- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
* The IG 10.3.A and SP800-132 require some minimum parameters for
the salt length, password length and iteration count. These
parameters should be also used in the KAT.
* Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- Enable to run the regression tests also in FIPS mode.
* Add gnutls-FIPS-disable-failing-tests.patch
OBS-URL: https://build.opensuse.org/request/show/964661
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=61
- Update to 3.7.4:
* libgnutls: Added support for certificate compression as defined
in RFC8879.
* certtool: Added option --compress-cert that allows user to
specify compression methods for certificate compression.
* libgnutls: GnuTLS can now be compiled with --enable-strict-x509
configure option to enforce stricter certificate sanity checks
that are compliant with RFC5280.
* libgnutls: Removed IA5String type from DirectoryString within
issuer and subject name to make DirectoryString RFC5280 compliant.
* libgnutls: Added function to retrieve the name of current
ciphersuite from session.
* Bump libgnutlsxx soname due to ABI break
* API and ABI modifications:
- GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
- GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
- gnutls_compress_certificate_get_selected_method: Added
- gnutls_compress_certificate_set_methods: Added
* Update gnutls.keyring
OBS-URL: https://build.opensuse.org/request/show/962891
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=60
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
- Update to 3.7.1:
[bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231]
* Fixed potential use-after-free in sending "key_share" and
"pre_shared_key" extensions.
* Fixed a regression in handling duplicated certs in a chain.
* Fixed sending of session ID in TLS 1.3 middlebox compatibility
mode. In that mode the client shall always send a non-zero
session ID to make the handshake resemble the TLS 1.2
resumption; this was not true in the previous versions.
* Removed dependency on the external 'fipscheck' package,
when compiled with --enable-fips140-mode.
* Added padlock acceleration for AES-192-CBC.
- Remove patches upstream:
* gnutls-gnutls-cli-debug.patch
* gnutls-ignore-duplicate-certificates.patch
* gnutls-test-fixes.patch
OBS-URL: https://build.opensuse.org/request/show/878624
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=49
- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565]
* Don't unset system priority settings in gnutls-cli-debug.sh
* Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387
- Add gnutls-gnutls-cli-debug.patch
- Fix: Test certificates in tests/testpkcs11-certs have expired
* Upstream bug: gitlab.com/gnutls/gnutls/issues/1135
- Add gnutls-test-fixes.patch
- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
* Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131
- Add gnutls-ignore-duplicate-certificates.patch
- Update to 3.7.0
* Depend on nettle 3.6
* Added a new API that provides a callback function to retrieve
missing certificates from incomplete certificate chains
* Added a new API that provides a callback function to output the
complete path to the trusted root during certificate chain
verification
* OIDs exposed as gnutls_datum_t no longer account for the
terminating null bytes, while the data field is null terminated.
The affected API functions are: gnutls_ocsp_req_get_extension,
gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
* Added a new set of API to enable QUIC implementation
* The crypto implementation override APIs deprecated in 3.6.9 are
now no-op
* Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
* Support for padlock has been fixed to make it work with Zhaoxin CPU
* The maximum PIN length for PKCS #11 has been increased from 31
OBS-URL: https://build.opensuse.org/request/show/873444
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=128
- Update to 3.7.0
* Depend on nettle 3.6
* Added a new API that provides a callback function to retrieve
missing certificates from incomplete certificate chains
* Added a new API that provides a callback function to output the
complete path to the trusted root during certificate chain
verification
* OIDs exposed as gnutls_datum_t no longer account for the
terminating null bytes, while the data field is null terminated.
The affected API functions are: gnutls_ocsp_req_get_extension,
gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
* Added a new set of API to enable QUIC implementation
* The crypto implementation override APIs deprecated in 3.6.9 are
now no-op
* Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
* Support for padlock has been fixed to make it work with Zhaoxin CPU
* The maximum PIN length for PKCS #11 has been increased from 31
bytes to 255 bytes
- Remove patch fixed upstream:
* gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- Add version guards for the crypto-policies package
OBS-URL: https://build.opensuse.org/request/show/868673
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=45
- Update to 3.6.15
* libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
[GNUTLS-SA-2020-09-04, CVSS: medium]
* libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
* libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
* libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025).
* libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
* libgnutls: The audit log message for weak hashes is no longer printed twice
* libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
- drop upstreamed patches:
* gnutls-detect_nettle_so.patch
* 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
OBS-URL: https://build.opensuse.org/request/show/832939
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=39
- Update to 3.6.14
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008). (bsc#1172461)
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
the keyring
- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/811391
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=34
- Use correct nettle .so version when looking for a FIPS checksum
(bsc#1166635)
* add gnutls-fips_correct_nettle_soversion.patch
- Update to 3.6.13
* libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
support)
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol (#960)
[GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345)
* libgnutls: Added new APIs to access KDF algorithms (#813).
* libgnutls: Added new callback gnutls_keylog_func that enables a custom
logging functionality.
* libgnutls: Added support for non-null terminated usernames in PSK
negotiation (#586).
* gnutls-cli-debug: Improved support for old servers that only support
SSL 3.0.
- Split off FIPS checksums into a separate libgnutls30-hmac
subpackage (bsc#1152692)
OBS-URL: https://build.opensuse.org/request/show/790830
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=32
- gnutls 3.6.12
* libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
to identify sessions that client request OCSP status request (#829).
* libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
signature algorithm (RFC 8032) under TLS (#86).
* libgnutls: Added the default-priority-string option to system configuration;
it allows overriding the compiled-in default-priority-string.
* libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
draft-smyshlyaev-tls12-gost-suites-07).
By default this ciphersuite is disabled. It can be enabled by adding
+GOST to priority string. In the future this priority string may enable
other GOST ciphersuites as well. Note, that server will fail to negotiate
GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
are enabled on GnuTLS-based servers.
* libgnutls: added priority shortcuts for different GOST categories like
CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
* libgnutls: Reject certificates with invalid time fields. That is we reject
certificates with invalid characters in Time fields, or invalid time formatting
To continue accepting the invalid form compile with --disable-strict-der-time
* libgnutls: Reject certificates which contain duplicate extensions. We were
previously printing warnings when printing such a certificate, but that is
not always sufficient to flag such certificates as invalid. Instead we now
refuse to import them (#887).
* libgnutls: If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected level prior
to accepting it. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise (#877).
* libgnutls: The min-verification-profile from system configuration applies
for all certificate verifications, not only under TLS. The configuration can
OBS-URL: https://build.opensuse.org/request/show/769920
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=30
- Update to 3.6.6
** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
on the public key (#640).
** libgnutls: Added support for raw public-key authentication as defined in RFC7250.
Raw public-keys can be negotiated by enabling the corresponding certificate
types via the priority strings. The raw public-key mechanism must be explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
** libgnutls: When on server or client side we are sending no extensions we do
not set an empty extensions field but we rather remove that field competely.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
the CKA_SIGN is not set (#667).
** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
disable extensions at all cases, while providing a functional session. This
also implies that when specified, TLS1.3 is disabled.
** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
The previous definition was non-functional (#609).
- drop no longer needed gnutls-enbale-guile-2.2.patch
- refresh disable-psk-file-test.patch
OBS-URL: https://build.opensuse.org/request/show/671127
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=17
- Update to 3.6.5
** libgnutls: Provide the option of transparent re-handshake/reauthentication
when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
** libgnutls: The priority functions will ignore and not enable TLS1.3 if
requested with legacy TLS versions enabled but not TLS1.2. That is because
if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
servers which do not support TLS1.3 will negotiate TLS1.2 which will be
rejected by the client as disabled (#621).
** libgnutls: Change RSA decryption to use a new side-channel silent function.
This addresses a security issue where memory access patterns as well as timing
on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
attacks. Side-channel resistant code is slower due to the need to mask
access and timings. When used in TLS the new functions cause RSA based
handshakes to be between 13% and 28% slower on average (Numbers are indicative,
the tests where performed on a relatively modern Intel CPU, results vary
depending on the CPU and architecture used). This change makes nettle 3.4.1
the minimum requirement of gnutls (#630). [CVSS: medium]
** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
in the priority string. It is only accepted as legacy option and is ignored.
** libgnutls: Added support for EdDSA under PKCS#11 (#417)
** libgnutls: Added support for AES-CFB8 cipher (#357)
** libgnutls: Added support for AES-CMAC MAC (#351)
** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
S-BOXes). They are fixed now.
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
keys parsing, as specified in R 50.1.112-2016.
** gnutls-serv: It applies the default settings when no --priority option is given,
using gnutls_set_default_priority().
OBS-URL: https://build.opensuse.org/request/show/662795
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=16
