From: Nikos Mavrogiannopoulos Date: Tue, 2 Jun 2015 14:31:49 +0000 (+0200) Subject: use the same flags in all verification functions X-Git-Tag: gnutls_3_4_2~37 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0422a67eb0935e1dd96d602445ee179ef9dd993d;p=thirdparty%2Fgnutls.git use the same flags in all verification functions --- diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index ce5aaf796e..6e3fe0cc99 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -387,6 +387,8 @@ static const gnutls_error_entry non_fatal_error_entries[] = { ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED), ERROR_ENTRY(N_("Rehandshake was requested by the peer."), GNUTLS_E_REHANDSHAKE), + ERROR_ENTRY(N_("One of the involved algorithms has insufficient security level."), + GNUTLS_E_INSUFFICIENT_SECURITY), {NULL, NULL, 0} }; diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 6c7a3905fe..74a9802b15 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -1581,11 +1581,13 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, } +#define OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA 1 + /** * gnutls_pubkey_verify_data2: * @pubkey: Holds the public key * @algo: The signature algorithm used - * @flags: Zero or one of %gnutls_pubkey_flags_t + * @flags: Zero or an OR list of #gnutls_certificate_verify_flags * @data: holds the signed data * @signature: contains the signature * @@ -1593,7 +1595,9 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, * parameters from the certificate. * * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED - * is returned, and zero or positive code on success. + * is returned, and zero or positive code on success. For known to be insecure + * signatures this function will return %GNUTLS_E_INSUFFICIENT_SECURITY unless + * the flag %GNUTLS_VERIFY_ALLOW_BROKEN is specified. * * Since: 3.0 **/ @@ -1612,7 +1616,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, return GNUTLS_E_INVALID_REQUEST; } - if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) + if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); me = hash_to_entry(gnutls_sign_get_hash_algorithm(algo)); @@ -1623,6 +1627,13 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, data, signature, &pubkey->params); if (ret < 0) { gnutls_assert(); + return ret; + } + + if (!(flags & GNUTLS_VERIFY_ALLOW_BROKEN)) { + if (gnutls_sign_is_secure(algo) == 0) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); + } } return ret; @@ -1632,7 +1643,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, * gnutls_pubkey_verify_hash2: * @key: Holds the public key * @algo: The signature algorithm used - * @flags: Zero or one of %gnutls_pubkey_flags_t + * @flags: Zero or an OR list of #gnutls_certificate_verify_flags * @hash: holds the hash digest to be verified * @signature: contains the signature * @@ -1660,7 +1671,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) { + if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { return _gnutls_pk_verify(GNUTLS_PK_RSA, hash, signature, &key->params); } else { diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 44123ec2ab..c915d7a035 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -40,8 +40,6 @@ extern "C" { #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA /** * gnutls_pubkey_flags: - * @GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA: This indicates that a (raw) RSA signature is provided - * as in the TLS 1.0 protocol. * @GNUTLS_PUBKEY_DISABLE_CALLBACKS: The following flag disables call to PIN callbacks. Only * relevant to TPM keys. * @GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT: request an OPENPGP fingerprint instead of the default. @@ -49,11 +47,12 @@ extern "C" { * Enumeration of different certificate import flags. */ typedef enum gnutls_pubkey_flags { - GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1, GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2, GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3 } gnutls_pubkey_flags_t; +#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA GNUTLS_VERIFY_USE_TLS1_RSA + typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, void *userdata, const gnutls_datum_t * diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 49c4805add..4dd54eeff9 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2452,6 +2452,7 @@ int gnutls_fips140_mode_enabled(void); #define GNUTLS_E_BAD_COOKIE -214 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216 +#define GNUTLS_E_INSUFFICIENT_SECURITY -217 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293 diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 84d3601ca6..73b98e85a9 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -802,6 +802,8 @@ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * using the broken MD2 algorithm. * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * using the broken MD5 algorithm. + * @GNUTLS_VERIFY_ALLOW_BROKEN: Allow certificates to be signed + * using any broken algorithm. * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * and expiration validity periods of certificate chains. Don't set * this unless you understand the security implications. @@ -809,6 +811,8 @@ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * using certificate revocation lists or the available OCSP data. * @GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: When including a hostname * check in the verification, do not consider any wildcards. + * @GNUTLS_VERIFY_USE_TLS1_RSA: This indicates that a (raw) RSA signature is provided + * as in the TLS 1.0 protocol. Not all functions accept this flag. * * Enumeration of different certificate verify flags. Additional * verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS() @@ -827,9 +831,12 @@ typedef enum gnutls_certificate_verify_flags { GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS = 1 << 12, + GNUTLS_VERIFY_USE_TLS1_RSA = 1 << 13 /* cannot exceed 2^24 due to GNUTLS_PROFILE_TO_VFLAGS() */ } gnutls_certificate_verify_flags; +#define GNUTLS_VERIFY_ALLOW_BROKEN (GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2|GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) + /** * gnutls_certificate_verification_profiles_t: * @GNUTLS_PROFILE_VERY_WEAK: A verification profile that diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 55cd7bd799..be4f3b8a2e 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -768,7 +768,7 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, * @signer: the certificate believe to have signed the structure * @idx: the index of the signature info to check * @data: The data to be verified or %NULL - * @flags: Should be zero + * @flags: Zero or an OR list of #gnutls_certificate_verify_flags * * This function will verify the provided data against the signature * present in the SignedData of the PKCS #7 structure. If the data @@ -817,7 +817,7 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, return gnutls_assert_val(ret); } - ret = gnutls_x509_crt_verify_data2(signer, info.algo, 0, &sigdata, &info.sig); + ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); if (ret < 0) { gnutls_assert(); } @@ -970,7 +970,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, * @vdata_size: the number of data elements * @idx: the index of the signature info to check * @data: The data to be verified or %NULL - * @flags: Should be zero + * @flags: Zero or an OR list of #gnutls_certificate_verify_flags * * This function will verify the provided data against the signature * present in the SignedData of the PKCS #7 structure. If the data @@ -1025,7 +1025,7 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, signer = find_signer(pkcs7, tl, vdata, vdata_size, &info); if (signer) { - ret = gnutls_x509_crt_verify_data2(signer, info.algo, 0, &sigdata, &info.sig); + ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, &info.sig); if (ret < 0) { gnutls_assert(); } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index b16f56cad7..aac2b2630c 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3815,7 +3815,7 @@ gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, * gnutls_x509_crt_verify_data2: * @crt: Holds the certificate to verify with * @algo: The signature algorithm used - * @flags: Must be zero + * @flags: Zero or an OR list of #gnutls_certificate_verify_flags * @data: holds the signed data * @signature: contains the signature *