Hello,We have just released gnutls-3.8.2. This is a bug fix and enhancement release on the 3.8.x branch.
We would like to thank everyone who contributed in this release:Samuel Thibault, Adrian Bunk, Sam James, Miroslav Lichvar, Dimitri Papadopoulos Orfanos, Yongye Zhu, xuraoqing, Clemens Lang, Frediano Ziglio, Ajit Singh, Daiki Ueno and Zoltan Fridrich
The detailed list of changes follows: * Version 3.8.2 (released 2023-11-14)** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
** libgnutls: Add API functions to perform ECDH and DH key agreement. The functionality has been there for a long time though they were not available as part of the public API. This enables applications to implement custom protocols leveraging non-interactive key agreement with ECDH and DH.
** libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452). The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through the AEAD interface. Note that, unlike GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is appended to the ciphertext, not prepended.
** libgnutls: transparent KTLS support is extended to FreeBSD kernel. The kernel TLS feature can now be enabled on FreeBSD as well as Linux when compiled with the --enable-ktls configure option.
** gnutls-cli: New option --starttls-name Depending on deployment, application protocols such as XMPP may require a different origin address than the external address to be presented prior to STARTTLS negotiation. The --starttls-name can be used to specify the addresses separately.
** API and ABI modifications: gnutls_pubkey_import_dh_raw: New function gnutls_privkey_import_dh_raw: New function gnutls_pubkey_export_dh_raw: New function gnutls_privkey_export_dh_raw: New function gnutls_x509_privkey_import_dh_raw: New function gnutls_privkey_derive_secret: New function GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t GNUTLS_CIPHER_AES_128_SIV_GCM: Added GNUTLS_CIPHER_AES_256_SIV_GCM: Added Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/> A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html <http://www.gnutls.org/download.html> Here are the XZ compressed sources:https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz>
Here are OpenPGP detached signatures signed using keys: 5D46CB0F763405A7053556F47A75A648B3F9220C and 462225C3B46F34879FC8496CD605848ED7E69871https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz.sig <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz.sig>
Note that it has been signed with my openpgp key: pub ed25519 2021-12-23 [SC] [expires: 2023-12-23] 5D46CB0F763405A7053556F47A75A648B3F9220C uid [ultimate] Zoltan Fridrich <[email protected]> sub cv25519 2021-12-23 [E] [expires: 2023-12-23] and Daiki Uenos openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871uid [ultimate] Daiki Ueno <ueno at unixuser.org <http://lists.gnupg.org/mailman/listinfo/gnutls-help>> uid [ultimate] Daiki Ueno <ueno at gnu.org <http://lists.gnupg.org/mailman/listinfo/gnutls-help>>
sub rsa4096 2010-02-04 [E] Regards, Zoltan
OpenPGP_0x7A75A648B3F9220C.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
