[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b

From:	Simon Josefsson
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b
Date:	Tue, 01 Sep 2009 05:03:58 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=f5a395b256b9629af60c4720ce273655730b9712

The branch, master has been updated
       via  f5a395b256b9629af60c4720ce273655730b9712 (commit)
       via  fdeacbe731432945a226674e718329be15a08884 (commit)
       via  36422ab4edaacf11cfeea6ccb489a37b8425c5e7 (commit)
       via  5947a9adf4f64a35501e50cf9db820bd649f7917 (commit)
      from  a84a6b68b296f6e3c987c463238543e89006c713 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f5a395b256b9629af60c4720ce273655730b9712
Author: Simon Josefsson <address@hidden>
Date:   Tue Sep 1 07:03:45 2009 +0200

    Add.

commit fdeacbe731432945a226674e718329be15a08884
Author: Simon Josefsson <address@hidden>
Date:   Tue Sep 1 07:03:14 2009 +0200

    Use SHA256 as MAC by default.

commit 36422ab4edaacf11cfeea6ccb489a37b8425c5e7
Author: Simon Josefsson <address@hidden>
Date:   Tue Sep 1 06:58:59 2009 +0200

    Add.

commit 5947a9adf4f64a35501e50cf9db820bd649f7917
Author: Daiki Ueno <address@hidden>
Date:   Tue Sep 1 08:02:05 2009 +0900

    Add SHA-2 cipher suites.
    
    Signed-off-by: Simon Josefsson <address@hidden>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                    |    7 +++++--
 lib/gnutls_algorithms.c |   36 ++++++++++++++++++++++++++++++++++++
 lib/gnutls_priority.c   |    1 +
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index cda76db..1bc777f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,11 @@ See the end for copying conditions.
 
 * Version 2.9.4 (unreleased)
 
-** libgnutls: Client-side TLS 1.2 now works.
-Contributed by Daiki Ueno.
+** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
+The new supported ciphersuites are AES-128/256 in CBC mode with
+ANON-DH/RSA/DHE-DSS/DHE-RSA.  Contributed by Daiki Ueno.  Further,
+SHA-256 is now the preferred default MAC (however it is only used with
+TLS 1.2).
 
 ** libgnutls: Make OpenPGP hostname checking work again.
 The patch to resolve the X.509 CN/SAN issue accidentally broken
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index abf05a3..bfd8545 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -373,6 +373,9 @@ typedef struct
 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
 #endif
 
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
+
 /* PSK (not in TLS 1.0)
  * draft-ietf-tls-psk:
  */
@@ -420,6 +423,9 @@ typedef struct
 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
 #endif
 
+#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
+#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
+
 /* DHE DSS
  */
 
@@ -442,6 +448,9 @@ typedef struct
 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
 #endif
 
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
+
 /* DHE RSA
  */
 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -457,6 +466,9 @@ typedef struct
 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
 #endif
 
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
+
 #define CIPHER_SUITES_COUNT 
sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
 
 static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -484,6 +496,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_ANON_DH,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
 
   /* PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -571,6 +589,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_DHE_DSS,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -591,6 +615,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_DHE_RSA,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                             GNUTLS_CIPHER_NULL,
@@ -624,6 +654,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   {0, {{0, 0}}, 0, 0, 0, 0}
 };
 
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 314b51d..d6c0df0 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -346,6 +346,7 @@ static const int mac_priority_performance[] = {
 };
 
 static const int mac_priority_secure[] = {
+  GNUTLS_MAC_SHA256,
   GNUTLS_MAC_SHA1,
   GNUTLS_MAC_MD5,
   0


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-61-gf5a395b, Simon Josefsson <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-57-ga84a6b6
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-62-g5ba2b0d
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-57-ga84a6b6
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-62-g5ba2b0d
Index(es):
- Date
- Thread