This avoids -fanalyzer false-positive in GCC 10:
https://bugzilla.redhat.com/show_bug.cgi?id=1878600
as well as the cppcheck warning:
"variableScope:lib/inih/ini.c:99,style,The scope of the variable 'start' can be reduced."
The function was not really useful because _gnutls_free_datum()
has a NULL check as in free(). This also makes GCC 10 happy if
-Warray-bounds=2 is specified:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96984
The nanosleep wrapper in glibc has changed the implementation using
the clock_nanosleep syscall:
https://sourceware.org/git/?p=glibc.git;a=commit;h=3537ecb49cf7177274607004c562d6f9ecc99474
Modifies P_hash() to hash the seed and label separately
Thereby not restricting the implementation of prf to MAX_SEED_SIZE
MAX_SEED_SIZE is not used anymore
This brings in the build fixes of parse-datetime module:
https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00178.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-08/msg00001.html
https://lists.gnu.org/archive/html/bug-gnulib/2020-09/msg00046.html
Daiki Ueno [Sat, 22 Aug 2020 15:19:39 +0000 (17:19 +0200)]
handshake: reject no_renegotiation alert if handshake is incomplete
If the initial handshake is incomplete and the server sends a
no_renegotiation alert, the client should treat it as a fatal error
even if its level is warning. Otherwise the same handshake
state (e.g., DHE parameters) are reused in the next gnutls_handshake
call, if it is called in the loop idiom:
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
src/cli: adds new option '--ca-auto-retrieve' that can be used with gnutls-cli to
automatically download missing intermediate CAs in a certificate chain
lib/cred-cert.c : adds set and get APIs to get user data in the
gnutls_x509_trust_list_set_getissuer_function() callback.
Nikolay Sivov [Tue, 1 Sep 2020 16:29:20 +0000 (19:29 +0300)]
Fix optional parameters counter when importing RSA private keys.
Currently gnutls_privkey_import_rsa_raw() allows 3 last arguments to be omitted,
key fixup logic however checks for 3 missing arguments when updating coefficient 'u'
but then asserts when updating exponents 'e1' and 'e2' assuming only 2 parameters
are missing at that point.
Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Daiki Ueno [Thu, 13 Aug 2020 16:17:08 +0000 (18:17 +0200)]
gnutls_aead_cipher_decrypt: check output buffer size before writing
While the documentation of gnutls_aead_cipher_decrypt indicates that
the inout argument ptext_len initially holds the size that
sufficiently fits the expected output size, there was no runtime check
on that. This makes the interface robuster against misuses.
Daiki Ueno [Sun, 16 Aug 2020 09:43:35 +0000 (11:43 +0200)]
handshake: check TLS version against modified server priorities
The server needs to take into account of multiple factors when
determining the TLS protocol version actually being used:
- the legacy version
- "supported_versions" extension
- user_hello_func that may modify the server's priorities
Only after that it can check whether the TLS version is enabled in the
server's priorities.
Fiona Klute [Sun, 16 Aug 2020 12:05:44 +0000 (14:05 +0200)]
Fix parser output in tests/cert-tests/data/gost-cert-nogost.pem
When building without GOST support parsing a GOST certificate must
return an "error importing public key" message instead of key
details. This change makes tests/cert-tests/pem-decoding pass for
builds with --disable-gost.
Daiki Ueno [Fri, 14 Aug 2020 05:27:40 +0000 (07:27 +0200)]
cert-session: check OCSP error responses
If the OCSP responder returns an error code, such as tryLater, we
can't proceed to examine the response bytes. In that case, just skip
the check unless the stapling is mandatory on this certificate.
Daiki Ueno [Thu, 4 Jun 2020 14:42:07 +0000 (16:42 +0200)]
_gnutls_fips_mode_enabled: treat selftest failure as FIPS disabled
Previously gnutls_fips140_mode_enabled() returned true, even after
selftests have failed and the library state has switched to error.
While later calls to crypto operations fails, it would be more
convenient to have a function to detect that state.
Daiki Ueno [Wed, 12 Aug 2020 05:29:30 +0000 (07:29 +0200)]
serv, cli: ensure that invalid flag is always set
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Daiki Ueno [Wed, 12 Aug 2020 05:27:17 +0000 (07:27 +0200)]
cert-session: fail hard if mandatory stapling is not honored
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Petr Pavlu [Wed, 8 Jul 2020 08:12:30 +0000 (10:12 +0200)]
pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig()
When checking in _gnutls_pubkey_compatible_with_sig() whether a public
key is compatible with a signature algorithm, run first
pubkey_supports_sig() before performing weaker checks that can accept
the given algorithm but with an audit-log warning. This avoids an issue
when a weaker check would log an audit message for some signature
algorithm that would then be determined as incompatible by the
pubkey_supports_sig() check anyway.
For instance, a GnuTLS server might have a certificate with a SECP384R1
public key and a client can report that it supports
ECDSA-SECP256R1-SHA256 and ECDSA-SECP384R1-SHA384. In such a case, the
GnuTLS server will eventually find that it must use
ECDSA-SECP384R1-SHA384 with this public key. However, the code would
first run _gnutls_pubkey_compatible_with_sig() to check if SECP384R1 is
compatible with ECDSA-SECP256R1-SHA256. The function would report the
audit warning "The hash size used in signature (32) is less than the
expected (48)" but then reject the signature algorithm in
pubkey_supports_sig() as incompatible because it has a different curve.
Since the algorithm gets rejected it is not necessary to inform about
its hash size difference in the audit log.
SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of
the calculated shared secret is verified before the data is returned
to the caller. This patch adds the validation check.
SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the
calculated shared secret is verified before the data is returned to the
caller. This patch adds the validation check.
Split up system-override-sig-hash.sh
so that the errors won't get swallowed or conflated.
Also correct unused `srcdir` to `builddir`,
which I believe was meant to be set there.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Steve Lhomme [Mon, 22 Jun 2020 07:09:05 +0000 (09:09 +0200)]
fix connectx not available on older macOS SDK
Fixes this compilation error:
system/fastopen.c:134:9: error: 'connectx' is only available on macOS 10.11 or newer [-Werror,-Wunguarded-availability]
ret = connectx(fd, &endpoints, SAE_ASSOCID_ANY, CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT, NULL, 0, NULL, NULL);
^~~~~~~~
/Applications/Xcode9.2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/usr/include/sys/socket.h:713:5: note: 'connectx' has been marked as being introduced in macOS 10.11 here, but the deployment target is macOS 10.7.0
The detection is the same as found in curl [1].
If HAVE_BUILTIN_AVAILABLE is not available we fallback to the code without
TCP_FASTOPEN_OSX.
The OS values match exactly the values found in
https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/sys/socket.h
James Bottomley [Sun, 28 Jun 2020 19:33:09 +0000 (21:33 +0200)]
build: use $(LIBPTHREAD) rather than non-existent $(LTLIBPTHREAD)
On a very recent openSUSE build, libgnutls is getting built without
libpthread. This caused a thread related error when trying to load a
pkcs11 module that uses threading. The reason is rather convoluted:
glibc actually controls all the pthread_ function calls, but it
returns success without doing anything unless -lpthread is in the link
list. What's happening is that gnutls_system_mutex_init() is being
called on _gnutls_pkcs11_mutex before library pthreading is
initialized, so the pthread_mutex_init ends up being a nop. Then, when
the pkcs11 module is loaded, pthreads get initialized and the call to
pthread_mutex_lock is real, but errors out on the uninitialized mutex.
The problem seems to be that nothing in the gnulib macros gnutls
relies on for threading support detection actually sets LTLIBPTHREAD,
they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
lib/Makefile.in
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Daiki Ueno [Fri, 26 Jun 2020 08:21:26 +0000 (10:21 +0200)]
dhe: check if DH params in SKE match the FIPS approved algorithms
SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.
Fiona Klute [Tue, 16 Jun 2020 19:23:14 +0000 (21:23 +0200)]
Update tlsfuzzer to get Python interpreter detection
Tlsfuzzer also assumed the Python interpreter would be called
"python", this update is necessary to get a fixed version (see
https://github.com/tomato42/tlsfuzzer/pull/671).
projects / thirdparty / gnutls.git / log
