Daiki Ueno [Thu, 8 Feb 2024 06:32:37 +0000 (15:32 +0900)]
spki: support RSA-OAEP parameters
This adds a new API gnutls_x509_spki_{get,set}_rsa_oaep_params to
retrieve and store RSA-OAEP parameters embedded in
SubjectPublicKeyInfo.
As RSA-OAEP labels are allocated, this also adds copy and clear method
on the gnutls_x509_spki_st struct and use them extensively instead of
memcpy and memset.
Daiki Ueno [Wed, 10 Jan 2024 10:13:17 +0000 (19:13 +0900)]
rsa-psk: minimize branching after decryption
This moves any non-trivial code between gnutls_privkey_decrypt_data2
and the function return in _gnutls_proc_rsa_psk_client_kx up until the
decryption. This also avoids an extra memcpy to session->key.key.
Daiki Ueno [Thu, 11 Jan 2024 06:45:11 +0000 (15:45 +0900)]
x509: detect loop in certificate chain
There can be a loop in a certificate chain, when multiple CA
certificates are cross-signed with each other, such as A → B, B → C,
and C → A. Previously, the verification logic was not capable of
handling this scenario while sorting the certificates in the chain in
_gnutls_sort_clist, resulting in an assertion failure. This patch
properly detects such loop and aborts further processing in a graceful
manner.
Clemens Lang [Fri, 12 Jan 2024 10:12:14 +0000 (11:12 +0100)]
fips: Zeroize temporary values
The standard says "temporary value(s) generated during the integrity
test of the module's software […] shall be zeroised from the module upon
completion of the integrity test".
That includes the computed HMAC value, which is currently not zeroized
after the test. Add explicit calls to gnutls_memset() to fix that.
Clemens Lang [Fri, 12 Jan 2024 10:32:22 +0000 (11:32 +0100)]
.gitlab-ci.yml: Adjust to Alpine Linux' clang-format path change
According to Alpine Linux' package database search functionality, the
clang16-extra-tools package now installs clang-format in
/usr/lib/llvm16/bin/clang-format.
/usr/bin/clang-format is provided by clang17-extra-tools instead, but
requires changes in formatting. Add /usr/lib/llvm16/bin to PATH for the
formatting script to continue using the previous version.
Daiki Ueno [Mon, 1 Jan 2024 05:26:08 +0000 (14:26 +0900)]
tests/pkcs11-tool.sh: skip if neither p11tool nor certool is built
When compiled with --disable-tools, we can't assume p11tool and
certool are available. This also switches to using create_testdir and
locate any intermediate files under a temporary directory which is
cleaned up at exit.
Daiki Ueno [Fri, 10 Nov 2023 06:49:53 +0000 (15:49 +0900)]
ktls: check Linux kernel version at run time
When a GnuTLS application runs in a container guest and the host
kernel is older than expected, it fails at initializing KTLS. This
adds a check at run time, using uname.
Daiki Ueno [Thu, 9 Nov 2023 08:17:36 +0000 (17:17 +0900)]
x509: clarify the calling convention of AIA callbacks
This updates the documentation of
gnutls_x509_trust_list_set_getissuer_function to explicitly mention
that the callback shall initialize the output arguments upon
successful call, even if the result is empty.
Daiki Ueno [Thu, 9 Nov 2023 04:33:13 +0000 (13:33 +0900)]
cli: fix --ca-auto-retrieve crash when no caIssuer is present in AIA
Previously, when caIssuer URI is not present in the certificate's AIA
extension, the callback successfully returned 0, but didn't initialize
the output arguments, resulting in a segmentation fault in the caller.
Daiki Ueno [Fri, 13 Oct 2023 08:36:57 +0000 (17:36 +0900)]
cli: add --starttls-name option
Some deployment of application protocols, such as XMPP, require a
different hostname than the host being connected. This adds a new
option, --starttls-name, to gnutls-cli to specify it separately.
Daiki Ueno [Sat, 7 Oct 2023 08:17:39 +0000 (17:17 +0900)]
devel: add script to fix header inclusion
This adds check-headers.sh script which scans .c files and checks that
local header files under lib/ are consistently included with #include
"foo.h" instead of #include <foo.h>.
This adds support for Ed448 keys backed by PKCS#11. To differentiate
Ed448 keys from Ed25519 keys, this requires an extra logic to check
CKA_EC_PARAMS when reading public keys.
Previouly we used the CKM_EDDSA mechanism to generate key pair, though
the mechanism can only be used for signing and verification as
specified in PKCS#11 3.1 section 6.3. For key generation, the
CKM_EC_EDWARDS_KEY_PAIR_GEN mechanism (or
CKM_EC_MONTGOMERY_KEY_PAIR_GEN, if the point is represented in the
Montgomery form) needs to be used.
This adds gnutls_pubkey_export_dh_raw, a public key counterpart of
gnutls_privkey_export_dh_raw. This also replaces the P, Q, G
parameters with gnutls_dh_params_t in the function signatures to avoid
unnecessary serialization of bignums.
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV_GCM
and GNUTLS_CIPHER_AES_256_SIV_GCM, exposing nettle_siv_gcm_aes{128,256}*
functions.
This imports SIV-GCM implementation from Nettle 3.9.1, while still
assuming Nettle 3.6 as the baseline. As such, only non-optimized
implementation is imported. Performance critical applications are
advised to build GnuTLS with Nettle 3.9.1 or later.
This adds a new function gnutls_privkey_derive_secret, which can be
used in conjunction with the other key import or key generation API to
calculate shared secret.
Key import can be done with gnutls_{pubkey,privkey}_import_ecc_raw for
ECDH and gnutls_{pubkey,privkey}_import_dh_raw for FFDH, while key
generation could be done with gnutls_privkey_generate2 with respective
algorithms (e.g., GNUTLS_PK_ECDH_X25519) and key generation parameters
in gnutls_keygen_data_st format.
Daiki Ueno [Thu, 31 Aug 2023 04:55:58 +0000 (13:55 +0900)]
abstract, x509: add functions to import and export DH keys
This adds a couple of functions to import and export Diffie-Hellman
private keys. While it shares the structure as DSA, it differs in q
parameter which is optional in Diffie-Hellman and the algorithm
ID: GNUTLS_PK_DH vs GNUTLS_PK_DSA.
```c
size_t siz = prime->size;
if (_gnutls_mpi_init_scan_nz(&tmp_prime, prime->data, siz)) {
...
}
```
was previously written as:
```c
size_t siz = prime->size;
if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, &siz))
...
}
```
Now that _gnutls_mpi_init_scan_nz takes an immediate integer instead
of a pointer, we don't need to account for the integere size and thus
no conversion should be necessary.
Daiki Ueno [Thu, 31 Aug 2023 00:21:23 +0000 (09:21 +0900)]
gnutls_privkey_generate2: accept DH parameters
This adds a new GNUTLS_KEYGEN_DH type for gnutls_keygen_data_st, so
gnutls_privkey_generate2 can use pre-generated DH parameters instead
of newly generated ones.
Daiki Ueno [Mon, 28 Aug 2023 06:47:04 +0000 (15:47 +0900)]
tests: ignore SIGPIPE in forking tests if the parent is TLS client
If the tests are forking and the parent process is a client, care must
be taken to handle SIGPIPE reported by the child process (server) when
the client closes the connection.
This hadn't been exposed until commit dd79ac9bcf90012e090726adf7c1940bcce8333f, thanks to the fact that the
parent process kept the other pipe end which effectively prevented a
"broken pipe".
Daiki Ueno [Wed, 23 Aug 2023 01:43:54 +0000 (10:43 +0900)]
benchmark: use fallback gettime provided by Gnulib's timespec module
If CLOCK_PROCESS_CPUTIME_ID is not defined, a fallback gettime
function was defined as an inline function. Given that "timespec.h"
from Gnulib already defines such a fallback function with the same
name, it's not necessary to redefine it. This should fix the build
issue with Clang:
In file included from ../../gnutls-3.8.1/src/cli.c:65:
../../gnutls-3.8.1/src/benchmark.h:38:20: error: static declaration of 'gettime' follows non-static declaration
inline static void gettime(struct timespec *ts)
^
../../gnutls-3.8.1/src/gl/timespec.h:93:6: note: previous declaration is here
void gettime (struct timespec *) _GL_ARG_NONNULL ((1));
^
Sam James [Mon, 7 Aug 2023 07:23:50 +0000 (08:23 +0100)]
configure.ac: Avoid noise when faketime is not available
We already checked for whether faketime is installed, so don't try to call it
if we couldn't find a path to it.
This avoids noise like:
```
checking for faketime... no
checking for datefudge... no
checking whether faketime program works... 1691391464
/var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: 2006-09-23 00:00:00: command not found
/var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: test: =: unary operator expected
no
```
Bug: https://bugs.gentoo.org/911833 Signed-off-by: Sam James <sam@gentoo.org>
projects / thirdparty / gnutls.git / log
