delta/gnutls.git/lib, branch tmp-cli-buffer-term gitlab.com: gnutls/gnutls.git ext/key_share: check the validity of server key shares 2018-07-27T12:13:35+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-27T09:58:38+00:00 cb702bd6bc44959760c5a9c837506b0e85e3cd78 That is, when generating the public key based on the server's key share, ensure that the algorithms match completely with the key shares the client initially sent. This was detected by the updated traces for TLS1.3 fuzzying. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
That is, when generating the public key based on the server's
key share, ensure that the algorithms match completely with
the key shares the client initially sent. This was detected
by the updated traces for TLS1.3 fuzzying.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
gnutls.h: corrected typo 2018-07-25T14:41:38+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-25T14:41:38+00:00 29062eda446e83f8e8e70e0b4c4eec81a886172b Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
send_client_hello: don't override version after HRR is received 2018-07-25T13:32:45+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-25T12:48:47+00:00 0dbee52febdb9cbb243612c94b1c765d821092ac When a Hello Retry Request is received, do not set our (transient) version to TLS1.2 on the second client hello. That's because both peers have already negotiated TLS1.3. This addresses issue with peers which may send a changecipherspec message at this stage, which is now allowed when our version is set to be TLS1.2. Introduced test suite using openssl and resumption using HRR which reproduces the issue. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
When a Hello Retry Request is received, do not set our (transient)
version to TLS1.2 on the second client hello. That's because both
peers have already negotiated TLS1.3.

This addresses issue with peers which may send a changecipherspec
message at this stage, which is now allowed when our version is
set to be TLS1.2. Introduced test suite using openssl and resumption
using HRR which reproduces the issue.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
hello_ext_parse: apply the test for pre-shared key ext being last on client hello 2018-07-25T11:11:17+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-25T11:08:35+00:00 10f83e36ed9213bb3e77922bdc15d5b8d64f3ffb We were incorrectly insisting on pre-shared key extension being last in both client and server hello. That was incorrect, as only in client hello it is required by TLS1.3 to be last. Quoting: The "pre_shared_key" extension MUST be the last extension in the ClientHello (this facilitates implementation as described below). Servers MUST check that it is the last extension and otherwise fail the handshake with an "illegal_parameter" alert. Resolves #525 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
We were incorrectly insisting on pre-shared key extension being last in
both client and server hello. That was incorrect, as only in client hello
it is required by TLS1.3 to be last.

Quoting:
   The "pre_shared_key" extension MUST be the last extension in the
   ClientHello (this facilitates implementation as described below).
   Servers MUST check that it is the last extension and otherwise fail
   the handshake with an "illegal_parameter" alert.

Resolves #525

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks 2018-07-24T20:06:03+00:00 Nikos Mavrogiannopoulos nmav@redhat.com 2018-07-24T14:38:08+00:00 42945a7aab6d4e18da13a9c6f1d05fd1487e13c7 In 9829ef9a we introduced a wrapper over the older callback functions which didn't handle this case. Resolves #528 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> 
In 9829ef9a we introduced a wrapper over the older callback functions
which didn't handle this case.

Resolves #528

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
cert-cred: fix possible segfault when resetting cert retrieval function 2018-07-24T07:39:57+00:00 Dmitry Eremin-Solenikov dbaryshkov@gmail.com 2018-07-20T17:49:28+00:00 3df5b7bc8a6496eb9efdb3586d25bfab109e78db Reset get_cert_callback3 callback to NULL if provided callback is NULL. Otherwise after the certificate request call_legacy_cert_cb1 / call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 / legacy_cert_cb2 callback (set to NULL) leading to segfault. Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 
Reset get_cert_callback3 callback to NULL if provided callback is NULL.
Otherwise after the certificate request call_legacy_cert_cb1 /
call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 /
legacy_cert_cb2 callback (set to NULL) leading to segfault.

Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
kx: for uniformity print master secret size 2018-07-23T15:20:20+00:00 Dmitry Eremin-Solenikov dbaryshkov@gmail.com 2018-07-22T17:31:36+00:00 0f382e3c2be457efd40511ed176ebdf64b308f9e During keys setup phase debug log will contain sizes of all keys and secrets, except master secret. Dump MS length (48) to log for uniformity. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 
During keys setup phase debug log will contain sizes of all keys and
secrets, except master secret. Dump MS length (48) to log for
uniformity.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
constate: dump full key block to log 2018-07-23T15:20:20+00:00 Dmitry Eremin-Solenikov dbaryshkov@gmail.com 2018-07-22T17:31:09+00:00 3a1e4ca155571088fa1749ac0b9395ca05660526 Include full key block to the debug log. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 
Include full key block to the debug log.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
constate: dump MAC keys to debug log 2018-07-23T15:20:20+00:00 Dmitry Eremin-Solenikov dbaryshkov@gmail.com 2018-07-22T17:30:04+00:00 3ce2b041aa35f42a1ef38dc64dc81b0ff1190af6 _gnutls_set_keys() can dump client/server write keys/ivs to debug log, but it skips MAC keys. Add MAC keys to log. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 
_gnutls_set_keys() can dump client/server write keys/ivs to debug log,
but it skips MAC keys. Add MAC keys to log.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
constate: drop unused variable in _gnutls_set_keys 2018-07-23T15:20:20+00:00 Dmitry Eremin-Solenikov dbaryshkov@gmail.com 2018-07-22T17:25:35+00:00 1f403d5c11094a1c775d54ed30997d3ef518551e _gnutls_set_keys() creates rrnd as client random + server random, but does not use it (it was used before for export key generation, but was not removed when dropping support for export cipher suites). Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b 
_gnutls_set_keys() creates rrnd as client random + server random, but
does not use it (it was used before for export key generation, but was
not removed when dropping support for export cipher suites).

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b