From nmav at gnutls.org Fri Feb 16 08:37:26 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:37:26 +0100
Subject: [gnutls-devel] gnutls 3.3.29
Message-ID: <1518766646.18151.1.camel@gnutls.org>
Hello,?
?I've just released gnutls 3.3.29. This is a bug-fix release on
the previous stable branch.
* Version 3.3.29 (released 2018-02-16)
** libgnutls: Fixed issue which caused 1-byte handshake fragments to be refused.
???Reported by Bal?zs K?ri.
** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
???used. Resolves gitlab issue #259.
** libgnutls: Use readdir() instead of readdir_r internally. The latter
???is deprecated and on our use we don't need readdir() to be thread safe
???(which it is in most common platforms).
** libgnutls: require strict DER encoding for certificates, OCSP requests, private
???keys, CRLs and certificate requests.??This backports the already default behavior
???from the 3.5.x branch, in order to reduce issues due to the complexity of BER rules.
** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).
** libgnutls: Addressed issue in the accelerated code which may affect interoperability
???with versions of nettle > 3.4.
** p11tool: Fixed issue preventing the deletion of objects in batch mode.
** p11tool: Mark all generated objects as sensitive by default.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
.??A list of GnuTLS mirrors can be
found at .
Here are the XZ compressed sources:
? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.29.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.29.tar.xz.sig
Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Fri Feb 16 08:40:03 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:40:03 +0100
Subject: [gnutls-devel] gnutls 3.5.18
Message-ID: <1518766803.18151.3.camel@gnutls.org>
Hello,?
?I've just released gnutls 3.5.18. This is a bug fix release on the
current stable branch.
* Version 3.5.18 (released 2018-02-16)
** libgnutls: Addressed issue in the accelerated code which may affect interoperability
???with versions of nettle > 3.4.
** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).
** p11tool: Fixed issue preventing the deletion of objects in batch mode.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
.??A list of GnuTLS mirrors can be
found at .
Here are the XZ compressed sources:
? https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
??https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz.sig
Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Fri Feb 16 08:43:15 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:43:15 +0100
Subject: [gnutls-devel] gnutls 3.6.2
Message-ID: <1518766995.18151.5.camel@gnutls.org>
Hello,?
?I've just released gnutls 3.6.2. This is a bug fix release for
the 3.6.x branch.?
* Version 3.6.2 (released 2018-02-16)
** libgnutls: When verifying against a self signed certificate ignore issuer.
???That is, ignore issuer when checking the issuer's parameters strength, resolving
???issue #347 which caused self signed certificates to be additionally marked as of
???insufficient security level.
** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
???MTU calculation now, it correctly accounts for the fixed overhead due to
???padding (as 1 byte), while at the same time considers the rest of the
???padding as part of data MTU.
** libgnutls: Address issue of loading of all PKCS#11 modules on startup
???on systems with a PKCS#11 trust store (as opposed to a file trust store).
???Introduced a multi-stage initialization which loads the trust modules, and
???other modules are deferred for the first pure PKCS#11 request.
** libgnutls: The SRP authentication will reject any parameters outside
???RFC5054. This protects any client from potential MitM due to insecure
???parameters. That also brings SRP in par with the RFC7919 changes to
???Diffie-Hellman.
** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
???for SRP authentication.
** libgnutls: Addressed issue in the accelerated code affecting interoperability
???with versions of nettle >= 3.4.
** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).
** srptool: the --create-conf option no longer includes 1024-bit parameters.
** p11tool: Fixed the deletion of objects in batch mode.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
.??A list of GnuTLS mirrors can be
found at .
Here are the XZ compressed sources:
? https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.2.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
??https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.2.tar.xz.sig
Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From ametzler at bebt.de Sat Feb 17 10:56:00 2018
From: ametzler at bebt.de (Andreas Metzler)
Date: Sat, 17 Feb 2018 10:56:00 +0100
Subject: [gnutls-devel] gnutls 3.6.2
In-Reply-To: <1518766995.18151.5.camel@gnutls.org>
References: <1518766995.18151.5.camel@gnutls.org>
Message-ID: <20180217095600.GA1243@argenau.bebt.de>
On 2018-02-16 Nikos Mavrogiannopoulos wrote:
> Hello,?
> ?I've just released gnutls 3.6.2. This is a bug fix release for
> the 3.6.x branch.?
> * Version 3.6.2 (released 2018-02-16)
[...]
> ** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
> ???for SRP authentication.
[...]
> ** API and ABI modifications:
> No changes since last version.
Hello,
afaict there were ABI changes:
gnutls_srp_8192_group_generator: Added
gnutls_srp_8192_group_prime: Added
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From ametzler at bebt.de Sat Feb 17 19:01:48 2018
From: ametzler at bebt.de (Andreas Metzler)
Date: Sat, 17 Feb 2018 19:01:48 +0100
Subject: [gnutls-devel] 3.6.2 testsuite error on mips and mipsel
Message-ID: <20180217180148.GA1065@argenau.bebt.de>
Hello,
the srp test fails on both mips and mipsel:
(sid_mips-dchroot)ametzler at minkus:~/GNUTLS/gnutls28-3.6.2/b4deb/tests$ ./srp
testing: srp-1024
testing: srp-1536
testing: srp-2048
testing: srp-3072
testing: srp-4096
testing: srp-8192
client:157: client: Handshake failed
server:242: server: Handshake has failed (The operation timed out)
--verbose log attached.
TIA, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: srp-verbose.gz
Type: application/gzip
Size: 19500 bytes
Desc: not available
URL:
From nmav at gnutls.org Sun Feb 18 11:25:54 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 18 Feb 2018 10:25:54 +0000
Subject: [gnutls-devel] 3.6.2 testsuite error on mips and mipsel
In-Reply-To: <20180217180148.GA1065@argenau.bebt.de>
References: <20180217180148.GA1065@argenau.bebt.de>
Message-ID:
Thanks. Could it be that the timeout is too low for 8k in the platform?
If you change gnutls_handshake_set_timeout(session, 20 * 1000);
with 40 or 60 seconds does it work?
On Sat, Feb 17, 2018 at 7:02 PM Andreas Metzler wrote:
> Hello,
>
> the srp test fails on both mips and mipsel:
> (sid_mips-dchroot)ametzler at minkus:~/GNUTLS/gnutls28-3.6.2/b4deb/tests$
> ./srp
> testing: srp-1024
> testing: srp-1536
> testing: srp-2048
> testing: srp-3072
> testing: srp-4096
> testing: srp-8192
> client:157: client: Handshake failed
> server:242: server: Handshake has failed (The operation timed out)
>
> --verbose log attached.
>
> TIA, cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ametzler at bebt.de Sun Feb 18 12:51:05 2018
From: ametzler at bebt.de (Andreas Metzler)
Date: Sun, 18 Feb 2018 12:51:05 +0100
Subject: [gnutls-devel] 3.6.2 testsuite error on mips and mipsel
In-Reply-To:
References: <20180217180148.GA1065@argenau.bebt.de>
Message-ID: <20180218115105.GA1243@argenau.bebt.de>
On 2018-02-18 Nikos Mavrogiannopoulos wrote:
> On Sat, Feb 17, 2018 at 7:02 PM Andreas Metzler wrote:
>> the srp test fails on both mips and mipsel:
>> (sid_mips-dchroot)ametzler at minkus:~/GNUTLS/gnutls28-3.6.2/b4deb/tests$
>> ./srp
>> testing: srp-1024
>> testing: srp-1536
>> testing: srp-2048
>> testing: srp-3072
>> testing: srp-4096
>> testing: srp-8192
>> client:157: client: Handshake failed
>> server:242: server: Handshake has failed (The operation timed out)
> Thanks. Could it be that the timeout is too low for 8k in the platform?
> If you change gnutls_handshake_set_timeout(session, 20 * 1000);
> with 40 or 60 seconds does it work?
Hello,
You seem to be right. Increasing both instances of
gnutls_handshake_set_timeout to 40 lets the test succeed. On the
specific machine I tested on the fail/nonfail border is at about 26
(25.8 fails, 25.9 succeeds), so 40 should give a margin of error. I will
upload a patched version to the Debian buildds and report results.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From nmav at gnutls.org Sun Feb 18 20:58:37 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 18 Feb 2018 19:58:37 +0000
Subject: [gnutls-devel] gnutls 3.6.2
In-Reply-To: <20180217095600.GA1243@argenau.bebt.de>
References: <1518766995.18151.5.camel@gnutls.org>
<20180217095600.GA1243@argenau.bebt.de>
Message-ID:
Thank you. I've applied the patch to the git version of NEWS file.
On Sat, Feb 17, 2018 at 11:15 AM Andreas Metzler wrote:
> On 2018-02-16 Nikos Mavrogiannopoulos wrote:
> > Hello,
> > I've just released gnutls 3.6.2. This is a bug fix release for
> > the 3.6.x branch.
>
> > * Version 3.6.2 (released 2018-02-16)
> [...]
> > ** libgnutls: Added the 8192-bit parameters of SRP to the accepted
> parameters
> > for SRP authentication.
>
> [...]
> > ** API and ABI modifications:
> > No changes since last version.
>
> Hello,
>
> afaict there were ABI changes:
>
> gnutls_srp_8192_group_generator: Added
> gnutls_srp_8192_group_prime: Added
>
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: