509_privkey2: Added
gnutls_pkcs11_obj_list_import_url: Removed
gnutls_pkcs11_obj_list_import_url2: Removed
gnutls_certificate_client_set_retrieve_function: Removed
gnutls_certificate_server_set_retrieve_function: Removed
gnutls_certificate_set_rsa_export_params: Removed
gnutls_certificate_type_set_priority: Removed
gnutls_cipher_set_priority: Removed
gnutls_compression_set_priority: Removed
gnutls_kx_set_priority: Removed
gnutls_mac_set_priority: Removed
gnutls_protocol_set_priority: Removed
gnutls_rsa_export_get_modulus_bits: Removed
gnutls_rsa_export_get_pubkey: Removed
gnutls_rsa_params_cpy: Removed
gnutls_rsa_params_deinit: Removed
gnutls_rsa_params_export_pkcs1: Removed
gnutls_rsa_params_export_raw: Removed
gnutls_rsa_params_generate2: Removed
gnutls_rsa_params_import_pkcs1: Removed
gnutls_rsa_params_import_raw: Removed
gnutls_rsa_params_init: Removed
gnutls_sign_callback_get: Removed
gnutls_sign_callback_set: Removed
gnutls_x509_crt_verify_data: Removed
gnutls_x509_crt_verify_hash: Removed
gnutls_pubkey_get_verify_algorithm: Removed
gnutls_x509_crt_get_verify_algorithm: Removed
gnutls_pubkey_verify_hash: Removed
gnutls_pubkey_verify_data: Removed
gnutls_record_set_max_empty_records: Removed
guile:
set-session-cipher-priority!: Removed
set-session-mac-priority!: Removed
set-session-compression-method-priority!: Removed
set-session-kx-priority!: Removed
set-session-protocol-priority!: Removed
set-session-certificate-type-priority!: Removed
set-session-default-priority!: Removed
set-session-default-export-priority!: Removed
make-rsa-parameters: Removed
rsa-parameters?: Removed
set-certificate-credentials-rsa-export-parameters!: Removed
pkcs1-import-rsa-parameters: Removed
pkcs1-export-rsa-parameters: Removed
This package disables guile unconditionally. This just changes the
comment to not include 2.0 instead of not including 1.8, to reduce the
number of packages that look like they need updating.
----------------
* Version 3.3.18 (released 2015-09-12)
** libgnutls: When re-importing CRLs to a trust list ensure that there
no duplicate entries.
** certtool: Removed any arbitrary limits imposed on input file sizes
and maximum number of certificates imported.
** API and ABI modifications:
No changes since last version.
* Version 3.3.17 (released 2015-08-10)
** libgnutls: Fix issue with server side sending the status request
extension even when not requested. Reported by Jeremy Harris.
** libgnutls: gnutls_pkcs11_privkey_generate2() will store the generated
public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is
specified.
** libgnutls: fixed double free in DN decoding [GNUTLS-SA-2015-3].
** API and ABI modifications:
No changes since last version.
* Version 3.3.16 (released 2015-07-12)
** libgnutls: Allow compilation with nettle 3.0 or later
** libgnutls: corrected failure when importing plain files
with gnutls_x509_privkey_import2(), and a password was provided.
** libgnutls: Don't reject certificates if a CA has the URI or IP address
name constraints, and the end certificate doesn't have an IP address
name or a URI set.
** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
** API and ABI modifications:
No changes since last version.
patch refresh grace of mkpatches
upstream notable changes list since the 3.2 to 3.3 branch point (excerpt
of the NEWS file):
* Version 3.3.15 (released 2015-05-03)
** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.
** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
** libgnutls: Check for invalid length in the X.509 version field. Without the check
certificates with invalid length would be detected as having an arbitrary
version. Reported by Hanno Böck.
** API and ABI modifications:
No changes since last version.
* Version 3.3.14 (released 2015-03-30)
** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
structures use BER to decode them (requires libtasn1 4.3). That allows
to decode some more complex structures.
** libgnutls: When an end-certificate with no name is present and there
are CA name constraints, don't reject the certificate. This follows RFC5280
advice closely. Reported by Fotis Loukos.
** libgnutls: Fixed handling of supplemental data with types > 255.
Patch by Thierry Quemerais.
** libgnutls: Fixed double free in the parsing of CRL distribution points certificate
extension. Reported by Robert Święcki.
** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
protocol is not enabled by default (used by openconnect VPN).
** libgnutls: The maximum user data send size is set to be the same for
block and non-block ciphersuites. This addresses a regression with wine:
https://bugs.winehq.org/show_bug.cgi?id=37500
** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
and CKA_DECRYPT when needed.
** libgnutls: Allow names with zero size to be set using
gnutls_server_name_set(). That will disable the Server Name Indication.
Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2
** API and ABI modifications:
No changes since last version.
* Version 3.3.13 (released 2015-02-25)
** libgnutls: Enable AESNI in GCM on x86
** libgnutls: Fixes in DTLS message handling
** libgnutls: Check certificate algorithm consistency, i.e.,
check whether the signatureAlgorithm field matches the signature
field inside TBSCertificate.
** gnutls-cli: Fixes in OCSP verification.
** API and ABI modifications:
No changes since last version.
* Version 3.3.12 (released 2015-01-17)
** libgnutls: When negotiating TLS use the lowest enabled version in
the client hello, rather than the lowest supported. In addition, do
not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0
is the only protocol supported. That addresses issues with servers that
immediately drop the connection when the encounter SSL 3.0 as the record
version number. See:
http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html
** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.
** libgnutls: Handle zero length plaintext for VIA PadLock functions.
This solves a potential crash on AES encryption for small size plaintext.
Patch by Matthias-Christian Ott.
** libgnutls: In DTLS don't combine multiple packets which exceed MTU.
Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715
** libgnutls: In DTLS decode all handshake packets present in a record
packet, in a single pass. Reported by Andreas Schultz.
https://savannah.gnu.org/support/?108712
** libgnutls: When importing a CA file with a PKCS #11 URL, simply
import the certificates, if the URL specifies objects, rather than
treating it as trust module.
** libgnutls: When importing a PKCS #11 URL and we know the type of
object we are importing, don't require the object type in the URL.
** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2
was used by the server.
** guile: Fix compilation on MinGW. Previously only the static version of the
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
** guile: Fix harmless warning during compilation of gnutls.scm
Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.
** certtool: --pubkey-info will also attempt to load a public key
from stdin.
** gnutls-cli: Added --starttls-proto option. That allows to specify a
protocol for starttls negotiation.
** API and ABI modifications:
No changes since last version.
* Version 3.3.11 (released 2014-12-11)
** libgnutls: Corrected regression introduced in 3.3.9 related to
session renegotiation. Reported by Dan Winship.
** libgnutls: Corrected parsing issue with OCSP responses.
** API and ABI modifications:
No changes since last version.
* Version 3.3.10 (released 2014-11-10)
** libgnutls: Refuse to import v1 or v2 certificates that contain
extensions.
** libgnutls: Fixes in usage of PKCS #11 token callback
** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used
with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag.
Reported by David Woodhouse.
** libgnutls: Removed superfluous random generator refresh on every call
of gnutls_deinit(). That reduces load and usage of /dev/urandom.
** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
Reported by Sean Burford [GNUTLS-SA-2014-5].
** libgnutls: When gnutls_global_init() is called for a second time, it
will check whether the /dev/urandom fd kept is still open and matches
the original one. That behavior works around issues with servers that
close all file descriptors.
** libgnutls: Corrected behavior with PKCS #11 objects that are marked
as CKA_ALWAYS_AUTHENTICATE.
** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12.
That option is more compatible than AES or RC4.
** API and ABI modifications:
No changes since last version.
* Version 3.3.9 (released 2014-10-13)
** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.
** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.
** libgnutls: When both a trust module and additional CAs are present
account the latter as well; reported by David Woodhouse.
** libgnutls: added GNUTLS_TL_GET_COPY flag for
gnutls_x509_trust_list_get_issuer(). That allows the function to be used
in a thread safe way when PKCS #11 trust modules are in use.
** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.
** libgnutls-dane: Do not require the CA on a ca match to be direct CA.
** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
** guile: new 'set-session-server-name!' procedure; see the manual for
details.
** certtool: The authority key identifier will be set in a certificate only
if the CA's subject key identifier is set.
** API and ABI modifications:
No changes since last version.
* Version 3.3.8 (released 2014-09-18)
** libgnutls: Updates in the name constraints checks. No name constraints
will be checked for intermediate certificates. As our support for name
constraints is limited to e-mail addresses in DNS names, it is pointless
to check them on intermediate certificates.
** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple
object listing would fail completely if a single object could not be exported.
** libgnutls: Improved the performance of PKCS #11 object listing/retrieving,
by retrieving them in large batches. Report and suggestion by David
Woodhouse.
** libgnutls: Fixed issue with certificates being sanitized by gnutls prior
to signature verification. That resulted to certain non-DER compliant modifications
of valid certificates, being corrected by libtasn1's parser and restructured as
the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from
Codenomicon.
** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
strings with embedded spaces and escaped commas.
** libgnutls: when comparing a CA certificate with the trusted list compare
the name and key only instead of the whole certificate. That is to handle
cases where a CA certificate was superceded by a different one with the same
name and the same key.
** libgnutls: when verifying a certificate against a p11-kit trusted
module, use the attached extensions in the module to override the CA's
extensions (that requires p11-kit 0.20.7).
** libgnutls: In DTLS prevent sending zero-size fragments in certain cases
of MTU split. Reported by Manuel Pégourié-Gonnard.
** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows
verifying using a hostname and a purpose (extended key usage). That
enhances PKCS #11 trust module verification, as it can now check the purpose
when this function is used.
** libgnutls: Corrected gnutls_x509_crl_verify() which would always report
a CRL signature as invalid. Reported by Armin Burgmeier.
** libgnutls: added option --disable-padlock to allow disabling the padlock
CPU acceleration.
** p11tool: when listing tokens, list their type as well.
** p11tool: when listing objects from a trust module print any attached
extensions on certificates.
** API and ABI modifications:
gnutls_x509_crq_get_extension_by_oid2: Added
gnutls_x509_crt_get_extension_by_oid2: Added
gnutls_x509_trust_list_verify_crt2: Added
gnutls_x509_ext_print: Added
gnutls_x509_ext_deinit: Added
gnutls_x509_othername_to_virtual: Added
gnutls_pkcs11_obj_get_exts: Added
* Version 3.3.7 (released 2014-08-24)
** libgnutls: Added function to export the public key of a PKCS #11
private key. Contributed by Wolfgang Meyer zu Bergsten.
** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
That improves compatibility with certain PKCS #11 modules. Contributed by
Wolfgang Meyer zu Bergsten.
** libgnutls: When generating a PKCS #11 private key allow setting
the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten.
** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session
to the key.
** libgnutls: bundle replacements of inet_pton and inet_aton if not
available.
** libgnutls: initialize parameters variable on PKCS #8 decryption.
** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
algorithms.
** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125
requirement of checking the Common Name (CN) part of DN only if there is
a single CN present in the certificate.
** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used
to force the FIPS mode, when set to 1.
** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.
** p11tool: Added --info parameter.
** certtool: Added --mark-wrap parameter.
** danetool: --check will attempt to retrieve the server's certificate
chain and verify against it.
** danetool/gnutls-cli-debug: Added --app-proto parameters which can
be used to enforce starttls (currently only SMTP and IMAP) on the connection.
** danetool: Added openssl linking exception, to allow linking
with libunbound.
** API and ABI modifications:
GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added
gnutls_pkcs11_privkey_export_pubkey: Added
gnutls_pkcs11_obj_flags_get_str: Added
gnutls_pkcs11_obj_get_flags: Added
* Version 3.3.6 (released 2014-07-23)
** libgnutls: Use inet_ntop to print IP addresses when available
** libgnutls: gnutls_x509_crt_check_hostname and friends will also check
IP addresses, and match documented behavior. Reported by David Woodhouse.
** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024
bit parameters.
** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens
being usable after a reinitialization.
** libgnutls: fixed PKCS #11 private key operations after a fork.
** libgnutls: fixed PKCS #11 ECDSA key generation.
** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to
explicitly enable/disable the use of certain CPU capabilities. Note that CPU
detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel
CPU. The currently available options are:
0x1: Disable all run-time detected optimizations
0x2: Enable AES-NI
0x4: Enable SSSE3
0x8: Enable PCLMUL
0x100000: Enable VIA padlock
0x200000: Enable VIA PHE
0x400000: Enable VIA PHE SHA512
** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott.
** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set.
** p11tool: ask for label when one isn't provided.
** p11tool: added --batch parameter to disable any interactivity.
** p11tool: will not implicitly enable so-login for certain types of
objects. That avoids issues with tokens that require different login
types.
** certtool/p11tool: Added the --curve parameter which allows to explicitly
specify the curve to use.
** API and ABI modifications:
gnutls_certificate_set_x509_trust_dir: Added
gnutls_x509_trust_list_add_trust_dir: Added
* Version 3.3.5 (released 2014-06-26)
** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit().
These functions provide a variant of gnutls_record_recv() that avoids
the final memcpy of data.
** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a
faster variant of gnutls_x509_crl_get_crt_serial() when coping with
very large structures.
** libgnutls: When the decoding of a printable DN element fails, then treat
it as unknown and print its hex value rather than failing. That works around
an issue in a TURKTRST root certificate which improperly encodes the
X520countryName element.
** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number
of certificates present in a PKCS #11 token when loading it.
** libgnutls: Allow the post client hello callback to put the handshake on
hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
** certtool: option --to-p12 will now consider --load-ca-certificate
** certtol: Added option to specify the PKCS #12 friendly name on command
line.
** p11tool: Allow marking a certificate copied to a token as a CA.
** API and ABI modifications:
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added
gnutls_x509_crl_iter_deinit: Added
gnutls_x509_crl_iter_crt_serial: Added
gnutls_record_recv_packet: Added
gnutls_packet_deinit: Added
gnutls_packet_get: Added
* Version 3.3.4 (released 2014-05-31)
** libgnutls: Updated Andy Polyakov's assembly code. That prevents a
crash on certain CPUs.
** API and ABI modifications:
No changes since last version.
* Version 3.3.3 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.
** libgnutls: gnutls_global_set_mutex() was modified to operate with the
new initialization process.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to
create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552
** gnutls-cli: --dane will only check the end certificate if PKIX validation
has been disabled.
** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot
be emulated with the implicit initialization of gnutls.
** certtool: Allow multiple organizations and organizational unit names to
be specified in a template.
** certtool: Warn when invalid configuration options are set to a template.
** ocsptool: Include path in ocsp request. This resolves#108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
** API and ABI modifications:
gnutls_credentials_get: Added
* Version 3.3.2 (released 2014-05-06)
** libgnutls: Added the 'very weak' certificate verification profile
that corresponds to 64-bit security level.
** libgnutls: Corrected file descriptor leak on random generator
initialization.
** libgnutls: Corrected file descriptor leak on PSK password file
reading. Issue identified using the Codenomicon TLS test suite.
** libgnutls: Avoid deinitialization if initialization has failed.
** libgnutls: null-terminate othername alternative names.
** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly
on a PKCS #11 trust list.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
** libgnutls-guile: Fixed compilation issue.
** certtool: Allow exporting a CRL on DER format.
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
** API and ABI modifications:
GNUTLS_PROFILE_VERY_WEAK: Added
* Version 3.3.1 (released 2014-04-19)
** libgnutls: Enforce more strict checks to heartbeat messages
concerning padding and payload. Suggested by Peter Dettman.
** libgnutls: Allow decoding PKCS #8 files with ECC parameters
from openssl.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls: The conditionally available self-test functions
were moved to self-test.h.
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided. Reported
by André Klitzing.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Corrected the *get_*_othername_oid() functions.
** API and ABI modifications:
No changes since last version.
* Version 3.3.0 (released 2014-04-10)
** libgnutls: The initialization of the library was moved to a
constructor. That is, gnutls_global_init() is no longer required
unless linking with a static library or a system that does not
support library constructors.
** libgnutls: static libraries are not built by default.
** libgnutls: PKCS #11 initialization is delayed to first usage.
That avoids long delays in gnutls initialization due to broken PKCS #11
modules.
** libgnutls: The PKCS #11 subsystem is re-initialized "automatically"
on the first PKCS #11 API call after a fork.
** libgnutls: certificate verification profiles were introduced
that can be specified as flags to verification functions. They
are enumerations in gnutls_certificate_verification_profiles_t
and can be converted to flags for use in a verification function
using GNUTLS_PROFILE_TO_VFLAGS().
** libgnutls: Added the ability to read system-specific initial
keywords, if they are prefixed with '@'. That allows a compile-time
specified configuration file to be used to read pre-configured priority
strings from. That can be used to impose system specific policies.
** libgnutls: Increased the default security level of priority
strings (NORMAL and PFS strings require at minimum a 1008 DH prime),
and set a verification profile by default. The LEGACY keyword is
introduced to set the old defaults.
** libgnutls: Added support for the name constraints PKIX extension.
Currently only DNS names and e-mails are supported (no URIs, IPs
or DNs).
** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to
SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL.
** libgnutls: Added new API in x509-ext.h to handle X.509 extensions.
This API handles the X.509 extensions in isolation, allowing to parse
similarly formatted extensions stored in other structures.
** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS
can be used to specify a particular subgroup as the number of bits in
gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256).
** libgnutls: DH parameter generation is now delegated to nettle.
That unfortunately has the side-effect that DH parameters longer than
3072 bits, cannot be generated (not without a nettle update).
** libgnutls: Separated nonce RNG from the main RNG. The nonce
random number generator is based on salsa20/12.
** libgnutls: The buffer alignment provided to crypto backend is
enforced to be 16-byte aligned, when compiled with cryptodev
support. That allows certain cryptodev drivers to operate more
efficiently.
** libgnutls: Return error when a public/private key pair that doesn't
match is set into a credentials structure.
** libgnutls: Depend on p11-kit 0.20.0 or later.
** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has
been removed. It was not approved by IETF.
** libgnutls: The experimental xssl library is removed from the gnutls
distribution.
** libgnutls: Reduced the number of gnulib modules used in the main library.
** libgnutls: Added priority string %DISABLE_WILDCARDS.
** libgnutls: Added the more extensible verification function
gnutls_certificate_verify_peers(), that allows checking, in addition
to a peer's DNS hostname, for the key purpose of the end certificate
(via PKIX extended key usage).
** certtool: Timestamps for serial numbers were increased to 8 bytes,
and in batch mode to 12 (appended with 4 random bytes).
** certtool: When no CRL number is provided (or value set to -1), then
a time-based number will be used, similarly to the serial generation
number in certificates.
** certtool: Print the SHA256 fingerprint of a certificate in addition
to SHA1.
** libgnutls: Added --enable-fips140-mode configuration option (unsupported).
That option enables (when running on FIPS140-enabled system):
o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes)
o The DRBG-CTR-AES256 deterministic random generator from SP800-90A.
o Self-tests on initialization on ciphers/MACs, public key algorithms
and the random generator.
o HMAC-SHA256 verification of the library on load.
o MD5 is included for TLS purposes but cannot be used by the high level
hashing functions.
o All ciphers except AES are disabled.
o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5).
o All keys (temporal and long term) are zeroized after use.
o Security levels are adjusted to the FIPS140-2 recommendations (rather
than ECRYPT).
** API and ABI modifications:
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added
gnutls_certificate_verify_peers: Added
gnutls_privkey_generate: Added
gnutls_pkcs11_crt_is_known: Added
gnutls_fips140_mode_enabled: Added
gnutls_sec_param_to_symmetric_bits: Added
gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962)
gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw)
gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw)
gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw)
gnutls_pubkey_verify_params: Added
gnutls_privkey_export_ecc_raw: Added
gnutls_privkey_export_dsa_raw: Added
gnutls_privkey_export_rsa_raw: Added
gnutls_privkey_import_ecc_raw: Added
gnutls_privkey_import_dsa_raw: Added
gnutls_privkey_import_rsa_raw: Added
gnutls_privkey_verify_params: Added
gnutls_x509_crt_check_hostname2: Added
gnutls_openpgp_crt_check_hostname2: Added
gnutls_x509_name_constraints_init: Added
gnutls_x509_name_constraints_deinit: Added
gnutls_x509_crt_get_name_constraints: Added
gnutls_x509_name_constraints_add_permitted: Added
gnutls_x509_name_constraints_add_excluded: Added
gnutls_x509_crt_set_name_constraints: Added
gnutls_x509_name_constraints_get_permitted: Added
gnutls_x509_name_constraints_get_excluded: Added
gnutls_x509_name_constraints_check: Added
gnutls_x509_name_constraints_check_crt: Added
gnutls_x509_crl_get_extension_data2: Added
gnutls_x509_crt_get_extension_data2: Added
gnutls_x509_crq_get_extension_data2: Added
gnutls_subject_alt_names_init: Added
gnutls_subject_alt_names_deinit: Added
gnutls_subject_alt_names_get: Added
gnutls_subject_alt_names_set: Added
gnutls_x509_ext_import_subject_alt_names: Added
gnutls_x509_ext_export_subject_alt_names: Added
gnutls_x509_crl_dist_points_init: Added
gnutls_x509_crl_dist_points_deinit: Added
gnutls_x509_crl_dist_points_get: Added
gnutls_x509_crl_dist_points_set: Added
gnutls_x509_ext_import_crl_dist_points: Added
gnutls_x509_ext_export_crl_dist_points: Added
gnutls_x509_ext_import_name_constraints: Added
gnutls_x509_ext_export_name_constraints: Added
gnutls_x509_aia_init: Added
gnutls_x509_aia_deinit: Added
gnutls_x509_aia_get: Added
gnutls_x509_aia_set: Added
gnutls_x509_ext_import_aia: Added
gnutls_x509_ext_export_aia: Added
gnutls_x509_ext_import_subject_key_id: Added
gnutls_x509_ext_export_subject_key_id: Added
gnutls_x509_ext_export_authority_key_id: Added
gnutls_x509_ext_import_authority_key_id: Added
gnutls_x509_aki_init: Added
gnutls_x509_aki_get_id: Added
gnutls_x509_aki_get_cert_issuer: Added
gnutls_x509_aki_set_id: Added
gnutls_x509_aki_set_cert_issuer: Added
gnutls_x509_aki_deinit: Added
gnutls_x509_ext_import_private_key_usage_period: Added
gnutls_x509_ext_export_private_key_usage_period: Added
gnutls_x509_ext_import_basic_constraints: Added
gnutls_x509_ext_export_basic_constraints: Added
gnutls_x509_ext_import_key_usage: Added
gnutls_x509_ext_export_key_usage: Added
gnutls_x509_ext_import_proxy: Added
gnutls_x509_ext_export_proxy: Added
gnutls_x509_policies_init: Added
gnutls_x509_policies_deinit: Added
gnutls_x509_policies_get: Added
gnutls_x509_policies_set: Added
gnutls_x509_ext_import_policies: Added
gnutls_x509_ext_export_policies: Added
gnutls_x509_key_purpose_init: Added
gnutls_x509_key_purpose_deinit: Added
gnutls_x509_key_purpose_set: Added
gnutls_x509_key_purpose_get: Added
gnutls_x509_ext_import_key_purposes: Added
gnutls_x509_ext_export_key_purposes: Added
gnutls_digest_self_test: Added (conditionally)
gnutls_mac_self_test: Added (conditionally)
gnutls_pk_self_test: Added (conditionally)
gnutls_cipher_self_test: Added (conditionally)
gnutls_global_set_mem_functions: Deprecated
** libgnutls: Corrected regression introduced in 3.2.19 related to
session renegotiation. Reported by Dan Winship.
** libgnutls: Corrected parsing issue with OCSP responses.
** API and ABI modifications:
No changes since last version.
* Version 3.2.20 (released 2014-11-10)
** libgnutls: Removed superfluous random generator refresh on every call
of gnutls_deinit(). That reduces load and usage of /dev/urandom.
** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
Reported by Sean Burford [GNUTLS-SA-2014-5].
** API and ABI modifications:
No changes since last version.
* Version 3.2.19 (released 2014-10-13)
** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.
** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.
** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.
** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
** guile: new 'set-session-server-name!' procedure; see the manual for
details.
** API and ABI modifications:
No changes since last version.
** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
strings with embedded spaces and escaped commas.
** libgnutls: Corrected gnutls_x509_crl_verify() which would always report
a CRL signature as invalid.
** libgnutls: Fixed issue with certificates being sanitized by gnutls prior
to signature verification. That resulted to certain non-DER compliant modifications
of valid certificates, being corrected by libtasn1's parser and restructured as
the original.
** libgnutls: initialize parameters variable on PKCS 8 decryption.
** libgnutls: Explicitly set the exponent in PKCS 11 key generation.
That improves compatibility with certain PKCS 11 modules. Contributed by
Wolfgang Meyer zu Bergsten.
** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
algorithms.
** libgnutls: when checking the hostname of a certificate with multiple CNs
ensure that the "most specific" CN is being used.
** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.
** API and ABI modifications:
No changes since last version.
* Version 3.2.15 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.
** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
** ocsptool: Include path in ocsp request. This resolves#108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
** API and ABI modifications:
No changes since last version.
* Version 3.2.14 (released 2014-05-06)
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
** configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
** API and ABI modifications:
No changes since last version.
* Version 3.2.13 (released 2014-04-07)
** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
if there are no base64 data. Report and patch by Ramkumar Chinchani.
** libgnutls: gnutls_record_send is now safe to be called under DTLS when
in corked mode.
** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
these algorithms.
** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
Wildcards are only accepted when there are more than two domain components
after the wildcard. This drops support for the permissive RFC2818 wildcards
and adds more conservative support based on the suggestions in RFC6125. Suggested
by Jeffrey Walton.
** certtool: When no password is provided to export a PKCS #8 keys, do
not encrypt by default. This reverts to the certtool behavior of gnutls
3.0. The previous behavior of encrypting using an empty password can be
replicating using the new parameter --empty-password.
** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
the --provider option is given.
** API and ABI modifications:
No changes since last version.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2)
** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw
when provided with invalid data. Reported by Dmitriy Anisimkov.
** libgnutls: Corrected timeout issue in subsequent to the first
DTLS handshakes.
** libgnutls: Removed unconditional not-trusted message in
gnutls_certificate_verification_status_print() when used with
OpenPGP certificates. Reported by Michel Briand.
** libgnutls: All ciphersuites that were available in TLS1.0 or
later are now made available in SSL3.0 or later to prevent
any incompatibilities with servers that negotiate them in SSL 3.0.
** ocsptool: When verifying a response and a signer isn't provided
assume that the signer is the issuer.
** ocsptool: When sending a nonce, verify that the nonce exists
in the OCSP response.
** gnutls-cli: Added --strict-tofu option; contributed by Jens
Lechtenboerger.
** API and ABI modifications:
No changes since last version.
Assembler issues still seem to be there at least on SunOS.
* Version 3.2.9 (released 2014-01-24)
** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.
** libgnutls: %COMPAT implies %DUMBFW.
** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.
* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.
** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.
** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html
** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.
** p11tool: Added --so-login option to force login as security
officer (admin).
** API and ABI modifications:
No changes since last version.
Changes in 3.2.8.1:
Note, that I've realized that this release has issues with the
assembly files in win32 and macosx systems. In these systems
use gnutls 3.2.8.1.
3.2.8:
* Version 3.2.8 (released 2013-12-20)
** libgnutls: Updated code for AES-NI. That prevents an uninitialized
variable complaint from valgrind.
** libgnutls: Enforce a maximum size for DH primes.
** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's
code.
** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.
** libgnutls: It only links to librt if the required functions are
not present in libc. This also prevents an indirect linking to libpthread.
** libgnutls: Fixed issue with gnulib strerror replacement by adding
the strerror gnulib module.
** libgnutls: The time provided in the TLS random values is only precise
on its first 3 bytes. That prevents leakage of the precise system
time (at least on the client side when only few connections are
done on a single server).
** certtool: The --verify option will use the system CAs if the
load-ca-certificate option is not provided.
** configure: Added option --with-default-blacklist-file to allow
specifying a certificate blacklist file.
** configure: Added --disable-non-suiteb-curves option. This option
restricts the supported curves to SuiteB curves.
** API and ABI modifications:
gnutls_record_check_corked: Added
* Version 3.2.7 (released 2013-11-23)
** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).
** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.
** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.
** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.
** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.
** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.
** libgnutls: Session tickets are encrypted using AES-GCM.
** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.
** libgnutls: Forbid all compression methods in DTLS.
** gnutls-serv: Fixed issue with IPv6 address in UDP mode.
** certtool: When exporting an encrypted PEM private key do not output the key
parameters.
** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.
** certtool: Added new template options: 'activation_date', and
'expiration_date'.
** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.
** tools: The installed version of libopts is used if the autogen tool is
present.
** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
* Version 3.2.6 (released 2013-10-31)
** libgnutls: Support for TPM via trousers is now enabled by default.
** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.
** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.
** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.
** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.
** gnulib: updated.
** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.
** p11tool: Added option generate-random.
** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
* Version 3.2.5 (released 2013-10-23)
** libgnutls: Documentation and build-time fixes.
** libgnutls: Allow the generation of DH groups of less than 700 bits.
** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC,
as well as Camellia with GCM.
** libdane: Added interfaces to allow initialization of dane_query_t from
external DNS resolutions, and to allow direct verification of a certificate
chain against a dane_query_t. Contributed by Christian Grothoff.
** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and fix
by Christian Grothoff.
** srptool: Fixed index command line option. Patch by Attila Molnar.
** gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.
** certtool: pathlen constraint is now read correctly. Reported by
Christoph Seitz.
** API and ABI modifications:
gnutls_certificate_get_crt_raw: Added
dane_verify_crt_raw: Added
dane_raw_tlsa: Added
* Version 3.2.4 (released 2013-08-31)
** libgnutls: Fixes when session tickets and session DB are used.
Report and initial patch by Stefan Buehler.
** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner,
based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH.
** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch
by Stefan Buehler.
** libgnutls: Added the PFS priority string option.
** libgnutls: Gnulib included files are strictly LGPLv2.
** libgnutls: Corrected gnutls_certificate_server_set_request().
Reported by Petr Pisar.
** API and ABI modifications:
gnutls_record_set_timeout: Exported
** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler.
** libgnutls: Solve issue with received TLS packets that exceed 2^14.
(this fixes a bug that was accidentally introduced in 3.2.2)
** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be
used by the library.
** libgnutls: Fixes in gnutls_record_send_range().
** API and ABI modifications:
gnutls_priority_kx_list: Added
gnutls_priority_mac_list: Added
gnutls_priority_cipher_list: Added
* Version 3.2.2 (released 2013-07-14)
** libgnutls: Several optimizations in the related to packet processing
subsystems.
** libgnutls: DTLS replay detection can now be disabled (to be used
in certain transport layers like SCTP).
** libgnutls: Fixes in SRTP extension generation when MKI is being
used.
** libgnutls: Added ability to set hooks before or after sending or receiving
any handshake message with gnutls_handshake_set_hook_function().
** API and ABI modifications:
GNUTLS_NO_REPLAY_PROTECTION: Added
gnutls_certificate_set_trust_list: Added
gnutls_cipher_get_tag_size: Added
gnutls_record_overhead_size: Added
gnutls_est_record_overhead_size: Added
gnutls_handshake_set_hook_function: Added
gnutls_handshake_description_get_name: Added
gnutls_digest_list: Added
gnutls_digest_get_id: Added
gnutls_digest_get_name: Added
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
* Version 3.2.1 (released 2013-06-01)
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.
** libgnutls: Corrected issue when receiving client hello verify requests
in DTLS.
** libgnutls: Fixes in DTLS record overhead size calculations.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.
** API and ABI modifications:
gnutls_session_set_id: Added
* Version 3.2.0 (released 2013-05-10)
** libgnutls: Use nettle's elliptic curve implementation.
** libgnutls: Added Salsa20 cipher
** libgnutls: Added UMAC-96 and UMAC-128
** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite
numbers.
** libgnutls: Added support for DTLS 1.2.
** libgnutls: Added support for the Application Layer Protocol Negotiation
(ALPN) extension.
** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).
** API and ABI modifications:
gnutls_cipher_get_iv_size: Added
gnutls_hmac_set_nonce: Added
gnutls_mac_get_nonce_size: Added
* Version 3.1.10 (released 2013-03-22)
** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
support AES with PKCS #12.
** libgnutls: Load CA certificates in android 4.x systems.
** libgnutls: Optimized CA certificate loading.
** libgnutls: Private keys are overwritten on deinitialization.
** libgnutls: PKCS #11 slots are scanned only when needed, not
on initialization. This speeds up gnutls initialization when smart
cards are present.
** libgnutls: Corrected issue in the (deprecated) external key
signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen.
** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by
Joke de Buhr.
** libgnutls-dane: Updated DANE verification options.
** configure: Trust store file must be explicitly set or unset when
cross compiling.
** API and ABI modifications:
gnutls_x509_crt_get_issuer_dn2: Added
gnutls_x509_crt_get_dn2: Added
gnutls_x509_crl_get_issuer_dn2: Added
gnutls_x509_crq_get_dn2: Added
gnutls_x509_trust_list_remove_trust_mem: Added
gnutls_x509_trust_list_remove_trust_file: Added
gnutls_x509_trust_list_remove_cas: Added
gnutls_session_get_desc: Added
gnutls_privkey_sign_raw_data: Added
gnutls_privkey_status: Added
* Version 3.1.9 (released 2013-02-27)
** certtool: Option --to-p12 will now ask for a password to generate
a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.
** libgnutls: Corrected issue in gnutls_pubkey_verify_data().
** libgnutls: Corrected parsing issue in XMPP within a subject
alternative name. Reported by James Cloos.
** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
modules, and not only the ones loaded via p11-kit.
** libgnutls: Added function to check whether the private key is
still available (inserted).
** libgnutls: Try to detect fork even during nonce generation.
** API and ABI modifications:
gnutls_handshake_set_random: Added
gnutls_transport_set_int2: Added
gnutls_transport_get_int2: Added
gnutls_transport_get_int: Added
gnutls_record_cork: Exported
gnutls_record_uncork: Exported
gnutls_pkcs11_privkey_status: Added
* Version 3.1.8 (released 2013-02-10)
** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return
GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
with encrypted keys. Reported by Yan Fiz.
** libgnutls: The minimum DH bits accepted by priorities NORMAL and
PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
Elio Petteno.
** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash()
to operate with long keys. Reported by Erik A Jensen.
** API and ABI modifications:
No changes since last version.
* Version 3.1.7 (released 2013-02-04)
** certtool: Added option "dn" which allows to directly set the DN
in a template from an RFC4514 string.
** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.
** libgnutls-xssl: Added a new library to simplify GnuTLS usage.
** libgnutls-dane: Added function to specify a DLV file.
** libgnutls: Heartbeat code was made optional.
** libgnutls: Fixes in server side of DTLS-0.9.
** libgnutls: DN variable 'T' was expanded to 'title'.
** libgnutls: Fixes in record padding parsing to prevent a timing attack.
Issue reported by Kenny Paterson and Nadhem Alfardan.
** libgnutls: Added functions to directly set the DN in a certificate
or request from an RFC4514 string.
** libgnutls: Optimizations in the random generator. The re-seeding of
it is now explicitly done on every session deinit.
** libgnutls: Simplified the DTLS sliding window implementation.
** libgnutls: The minimum DH bits accepted by a client are now set
by the specified priority string. The current values correspond to the
previous defaults (727 bits), except for the SECURE128 and SECURE192
strings which increase the minimum to 1248 and 1776 respectively.
** libgnutls: Added the gnutls_record_cork() and uncork API to enable
buffering in sending application data.
** libgnutls: Removed default random padding, and added a length-hiding interface
instead. Both the server and the client must support this extension. Whether
length-hiding can be used on a given session can be checked using
gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti.
** libgnutls: Added the experimental %NEW_PADDING priority string. It enables
a new padding mechanism in TLS allowing arbitrary padding in TLS records
in all ciphersuites, which makes length-hiding more efficient and solves
the issues with timing attacks on CBC ciphersuites.
** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
ciphers (i.e., AES-GCM). Reported by William McGovern.
** API and ABI modifications:
gnutls_db_check_entry_time: Added
gnutls_record_set_timeout: Added
gnutls_record_get_random_padding_status: Added
gnutls_x509_crt_set_dn: Added
gnutls_x509_crt_set_issuer_dn: Added
gnutls_x509_crq_set_dn: Added
gnutls_range_split: Added
gnutls_record_send_range: Added
gnutls_record_set_max_empty_records: Added
gnutls_record_can_use_length_hiding: Added
gnutls_rnd_refresh: Added
xssl_deinit: Added
xssl_flush: Added
xssl_read: Added
xssl_getdelim: Added
xssl_write: Added
xssl_printf: Added
xssl_sinit: Added
xssl_client_init: Added
xssl_server_init: Added
xssl_get_session: Added
xssl_get_verify_status: Added
xssl_cred_init: Added
xssl_cred_deinit: Added
dane_state_set_dlv_file: Added
GNUTLS_SEC_PARAM_EXPORT: Added
GNUTLS_SEC_PARAM_VERY_WEAK: Added
* Version 3.1.6 (released 2013-01-02)
** libgnutls: Fixed record padding parsing issue. Reported by Kenny
Patterson and Nadhem Alfardan.
** libgnutls: Several updates in the ASN.1 string handling subsystem.
** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero
policy qualifiers.
** libgnutls: Ignore heartbeat messages when received out-of-order,
instead of issuing an error.
** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.
** libgnutls: TPM support is disabled by default because GPL programs
cannot link with it. Use --with-tpm to enable it.
** libgnutls-guile: Fixed parallel compilation issue.
** gnutls-cli: It will try to connect to all possible returned addresses
before failing.
** API and ABI modifications:
No changes since last version.
* Version 3.1.5 (released 2012-11-24)
** libgnutls: Added functions to parse the certificates policies
extension.
** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
Name by translating it to UTF-8 (works on windows or systems with iconv).
** libgnutls: Added PKCS #11 key generation function that returns the
public key on generation.
** libgnutls: Corrected bug in priority string parsing, that mostly
affected combined levels. Patch by Tim Kosse.
** certtool: The --pubkey-info option can be combined with the
--load-privkey or --load-request to print the corresponding public keys.
** certtool: It is able to set certificate policies via a template.
** certtool: Added --hex-numbers option which prints big numbers in
an easier to parse format.
** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).
** danetool: It is being built even without libgnutls-dane (the
--check functionality is disabled though).
** API and ABI modifications:
gnutls_pkcs11_privkey_generate2: Added
gnutls_x509_crt_get_policy: Added
gnutls_x509_crt_set_policy: Added
gnutls_x509_policy_release: Added
gnutls_pubkey_import_x509_crq: Added
gnutls_pubkey_print: Added
GNUTLS_CRT_PRINT_FULL_NUMBERS: Added
* Version 3.1.4 (released 2012-11-10)
** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
the available revocation data validity.
** libgnutls: Added gnutls_certificate_verification_status_print(),
a function to print the verification status code in human readable text.
** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.
** libgnutls: Simplified certificate verification by adding
gnutls_certificate_verify_peers3().
** libgnutls: Added support for extension to establish keys for SRTP.
Contributed by Martin Storsjo.
** libgnutls: The X.509 verification functions check the key
usage bits and pathlen constraints and on failure output
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.
** libgnutls: gnutls_x509_crl_verify() includes the time checks.
** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.
** libgnutls: Always tolerate key usage violation errors from the side
of the peer, but also notify via an audit message.
** gnutls-cli: Added --local-dns option.
** danetool: Corrected bug that prevented loading PEM files.
** danetool: Added --check option to allow querying and verifying
a site's DANE data.
** libgnutls-dane: Added pkg-config file for the library.
** API and ABI modifications:
gnutls_session_get_id2: Added
gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
gnutls_srtp_set_profile: Added
gnutls_srtp_set_profile_direct: Added
gnutls_srtp_get_selected_profile: Added
gnutls_srtp_get_profile_name: Added
gnutls_srtp_get_profile_id: Added
gnutls_srtp_get_keys: Added
gnutls_srtp_get_mki: Added
gnutls_srtp_set_mki: Added
gnutls_srtp_profile_t: Added
dane_cert_type_name: Added
dane_match_type_name: Added
dane_cert_usage_name: Added
dane_verification_status_print: Added
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added
* Version 3.1.3 (released 2012-10-12)
** libgnutls: Added support for the OCSP Certificate Status
extension.
** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
certificate status extension in verification.
** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().
** libgnutls: Increased maximum password length in the PKCS #12
functions.
** libgnutls: Fixed the receipt of session tickets during session resumption.
Reported by danblack at http://savannah.gnu.org/support/?108146
** libgnutls: Added functions to export structures in an allocated buffer.
** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.
** libgnutls: In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.
** libgnutls: Several updates in the OpenPGP code. The generating code
is fully RFC6091 compliant and RFC5081 support is only supported in client
mode.
** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
certificate verification.
** gnutls-cli: Added --dane option to enable DANE certificate verification.
** danetool: Added tool to generate DANE TLSA Resource Records (RR).
** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
gnutls_certificate_set_ocsp_status_request_function: Added
gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
gnutls_dh_params_export2_pkcs3: Added
gnutls_pubkey_export2: Added
gnutls_x509_crt_export2: Added
gnutls_x509_dn_export2: Added
gnutls_x509_crl_export2: Added
gnutls_pkcs7_export2: Added
gnutls_x509_privkey_export2: Added
gnutls_x509_privkey_export2_pkcs8: Added
gnutls_x509_crq_export2: Added
gnutls_openpgp_crt_export2: Added
gnutls_openpgp_privkey_export2: Added
gnutls_pkcs11_obj_export2: Added
gnutls_pkcs12_export2: Added
gnutls_pubkey_import_openpgp_raw: Added
gnutls_pubkey_import_x509_raw: Added
dane_state_init: Added
dane_state_deinit: Added
dane_query_tlsa: Added
dane_query_status: Added
dane_query_entries: Added
dane_query_data: Added
dane_query_deinit: Added
dane_verify_session_crt: Added
dane_verify_crt: Added
dane_strerror: Added
* Version 3.1.2 (released 2012-09-26)
** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
of certificates in the windows platform.
** libgnutls: Corrected bug in OpenPGP subpacket encoding.
** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
(the work was done during Google Summer of Code).
** libgnutls: Added X.509 certificate verification flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).
** libgnutls: Prints warning on certificates that contain keys of
an insecure level. If the %COMPAT priority flag is not specified
the TLS connection fails.
** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
if interrupted during the retrasmition of handshake data.
** libgnutls: Better mingw32 support (patch by LRN).
** libgnutls: The %COMPAT keyword, if specified, will tolerate
key usage violation errors (they are far too common to ignore).
** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).
** libgnutls: Depends on libtasn1 2.14 or later.
** certtool: Prints the number of bits of the public key algorithm
parameter in a private key.
** API and ABI modifications:
gnutls_x509_privkey_get_pk_algorithm2: Added
gnutls_heartbeat_ping: Added
gnutls_heartbeat_pong: Added
gnutls_heartbeat_allowed: Added
gnutls_heartbeat_enable: Added
gnutls_heartbeat_set_timeouts: Added
gnutls_heartbeat_get_timeout: Added
GNUTLS_SEC_PARAM_WEAK: Added
GNUTLS_SEC_PARAM_INSECURE: Added
* Version 3.1.1 (released 2012-09-02)
** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.
** certtool: Changes in password handling of certtool.
Ask password when required and only if the '--password' option is not
given. If the '--password' option is given during key generation then
assume the PKCS #8 file format, instead of ignoring the password.
** tpmtool: No longer asks for key password in registered keys.
** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin.
wmNAF is now used for point multiplication and other optimizations.
(the major part of the work was done during Google Summer of Code).
** libgnutls: The default pull_timeout_function only uses select
instead of a combination of select() and recv() to prevent issues
when used in stream sockets in some systems.
** libgnutls: Be tolerant in ECDSA signature violations (e.g. using
SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
openssl.
** libgnutls: Fixed DSA and ECDSA signature generation in smart
cards. Thanks to Andreas Schwier from cardcontact.de for providing
me with ECDSA capable smart cards.
** API and ABI modifications:
gnutls_sign_algorithm_get: Added
gnutls_sign_get_hash_algorithm: Added
gnutls_sign_get_pk_algorithm: Added
* Version 3.1.0 (released 2012-08-15)
** libgnutls: Added direct support for TPM as a cryptographic module
in gnutls/tpm.h. TPM keys can be used in functions accepting files
using URLs of the following types:
tpmkey:file=/path/to/file
tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user
** libgnutls: Priority string level keywords can be combined.
For example the string "SECURE256:+SUITEB128" is now allowed.
** libgnutls: requires libnettle 2.5.
** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
for encryption and signatures.
** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
generic errors and signature verification errors in the verification
functions.
** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
to simplify parsing in most PKCS #12 use cases.
** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
the whole certificate chain (if any) to the credentials structure, instead
of only the end-user certificate.
** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse()
and gnutls_x509_privkey_import_pkcs8(), return consistently
GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
password was provided.
** libgnutls: Added gnutls_handshake_set_timeout() a function that
allows to set the maximum time spent in a handshake.
** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.
** tpmtool: Added. It is a tool to generate private keys in the
TPM.
** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
and --benchmark-tls-ciphers
** certtool: generated PKCS #12 structures may hold more than one
private key. Patch by Lucas Fisher.
** certtool: Added option --null-password to generate/decrypt keys
that use a NULL password (in schemas that distinguish between NULL
an empty passwords).
** minitasn1: Upgraded to libtasn1 version 2.13.
** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
GNUTLS_CAMELLIA_192_CBC: Added
GNUTLS_PKCS_NULL_PASSWORD: Added
gnutls_url_is_supported: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_pkcs11_obj_set_pin_function: Added
gnutls_pkcs11_privkey_set_pin_function: Added
gnutls_pkcs11_get_pin_function: Added
gnutls_privkey_import_tpm_raw: Added
gnutls_privkey_import_tpm_url: Added
gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
gnutls_privkey_import_ext2: Added
gnutls_privkey_import_url: Added
gnutls_privkey_set_pin_function: Added
gnutls_tpm_privkey_generate: Added
gnutls_tpm_key_list_deinit: Added
gnutls_tpm_key_list_get_url: Added
gnutls_tpm_get_registered: Added
gnutls_tpm_privkey_delete: Added
gnutls_pubkey_import_tpm_raw: Added
gnutls_pubkey_import_tpm_url: Added
gnutls_pubkey_import_url: Added
gnutls_pubkey_verify_hash2: Added
gnutls_pubkey_set_pin_function: Added
gnutls_x509_privkey_import2: Added
gnutls_x509_privkey_import_openssl: Added
gnutls_x509_crt_set_pin_function: Added
gnutls_load_file: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_certificate_set_pin_function: Added
gnutls_x509_trust_list_add_system_trust: Added
gnutls_x509_trust_list_add_trust_file: Added
gnutls_x509_trust_list_add_trust_mem: Added
gnutls_pk_to_sign: Added
gnutls_handshake_set_timeout: Added
gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
wiz
jmcneill
jlam
he
adam
maya
gdt
dbj
jperkin
mef
spz
khorben
drochner
tron
ryoon