[SCM] GNU gnutls branch, master, updated. gnutls-3_0

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69
Date:	Sun, 22 Jan 2012 20:27:46 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5ff4a69a32cf4b21b39d5f2d91f7381fd424783c

The branch, master has been updated
       via  5ff4a69a32cf4b21b39d5f2d91f7381fd424783c (commit)
       via  b6f8492ad3e45925c30dfa8c2abfb628a20471a0 (commit)
      from  7fc5737356c15c3e1aa6c89e54e2492b4cbd3a54 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5ff4a69a32cf4b21b39d5f2d91f7381fd424783c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jan 22 21:32:08 2012 +0100

    updated

commit b6f8492ad3e45925c30dfa8c2abfb628a20471a0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jan 22 21:27:09 2012 +0100

    Updated SUITEB requirements according to rfc6460.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                  |    3 +++
 doc/TODO              |   17 ++++++++---------
 lib/gnutls_priority.c |    8 +++-----
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/NEWS b/NEWS
index feb2398..fdb8bfe 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ See the end for copying conditions.
 
 * Version 3.0.13 (unreleased)
 
+** libgnutls: SUITEB128 and SUITEB192 priority strings account
+for the RFC6460 requirements.
+
 ** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY
 to account for security level of 96-bits.
 
diff --git a/doc/TODO b/doc/TODO
index b7041d7..323e124 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,24 +3,23 @@ anything), contact the developer's mailing list 
(address@hidden),
 in order to avoid having people working on the same thing. 
 
 Current list:
-* Try to use _gnutls_hash_fast() and _gnutls_hmac_fast() where
-  possible. Especially when hashing/hmacing records. This would
-  allow direct usage of CPU or chip acceleration, which do not
-  typically allow multiple hashes.
+* Add DTLS 1.2 support (RFC6347)
+* Added heartbeat support 
(http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04)
 * Add certificate image support (see RFC3709, RFC6170)
 * Perform signature calculation in PKCS #11 using not plain
   RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc.
   That will allow the usage of more secure tokens that do not
   allow plain RSA.
-* Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify 
-  against, similarly to NSS way.
-* Support replacing individual algorithms via a PKCS #11 module -
-  maybe use p11-kit for that.
 * Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys.
-* Implement TLS-PSK with PKCS #11.
+  (openssl seems to use DES-MD5 to encrypt keys by default)
 * Add support for generating empty CRLs
 * Document the format for the supported DN attributes.
 * Audit the code
+- Implement TLS-PSK with PKCS #11.
+- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify 
+  against, similarly to NSS way.
+- Support replacing individual algorithms via a PKCS #11 module -
+  maybe use p11-kit for that.
 - Add function to extract the signers of an openpgp key. Should
   be similar to gnutls_x509_crt_get_dn_oid().
 - Add function to verify an openpgp key against a plain key.
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 29fc363..2848a60 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -230,6 +230,7 @@ static const int supported_ecc_secure128[] = {
 
 static const int supported_ecc_suiteb128[] = {
   GNUTLS_ECC_CURVE_SECP256R1,
+  GNUTLS_ECC_CURVE_SECP384R1,
   0
 };
 
@@ -354,13 +355,12 @@ static const int *cipher_priority_normal = 
cipher_priority_normal_sw;
 
 static const int cipher_priority_suiteb128[] = {
   GNUTLS_CIPHER_AES_128_GCM,
-  GNUTLS_CIPHER_AES_128_CBC,
+  GNUTLS_CIPHER_AES_256_GCM,
   0
 };
 
 static const int cipher_priority_suiteb192[] = {
   GNUTLS_CIPHER_AES_256_GCM,
-  GNUTLS_CIPHER_AES_256_CBC,
   0
 };
 
@@ -425,6 +425,7 @@ static const int sign_priority_default[] = {
 
 static const int sign_priority_suiteb128[] = {
   GNUTLS_SIGN_ECDSA_SHA256,
+  GNUTLS_SIGN_ECDSA_SHA384,
   0
 };
 
@@ -462,14 +463,11 @@ static const int mac_priority_normal[] = {
 };
 
 static const int mac_priority_suiteb128[] = {
-  GNUTLS_MAC_SHA256,
-  GNUTLS_MAC_SHA384,
   GNUTLS_MAC_AEAD,
   0
 };
 
 static const int mac_priority_suiteb192[] = {
-  GNUTLS_MAC_SHA384,
   GNUTLS_MAC_AEAD,
   0
 };


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-47-g7fc5737
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-50-g6020e0f
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-47-g7fc5737
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-50-g6020e0f
Index(es):
- Date
- Thread