certtool: default to yes on signing certificates for CAs
When asking the questions for CA certificate generation, default
to yes to signing certificates. This is because that's the most
common type of CAs generated and defaulting to yes eliminates
the need for restart on error.
Check for nettle_xts_encrypt_message() function rather than just
xts_encrypt_message(). All functions in nettle are renamed to contain
`nettle_` prefix.
Daiki Ueno [Wed, 19 Jun 2019 15:21:16 +0000 (17:21 +0200)]
pkcs11: ignore login error when traversing tokens
If a token is a general access device, it is expected that login
attempt to that token returns error:
https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852
On the other hand, _pkcs11_traverse_tokens treats the error as fatal
and stops iteration. This behavior prevents object search without
token specifier if such tokens are registered in the system.
Reported by Stanislav Zidek in
https://bugzilla.redhat.com/show_bug.cgi?id=1705478
ext/session_ticket: avoid calling memcpy on overlapping memory areas
In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated
from ticket_data->data, thus those memory areas may overlap. Using
memcpy here leads to undefined behavior.
Spotted by valgrind run on ppc64le.
==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160)
==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023)
==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139)
==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335)
==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249)
==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307)
==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511)
==95231== by 0x4110DEB: handshake_server (handshake.c:3331)
==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727)
==95231== by 0x10009EBF: retry_handshake (serv.c:1306)
==95231== by 0x1000AB67: tcp_server (serv.c:1500)
==95231== by 0x10009E5B: main (serv.c:1297)
==95231==
There were few infinite loop constructions which were checking
for an always true condition. Make sure that this construction
is marked explicitly as while(1) to assist static analysers, or
reviewers.
testcompat-openssl: added interop test with DTLS 1.2
This tests AES-CBC ciphersuites in isolation, as they are
prioritized lower than AES-GCM. We want to test them explicitly
because they have different behavior under EtM.
gnutls_session_get_desc: avoid printing a NULL value
When gnutls_session_set_premaster() is used (under openconnect),
it is possible that gnutls_session_get_desc will print a string like
this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
With this change we ensure that we do not print null values.
Daiki Ueno [Fri, 21 Jun 2019 13:49:26 +0000 (15:49 +0200)]
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
This adds a continuous random number generator test as defined in FIPS
140-2 4.9.2, by iteratively fetching fixed sized block from the system
and comparing consecutive blocks.
Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would be
We were not setting the third array member correctly, though
this didn't have any impact to previous implementations as they
did not rely on it. This also moves away from the custom implementation
of cpuid (which was limited), and we now rely on the compiler's
version.
GOST ciphersuites requires continuously computing MAC of all the
previously sent or received data. The easies way to support that is to
add support for copy function, that creates MAC instance with the same
internal state.
config: added ability to override and mark algorithms as disabled
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Daiki Ueno [Fri, 7 Jun 2019 13:10:36 +0000 (15:10 +0200)]
tlsfuzzer: use fixed HTTP response for record_size_limit tests
Previously those tests assumed varying sizes of connection information
gnutls-serv sends. This is too brittle and if the default algorithm
has changed the tests need to be updated.
Daiki Ueno [Fri, 7 Jun 2019 12:54:58 +0000 (14:54 +0200)]
gnutls-serv: add --httpdata option to respond with fixed sized data
By default, the gnutls-server --http responds with the connection
information. While this is useful for manual testing, fixed content
would be more desirable for automated testing.
Daiki Ueno [Fri, 7 Jun 2019 09:37:37 +0000 (11:37 +0200)]
gnutls-cli-debug: check if %ALLOW_SMALL_RECORDS is required
This adds a new test against the server to check if
%ALLOW_SMALL_RECORDS is required to continue communicating with the
server. The test is in two parts: one to check if the server accepts
records with the default size (512 bytes) and the other is to check if
%ALLOW_SMALL_RECORDS helps if the previuos test fails.
Daiki Ueno [Wed, 19 Jun 2019 12:36:31 +0000 (14:36 +0200)]
gnutls-serv: add --recordsize option
This adds a means to set maximum record size to receive. If the size
is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
also needs to be specified.
Ludovic Courtès [Wed, 12 Jun 2019 09:37:39 +0000 (11:37 +0200)]
guile: Add support for post-handshake reauthentication.
* guile/modules/gnutls/build/enums.scm (%connection-flag-enum): New
variable.
(%gnutls-enums): Add it.
* guile/modules/gnutls.in: Export 'reauthenticate',
'connection-flag->string', and all the 'connection-flag/' bindings.
* guile/src/core.c (scm_gnutls_make_session): Add rest arguments FLAGS
and honor it.
(scm_gnutls_reauthenticate): New function.
* guile/tests/reauth.scm: New file.
* guile/Makefile.am (TESTS): Add it.
Ludovic Courtès [Wed, 12 Jun 2019 09:32:19 +0000 (11:32 +0200)]
guile: Loop or poll upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
* guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while
'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
(read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise, and
return -1 if SCM_GNUTLS_SESSION_TRANSPORT_IS_FD and we got GNUTLS_E_AGAIN.
(session_record_port_fd) [!USING_GUILE_BEFORE_2_2]: New function.
(scm_init_gnutls_session_record_port_type) [!USING_GUILE_BEFORE_2_2]:
Call 'scm_set_port_read_wait_fd'.
Daiki Ueno [Wed, 12 Jun 2019 12:02:05 +0000 (14:02 +0200)]
fips: run selftests over overridden AES-CBC algorithm
Previously, we only tested nettle's AES-CBC in
_gnutls_fips_perform_self_checks1(), which is called before the
implementation is overridden. This adds an AES-CBC self-test in
_gnutls_fips_perform_self_checks2() so it can test the actual
implementation.
Ludovic Courtès [Thu, 6 Jun 2019 16:30:28 +0000 (18:30 +0200)]
guile: Deprecate OpenPGP bindings.
* guile/modules/gnutls.in (define-deprecated): New macro.
Use it for all the *openpgp* bindings.
* guile/src/core.c: Rename *openpgp* bindings with a '%' prefix.
gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
Previously this flag was ignored, although documented not to.
This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi
which were supposed to test this interface, but were never enabled.
projects / thirdparty / gnutls.git / log
