** API and ABI modifications:
gnutls_session_get_id2: Added
++gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added
+
* Version 3.1.3 (released 2012-10-12)
** libgnutls: Added support for the OCSP Certificate Status
/* Functions for digests. */
const char *_gnutls_x509_digest_to_oid (gnutls_digest_algorithm_t algorithm);
const char *_gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm);
+int _gnutls_digest_is_secure (gnutls_digest_algorithm_t algorithm);
/* Functions for cipher suites. */
int _gnutls_supported_ciphersuites (gnutls_session_t session,
gnutls_mac_algorithm_t id;
size_t key_size; /* in case of mac */
unsigned placeholder; /* if set, then not a real MAC */
+ unsigned secure; /* if set the this algorithm is secure as hash */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
static const gnutls_hash_entry hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0},
- {0, 0, 0, 0}
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0, 1},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0, 0},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0, 1},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0, 1},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0, 1},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0, 1},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1, 1},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0, 1},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0},
+ {0, 0, 0, 0, 0}
};
ret = 1;
return ret;
}
+
+int
+_gnutls_digest_is_secure (gnutls_digest_algorithm_t algo)
+{
+ ssize_t ret = 0;
+ gnutls_mac_algorithm_t algorithm = algo;
+
+ GNUTLS_HASH_ALG_LOOP (ret = p->secure);
+
+ return ret;
+}
static const gnutls_sign_entry sign_algorithms[] = {
{"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA1, {2, 1}},
+ GNUTLS_DIG_SHA1, {2, 1}},
{"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA224, {3, 1}},
+ GNUTLS_DIG_SHA224, {3, 1}},
{"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA256, {4, 1}},
+ GNUTLS_DIG_SHA256, {4, 1}},
{"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA384, {5, 1}},
+ GNUTLS_DIG_SHA384, {5, 1}},
{"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA512, {6, 1}},
+ GNUTLS_DIG_SHA512, {6, 1}},
{"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
- GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN},
+ GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
{"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_MAC_SHA1, {2, 2}},
+ GNUTLS_DIG_SHA1, {2, 2}},
{"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA,
- GNUTLS_MAC_SHA224, {3, 2}},
+ GNUTLS_DIG_SHA224, {3, 2}},
{"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA,
- GNUTLS_MAC_SHA256, {4, 2}},
+ GNUTLS_DIG_SHA256, {4, 2}},
{"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_MAC_MD5, {1, 1}},
+ GNUTLS_DIG_MD5, {1, 1}},
{"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
- GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN},
- {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_MAC_SHA1, {2, 3}},
- {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_MAC_SHA224, {3, 3}},
- {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_MAC_SHA256, {4, 3}},
- {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_MAC_SHA384, {5, 3}},
- {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_MAC_SHA512, {6, 3}},
+ GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
+ {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
+ {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
+ {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
+ {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
{"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
TLS_SIGN_AID_UNKNOWN},
{"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
return ret;
}
+/**
+ * gnutls_sign_is_secure:
+ * @algorithm: is a sign algorithm
+ *
+ * Returns: Non-zero if the provided signature algorithm is considered to be secure.
+ **/
+int
+gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
+{
+ gnutls_sign_algorithm_t sign = algorithm;
+ gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP (dig = p->mac);
+
+ if (dig != GNUTLS_DIG_UNKNOWN)
+ return _gnutls_digest_is_secure(dig);
+
+ return 0;
+}
+
/**
* gnutls_sign_list:
*
type);
const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
+
+ int gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm);
gnutls_digest_algorithm_t
gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign);
gnutls_pk_algorithm_t
gnutls_srtp_get_mki;
gnutls_srtp_set_mki;
gnutls_ocsp_status_request_is_checked;
+ gnutls_sign_is_secure;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
int ret;
char local_file[MAX_FILENAME];
- if (hash_algo == GNUTLS_DIG_MD5 || hash_algo == GNUTLS_DIG_MD2)
+ if (_gnutls_digest_is_secure(hash_algo) == 0)
return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
if (_gnutls_hash_get_algo_len(hash_algo) != hash->size)
name = _("unknown");
addf (str, _("\tSignature Algorithm: %s\n"), name);
}
- if (ret == GNUTLS_SIGN_RSA_MD5 || ret == GNUTLS_SIGN_RSA_MD2)
+ if (gnutls_sign_is_secure(ret) == 0)
{
adds (str, _("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
name = _("unknown");
addf (str, _("\tSignature Algorithm: %s\n"), name);
}
- if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ if (gnutls_sign_is_secure(err) == 0)
{
adds (str, _("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
const char *name = gnutls_sign_algorithm_get_name (err);
if (name == NULL)
name = _("unknown");
- if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ if (gnutls_sign_is_secure(err) == 0)
addf (str, _("signed using %s (broken!), "), name);
else
addf (str, _("signed using %s, "), name);
name = _("unknown");
addf (str, _("\tSignature Algorithm: %s\n"), name);
}
- if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ if (gnutls_sign_is_secure(err) == 0)
{
adds (str, _("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
return 0;
}
+static
+int is_broken_allowed( gnutls_sign_algorithm_t sig, unsigned int flags)
+{
+ if ((sig == GNUTLS_SIGN_RSA_MD2) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2))
+ return 1;
+ if ((sig == GNUTLS_SIGN_RSA_MD5) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))
+ return 1;
+ return 0;
+}
+
/*
* Verifies the given certificate again a certificate list of
* trusted CAs.
sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
- if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
+ if (gnutls_sign_is_secure(sigalg) == 0 && is_broken_allowed(sigalg, flags) == 0)
{
out = GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
if (output)
if (verify_status != chains[i].expected_verify_result)
{
- fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name,
- verify_status, chains[i].expected_verify_result);
+ gnutls_datum_t out1, out2;
+ gnutls_certificate_verification_status_print(verify_status, GNUTLS_CRT_X509, &out1, 0);
+ gnutls_certificate_verification_status_print(chains[i].expected_verify_result, GNUTLS_CRT_X509, &out2, 0);
+ fail ("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name,
+ verify_status, out1.data, chains[i].expected_verify_result, out2.data);
+ gnutls_free(out1.data);
+ gnutls_free(out2.data);
#if 0
j = 0;