Daiki Ueno [Fri, 5 Mar 2021 11:08:25 +0000 (12:08 +0100)]
gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too
The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of
gnutls/gnutls!1370) didn't cover the case where the trust store is
backed by PKCS #11, because it used _gnutls_trust_list_get_issuer,
which only works with file based trust store.
This patch replaces the call with more generic
gnutls_x509_trust_list_get_issuer so it also works with other trust
store implementations.
Steffen Jaeckel [Thu, 4 Mar 2021 15:44:21 +0000 (16:44 +0100)]
output UTF-8 decoded id-on-xmppAddr SAN's
tls_x509_crt_get_subject_alt_name()` makes a promise [1] "If an
otherName OID is known, the data will be decoded. ... RFC 3920
id-on-xmppAddr SAN is recognized." which it didn't hold.
Before this patch the output was still in DER format, e.g. for a
id-on-xmppAddr which is always UTF-8 (0x0c): `0x0c <len> <xmppAddr>`
This patch fixes the issue and now it returns the decoded string.
JonasZhou [Thu, 25 Feb 2021 07:48:36 +0000 (15:48 +0800)]
padlock:add support for AES-192-CBC
Padlock code misses support for AES-192. Extend it to support AES-192.
Due to poor performance of padlock-aes-xxx-gcm, only padlock-aes-192-cbc
is added.
Daiki Ueno [Sat, 30 Jan 2021 08:25:06 +0000 (09:25 +0100)]
nettle: check lib state early to cope with synthesized error
tests/x509sign-verify-error.c calls _gnutls_lib_simulate_error before
the actual private key operations. That previously resulted in
infloop / conditional jump depending on uninitialized data, because
the random function (gnutls_rnd) was not able to feed sufficient
randomness in that case.
Ondrej Moris [Fri, 30 Oct 2020 19:43:56 +0000 (20:43 +0100)]
fips: replace fipshmac usage with internal program
This introduces a non-installed program "fipshmac" and uses it for
generating HMAC files required in FIPS 140-2. The generated files are
installed along with the main library.
Resolves issues #1101.
Signed-off-by: Ondrej Moris <omoris@redhat.com> Co-authored-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Tue, 16 Feb 2021 06:51:10 +0000 (07:51 +0100)]
gnutlsxx: dh_params, rsa_params: actually assign values in operator=
The previous implementation assigned the value to a temporary variable
and then return it without assigning it to 'this'. That is not only
contradictory to user's expectation but also cppcheck treats it as a
logic error.
Andreas Metzler [Tue, 9 Feb 2021 13:16:54 +0000 (14:16 +0100)]
Fix test error with nettle in non-default location
Move #include <nettle/memxor.h> from gnutls_int.h to lib/cipher.c, drop
now superfluous NETTLE_CFLAGS from CPPFLAGS of multiple tests #including
gnutls_int.h.
Daiki Ueno [Tue, 9 Feb 2021 14:26:07 +0000 (15:26 +0100)]
tests/gnutls-cli-debug.sh: don't unset system priority settings
When the test is exercised, GNUTLS_SYSTEM_PRIORITY_FILE is set in many
places, such as TESTS_ENVIRONMENT tests/Makefile.am or a packaging
system that runs the test in a restricted environment. Unsetting it
after a temporary use forces the remaining part of the test to use the
default system priority, which might not be the intention of the user.
The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
regression, where duplicate certificates in a certificate chain are no
longer ignored but treated as a non-contiguous segment and that
results in calling the issuer callback, or a verification failure.
This adds a mechanism to record certificates already seen in the
chain, and skip them while still allow the caller to inject missing
certificates.
Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Andreas Metzler <ametzler@debian.org>
Daiki Ueno [Sun, 24 Jan 2021 06:34:24 +0000 (07:34 +0100)]
handshake: TLS 1.3: don't generate session ID in resumption mode
The commit e0bb98e1f71f94691f600839ff748d3a9f469d3e revealed that the
previous code always generated session ID in the TLS 1.3 middlebox
compatibility mode even when the handshake is being resumed.
This could cause a difference in PSK binder calculation if the server
sends an HRR in the resumption handshake.
Daiki Ueno [Wed, 3 Feb 2021 14:50:08 +0000 (15:50 +0100)]
gnutls_session_is_resumed: don't check session ID in TLS 1.3
In middlebox compatibiltiy mode, TLS 1.3 client simulates the TLS 1.2
resumption handshake, so checking session ID for resumption is
pointless. This worked previously because the client always generated
new random value even in a true resumption handshake, but didn't
update the session parameters properly.
Previously, the test used to launch multiple tests in background and
then join them using shell primitives. That approach makes the test
slower as it cannot benefit from the automake's parallel test harness,
as well as it makes diagnostic harder because the lines in the log
file mix up.
Previously, the test used to launch multiple tests in background and
then join them using shell primitives. That approach makes the test
slower as it cannot benefit from the automake's parallel test harness,
as well as it makes diagnostic harder because the lines in the log
file mix up.
Daiki Ueno [Fri, 22 Jan 2021 13:37:47 +0000 (14:37 +0100)]
fips: avoid memleak in (EC)DH internal APIs
There were some confusions of gnutls_pk_params_clear and
gnutls_pk_params_release, as well as the number of parameters to scan
in the gnutls_pk_params_st structure.
Flagged by address sanitizer:
==354688==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 192 byte(s) in 12 object(s) allocated from:
#0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
#1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
#2 0x7ffcb8495f07 ([stack]+0x1ef07)
Direct leak of 160 byte(s) in 10 object(s) allocated from:
#0 0x7f13506163cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
#1 0x7f13503b94de in wrap_nettle_mpi_init /home/ueno/devel/gnutls/lib/nettle/mpi.c:79
Tom Carroll [Mon, 11 Jan 2021 05:40:52 +0000 (21:40 -0800)]
Ensure ca_list != NULL and ca_list_size > 0.
As ca_list_size is used in malloc, ensure that ca_list_size > 0.
If ca_list_size > 0, then ca_list cannot be NULL. Make these
assumptions explicit with argument condition check.
Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
Tom Carroll [Mon, 11 Jan 2021 05:31:19 +0000 (21:31 -0800)]
Verify that cert_list != NULL and cert_list_size > 0.
gnutls_certificate_set_x509_key() assumes that cert_list != NULL and
cert_list_size > 0. These assumptions are evident as cert_list_size is
used for malloc and cert_list[0] is accessed. Make those assumptions
explicit with argument condition check.
Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
This makes sure that when targeting a version of macOS less than
10.12, we won't pick up and unconditionally use functions that
only appeared later, when building with Xcode 11.4 or newer.
(With Xcode 11.4 or newer, the fix from 945a48993dcdd9 caused
-no_weak_links not be added, affecting the function availability
tests.)
Daiki Ueno [Mon, 28 Dec 2020 15:16:53 +0000 (16:16 +0100)]
testpkcs11: use datefudge to trick certificate expiry
The certificates stored in tests/testpkcs11-certs expired on
2020-12-13. To avoid verification failure due to that, use datefudge
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
Based on the patch by Andreas Metzler:
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
Stefan Berger [Mon, 21 Dec 2020 14:36:47 +0000 (09:36 -0500)]
tests: Fix tpmtool_test due to changes in trousers
Recent changes to trousers now require an ownership of root:tss for
the tcsd config file, older ones requires tss:tss. So, start tcsd
using trial and error with either one of these ownership configurations
until one works.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
projects / thirdparty / gnutls.git / log
