gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-315-g209f8d2


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-315-g209f8d2
Date: Fri, 23 Jul 2010 18:06:47 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=209f8d25c1d0a773d573137260952ce20aab2dcc

The branch, master has been updated
       via  209f8d25c1d0a773d573137260952ce20aab2dcc (commit)
       via  4e35211c8ced250770a577e5b2e3bb59948088d2 (commit)
      from  a72d32d5664bf88f339066d590a55bbf507f919f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 209f8d25c1d0a773d573137260952ce20aab2dcc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jul 23 20:06:35 2010 +0200

    Updated documentation and gnutls_pk_params_t mappings to ECRYPT II 
recommendations.

commit 4e35211c8ced250770a577e5b2e3bb59948088d2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jul 23 19:36:48 2010 +0200

    HMAC-MD5 deprecated according to ECRYPT II yearly report (2009-2010) 
recommendations.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                    |   11 ++++++
 doc/cha-bib.texi        |    5 +++
 doc/cha-intro-tls.texi  |   78 ++++++++++++++++++++++------------------------
 lib/gnutls_algorithms.c |   16 +++++-----
 lib/gnutls_priority.c   |    2 -
 5 files changed, 61 insertions(+), 51 deletions(-)

diff --git a/NEWS b/NEWS
index 343c210..eeb77a5 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,17 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
               2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+* Version 2.11.1 (unreleased)
+
+** libgnutls: Updated documentation and gnutls_pk_params_t mappings
+to ECRYPT II recommendations.
+
+** libgnutls: HMAC-MD5 no longer used by default.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 2.11.0 (released 2010-07-22)
 
 ** libgnutls: support scattered write using writev(). This takes
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi
index 792bc8c..840af87 100644
--- a/doc/cha-bib.texi
+++ b/doc/cha-bib.texi
@@ -144,4 +144,9 @@ Arjen Lenstra and Xiaoyun Wang and Benne de Weger, 
"Colliding X.509
 Certificates", Cryptology ePrint Archive, Report 2005/067, Available
 at @url{http://eprint.iacr.org/}.
 
address@hidden @anchor{ECRYPT}[ECRYPT]
+European Network of Excellence in Cryptology II, "ECRYPT II Yearly
+Report on Algorithms and Keysizes (2009-2010)", Available
+at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
+
 @end table
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index a08a2d4..9d180ad 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -494,52 +494,48 @@ resume functions, @ref{resume}.
 In TLS, since a lot of algorithms are involved, it is not easy to set
 a consistent security level.  For this reason this section will
 present some correspondance between key sizes of symmetric algorithms
-and public key algorithms based on the most conservative values of
address@hidden  Those can be used to generate certificates with
+and public key algorithms based on the ``ECRYPT II Yearly Report on Algorithms 
and Keysizes (2009-2010)''
+in @xcite{ECRYPT}.  Those can be used to generate certificates with
 appropriate key sizes as well as parameters for Diffie-Hellman and SRP
 authentication.
 
address@hidden @columnfractions .15 .20 .20 .20
address@hidden @columnfractions .10 .15 .10 .20 .35
 
address@hidden Year
address@hidden Symmetric key size
address@hidden RSA key size, DH and SRP prime size
address@hidden Security bits
address@hidden RSA, DH and SRP parameter size
 @tab ECC key size
address@hidden @code{gnutls_sec_param_t}
address@hidden Description
+
address@hidden 64
address@hidden 816
address@hidden 128
address@hidden @code{WEAK}
address@hidden Very short term protection against small organizations
 
address@hidden 1982
address@hidden 56
address@hidden 417
address@hidden 105
-
address@hidden 1988
address@hidden 61
address@hidden 566
address@hidden 114
-
address@hidden 2002
address@hidden 72
address@hidden 1028
address@hidden 139
-
address@hidden 2015
address@hidden 82
address@hidden 1613
address@hidden 173
-
address@hidden 2028
address@hidden 92
address@hidden 2362
address@hidden 210
-
address@hidden 2040
address@hidden 101
address@hidden 3214
address@hidden 244
-
address@hidden 2050
address@hidden 109
address@hidden 4047
address@hidden 272
address@hidden 80
address@hidden 1248
address@hidden 160
address@hidden @code{LOW}
address@hidden Very short term protection against agencies
+
address@hidden 112
address@hidden 2432
address@hidden 224
address@hidden @code{NORMAL}
address@hidden Medium-term protection
+
address@hidden 128
address@hidden 3248
address@hidden 256
address@hidden @code{HIGH}
address@hidden Long term protection
+
address@hidden 256
address@hidden 15424
address@hidden 512
address@hidden @code{ULTRA}
address@hidden Foreseeable future
 
 @end multitable
 
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 88ac198..0bb3d32 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -2301,14 +2301,14 @@ unsigned int gnutls_sec_param_to_pk_bits 
(gnutls_pk_algorithm_t algo,
         switch(param)
           {
             case GNUTLS_SEC_PARAM_LOW:
-              return 1024;
+              return 1248;
             case GNUTLS_SEC_PARAM_HIGH:
-              return 3072;
+              return 2432;
             case GNUTLS_SEC_PARAM_ULTRA:
-              return 7680;
+              return 3248;
             case GNUTLS_SEC_PARAM_NORMAL:
             default:
-              return 2048;
+              return 2432;
           }
         default:
           gnutls_assert();
@@ -2379,13 +2379,13 @@ gnutls_sec_param_t gnutls_pk_bits_to_sec_param 
(gnutls_pk_algorithm_t algo,
 {
 
   /* currently we ignore algo */
-  if (bits >= 7680)
+  if (bits >= 15423)
     return GNUTLS_SEC_PARAM_ULTRA;
-  else if (bits >= 3072)
+  else if (bits >= 3247)
     return GNUTLS_SEC_PARAM_HIGH;
-  else if (bits >= 2048)
+  else if (bits >= 2431)
     return GNUTLS_SEC_PARAM_NORMAL;
-  else if (bits >= 1024)
+  else if (bits >= 1248)
     return GNUTLS_SEC_PARAM_LOW;
   else 
     return GNUTLS_SEC_PARAM_WEAK;
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 319f097..d28c456 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -361,7 +361,6 @@ static const int sign_priority_secure256[] = {
 };
 
 static const int mac_priority_performance[] = {
-  GNUTLS_MAC_MD5,
   GNUTLS_MAC_SHA1,
   0
 };
@@ -370,7 +369,6 @@ static const int mac_priority_performance[] = {
 static const int mac_priority_secure[] = {
   GNUTLS_MAC_SHA256,
   GNUTLS_MAC_SHA1,
-  GNUTLS_MAC_MD5,
   0
 };
 


hooks/post-receive
-- 
GNU gnutls



reply via email to

[Prev in Thread] Current Thread [Next in Thread]