[SCM] GNU gnutls branch, master, updated. gnutls_2_11

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-152-g23d535f

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-152-g23d535f
Date:	Tue, 15 Feb 2011 21:22:07 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=23d535f92d44192fbacffc594262723ff715cf94

The branch, master has been updated
       via  23d535f92d44192fbacffc594262723ff715cf94 (commit)
       via  b0cce9533f2f0bb381adfd43949b9f91dd55cc0a (commit)
       via  9e8dc86aa88a43094f528c289762cf269e873b04 (commit)
      from  fbb37e58f72a6fea19801a0131c90bb3bc4a5f7d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 23d535f92d44192fbacffc594262723ff715cf94
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Feb 15 22:21:40 2011 +0100

    The safe renegotiation ciphersuite is not required to be registered.

commit b0cce9533f2f0bb381adfd43949b9f91dd55cc0a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Feb 15 22:15:05 2011 +0100

    Corrected bug in DHE-PSK in freeing username/key.

commit 9e8dc86aa88a43094f528c289762cf269e873b04
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue Feb 15 22:02:53 2011 +0100

    Added ciphersuites (from RFC5487):
    TLS_PSK_WITH_AES_128_GCM_SHA256
    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
    TLS_PSK_WITH_AES_128_CBC_SHA256
    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
    TLS_PSK_WITH_NULL_SHA256
    TLS_DHE_PSK_WITH_NULL_SHA256

-----------------------------------------------------------------------

Summary of changes:
 lib/auth_dhe_psk.c      |    6 +++-
 lib/gnutls_algorithms.c |   55 +++++++++++++++++++++++++++++++++++-----------
 2 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/lib/auth_dhe_psk.c b/lib/auth_dhe_psk.c
index 6d698c4..ac1a5bc 100644
--- a/lib/auth_dhe_psk.c
+++ b/lib/auth_dhe_psk.c
@@ -98,8 +98,10 @@ gen_psk_client_kx (gnutls_session_t session, 
gnutls_buffer_st* data)
 
 cleanup:
   if (free)
-    _gnutls_free_datum(&username);
-    _gnutls_free_datum(&key);
+    {
+      _gnutls_free_datum(&username);
+      _gnutls_free_datum(&key);
+    }
 
   return ret;
 
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index e388c1d..9b70755 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -504,13 +504,23 @@ typedef struct
 
 /* GCM: RFC5288 */
 #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C }
-#define GNUTLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0x00,0x9E}
-#define GNUTLS_DHE_DSS_WITH_AES_128_GCM_SHA256 {0x00,0xA2}
-#define GNUTLS_DH_ANON_WITH_AES_128_GCM_SHA256 {0x00,0xA6}
+#define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 {0x00,0x9E}
+#define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 {0x00,0xA2}
+#define GNUTLS_DH_ANON_AES_128_GCM_SHA256 {0x00,0xA6}
 
-/* Safe renegotiation */
+/* RFC 5487 */
+/* GCM-PSK */
+#define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 }
+#define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA }
+
+/* PSK - SHA256 HMAC */
+#define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE }
+#define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 }
 
-#define GNUTLS_RENEGO_PROTECTION_REQUEST { 
GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR, GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR }
+#define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 }
+#define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 }
+
+/* Safe renegotiation */
 
 #define CIPHER_SUITES_COUNT 
sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
 
@@ -570,6 +580,18 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
+                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
+                             GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
+                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_NULL_SHA256,
+                             GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_VERSION_MAX),
 
   /* DHE-PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
@@ -588,6 +610,18 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
                              GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+                             GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
+                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
+                             GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+                             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+                             GNUTLS_VERSION_MAX),
 
   /* SRP */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
@@ -767,23 +801,18 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
                              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                              GNUTLS_VERSION_MAX),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
                              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
                              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                              GNUTLS_VERSION_MAX),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
                              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
                              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                              GNUTLS_VERSION_MAX),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_WITH_AES_128_GCM_SHA256,
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
                              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
                              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                              GNUTLS_VERSION_MAX),
-/* Renegotiation hack */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
-                             GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
-                             GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3,
-                             GNUTLS_VERSION_MAX),
 
   {0, {{0, 0}}, 0, 0, 0, 0, 0}
 };


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-152-g23d535f, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-98-g32dff49
Previous by thread: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-98-g32dff49
Index(es):
- Date
- Thread