[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-68-g626b629
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-68-g626b629 |
Date: |
Sat, 08 Oct 2011 00:58:08 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=626b62916898e53afbb4ca12fefd99fcfd38eae3
The branch, master has been updated
via 626b62916898e53afbb4ca12fefd99fcfd38eae3 (commit)
via d227e38569322ad1b14f5ccff6bf51d7f1760b52 (commit)
from de6b66a172820f15535abc78ceae46e81c94157f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 626b62916898e53afbb4ca12fefd99fcfd38eae3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 02:54:09 2011 +0200
documentation update
commit d227e38569322ad1b14f5ccff6bf51d7f1760b52
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 02:39:27 2011 +0200
Added tests for ECDHE, AES-GCM and SHA256.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 17 ++++++++++--
doc/cha-intro-tls.texi | 3 +-
src/tests.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++-
src/tests.h | 5 +++
src/tls_test.c | 19 +++++++++----
5 files changed, 96 insertions(+), 13 deletions(-)
diff --git a/NEWS b/NEWS
index f663487..e7eb6a4 100644
--- a/NEWS
+++ b/NEWS
@@ -4,19 +4,30 @@ See the end for copying conditions.
* Version 3.0.4 (unreleased)
+** gnutls-cli-debug: Added more tests including AES-GCM,
+SHA256 and elliptic curves.
+
** gnutls-cli: Added --benchmark-soft-ciphers to benchmark
the software version of the ciphers instead of hw accelerated
(where available)
+** libgnutls: gnutls_privkey_t allows setting external callback
+to perform signing or decryption. Can be set using
+gnutls_privkey_import_ext()
+
+** libgnutls: A certificate credentials structure can be
+used with a gnutls_privkey_t and a gnutls_pcert_st
+structures using gnutls_certificate_set_key().
+
** libgnutls: Fixes to enable external signing callback to
operate with TLS 1.2.
** libgnutls: Fixed crash when printing ECDSA certificate key
ID. Reported by Erik Jensen.
-** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks show
-a 2x increase in AES speed and a 14x increase in C7. Added support for
-hashes and HMACs.
+** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks
+show a 2x increase in AES speed and a 14x increase in VIA nano. Added
+support for hashes and HMACs.
** libgnutls: Compilation fixed when p11-kit is not detected.
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 7ede515..cb0adec 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -505,8 +505,7 @@ Clients can enable support for TLS tickets with
@funcref{gnutls_session_ticket_enable_client} and servers use
@funcref{gnutls_session_ticket_key_generate} to generate a key and
@funcref{gnutls_session_ticket_enable_server} to enable the extension.
-Clients resume sessions using the ticket using the normal session
-resume functions, @ref{resume}.
+Clients resume sessions using the normal session resumption procedure (see
@ref{resume}).
@showfuncdesc{gnutls_session_ticket_key_generate}
diff --git a/src/tests.c b/src/tests.c
index aecad73..d5660ae 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -106,6 +106,7 @@ do_handshake (gnutls_session_t session)
}
char protocol_str[] = "+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_all_str[] =
"+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
char prio_str[256] = "";
#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
@@ -113,7 +114,7 @@ char prio_str[256] = "";
#define ALL_COMP "+COMP-NULL"
#define ALL_MACS "+SHA1:+MD5"
#define ALL_CERTTYPES "+CTYPE-X509"
-#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT"
+#define ALL_KX
"+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH:+CURVE-ALL"
#define INIT_STR "NONE:"
char rest[128] = "%UNSAFE_RENEGOTIATION";
@@ -258,6 +259,7 @@ test_export_info (gnutls_session_t session)
}
static gnutls_datum_t pubkey = { NULL, 0 };
+static gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
test_code_t
test_dhe (gnutls_session_t session)
@@ -278,6 +280,24 @@ test_dhe (gnutls_session_t session)
return ret;
}
+test_code_t test_ecdhe (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf (prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, rest);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+
+ curve = gnutls_ecc_curve_get(session);
+
+ return ret;
+}
+
test_code_t
test_safe_renegotiation (gnutls_session_t session)
@@ -359,6 +379,17 @@ test_dhe_group (gnutls_session_t session)
}
test_code_t
+test_ecdhe_curve (gnutls_session_t session)
+{
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return TEST_IGNORE;
+
+ printf ("\n Curve %s\n", gnutls_ecc_curve_get_name(curve));
+
+ return TEST_SUCCEED;
+}
+
+test_code_t
test_ssl3 (gnutls_session_t session)
{
int ret;
@@ -458,6 +489,21 @@ test_aes (gnutls_session_t session)
return ret;
}
+test_code_t test_aes_gcm (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf (prio_str, INIT_STR
+ "+AES-128-GCM:+AES-256-GCM:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
ALL_MACS
+ ":" ALL_KX ":%s", protocol_all_str, rest);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+ return ret;
+}
+
#ifdef ENABLE_CAMELLIA
test_code_t
test_camellia (gnutls_session_t session)
@@ -572,6 +618,21 @@ test_sha (gnutls_session_t session)
}
test_code_t
+test_sha256 (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf (prio_str,
+ INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":%s:+SHA256:" ALL_KX ":%s", protocol_all_str, rest);
+ _gnutls_priority_set_direct (session, prio_str);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+ return ret;
+}
+
+test_code_t
test_3des (gnutls_session_t session)
{
int ret;
@@ -911,7 +972,7 @@ test_anonymous (gnutls_session_t session)
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+ANON-DH:%s", protocol_str, rest);
+ ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
diff --git a/src/tests.h b/src/tests.h
index 5961a71..ed8fdb0 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -42,3 +42,8 @@ test_code_t test_version_oob (gnutls_session_t session);
test_code_t test_zlib (gnutls_session_t session);
int _test_srp_username_callback (gnutls_session_t session,
char **username, char **password);
+
+test_code_t test_ecdhe_curve (gnutls_session_t session);
+test_code_t test_ecdhe (gnutls_session_t session);
+test_code_t test_aes_gcm (gnutls_session_t session);
+test_code_t test_sha256 (gnutls_session_t session);
diff --git a/src/tls_test.c b/src/tls_test.c
index 46f5561..6b1d1cc 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -130,25 +130,32 @@ static const TLS_TEST tls_tests[] = {
"dunno"},
{"ephemeral Diffie-Hellman group info", test_dhe_group, "", "N/A",
"N/A"},
- {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
+ {"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes", "no",
+ "dunno"},
+ {"ephemeral EC Diffie-Hellman group info", test_ecdhe_curve, "", "N/A",
+ "N/A"},
+ {"for AES-GCM cipher support", test_aes_gcm, "yes", "no",
+ "dunno"},
+ {"for AES-CBC cipher support", test_aes, "yes", "no",
"dunno"},
#ifdef ENABLE_CAMELLIA
- {"for CAMELLIA cipher support (TLS extension)", test_camellia, "yes", "no",
+ {"for CAMELLIA cipher support", test_camellia, "yes", "no",
"dunno"},
#endif
- {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
+ {"for 3DES-CBC cipher support", test_3des, "yes", "no", "dunno"},
{"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
{"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
"dunno"},
{"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
{"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
+ {"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"},
#ifdef HAVE_LIBZ
- {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
+ {"for ZLIB compression support", test_zlib, "yes",
"no", "dunno"},
#endif
- {"for max record size (TLS extension)", test_max_record_size, "yes",
+ {"for max record size", test_max_record_size, "yes",
"no", "dunno"},
- {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
+ {"for OpenPGP authentication support", test_openpgp1,
"yes", "no", "dunno"},
{NULL, NULL, NULL, NULL, NULL}
};
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-68-g626b629,
Nikos Mavrogiannopoulos <=