Daiki Ueno [Sun, 31 May 2020 11:59:53 +0000 (13:59 +0200)]
x509: trigger fallback verification path when cert is expired
gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
to trigger the fallback verification path if the signer of the last
certificate is not in the trust store. Previously, it doesn't take
into account of the condition where the certificate is expired.
Daiki Ueno [Sun, 31 May 2020 10:39:14 +0000 (12:39 +0200)]
_gnutls_pkcs11_verify_crt_status: check validity against system cert
To verify a certificate chain, this function replaces known
certificates with the ones in the system trust store if possible.
However, if it is found, the function checks the validity of the
original certificate rather than the certificate found in the trust
store. That reveals a problem in a scenario that (1) a certificate is
signed by multiple issuers and (2) one of the issuers' certificate has
expired and included in the input chain.
This patch makes it a little robuster by actually retrieving the
certificate from the trust store and perform check against it.
Daiki Ueno [Mon, 25 May 2020 16:37:51 +0000 (18:37 +0200)]
gnulib: update git submodule
This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
fread_file and read_file. This also adds the following changes to be
consistent with the latest changes in Gnulib:
- the callers of fread_file and read_file to be adjusted for the FLAGS
argument
- "attribute.h" needs to be used extensively
Steve Lhomme [Wed, 27 May 2020 21:13:43 +0000 (21:13 +0000)]
configure.ac: determine if the Vista APIs can be linked statically
If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
the build. We can assume that the minimum platform the code will run on is
Vista [1]
In that case there's no need to call API's (ncrypt) dynamically when it can be
done statically.
Dmitry Baryshkov [Tue, 26 May 2020 10:12:24 +0000 (13:12 +0300)]
tests: build datefudge-check during make all
Most of the tests depend on datefudge-check. Let's make it during 'make
all' stage to allow running individual tests w/o requiring to build it
separately.
Dmitry Baryshkov [Thu, 14 May 2020 02:54:58 +0000 (05:54 +0300)]
build: vendor in libtasn1 code
Instead of keeping the minitasn1 source in Git, vendor in it during
bootstrap as we do with Nettle code. This also upgrades included
minitasn1 to latest version (4.16.0).
Steve Lhomme [Tue, 19 May 2020 14:23:40 +0000 (16:23 +0200)]
win32: link with crypt32
Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
To properly link it needs to be linked with the crypt32.dll.
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
This library was missing from the pkg-config library. It exists in
thirdparty_libadd to link gnutls as a DLL.
Daiki Ueno [Tue, 19 May 2020 14:18:39 +0000 (16:18 +0200)]
fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro
The macro was intended to avoid non-recoverable errors during library
initialization, but the code path has been removed in commit 3963518d067a64412bbe0aa9ce5fc33ae729c15f.
Daiki Ueno [Mon, 18 May 2020 10:25:42 +0000 (12:25 +0200)]
fips: make FIPS140-2 mode enablement logic simpler
Previously, to enable the FIPS140-2 mode, both /etc/system-fips and
the fips=1 kernel command line need to be set. While this was
designed to be consistent, the convention is not well followed by the
other crypto libraries and the former tends to be ignored. This
aligns the behavior to the latter, i.e. if fips=1 is set, the library
enables the FIPS140-2 mode regardless of the existence of
/etc/system-fips.
gnutls-cli: Add option to wait for resumption data
This introduces the --waitresumption command line option which makes the
client to wait for the resumption data until a ticket is received under
TLS1.3. The client will block if no ticket is received. The new option
has no effect if the option --resume is not provided.
This is useful to force the client to wait for the resumption data when
the server takes long to send the ticket, allowing the session
resumption to be tested. This is a common scenario in CI systems where
the testing machines have limited resources.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Daiki Ueno [Fri, 16 Aug 2019 15:01:05 +0000 (17:01 +0200)]
nettle: disable RSA blinding in FIPS selftests
Nettle's RSA signing, encryption and decryption functions still
require randomness for blinding, so fallback to use a fixed buffer in
selftests where entropy might not be available.
nettle: expose SIV-CMAC through the AEAD interface
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Given the fixed version of the function will be part of Nettle 3.6,
use pkg-config --atleast-version instead of a manually comparison of
the Nettle version.
Do not include gmp.h header, <nettle/bignum.h> conflicts with it in
mini-gmp configuration and includes this header on it's own in
non-mini-gmp config.
doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
For RSA-PSS, this flag alone doens't fully enable reproducible
signatures and the user needs to indicate the fact that a zero-length
salt is used through SPKI upon verification.
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Nettle's poly1305 code ended up with internal symbol _poly1305_block in
public header. This causes issues on Nettle version changes. Since those
symbols are going to become nettle-internal, vendor in relevant source
file.
xts: check key blocks according to FIPS-140-2 IG A.9
The implementation guidance suggests that a check of key1 != key2
should be done at any place before the keys are used:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
Daiki Ueno [Mon, 30 Mar 2020 09:27:40 +0000 (11:27 +0200)]
handshake-tls13: add session flag to disable sending session tickets
While GnuTLS by default implicitly sends NewSessionTicket during
handshake, application protocols like QUIC set a clear boundary
between "in handshake" and "post handshake", and NST must be sent in
the post handshake state.
Daiki Ueno [Tue, 31 Mar 2020 04:58:48 +0000 (06:58 +0200)]
build: use valgrind client request to detect undefined memory use
This tightens the check introduced in ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
projects / thirdparty / gnutls.git / log
