[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69 |
Date: |
Sun, 22 Jan 2012 20:27:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5ff4a69a32cf4b21b39d5f2d91f7381fd424783c
The branch, master has been updated
via 5ff4a69a32cf4b21b39d5f2d91f7381fd424783c (commit)
via b6f8492ad3e45925c30dfa8c2abfb628a20471a0 (commit)
from 7fc5737356c15c3e1aa6c89e54e2492b4cbd3a54 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5ff4a69a32cf4b21b39d5f2d91f7381fd424783c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 22 21:32:08 2012 +0100
updated
commit b6f8492ad3e45925c30dfa8c2abfb628a20471a0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 22 21:27:09 2012 +0100
Updated SUITEB requirements according to rfc6460.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
doc/TODO | 17 ++++++++---------
lib/gnutls_priority.c | 8 +++-----
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/NEWS b/NEWS
index feb2398..fdb8bfe 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ See the end for copying conditions.
* Version 3.0.13 (unreleased)
+** libgnutls: SUITEB128 and SUITEB192 priority strings account
+for the RFC6460 requirements.
+
** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY
to account for security level of 96-bits.
diff --git a/doc/TODO b/doc/TODO
index b7041d7..323e124 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,24 +3,23 @@ anything), contact the developer's mailing list
(address@hidden),
in order to avoid having people working on the same thing.
Current list:
-* Try to use _gnutls_hash_fast() and _gnutls_hmac_fast() where
- possible. Especially when hashing/hmacing records. This would
- allow direct usage of CPU or chip acceleration, which do not
- typically allow multiple hashes.
+* Add DTLS 1.2 support (RFC6347)
+* Added heartbeat support
(http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04)
* Add certificate image support (see RFC3709, RFC6170)
* Perform signature calculation in PKCS #11 using not plain
RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc.
That will allow the usage of more secure tokens that do not
allow plain RSA.
-* Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
- against, similarly to NSS way.
-* Support replacing individual algorithms via a PKCS #11 module -
- maybe use p11-kit for that.
* Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys.
-* Implement TLS-PSK with PKCS #11.
+ (openssl seems to use DES-MD5 to encrypt keys by default)
* Add support for generating empty CRLs
* Document the format for the supported DN attributes.
* Audit the code
+- Implement TLS-PSK with PKCS #11.
+- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
+ against, similarly to NSS way.
+- Support replacing individual algorithms via a PKCS #11 module -
+ maybe use p11-kit for that.
- Add function to extract the signers of an openpgp key. Should
be similar to gnutls_x509_crt_get_dn_oid().
- Add function to verify an openpgp key against a plain key.
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 29fc363..2848a60 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -230,6 +230,7 @@ static const int supported_ecc_secure128[] = {
static const int supported_ecc_suiteb128[] = {
GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
0
};
@@ -354,13 +355,12 @@ static const int *cipher_priority_normal =
cipher_priority_normal_sw;
static const int cipher_priority_suiteb128[] = {
GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_GCM,
0
};
static const int cipher_priority_suiteb192[] = {
GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_AES_256_CBC,
0
};
@@ -425,6 +425,7 @@ static const int sign_priority_default[] = {
static const int sign_priority_suiteb128[] = {
GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA384,
0
};
@@ -462,14 +463,11 @@ static const int mac_priority_normal[] = {
};
static const int mac_priority_suiteb128[] = {
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
GNUTLS_MAC_AEAD,
0
};
static const int mac_priority_suiteb192[] = {
- GNUTLS_MAC_SHA384,
GNUTLS_MAC_AEAD,
0
};
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-49-g5ff4a69,
Nikos Mavrogiannopoulos <=