gnutls-cli: Add option to wait for resumption data
This introduces the --waitresumption command line option which makes the
client to wait for the resumption data until a ticket is received under
TLS1.3. The client will block if no ticket is received. The new option
has no effect if the option --resume is not provided.
This is useful to force the client to wait for the resumption data when
the server takes long to send the ticket, allowing the session
resumption to be tested. This is a common scenario in CI systems where
the testing machines have limited resources.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Daiki Ueno [Fri, 16 Aug 2019 15:01:05 +0000 (17:01 +0200)]
nettle: disable RSA blinding in FIPS selftests
Nettle's RSA signing, encryption and decryption functions still
require randomness for blinding, so fallback to use a fixed buffer in
selftests where entropy might not be available.
nettle: expose SIV-CMAC through the AEAD interface
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV
and GNUTLS_CIPHER_AES_256_SIV, exposing nettle_siv_cmac_aes{128,256}*
functions. Note that they can only used with the AEAD interface and
authentication tags are prepended (not appended) to the ciphertext.
Given the fixed version of the function will be part of Nettle 3.6,
use pkg-config --atleast-version instead of a manually comparison of
the Nettle version.
Do not include gmp.h header, <nettle/bignum.h> conflicts with it in
mini-gmp configuration and includes this header on it's own in
non-mini-gmp config.
doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
For RSA-PSS, this flag alone doens't fully enable reproducible
signatures and the user needs to indicate the fact that a zero-length
salt is used through SPKI upon verification.
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Nettle's poly1305 code ended up with internal symbol _poly1305_block in
public header. This causes issues on Nettle version changes. Since those
symbols are going to become nettle-internal, vendor in relevant source
file.
xts: check key blocks according to FIPS-140-2 IG A.9
The implementation guidance suggests that a check of key1 != key2
should be done at any place before the keys are used:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
Daiki Ueno [Mon, 30 Mar 2020 09:27:40 +0000 (11:27 +0200)]
handshake-tls13: add session flag to disable sending session tickets
While GnuTLS by default implicitly sends NewSessionTicket during
handshake, application protocols like QUIC set a clear boundary
between "in handshake" and "post handshake", and NST must be sent in
the post handshake state.
Daiki Ueno [Tue, 31 Mar 2020 04:58:48 +0000 (06:58 +0200)]
build: use valgrind client request to detect undefined memory use
This tightens the check introduced in ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Pierre Ossman [Tue, 24 Mar 2020 14:32:13 +0000 (15:32 +0100)]
Compare DNs by comparing their string representations
A binary comparison will not work in case the contents is the same but
the ASN.1 type differ (e.g. PrintableString vs UTF8String). Such
variations are permitted so we need to handle them.
We require private symbols which dissapear at some point in
IDN2 releases in order to support old versions of libidn2. Simplify
the code by requiring only recent versions and avoid issues such
as #832.
Dmitry Baryshkov [Fri, 27 Mar 2020 23:31:10 +0000 (02:31 +0300)]
padlock: fix exception in wrap_padlock_hash_fast
wrap_padlock_hash_fast() allocates a context on a stack (via local
variable) then tries to free it by calling wrap_padlock_hash_deinit()
causing a crash. Remove a call to deinit() to fix a crash.
Dmitry Baryshkov [Fri, 27 Mar 2020 23:29:31 +0000 (02:29 +0300)]
padlock: fix exception in sha code
padlock sha code will segfault (at least on Nano) if it is passed a NULL
data pointer (even if size is 0). Pass digest output buffer as a dummy
data pointer in such case.
gnutls-serv: Do not exit when a message to be echoed is received
Previously, when gnutls-serv was executed with the --echo option, it
would exit when a message to be echoed was received. Moreover, the
server would output "Memory error" although no error occurred.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Ander Juaristi [Mon, 2 Mar 2020 15:37:10 +0000 (16:37 +0100)]
psk: Allow non-NULL PSK usernames
This commit closes #586.
Two new functions are introduced: gnutls_psk_server_get_username2()
and gnutls_psk_set_client_username2(), which are identical in behavior
to those named similarly (without the final '2'), but allow arbitrary
gnutls datums (not strings) to be used as usernames.
Two new callback functions are also introduced, with their respective
setters: gnutls_psk_set_server_credentials_function2() and
gnutls_psk_set_client_credentials_function2().
In addition, the password file format is extended so that non-string
usernames can be specified. A leading '#' character tells GnuTLS that the
username should be interpreted as a raw byte string (encoded in HEX).
Daiki Ueno [Sun, 22 Mar 2020 09:44:51 +0000 (10:44 +0100)]
gnutls_session_get_keylog_function: new function
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Dmitry Baryshkov [Sun, 22 Mar 2020 13:05:40 +0000 (16:05 +0300)]
oss-fuzz: use CC rather than CXX to compile fuzzers
clang++ will choke on several fuzzer sources because C++ is stricter
than C wrt. type conversion:
gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression
cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned
int' in initializer list [-Wc++11-narrowing]
gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size};
Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail. By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
projects / thirdparty / gnutls.git / log
