From 4353ea025ae032887f3e8cf5aadace25662c6b35 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 1 Dec 2018 06:04:45 +0100 Subject: released 3.4.1 Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 25 ++++++++++++++----------- m4/hooks.m4 | 4 ++-- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/NEWS b/NEWS index e0f31df0e0..a0848ff33a 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,10 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2017 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.6.5 (unreleased) +* Version 3.6.5 (released 2018-12-01) ** libgnutls: Provide the option of transparent re-handshake/reauthentication - when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init(). + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) @@ -18,9 +18,21 @@ See the end for copying conditions. servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). +** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. +** libgnutls: Added support for EdDSA under PKCS#11 (#417) + ** libgnutls: Added support for AES-CFB8 cipher (#357) ** libgnutls: Added support for AES-CMAC MAC (#351) @@ -41,15 +53,6 @@ See the end for copying conditions. ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. -** libgnutls: Change RSA decryption to use a new side-channel silent function. - This addresses a security issue where memory access patterns as well as timing - on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher - attacks. Side-channel resistant code is slower due to the need to mask - access and timings. When used in TLS the new functions cause RSA based - handshakes to be between 13% and 28% slower on average (Numbers are indicative, - the tests where performed on a relatively modern Intel CPU, results vary - depending on the CPU and architecture used). - ** API and ABI modifications: GNUTLS_AUTO_REAUTH: Added GNUTLS_CIPHER_AES_128_CFB8: Added diff --git a/m4/hooks.m4 b/m4/hooks.m4 index ebb538ec92..aebc58214a 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -68,13 +68,13 @@ AC_DEFUN([LIBGNUTLS_HOOKS], DLL_SSL_VERSION=`expr ${LT_SSL_CURRENT} - ${LT_SSL_AGE}` AC_SUBST(DLL_SSL_VERSION) - PKG_CHECK_MODULES(NETTLE, [nettle >= 3.4], [cryptolib="nettle"], [ + PKG_CHECK_MODULES(NETTLE, [nettle >= 3.4.1], [cryptolib="nettle"], [ AC_MSG_ERROR([[ *** *** Libnettle 3.4 was not found. ]]) ]) - PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.4], [], [ + PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.4.1], [], [ AC_MSG_ERROR([[ *** *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support. -- cgit v1.2.1