Hello, I've just released gnutls 3.3.0pre0. This is a pre-release of the next stable branch, which adds new features, optimizations and cleanups to the GnuTLS library.
* Version 3.3.0 (pre-release 2014-03-27) ** libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. ** libgnutls: static libraries are not built by default. ** libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags using GNUTLS_PROFILE_TO_VFLAGS() ** libgnutls: Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used to read the priorities. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). ** libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). ** libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. ** libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. ** libgnutls: Depend on p11-kit 0.20.0 or later. ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. ** libgnutls: The experimental xssl library is removed from the gnutls distribution. ** libgnutls: Reduced the number of gnulib modules used. ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). ** API and ABI modifications: gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added gnutls_fips140_mode_enabled: Added gnutls_sec_param_to_symmetric_bits: Added gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) gnutls_pubkey_verify_params: Added gnutls_privkey_export_ecc_raw: Added gnutls_privkey_export_dsa_raw: Added gnutls_privkey_export_rsa_raw: Added gnutls_privkey_import_ecc_raw: Added gnutls_privkey_import_dsa_raw: Added gnutls_privkey_import_rsa_raw: Added gnutls_privkey_verify_params: Added gnutls_x509_name_constraints_init: Added gnutls_x509_name_constraints_deinit: Added gnutls_x509_crt_get_name_constraints: Added gnutls_x509_name_constraints_add_permitted: Added gnutls_x509_name_constraints_add_excluded: Added gnutls_x509_crt_set_name_constraints: Added gnutls_x509_name_constraints_get_permitted: Added gnutls_x509_name_constraints_get_excluded: Added gnutls_x509_name_constraints_check: Added gnutls_x509_name_constraints_check_crt: Added gnutls_x509_crl_get_extension_data2: Added gnutls_x509_crt_get_extension_data2: Added gnutls_x509_crq_get_extension_data2: Added gnutls_subject_alt_names_init: Added gnutls_subject_alt_names_deinit: Added gnutls_subject_alt_names_get: Added gnutls_subject_alt_names_set: Added gnutls_x509_ext_import_subject_alt_names: Added gnutls_x509_ext_export_subject_alt_names: Added gnutls_x509_crl_dist_points_init: Added gnutls_x509_crl_dist_points_deinit: Added gnutls_x509_crl_dist_points_get: Added gnutls_x509_crl_dist_points_set: Added gnutls_x509_ext_import_crl_dist_points: Added gnutls_x509_ext_export_crl_dist_points: Added gnutls_x509_ext_import_name_constraints: Added gnutls_x509_ext_export_name_constraints: Added gnutls_x509_aia_init: Added gnutls_x509_aia_deinit: Added gnutls_x509_aia_get: Added gnutls_x509_aia_set: Added gnutls_x509_ext_import_aia: Added gnutls_x509_ext_export_aia: Added gnutls_x509_ext_import_subject_key_id: Added gnutls_x509_ext_export_subject_key_id: Added gnutls_x509_ext_export_authority_key_id: Added gnutls_x509_ext_import_authority_key_id: Added gnutls_x509_aki_init: Added gnutls_x509_aki_get_id: Added gnutls_x509_aki_get_cert_issuer: Added gnutls_x509_aki_set_id: Added gnutls_x509_aki_set_cert_issuer: Added gnutls_x509_aki_deinit: Added gnutls_x509_ext_import_private_key_usage_period: Added gnutls_x509_ext_export_private_key_usage_period: Added gnutls_x509_ext_import_basic_constraints: Added gnutls_x509_ext_export_basic_constraints: Added gnutls_x509_ext_import_key_usage: Added gnutls_x509_ext_export_key_usage: Added gnutls_x509_ext_import_proxy: Added gnutls_x509_ext_export_proxy: Added gnutls_x509_policies_init: Added gnutls_x509_policies_deinit: Added gnutls_x509_policies_get: Added gnutls_x509_policies_set: Added gnutls_x509_ext_import_policies: Added gnutls_x509_ext_export_policies: Added gnutls_x509_key_purpose_init: Added gnutls_x509_key_purpose_deinit: Added gnutls_x509_key_purpose_set: Added gnutls_x509_key_purpose_get: Added gnutls_x509_ext_import_key_purposes: Added gnutls_x509_ext_export_key_purposes: Added gnutls_digest_self_test: Added (conditionally) gnutls_mac_self_test: Added (conditionally) gnutls_pk_self_test: Added (conditionally) gnutls_cipher_self_test: Added (conditionally) gnutls_global_set_mem_functions: Deprecated Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.0pre0.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.0pre0.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.0pre0.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.0pre0.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
