Daiki Ueno [Thu, 6 May 2021 10:41:40 +0000 (12:41 +0200)]
priority: support allowlisting in configuration file
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Daiki Ueno [Wed, 24 Nov 2021 17:44:13 +0000 (18:44 +0100)]
build: update to use the latest valgrind-tests module from Gnulib
This adjust the existing valgrind invocations in the test suite with:
https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-options.html
- make --suppressions option to per directory, using AM_VALGRINDFLAGS
- use LOG_VALGRIND for LOG_COMPILER
- quote '$(LOG_VALGRIND)' in TESTS_ENVIRONMENT
- move gl_VALGRIND_TESTS_DEFAULT_NO call before gl_INIT
Daiki Ueno [Wed, 5 May 2021 14:27:55 +0000 (16:27 +0200)]
priority: refactor config file parsing
This adds the following refactoring:
- avoid side-effects during parsing the config file, by separating
application phase; the parsed configuration can be applied globally
with cfg_apply, after validation
- make _gnutls_*_mark_{disabled,insecure} take an ID instead of the
name
Daiki Ueno [Sun, 14 Nov 2021 13:57:15 +0000 (14:57 +0100)]
locks: use once execution for on-demand initialization of globals
This makes sure that the global variables are initialized only once.
Most of those variables are initialized at ELF constructor, though a
couple of occasions they are initialized on-demand: the global keylog
file pointer and TPM2 TCTI context. To properly protect the
initialization this patch uses gl_once provided by Gnulib.
`$abs_top_builddir` has been used all across tests' subdirectories
(through tests/scripts/common.sh)
but has only been defined for tests/suite/ ones.
Defining it in other Makefiles where `top_builddir` is being passed.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Daiki Ueno [Sat, 30 Oct 2021 15:17:47 +0000 (17:17 +0200)]
priority: rework config reloading logic and locking
The previous reloading logic relied on the existence of [priority]
section (in the initial loading) as an indicator whether the file is
loaded. This didn't work well in the following cases:
- when the section didn't exist initially and then is added later
- when the section existed initially and then is removed later
To handle these cases, this change adds a new flag
system_priority_file_loaded which can be used together with the mtime
check.
This also adds an rwlock to protect global configuration.
Daiki Ueno [Thu, 28 Oct 2021 16:55:26 +0000 (18:55 +0200)]
priority: fix potential race in reloading system-wide config
_gnutls_update_system_priorities is called from gnutls_priority_set*
functions every time when the SYSTEM keyword is used and updates a
global variable system_wide_priority_strings if the configuration
changes. Although the critical path is protected with mtime check, it
should also hold a lock to avoid occasional race condition in
multi-thread programs. This also clears
system_wide_priority_strings_init upon unloading and before reloading
the config file (thanks to Alexander Sosedkin).
Hedgehog5040 [Fri, 14 May 2021 13:56:06 +0000 (15:56 +0200)]
ktls: basic implementation of SW mode
ktls enables us to offload encryption/decryption to the kernel
prerequisites:
- configured with `--enable-ktls`
- tls module `modprobe tls` check with 'lsmod | grep tls'
- per connection:
gnutls_transport_set_int{2} must be set
When prerequisities are met then ktls is used by default.
If GnuTLS encounters a error during KTLS initialization, it will
not use ktls and fallback to userspace.
Daiki Ueno [Mon, 18 Oct 2021 09:49:46 +0000 (11:49 +0200)]
devel: move .abi files into a separate repository
Changes to the .abi files are a bit too noisy to track in the main
repository. This moves the files out of this repository and embed it
as a git submodule.
Steve Lhomme [Thu, 23 Sep 2021 07:03:50 +0000 (09:03 +0200)]
fix mingw64 detection
__MINGW64__ is only defined for 64 bits builds of mingw64 [1].
The intended test what to only use the CertEnumCRLsInStoreFunc via LoadLibrary
for some ancient mingw32 build and never for mingw64.
__MINGW64_VERSION_MAJOR is a proper define to identify mingw64 against mingw32.
This adds SHAKE-128, SHAKE-256, and RIPEMD-160 to the supported
algorithms by nettle. While SHAKEs are not a hash algorithm but an
XOF, it would be consistent to report they are implemented.
The simple test is expanded to exercise the code
path (gnutls_digest_get_id → wrap_nettle_hash_exists).
This fixes an ASAN warning in fuzz/gnutls_private_key_parser_fuzzer
when run against the malformed private key
fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
_gnutls_x509_read_ecdh_pubkey is basically a clone of
_gnutls_x509_read_eddsa_pubkey. Another form of implementation
would be to collapse these two static functions into a common
function for all "CFRG" curves.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
x509: enable importing secret keys for X448 and X25519.
_decode_pkcs8_modern_ecdh_key is virtually the same as
_decode_pkcs8_eddsa_key. Another implementation would be
to collapse these two functions into one, since their structure
is identical.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
The output function called sha512_digest() instead of sha384_digest(),
which caused the hash context to be reinitialized for SHA512 instead of
SHA384 and all following digests using the hash handle were wrong.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
This makes the locking logic per port, not per entire make process.
It also makes use of absolute paths for locking directory, so that
tlsfuzzer tests can use it.
tests/tls13/post-handshake-with-cert: avoid a race condition
A server tries to close connection and kill the client after reauth.
Client, in turn, attempts to send data in some cases.
This patch makes the server wait for the client to terminate first.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Nick Child [Wed, 25 Aug 2021 19:13:07 +0000 (15:13 -0400)]
INSTALL.md: Update documentation on building static library [skip ci]
As of commit a88eb79d88c53531c49d7cedfce2207f36ac8a9d, building a
static archive (libgnutls.a) is off by default. This commit updates the
documentation for building a static library in INSTALL.md .
Simon South [Sun, 22 Aug 2021 06:40:14 +0000 (08:40 +0200)]
guile: Add binding for 'gnutls_x509_crt_get_fingerprint'.
* guile/src/core.c (MAX_HASH_SIZE): New constant.
(scm_gnutls_x509_certificate_fingerprint): New function.
* guile/modules/gnutls.in: Export 'x509-certificate-fingerprint'.
* guile/tests/x509-certificates.scm: Test 'x509-certificate-fingerprint'.
(%sha1-fingerprint): New constant.
(u8vector->hex-string): New procedure.
Craig Gallek [Wed, 11 Aug 2021 16:54:37 +0000 (12:54 -0400)]
x509: pin/password callback support for openssl encrypted private keys
This attempts to use the registered pin callback when the password for
an encrypted openssl private key is not supplied. This matches the
functionality for PKCS8 sealed keys above and is similar to what openssl
does in this situation.
Daiki Ueno [Mon, 2 Aug 2021 16:32:28 +0000 (18:32 +0200)]
pk: add flags to force RSA-PSS salt length to match digest length
This adds a couple of flags to RSA-PSS signing and verification, to
enforce that the salt length matches the digest length. That is not
only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
1.3 context.
Previously, we restricted RSA modulus size to be either 2048 or 3072
bits in FIPS mode, following FIPS 186-4. On the other hand, FIPS
140-2 IG A.14 and FIPS 140-3 IG C.F updates it to allow arbitrary
modulus sizes equal to or larger than 2048 bits under certain
conditions.
This change reflects the guidance, though it only allows known sizes
due to the complexity of calculating the approximate security strength
using the formula in FIPS 140-2 IG 7.5.
Suggested-by: Stephan Mueller Reviewed-by: Stephan Mueller Signed-off-by: Daiki Ueno <ueno@gnu.org>
projects / thirdparty / gnutls.git / log
