[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b |
Date: |
Tue, 01 Sep 2009 05:03:58 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=f5a395b256b9629af60c4720ce273655730b9712
The branch, master has been updated
via f5a395b256b9629af60c4720ce273655730b9712 (commit)
via fdeacbe731432945a226674e718329be15a08884 (commit)
via 36422ab4edaacf11cfeea6ccb489a37b8425c5e7 (commit)
via 5947a9adf4f64a35501e50cf9db820bd649f7917 (commit)
from a84a6b68b296f6e3c987c463238543e89006c713 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f5a395b256b9629af60c4720ce273655730b9712
Author: Simon Josefsson <address@hidden>
Date: Tue Sep 1 07:03:45 2009 +0200
Add.
commit fdeacbe731432945a226674e718329be15a08884
Author: Simon Josefsson <address@hidden>
Date: Tue Sep 1 07:03:14 2009 +0200
Use SHA256 as MAC by default.
commit 36422ab4edaacf11cfeea6ccb489a37b8425c5e7
Author: Simon Josefsson <address@hidden>
Date: Tue Sep 1 06:58:59 2009 +0200
Add.
commit 5947a9adf4f64a35501e50cf9db820bd649f7917
Author: Daiki Ueno <address@hidden>
Date: Tue Sep 1 08:02:05 2009 +0900
Add SHA-2 cipher suites.
Signed-off-by: Simon Josefsson <address@hidden>
-----------------------------------------------------------------------
Summary of changes:
NEWS | 7 +++++--
lib/gnutls_algorithms.c | 36 ++++++++++++++++++++++++++++++++++++
lib/gnutls_priority.c | 1 +
3 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index cda76db..1bc777f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,11 @@ See the end for copying conditions.
* Version 2.9.4 (unreleased)
-** libgnutls: Client-side TLS 1.2 now works.
-Contributed by Daiki Ueno.
+** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
+The new supported ciphersuites are AES-128/256 in CBC mode with
+ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further,
+SHA-256 is now the preferred default MAC (however it is only used with
+TLS 1.2).
** libgnutls: Make OpenPGP hostname checking work again.
The patch to resolve the X.509 CN/SAN issue accidentally broken
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index abf05a3..bfd8545 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -373,6 +373,9 @@ typedef struct
#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
#endif
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
+
/* PSK (not in TLS 1.0)
* draft-ietf-tls-psk:
*/
@@ -420,6 +423,9 @@ typedef struct
#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
#endif
+#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
+#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
+
/* DHE DSS
*/
@@ -442,6 +448,9 @@ typedef struct
#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
#endif
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
+
/* DHE RSA
*/
#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -457,6 +466,9 @@ typedef struct
#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
#endif
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
+
#define CIPHER_SUITES_COUNT
sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -484,6 +496,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -571,6 +589,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -591,6 +615,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
GNUTLS_CIPHER_NULL,
@@ -624,6 +654,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
{0, {{0, 0}}, 0, 0, 0, 0}
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 314b51d..d6c0df0 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -346,6 +346,7 @@ static const int mac_priority_performance[] = {
};
static const int mac_priority_secure[] = {
+ GNUTLS_MAC_SHA256,
GNUTLS_MAC_SHA1,
GNUTLS_MAC_MD5,
0
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b,
Simon Josefsson <=