priority: do not include signature algorithms that apply to different TLS version
That is, when a signature algorithm that is only applicable
to specific TLS protocol semantics (e.g., ECDSA-SECP256R1-SHA256)
is enabled, under TLS 1.2, it will result to no code points being
added. That prevents connection errors due to "wrong" code
points being added that do not correspond to a usable signature
algorithm under the protocol.
Previously at handshake we would negotiate a ciphersuite and certificate
and later figure out a signature algorithm. Now we negotiate all at once,
so we no longer reach situations where mid-way of handshake we figure we
have no signature algorithm to use. Update the test cases relying on that
behavior to account the new one.
That patch adds the signature algorithms:
- GNUTLS_SIGN_ECDSA_SECP256R1_SHA256
- GNUTLS_SIGN_ECDSA_SECP384R1_SHA384
- GNUTLS_SIGN_ECDSA_SECP521R1_SHA512
and enables them for the default TLS priority strings.
In addition it allows negotiating signature algorithms sharing
the same TLS IDs, but which have different semantics between TLS
versions (e.g., 6,4 maps to GNUTLS_SIGN_ECDSA_SHA512 under TLS 1.2
but to GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 under TLS 1.3).
handshake: legacy version negotiation is not used for TLS 1.3
That is, ensure that the functions used for TLS 1.2 and earlier
negotiation cannot be used with TLS 1.3. That is because TLS 1.3
is negotiated using a TLS extension.
That is, added check for TLS 1.3 random value requirements in client side,
and generation according to TLS 1.3 requirements for server and
client side.
Improve documentation of gnutls_x509_trust_list_iter_get_ca [ci skip]
The documentation is confusing because it implies that
gnutls_x509_trust_list_iter_deinit() should be called after using this
function, but in fact it is generally not necessary.
Also, there was a typo here ("usin").
Signed-off-by: Michael Catanzaro <mcatanzaro@igalia.com>
accelerated: make explicit key size check to all accelerated ciphers
That is, do not rely on checks done on asm level, as they vary and
may change over updates. Also handle consistently invalid key sizes
by returning an error, and eliminate calls to abort().
Previously we assumed that the nettle GCM internal functions
will use the provided ECB function for single block encryption.
Newer versions no longer operate that way. Ensure that we
are compatible with them.
Previously we assumed that the nettle GCM internal functions
will use the provided ECB function for single block encryption.
Newer versions no longer operate that way. Ensure that we
are compatible with them.
Jay Foad [Sat, 27 Jan 2018 08:13:17 +0000 (09:13 +0100)]
Inline version macros into its users.
This fixes a problem in _gnutls_version_is_supported() where we want to
use preprocessing directives in the loop body. Doing this within a macro
argument is undefined behaviour according to the C standard, and not
supported by the system compiler on AIX.
Signed-off-by: Jay Foad <jay.foad@gmail.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
pubkey: use the strict DER decoder for SubjectPublicKeyInfo
Although there is no explicit RFC mentioning the SubjectPublicKeyInfo
encoding, this structure is a subset of the X.509 certificate's structure
and as such it is expected to be in DER form.
tests: check whether get_mtu() functions relate to the set values
That is, verify that gnutls_dtls_set_data_mtu() value would be
reflected into gnutls_dtls_get_data_mtu(), as well as the
gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu().
DTLS: improved data MTU calculation under CBC ciphersuites
The data MTU calculation under CBC ciphersuites takes into
account that the overhead of these ciphersuites is constant (IV +
hash + 1 byte padding), though the capacity varies due to the padding
block. That is, on 16-byte padding block, one padding byte is the
overhead but the rest 15 bytes are accounted for data MTU.
That also has the side effect that setting a data MTU using
gnutls_dtls_set_data_mtu(), is not definite, and the actual
MTU may be larger for these ciphersuites --i.e., the
return value of gnutls_dtls_get_data_mtu().
x509/verify: when verifying against a self signed certificate ignore issuer
That is, ignore issuer when checking the issuer's parameters strength. That
resolves the issue of marking self-signed certificates as with insecure
parameters during verification.
gnutls_pk_self_test: include ECDSA tests on GNUTLS_PK_EC
Previously when a request for a specific self check on GNUTLS_PK_EC
was done, only ECDH tests would be run. This change includes the ECDSA
tests as well (GNUTLS_PK_EC and GNUTLS_PK_ECDSA are an alias to each other).
This not only creates a trust list with the system certificates, but
also attempts to verify a certificate, increasing the number of calls
to PKCS#11 verification API (and thus ensuring there are no calls
which may trigger the load of other modules).
pkcs11 verification: always use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE
That is, make sure that all our calls to PKCS#11 subsystem for verification
will only trigger the trust module initialization, and not the generic
PKCS#11 initialization.
That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
to determine whether to initialize trusted modules only or
proceed with general initialization.
_gnutls_pkcs11_check_init: improved transition between states
The init_level_t for PKCS#11 modules, was incorrectly handled as a
linear state transition, causing few cases in the transition to be
incorrectly handled. Define precisely the state transitions and
enforce them in _gnutls_pkcs11_check_init.
That addresses a regression introduced by the previous state handling
addition, which made impossible to switch from the trusted state to
the all modules.
Daiki Ueno [Fri, 1 Dec 2017 10:13:29 +0000 (11:13 +0100)]
gnutls-serv: fix double-free on inactivity timeout
Previously, gnutls-serv --echo segfaulted when closing client
connection after inactivity timeout. Here is the valgrind output:
==20246== Invalid free() / delete / delete[] / realloc()
==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530)
==20246== by 0x405310: listener_free (serv.c:154)
==20246== by 0x408B57: tcp_server (serv.c:1568)
==20246== by 0x407DA6: main (serv.c:1231)
==20246== Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd
==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530)
==20246== by 0x408A1D: tcp_server (serv.c:1548)
==20246== by 0x407DA6: main (serv.c:1231)
==20246== Block was alloc'd at
==20246== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==20246== by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so)
==20246== by 0x407310: get_response (serv.c:948)
==20246== by 0x408840: tcp_server (serv.c:1492)
==20246== by 0x407DA6: main (serv.c:1231)
==20246==
projects / thirdparty / gnutls.git / log
