* Version 3.6.0 (released 2017-08-21)
** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and
fuzzying toolkit, allowing for corner case testing, and ensuring that the
behavior of the library will not change across releases.
https://github.com/tomato42/tlsfuzzer
** libgnutls: Introduced a lock-free random generator which operates per-thread
and eliminates random-generator related bottlenecks in multi-threaded operation.
Resolves gitlab issue #141.
http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html
** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA.
The goal is to reduce code needed in cache (CHACHA is also used for TLS),
and the number of primitives used by the library. That does not affect the
AES-DRBG random generator used in FIPS140-2 mode.
** libgnutls: Added support for RSA-PSS key type as well as signatures in
certificates, and TLS key exchange. Contributed by Daiki Ueno.
RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys,
but not vice-versa. The feature includes:
* RSA-PSS key generation and key handling (in PKCS#8 form)
* RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech)
* Handling of RSA-PSS subjectPublicKeyInfo parameters, when present
in either the private key or certificate.
* RSA-PSS signing and verification of PKIX certificates
* RSA-PSS signing and verification of TLS 1.2 handshake
* RSA-PSS signing and verification of PKCS#7 structures
* RSA-PSS and RSA key combinations for TLS credentials. That is, when
multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS
TLS signatures, to contain risks of cross-protocol attacks between the algorithms.
* RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa)
Note that RSA-PSS signatures with SHA1 are (intentionally) not supported.
** libgnutls: Added support for Ed25519 signing in certificates and TLS key
exchange following draft-ietf-tls-rfc4492bis-17. The feature includes:
* Ed25519 key generation and key handling (in PKCS#8 form)
* Ed25519 signing and verification of PKIX certificates
* Ed25519 signing and verification of TLS 1.2 handshake
* Ed25519 signing and verification of PKCS#7 structures
** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17.
** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919.
That makes the DH parameters negotiation more robust and less prone to errors
due to insecure parameters. Servers are no longer required to specific explicit
DH parameters, though if they do these parameters will be used. Group
selection can be done via priority strings. The introduced strings are
GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and
GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that
the 6144 group from RFC7919 is not supported.
** libgnutls: Introduced various sanity checks on certificate import. Refuse
to import certificates which have fractional seconds in Time fields, X.509v1
certificates which have the unique identifiers set, and certificates with illegal
version numbers. All of these are prohibited by RFC5280.
** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags
in the crt structure. The only flag supported at the moment is
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity
checks on import.
** libgnutls: PKIX certificates with unknown critical extensions are rejected
on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This
behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
to verification functions. Resolves gitlab issue #177.
** libgnutls: Refuse to generate a certificate with an illegal version, or an
illegal serial number. That is, gnutls_x509_crt_set_version() and
gnutls_x509_crt_set_serial(), will fail on input considered to be invalid
in RFC5280.
** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv()
prior to handshake being complete are now refused. Addresses gitlab issue #158.
** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their
password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC.
** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values.
** libgnutls: Added new callback setting function to gnutls_privkey_t for external
keys. The new function (gnutls_privkey_import_ext4), allows signing in addition
to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519
keys.
** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1
priority string options. These allows enabling all broken and SHA1-based signature
algorithms in certificate verification, respectively.
** libgnutls: 3DES-CBC is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+3DES-CBC".
** libgnutls: SHA1 was marked as insecure for signing certificates. Verification
of certificates signed with SHA1 is now considered insecure and will
fail, unless flags intended to enable broken algorithms are set. Other uses
of SHA1 are still allowed. This can be reverted on compile time with the configure
flag --enable-sha1-support.
** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification
of certificates signed with RIPEMD160 hash algorithm is now considered insecure and
will fail, unless flags intended to enable broken algorithms are set.
** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes.
These curves were rarely used for that purpose, provide no advantage over
x25519 and were deprecated by TLS 1.3.
** libgnutls: Removed support for DEFLATE, or any other compression method.
** libgnutls: OpenPGP authentication was removed; the resulting library is ABI
compatible, with the openpgp related functions being stubs that fail
on invocation.
** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled
only with libidn2 which provides IDNA2008.
** certtool: The option '--load-ca-certificate' can now accept PKCS#11
URLs in addition to files.
** certtool: The option '--load-crl' can now be used when generating PKCS#12
files (i.e., in conjunction with '--to-p12' option).
** certtool: Keys with provable RSA and DSA parameters are now only read and
exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes support for the previous a non-standard key format.
** certtool: Added support for generating, printing and handling RSA-PSS and
Ed25519 keys and certificates.
** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now
deprecated, replaced by the --key-type option.
** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were
replaced by the --generate-privkey option.
** psktool: Generate 256-bit keys by default.
** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and
--alpn-fatal options, allowing testing of ALPN negotiation.
** API and ABI modifications:
gnutls_encode_rs_value: Added
gnutls_decode_rs_value: Added
gnutls_base64_encode2: Added
gnutls_base64_decode2: Added
gnutls_x509_crt_set_flags: Added
gnutls_x509_crt_check_ip: Added
gnutls_x509_ext_import_inhibit_anypolicy: Added
gnutls_x509_ext_export_inhibit_anypolicy: Added
gnutls_x509_crt_get_inhibit_anypolicy: Added
gnutls_x509_crt_set_inhibit_anypolicy: Added
gnutls_pubkey_export_rsa_raw2: Added
gnutls_pubkey_export_dsa_raw2: Added
gnutls_pubkey_export_ecc_raw2: Added
gnutls_privkey_export_rsa_raw2: Added
gnutls_privkey_export_dsa_raw2: Added
gnutls_privkey_export_ecc_raw2: Added
gnutls_x509_spki_init: Added
gnutls_x509_spki_deinit: Added
gnutls_x509_spki_get_pk_algorithm: Added
gnutls_x509_spki_set_pk_algorithm: Added
gnutls_x509_spki_get_digest_algorithm: Added
gnutls_x509_spki_set_digest_algorithm: Added
gnutls_x509_spki_get_salt_size: Added
gnutls_x509_spki_set_salt_size: Added
gnutls_x509_crt_set_spki: Added
gnutls_x509_crt_get_spki: Added
gnutls_x509_privkey_get_spki: Added
gnutls_x509_privkey_set_spki: Added
gnutls_x509_crq_get_spki: Added
gnutls_x509_crq_set_spki: Added
gnutls_pubkey_set_spki: Added
gnutls_pubkey_get_spki: Added
gnutls_privkey_set_spki: Added
gnutls_privkey_get_spki: Added
gnutls_privkey_import_ext4: Added
GNUTLS_EXPORT_FLAG_NO_LZ: Added
GNUTLS_DT_IP_ADDRESS: Added
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added
GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_SFLAGS_RFC7919: Added
7f4cff1709