From zfridric at redhat.com Wed Mar 20 10:35:16 2024 From: zfridric at redhat.com (Zoltan Fridrich) Date: Wed, 20 Mar 2024 10:35:16 +0100 Subject: [gnutls-help] gnutls 3.8.4 Message-ID: <89db3791-d41b-921b-2639-bd25198fc2d4@redhat.com> Hello, We have just released gnutls-3.8.4. This is a bug fix and enhancement release on the 3.8.x branch. We would like to thank everyone who contributed in this release: Avinash Sonawane, Xin Long, Alexander Sosedkin, Sahil Siddiq, Ramesh Adhikari, Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki Ueno and Zoltan Fridrich The detailed list of changes follows: * Version 3.8.4 (released 2024-03-18) ** libgnutls: RSA-OAEP encryption scheme is now supported To use it with an unrestricted RSA private key, one would need to initialize a gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and attach it to the private key. It is also possible to import restricted private keys if they are stored in PKCS#8 format. ** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834] ** libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835] ** libgnutls: Compression libraries are now loaded dynamically as needed instead of all being loaded during gnutls library initialization. As a result, the library initialization should be faster. ** build: The gnutls library can now be linked with the static library of GMP. Note that in order for this to work libgmp.a needs to be compiled with -fPIC and libhogweed in Nettle also has to be linked to the static library of GMP. This can be used to prevent custom memory allocators from being overriden by other applications. ** API and ABI modifications: gnutls_x509_spki_get_rsa_oaep_params: New function. gnutls_x509_spki_set_rsa_oaep_params: New function. GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220C https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig Note that it has been signed with my openpgp key: pub ? ed25519 2021-12-23 [SC] [expires: 2027-01-01] ? ? ? 5D46CB0F763405A7053556F47A75A648B3F9220C uid ? ? ? ? ? [ultimate] Zoltan Fridrich sub ? cv25519 2021-12-23 [E] [expires: 2027-01-01] Regards, Zoltan -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x7A75A648B3F9220C.asc Type: application/pgp-keys Size: 1054 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: