diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-04-04 16:25:37 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-06-20 15:50:44 +0200 |
| commit | e9366c86ee8434669014fc1544d52e384430072a (patch) | |
| tree | 036ff1eb760c05691288a198bbbfb8e915f43e20 | |
| parent | 90142f2d70018d862cba02067159cad8c7db4239 (diff) | |
| download | gnutls-e9366c86ee8434669014fc1544d52e384430072a.tar.gz | |
config: added ability to override and mark algorithms as disabled
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
34 files changed, 1521 insertions, 43 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 912d42e302..9a1f28f07b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -122,7 +122,7 @@ minimal.Fedora.x86_64: --disable-ocsp --disable-non-suiteb-curves --with-included-unistring --disable-nls --disable-libdane --without-p11-kit --without-tpm --disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility - --disable-gcc-warnings + --disable-gcc-warnings --with-system-priority-file="" --disable-gost - make clean - make -j$(nproc) @@ -16,7 +16,26 @@ See the end for copying conditions. functional though a compiler warning will be issued, and a future minor version update may transform them to a no-op while keeping the ABI compatibility (#789) -** API and ABI modifications: +** The priority configuration was enhanced to allow more elaborate + system-wide configuration of the library. The following changes were done: + - The file is read as an ini file with '#' indicating a comment. + - The section "[priorities]" or global follows the existing semantics of + the configuration file, and allows to specify system-wide priority strings + which are accessed with the '@' prefix. + - The section "[overrides]" is added with the parameters "insecure-hash", + "insecure-sig", "insecure-sig-for-cert", "disabled-curve", + "disabled-version", "min-verification-profile", "tls-disabled-cipher", + "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit + specific algorithms or options globally. Existing algorithms in the + library can be marked as disabled and insecure, but no hard-coded + insecure algorithm can be marked as secure (so that the configuration + cannot be abused to make the system vulnerable). + - Unknown sections or options are skipped with a debug message, unless + the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is + set to 1. + +** API and ABI modifications: +gnutls_get_system_config_file: Added gnutls_crypto_register_cipher: Deprecated gnutls_crypto_register_aead_cipher: Deprecated gnutls_crypto_register_digest: Deprecated @@ -49,7 +49,7 @@ exclude_file_name_regexp--sc_error_message_uppercase = ^doc/examples/ex-cxx.cpp| exclude_file_name_regexp--sc_file_system = ^doc/doxygen/Doxyfile exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$ exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$ -exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ +exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|tests/system-override-curves.sh|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ _makefile_at_at_check_exceptions = ' && !/CODE_COVERAGE_RULES/ && !/VERSION/' exclude_file_name_regexp--sc_m4_quote_check='lib/unistring/m4/absolute-header.m4' exclude_file_name_regexp--sc_makefile_at_at_check='lib/unistring/Makefile.am' diff --git a/configure.ac b/configure.ac index c2fe1794ef..e246fdcb73 100644 --- a/configure.ac +++ b/configure.ac @@ -628,17 +628,23 @@ fi AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE], ["$unbound_root_key_file"], [The DNSSEC root key file]) +system_config_file="/etc/gnutls/config" AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file], - [specify the system priority file]), - system_priority_file="$withval", -system_priority_file="/etc/gnutls/default-priorities" + [specify the system-wide config file (set empty to disable; default is $config)]), + system_config_file="$withval" ) +AM_CONDITIONAL(DISABLE_SYSTEM_CONFIG, test -z "${system_config_file}") + +if test -z "${system_config_file}";then + AC_DEFINE([DISABLE_SYSTEM_CONFIG], 1, [Whether to disable system configuration]) +fi + AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE], - ["$system_priority_file"], [The system priority file]) + ["$system_config_file"], [The system-wide gnutls configuration file]) AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string], - [specify the default priority string (e.g. @SYSTEM)]), + [specify the default priority string used by gnutls_set_default_priority (default is NORMAL)]), prio_string="$withval", prio_string="NORMAL") @@ -1079,7 +1085,7 @@ AC_MSG_NOTICE([System files: Trust store file: $with_default_trust_store_file Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file - Priority file: $system_priority_file + Configuration file: $system_config_file DNSSEC root key file: $unbound_root_key_file ]) diff --git a/doc/Makefile.am b/doc/Makefile.am index 773ab6dc7f..9452126ad4 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -151,7 +151,7 @@ gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi \ cha-library.texi cha-preface.texi cha-programs.texi \ sec-tls-app.texi cha-errors.texi cha-support.texi \ cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \ - cha-tokens.texi cha-crypto.texi cha-auth.texi + cha-tokens.texi cha-crypto.texi cha-auth.texi cha-config.texi AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \ invoke-gnutls-serv.texi invoke-certtool.texi invoke-srptool.texi \ diff --git a/doc/cha-config.texi b/doc/cha-config.texi new file mode 100644 index 0000000000..3cc568a607 --- /dev/null +++ b/doc/cha-config.texi @@ -0,0 +1,158 @@ +@node System-wide configuration of the library +@chapter System-wide configuration of the library +@cindex System-wide configuration + +@acronym{GnuTLS} 3.6.9 introduced a system-wide configuration of the library +which can be used to disable or mark algorithms and protocols as insecure +system-wide, overriding the library defaults. The format of this +configuration file is of an INI file, with the hash ('#') allowed for +commenting. It intentionally does not allow switching algorithms or protocols +which were disabled or marked as insecure during compile time to the secure +set. This is to prevent the feature from being used to attack the system. +Unknown options or sections in the configuration file are skipped unless +the environment variable @code{GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID} is +set to 1, where it would cause the library to exit on unknown options. + +The location of the default configuration file is @code{/etc/gnutls/config}, +but its actual location may be overriden during compile time or at run-time +using the @code{GNUTLS_SYSTEM_PRIORITY_FILE} environment variable. The file +used can be queried using @funcref{gnutls_get_system_config_file}. + +@showfuncdesc{gnutls_get_system_config_file} + +@menu +* Application-specific priority strings:: +* Disabling algorithms and protocols:: +* Querying for disabled algorithms and protocols:: +* Overriding the parameter verification profile:: +@end menu + +@node Application-specific priority strings +@section Application-specific priority strings + +It is possible to specify custom cipher priority strings, in addition to the +default priority strings (@code{NORMAL}, @code{PERFORMANCE}, etc.). These can +be used either by individual applications, or even as the default option if +the library is compiled with the configuration option +@code{--with-default-priority-string}. In the latter case the defined +priority string will be used for applications using @funcref{gnutls_set_default_priority} +or @funcref{gnutls_set_default_priority_append}. + +The priority strings can be specified in the global section of the +configuration file, or in the section named @code{[priorities]}. +The format is '@code{KEYWORD = VALUE}', e.g., + +When used they may be followed by additional options that will be appended to the +system string (e.g., '@code{@@EXAMPLE-PRIORITY:+SRP}'). '@code{EXAMPLE-PRIORITY=NORMAL:+ARCFOUR-128}'. +Since version 3.5.1 applications are allowed to specify fallback keywords such as +@@KEYWORD1,@@KEYWORD2, and the first valid keyword will be used. + +The following example configuration defines a priority string called @code{@@SYSTEM}. +When set, its full settings can be queried using @code{gnutls-cli --priority @@SYSTEM --list}. + +@example +[priorities] +SYSTEM = NORMAL:-AES-128-CBC:-AES-256-CBC +@end example + + +@node Disabling algorithms and protocols +@section Disabling algorithms and protocols + +The approach above works well to create consistent system-wide settings +for cooperative GnuTLS applications. When an application however does not +use the @funcref{gnutls_set_default_priority} or @funcref{gnutls_set_default_priority_append} +functions, the method is not sufficient to prevent applications from using +protocols or algorithms forbidden by a local policy. +The override method described below enables the deprecation of algorithms and +protocols system-wide for all applications. + +The available options must be set in the @code{[overrides]} section of the +configuration file and can be +@itemize +@item @code{insecure-sig-for-cert}: to mark the signature algorithm as insecure when used in certificates. +@item @code{insecure-sig}: to mark the signature algorithm as insecure for any use. +@item @code{insecure-hash}: to mark the hash algorithm as insecure for digital signature use (provides a more generic way to disable digital signatures for broken hash algorithms). +@item @code{disabled-version}: to disable the specified TLS versions. +@item @code{tls-disabled-cipher}: to disable the specified ciphers for use in the TLS or DTLS protocols. +@item @code{tls-disabled-mac}: to disable the specified MAC algorithms for use in the TLS or DTLS protocols. +@item @code{tls-disabled-group}: to disable the specified group for use in the TLS or DTLS protocols. +@item @code{tls-disabled-kx}: to disable the specified key exchange algorithms for use in the TLS or DTLS protocols (applies to TLS1.2 or earlier). +@end itemize + +Each of the options can be repeated multiple times when multiple values need +to be disabled. + +The valid values for the options above can be found in the 'Protocols', 'Digests' +'PK-signatures', 'Protocols', 'Ciphrers', and 'MACs' fields of the output of @code{gnutls-cli --list}. + +@subsection Examples + +The following example marks as insecure all digital signature algorithms +which depend on SHA384, as well as the RSA-SHA1 signature algorithm. + +@example +[overrides] +insecure-hash = sha384 +insecure-sig = rsa-sha1 +@end example + +The following example marks RSA-SHA256 as insecure for use in certificates +and disables the TLS1.0 and TLS1.1 protocols. + +@example +[overrides] +insecure-sig-for-cert = rsa-sha256 +disabled-version = tls1.0 +disabled-version = tls1.1 +@end example + +The following example disables the @code{AES-128-CBC} and @code{AES-256-CBC} +ciphers, the @code{HMAC-SHA1} MAC algorithm and the @code{GROUP-FFDHE8192} +group for TLS and DTLS protocols. + +@example +[overrides] +tls-disabled-cipher = aes-128-cbc +tls-disabled-cipher = aes-256-cbc +tls-disabled-mac = sha1 +tls-disabled-group = group-ffdhe8192 +@end example + +@node Querying for disabled algorithms and protocols +@section Querying for disabled algorithms and protocols + +When necessary applications can query whether a particular algorithm +or protocol has been marked as insecure or disabled system-wide. +Digital signatures can be queried using the following algorithms. +@showfuncB{gnutls_sign_is_secure,gnutls_sign_is_secure2} + +Any disabled protocol versions or elliptic curves will not show up in the +lists provided by the following functions. + +@showfuncC{gnutls_protocol_list,gnutls_group_list,gnutls_ecc_curve_list} + +It is not possible to query for insecure hash algorithms directly +(only indirectly through the signature API). + + +@node Overriding the parameter verification profile +@section Overriding the parameter verification profile + +When verifying a certificate or TLS session parameters, GnuTLS uses a set +of profiles associated with the session to determine whether the parameters +seen in the session are acceptable. For example, whether the RSA public key +size as seen on the wire, or the Diffie-Hellman parameters for the session. +These profiles are normally set using the @code{%PROFILE} priority string +(see @ref{Priority Strings} and @ref{Selecting cryptographic key sizes}). + +It is possible to set the low bar profile that applications cannot override +using the following. + +@example +[overrides] + +# do not allow applications use the LOW or VERY-WEAK profiles. +min-verification-profile = legacy + +@end example diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index e08cbb24f1..66875af222 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1293,7 +1293,7 @@ advances while providing compatibility with old clients and servers). @multitable @columnfractions .20 .70 @headitem Keyword @tab Description @item @@KEYWORD @tab -Means that a compile-time specified system configuration file@footnote{The default is @code{/etc/gnutls/default-priorities}.} +Means that a compile-time specified system configuration file (see @ref{System-wide configuration of the library}) will be used to expand the provided keyword. That is used to impose system-specific policies. It may be followed by additional options that will be appended to the system string (e.g., "@@SYSTEM:+SRP"). The system file should have the diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 7b963d6f67..5c4daa79ae 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -153,6 +153,7 @@ Documentation License''. * Hardware security modules and abstract key types:: * How to use GnuTLS in applications:: * GnuTLS application examples:: +* System-wide configuration of the library:: * Using GnuTLS as a cryptographic library:: * Other included programs:: * Internal architecture of GnuTLS:: @@ -182,6 +183,8 @@ Documentation License''. @include cha-gtls-examples.texi +@include cha-config.texi + @include cha-crypto.texi @include cha-programs.texi diff --git a/lib/algorithms.h b/lib/algorithms.h index 870e9d6d35..7f27b2270d 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -26,6 +26,12 @@ #include "auth.h" +#ifdef DISABLE_SYSTEM_CONFIG +# define SYSTEM_CONFIG_OR_CONST const +#else +# define SYSTEM_CONFIG_OR_CONST +#endif + #define version_to_entry _gnutls_version_to_entry #define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00 @@ -324,6 +330,13 @@ typedef enum hash_security_level_t { _INSECURE } hash_security_level_t; +int _gnutls_ecc_curve_mark_disabled(const char *name); +int _gnutls_sign_mark_insecure(const char *name, hash_security_level_t); +int _gnutls_digest_mark_insecure(const char *name); +unsigned _gnutls_digest_is_insecure(gnutls_digest_algorithm_t dig); +int _gnutls_version_mark_disabled(const char *name); +gnutls_protocol_t _gnutls_protocol_get_id_if_supported(const char *name); + struct gnutls_sign_entry_st { const char *name; const char *oid; @@ -414,11 +427,14 @@ typedef struct gnutls_ecc_curve_entry_st { unsigned size; /* the size in bytes */ unsigned sig_size; /* the size of curve signatures in bytes (EdDSA) */ unsigned gost_curve; + bool supported; } gnutls_ecc_curve_entry_st; const gnutls_ecc_curve_entry_st *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve); +unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t); + const gnutls_group_entry_st *_gnutls_tls_id_to_group(unsigned num); const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id); diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index d90278074e..72b0864e75 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -30,13 +30,16 @@ /* Supported ECC curves */ -static const gnutls_ecc_curve_entry_st ecc_curves[] = { +static SYSTEM_CONFIG_OR_CONST +gnutls_ecc_curve_entry_st ecc_curves[] = { +#ifdef ENABLE_NON_SUITEB_CURVES { .name = "SECP192R1", .oid = "1.2.840.10045.3.1.1", .id = GNUTLS_ECC_CURVE_SECP192R1, .pk = GNUTLS_PK_ECDSA, .size = 24, + .supported = 1, }, { .name = "SECP224R1", @@ -44,13 +47,16 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .id = GNUTLS_ECC_CURVE_SECP224R1, .pk = GNUTLS_PK_ECDSA, .size = 28, + .supported = 1, }, +#endif { .name = "SECP256R1", .oid = "1.2.840.10045.3.1.7", .id = GNUTLS_ECC_CURVE_SECP256R1, .pk = GNUTLS_PK_ECDSA, .size = 32, + .supported = 1, }, { .name = "SECP384R1", @@ -58,6 +64,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .id = GNUTLS_ECC_CURVE_SECP384R1, .pk = GNUTLS_PK_ECDSA, .size = 48, + .supported = 1, }, { .name = "SECP521R1", @@ -65,12 +72,14 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .id = GNUTLS_ECC_CURVE_SECP521R1, .pk = GNUTLS_PK_ECDSA, .size = 66, + .supported = 1, }, { .name = "X25519", .id = GNUTLS_ECC_CURVE_X25519, .pk = GNUTLS_PK_ECDH_X25519, .size = 32, + .supported = 1, }, { .name = "Ed25519", @@ -78,8 +87,10 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .id = GNUTLS_ECC_CURVE_ED25519, .pk = GNUTLS_PK_EDDSA_ED25519, .size = 32, - .sig_size = 64 + .sig_size = 64, + .supported = 1, }, +#if ENABLE_GOST { .name = "CryptoPro-A", .oid = "1.2.643.2.2.35.1", @@ -87,6 +98,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_UNKNOWN, .size = 32, .gost_curve = 1, + .supported = 1, }, { .name = "CryptoPro-B", @@ -95,6 +107,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_UNKNOWN, .size = 32, .gost_curve = 1, + .supported = 1, }, { .name = "CryptoPro-C", @@ -103,6 +116,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_UNKNOWN, .size = 32, .gost_curve = 1, + .supported = 1, }, { .name = "CryptoPro-XchA", @@ -111,6 +125,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_UNKNOWN, .size = 32, .gost_curve = 1, + .supported = 1, }, { .name = "CryptoPro-XchB", @@ -119,6 +134,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_UNKNOWN, .size = 32, .gost_curve = 1, + .supported = 1, }, { .name = "TC26-512-A", @@ -127,6 +143,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_GOST_12_512, .size = 64, .gost_curve = 1, + .supported = 1, }, { .name = "TC26-512-B", @@ -135,7 +152,9 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_GOST_12_512, .size = 64, .gost_curve = 1, + .supported = 1, }, +#endif {0, 0, 0} }; @@ -162,7 +181,7 @@ const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void) int i = 0; GNUTLS_ECC_CURVE_LOOP( - if (_gnutls_pk_curve_exists(p->id)) + if (p->supported && _gnutls_pk_curve_exists(p->id)) supported_curves[i++] = p->id; ); supported_curves[i++] = 0; @@ -171,6 +190,15 @@ const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void) return supported_curves; } +unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t curve) +{ + GNUTLS_ECC_CURVE_LOOP( + if (p->id == curve && p->supported && _gnutls_pk_curve_exists(p->id)) + return 1; + ); + return 0; +} + /** * gnutls_oid_to_ecc_curve: * @oid: is a curve's OID @@ -185,7 +213,8 @@ gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const char *oid) gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; GNUTLS_ECC_CURVE_LOOP( - if (p->oid != NULL && c_strcasecmp(p->oid, oid) == 0 && _gnutls_pk_curve_exists(p->id)) { + if (p->oid != NULL && c_strcasecmp(p->oid, oid) == 0 && p->supported && + _gnutls_pk_curve_exists(p->id)) { ret = p->id; break; } @@ -210,7 +239,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; GNUTLS_ECC_CURVE_LOOP( - if (c_strcasecmp(p->name, name) == 0 && _gnutls_pk_curve_exists(p->id)) { + if (c_strcasecmp(p->name, name) == 0 && p->supported && + _gnutls_pk_curve_exists(p->id)) { ret = p->id; break; } @@ -219,10 +249,24 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) return ret; } +int _gnutls_ecc_curve_mark_disabled(const char *name) +{ + gnutls_ecc_curve_entry_st *p; + + for(p = ecc_curves; p->name != NULL; p++) { + if (c_strcasecmp(p->name, name) == 0) { + p->supported = 0; + return 0; + } + } + + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +} + static int _gnutls_ecc_pk_compatible(const gnutls_ecc_curve_entry_st *p, gnutls_pk_algorithm_t pk) { - if (!_gnutls_pk_curve_exists(p->id)) + if (!p->supported || !_gnutls_pk_curve_exists(p->id)) return 0; if (pk == GNUTLS_PK_GOST_01 || @@ -371,7 +415,7 @@ gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve) int ret = GNUTLS_PK_UNKNOWN; GNUTLS_ECC_CURVE_LOOP( - if (p->id == curve) { + if (p->id == curve && p->supported) { ret = p->pk; break; } diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c index 25195c121c..1f82bf678a 100644 --- a/lib/algorithms/groups.c +++ b/lib/algorithms/groups.c @@ -139,7 +139,7 @@ const gnutls_group_entry_st * _gnutls_tls_id_to_group(unsigned num) { GNUTLS_GROUP_LOOP( if (p->tls_id == num && - (p->curve == 0 || _gnutls_pk_curve_exists(p->curve))) { + (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve))) { return p; } ); @@ -154,7 +154,7 @@ const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id) GNUTLS_GROUP_LOOP( if (p->id == id && - (p->curve == 0 || _gnutls_pk_curve_exists(p->curve))) { + (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve))) { return p; } ); @@ -182,7 +182,7 @@ const gnutls_group_t *gnutls_group_list(void) int i = 0; GNUTLS_GROUP_LOOP( - if (p->curve == 0 || _gnutls_pk_curve_exists(p->curve)) + if (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve)) groups[i++] = p->id; ); groups[i++] = 0; @@ -208,7 +208,7 @@ gnutls_group_t gnutls_group_get_id(const char *name) GNUTLS_GROUP_LOOP( if (c_strcasecmp(p->name, name) == 0 && ( - p->curve == 0 ||_gnutls_pk_curve_exists(p->curve))) { + p->curve == 0 ||_gnutls_ecc_curve_is_supported(p->curve))) { ret = p->id; break; } diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 3117e8c936..11847f5246 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -36,7 +36,8 @@ #define MAC_OID_STREEBOG_256 "1.2.643.7.1.1.4.1" #define MAC_OID_STREEBOG_512 "1.2.643.7.1.1.4.2" -static const mac_entry_st hash_algorithms[] = { +static SYSTEM_CONFIG_OR_CONST +mac_entry_st hash_algorithms[] = { {.name = "SHA1", .oid = HASH_OID_SHA1, .mac_oid = MAC_OID_SHA1, @@ -248,6 +249,35 @@ gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) return ret; } +int _gnutls_digest_mark_insecure(const char *name) +{ +#ifndef DISABLE_SYSTEM_CONFIG + mac_entry_st *p; + + for(p = hash_algorithms; p->name != NULL; p++) { + if (p->oid != NULL && c_strcasecmp(p->name, name) == 0) { + p->preimage_insecure = 1; + return 0; + } + } + +#endif + return GNUTLS_E_INVALID_REQUEST; +} + +unsigned _gnutls_digest_is_insecure(gnutls_digest_algorithm_t dig) +{ + const mac_entry_st *p; + + for(p = hash_algorithms; p->name != NULL; p++) { + if (p->oid != NULL && p->id == (gnutls_mac_algorithm_t)dig) { + return p->preimage_insecure; + } + } + + return 1; +} + /** * gnutls_mac_get_id: * @name: is a MAC algorithm name diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 72b43fcf77..7242e1aa0c 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -27,7 +27,9 @@ #include "c-strcase.h" /* TLS Versions */ -static const version_entry_st sup_versions[] = { + +static SYSTEM_CONFIG_OR_CONST +version_entry_st sup_versions[] = { {.name = "SSL3.0", .id = GNUTLS_SSL3, .age = 0, @@ -195,6 +197,21 @@ version_is_valid_for_session(gnutls_session_t session, return 0; } +int _gnutls_version_mark_disabled(const char *name) +{ +#ifndef DISABLE_SYSTEM_CONFIG + version_entry_st *p; + + for (p = sup_versions; p->name != NULL; p++) + if (c_strcasecmp(p->name, name) == 0) { + p->supported = 0; + return 0; + } + +#endif + return GNUTLS_E_INVALID_REQUEST; +} + /* Return the priority of the provided version number */ int _gnutls_version_priority(gnutls_session_t session, @@ -440,8 +457,11 @@ const gnutls_protocol_t *gnutls_protocol_list(void) if (supported_protocols[0] == 0) { int i = 0; - for (p = sup_versions; p->name != NULL; p++) + for (p = sup_versions; p->name != NULL; p++) { + if (!p->supported) + continue; supported_protocols[i++] = p->id; + } supported_protocols[i++] = 0; } diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index fc5aa0a75e..19bea3f663 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -37,7 +37,8 @@ # define SHA1_SECURE_VAL _INSECURE_FOR_CERTS #endif -static const gnutls_sign_entry_st sign_algorithms[] = { +static SYSTEM_CONFIG_OR_CONST +gnutls_sign_entry_st sign_algorithms[] = { /* RSA-PKCS#1 1.5: must be before PSS, * so that gnutls_pk_to_sign() will return * these first for backwards compatibility. */ @@ -437,12 +438,33 @@ unsigned gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) bool _gnutls_sign_is_secure2(const gnutls_sign_entry_st *se, unsigned int flags) { + if (se->hash != GNUTLS_DIG_UNKNOWN && _gnutls_digest_is_insecure(se->hash)) + return gnutls_assert_val(0); + if (flags & GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) return (se->slevel==_SECURE)?1:0; else return (se->slevel==_SECURE || se->slevel == _INSECURE_FOR_CERTS)?1:0; } +int _gnutls_sign_mark_insecure(const char *name, hash_security_level_t level) +{ +#ifndef DISABLE_SYSTEM_CONFIG + gnutls_sign_entry_st *p; + + if (unlikely(level == _SECURE)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + for(p = sign_algorithms; p->name != NULL; p++) { + if (c_strcasecmp(p->name, name) == 0) { + p->slevel = level; + return 0; + } + } +#endif + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +} + /** * gnutls_sign_is_secure2: * @algorithm: is a sign algorithm diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 1555ab3338..365a582805 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1684,6 +1684,8 @@ int gnutls_priority_cipher_list(gnutls_priority_t pcache, int gnutls_priority_mac_list(gnutls_priority_t pcache, const unsigned int **list); +const char *gnutls_get_system_config_file(void); + int gnutls_set_default_priority(gnutls_session_t session); int gnutls_set_default_priority_append(gnutls_session_t session, const char *add_prio, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 836e75eb87..338cae2b1b 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1286,6 +1286,12 @@ GNUTLS_3_6_8 gnutls_ffdhe_8192_group_q; } GNUTLS_3_6_6; +GNUTLS_3_6_9 +{ + global: + gnutls_get_system_config_file; +} GNUTLS_3_6_8; + GNUTLS_FIPS140_3_4 { global: gnutls_cipher_self_test; @@ -1374,4 +1380,6 @@ GNUTLS_PRIVATE_3_4 { _gnutls_global_set_gettime_function; # Internal symbols needed by tests/tls13/anti_replay.c _gnutls_anti_replay_check; + # needed by gnutls-strcodes.c + _gnutls_ecc_curve_is_supported; } GNUTLS_3_4; diff --git a/lib/priority.c b/lib/priority.c index 7a9a6cbfea..de9dd4264c 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -39,6 +39,7 @@ #include "profiles.h" #include "c-strcase.h" #include "inih/ini.h" +#include "profiles.h" #include "name_val_array.h" #define MAX_ELEMENTS 64 @@ -946,16 +947,57 @@ static void dummy_func(gnutls_priority_t c) #include <priority_options.h> +static gnutls_certificate_verification_profiles_t system_wide_verification_profile = GNUTLS_PROFILE_UNKNOWN; static name_val_array_t system_wide_priority_strings = NULL; static unsigned system_wide_priority_strings_init = 0; +static unsigned fail_on_invalid_config = 0; +static unsigned system_wide_disabled_ciphers[MAX_ALGOS+1] = {0}; +static unsigned system_wide_disabled_macs[MAX_ALGOS+1] = {0}; +static unsigned system_wide_disabled_groups[MAX_ALGOS+1] = {0}; +static unsigned system_wide_disabled_kxs[MAX_ALGOS+1] = {0}; static const char *system_priority_file = SYSTEM_PRIORITY_FILE; static time_t system_priority_last_mod = 0; +#define CUSTOM_PRIORITY_SECTION "priorities" +#define OVERRIDES_SECTION "overrides" +#define MAX_ALGO_NAME 128 + +/* removes spaces */ +static char *clear_spaces(const char *str, char out[MAX_ALGO_NAME]) +{ + const char *p = str; + unsigned i = 0; + + while (c_isspace(*p)) + p++; + + while (!c_isspace(*p) && *p != 0) { + out[i++] = *p; + p++; + + if (i >= MAX_ALGO_NAME-1) + break; + } + out[i] = 0; + return out; +} + +/* This function parses a gnutls configuration file and updates internal + * settings accordingly. + */ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, const char *value) { + char *p; + int ret, type; + unsigned i; + char str[MAX_ALGO_NAME]; + + /* Note that we intentionally overwrite the value above; inih does + * not use that value after we handle it. */ + /* Parse sections */ - if (section == NULL || section[0] == 0) { + if (section == NULL || section[0] == 0 || c_strcasecmp(section, CUSTOM_PRIORITY_SECTION)==0) { if (system_wide_priority_strings_init == 0) { _name_val_array_init(&system_wide_priority_strings); system_wide_priority_strings_init = 1; @@ -963,13 +1005,219 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, co _gnutls_debug_log("cfg: adding priority: %s -> %s\n", name, value); - return _name_val_array_append(&system_wide_priority_strings, name, value); + ret = _name_val_array_append(&system_wide_priority_strings, name, value); + if (ret < 0) + return 0; + } else if (c_strcasecmp(section, OVERRIDES_SECTION)==0) { + if (c_strcasecmp(name, "insecure-hash")==0) { + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: marking hash %s as insecure\n", + p); + + ret = _gnutls_digest_mark_insecure(p); + if (ret < 0) { + _gnutls_debug_log("cfg: found unknown hash %s in %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + } + } else if (c_strcasecmp(name, "insecure-sig")==0 || c_strcasecmp(name, "insecure-sig-for-cert")==0) { + p = clear_spaces(value, str); + + if (c_strcasecmp(name, "insecure-sig")==0) { + type = _INSECURE; + _gnutls_debug_log("cfg: marking signature %s as insecure\n", + p); + } else { + _gnutls_debug_log("cfg: marking signature %s as insecure for certs\n", + p); + type = _INSECURE_FOR_CERTS; + } + + ret = _gnutls_sign_mark_insecure(p, type); + if (ret < 0) { + _gnutls_debug_log("cfg: found unknown signature algorithm %s in %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + } + } else if (c_strcasecmp(name, "disabled-version")==0) { + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: disabling version %s\n", + p); + + ret = _gnutls_version_mark_disabled(p); + if (ret < 0) { + _gnutls_debug_log("cfg: found unknown version %s in %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + } + } else if (c_strcasecmp(name, "disabled-curve")==0) { + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: disabling curve %s\n", + p); + + ret = _gnutls_ecc_curve_mark_disabled(p); + if (ret < 0) { + _gnutls_debug_log("cfg: found unknown curve %s in %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + } + } else if (c_strcasecmp(name, "min-verification-profile")==0) { + gnutls_certificate_verification_profiles_t profile; + profile = _gnutls_profile_get_id(value); + + if (profile == GNUTLS_PROFILE_UNKNOWN) { + _gnutls_debug_log("cfg: found unknown profile %s in %s\n", + value, name); + if (fail_on_invalid_config) + return 0; + } + + system_wide_verification_profile = profile; + } else if (c_strcasecmp(name, "tls-disabled-cipher")==0) { + unsigned algo; + + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: disabling cipher %s for TLS\n", + p); + + + algo = gnutls_cipher_get_id(p); + if (algo == 0) { + _gnutls_debug_log("cfg: unknown algorithm %s listed at %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + } + + i = 0; + while (system_wide_disabled_ciphers[i] != 0) + i++; + + if (i > MAX_ALGOS-1) { + _gnutls_debug_log("cfg: too many (%d) disabled ciphers from %s\n", + i, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + system_wide_disabled_ciphers[i] = algo; + system_wide_disabled_ciphers[i+1] = 0; + + } else if (c_strcasecmp(name, "tls-disabled-mac")==0) { + unsigned algo; + + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: disabling MAC %s for TLS\n", + p); + + algo = gnutls_mac_get_id(p); + if (algo == 0) { + _gnutls_debug_log("cfg: unknown algorithm %s listed at %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + + i = 0; + while (system_wide_disabled_macs[i] != 0) + i++; + + if (i > MAX_ALGOS-1) { + _gnutls_debug_log("cfg: too many (%d) disabled MACs from %s\n", + i, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + system_wide_disabled_macs[i] = algo; + system_wide_disabled_macs[i+1] = 0; + } else if (c_strcasecmp(name, "tls-disabled-group")==0) { + unsigned algo; + + p = clear_spaces(value, str); + + if (strlen(p) > 6) + p += 6; // skip GROUP- + + _gnutls_debug_log("cfg: disabling group %s for TLS\n", + p); + + algo = gnutls_group_get_id(p); + if (algo == 0) { + _gnutls_debug_log("cfg: unknown group %s listed at %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + + i = 0; + while (system_wide_disabled_groups[i] != 0) + i++; + + if (i > MAX_ALGOS-1) { + _gnutls_debug_log("cfg: too many (%d) disabled groups from %s\n", + i, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + system_wide_disabled_groups[i] = algo; + system_wide_disabled_groups[i+1] = 0; + } else if (c_strcasecmp(name, "tls-disabled-kx")==0) { + unsigned algo; + + p = clear_spaces(value, str); + + _gnutls_debug_log("cfg: disabling key exchange %s for TLS\n", + p); + + algo = gnutls_kx_get_id(p); + if (algo == 0) { + _gnutls_debug_log("cfg: unknown key exchange %s listed at %s\n", + p, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + + i = 0; + while (system_wide_disabled_kxs[i] != 0) + i++; + + if (i > MAX_ALGOS-1) { + _gnutls_debug_log("cfg: too many (%d) disabled key exchanges from %s\n", + i, name); + if (fail_on_invalid_config) + return 0; + goto exit; + } + system_wide_disabled_kxs[i] = algo; + system_wide_disabled_kxs[i+1] = 0; + } else { + _gnutls_debug_log("unknown parameter %s\n", name); + if (fail_on_invalid_config) + return 0; + } } else { - _gnutls_debug_log("cfg: skipping unknown section %s\n", + _gnutls_debug_log("cfg: unknown section %s\n", section); + if (fail_on_invalid_config) + return 0; } - return 0; + exit: + return 1; } static void _gnutls_update_system_priorities(void) @@ -994,9 +1242,11 @@ static void _gnutls_update_system_priorities(void) _name_val_array_clear(&system_wide_priority_strings); ret = ini_parse(system_priority_file, cfg_ini_handler, NULL); - if (ret < 0) { + if (ret != 0) { _gnutls_debug_log("cfg: unable to parse: %s: %d\n", system_priority_file, ret); + if (fail_on_invalid_config) + exit(1); return; } @@ -1015,6 +1265,10 @@ void _gnutls_load_system_priorities(void) if (p != NULL) system_priority_file = p; + p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID"); + if (p != NULL && p[0] == '1' && p[1] == 0) + fail_on_invalid_config = 1; + _gnutls_update_system_priorities(); } @@ -1024,6 +1278,25 @@ void _gnutls_unload_system_priorities(void) system_priority_last_mod = 0; } +/** + * gnutls_get_system_config_file: + * + * Returns the filename of the system wide configuration + * file loaded by the library. The returned pointer is valid + * until the library is unloaded. + * + * Returns: a constant pointer to the config file loaded, or %NULL if none + * + * Since: 3.6.9 + **/ +const char *gnutls_get_system_config_file(void) +{ + if (system_wide_priority_strings_init) + return system_priority_file; + else + return NULL; +} + #define S(str) ((str!=NULL)?str:"") /* Returns the new priorities if a priority string prefixed @@ -1153,6 +1426,10 @@ static void add_dh(gnutls_priority_t priority_cache) } } +/* This function was originally precalculating ciphersuite-specific items, however + * it has now extended to much more than that. It provides a consistency check to + * set parameters, and in cases it applies policy specific items. + */ static int set_ciphersuite_list(gnutls_priority_t priority_cache) { unsigned i, j, z; @@ -1177,6 +1454,50 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->groups.size = 0; priority_cache->groups.have_ffdhe = 0; + /* disable key exchanges which are globally disabled */ + z = 0; + while (system_wide_disabled_kxs[z] != 0) { + for (i = j = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { + if (priority_cache->_kx.priorities[i] != system_wide_disabled_kxs[z]) + priority_cache->_kx.priorities[j++] = priority_cache->_kx.priorities[i]; + } + priority_cache->_kx.num_priorities = j; + z++; + } + + /* disable groups which are globally disabled */ + z = 0; + while (system_wide_disabled_groups[z] != 0) { + for (i = j = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { + if (priority_cache->_supported_ecc.priorities[i] != system_wide_disabled_groups[z]) + priority_cache->_supported_ecc.priorities[j++] = priority_cache->_supported_ecc.priorities[i]; + } + priority_cache->_supported_ecc.num_priorities = j; + z++; + } + + /* disable ciphers which are globally disabled */ + z = 0; + while (system_wide_disabled_ciphers[z] != 0) { + for (i = j = 0; i < priority_cache->_cipher.num_priorities; i++) { + if (priority_cache->_cipher.priorities[i] != system_wide_disabled_ciphers[z]) + priority_cache->_cipher.priorities[j++] = priority_cache->_cipher.priorities[i]; + } + priority_cache->_cipher.num_priorities = j; + z++; + } + + /* disable MACs which are globally disabled */ + z = 0; + while (system_wide_disabled_macs[z] != 0) { + for (i = j = 0; i < priority_cache->_mac.num_priorities; i++) { + if (priority_cache->_mac.priorities[i] != system_wide_disabled_macs[z]) + priority_cache->_mac.priorities[j++] = priority_cache->_mac.priorities[i]; + } + priority_cache->_mac.num_priorities = j; + z++; + } + for (j=0;j<priority_cache->_cipher.num_priorities;j++) { if (priority_cache->_cipher.priorities[j] == GNUTLS_CIPHER_NULL) { have_null = 1; @@ -1195,6 +1516,15 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } } + /* disable TLS versions which are added but are unsupported */ + for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) { + vers = version_to_entry(priority_cache->protocol.priorities[i]); + if (!vers || vers->supported) + priority_cache->protocol.priorities[j++] = priority_cache->protocol.priorities[i]; + } + priority_cache->protocol.num_priorities = j; + + /* if we have NULL ciphersuites, SRP, or RSA-PSK enabled remove TLS1.3+ * protocol versions; they cannot be negotiated under TLS1.3. */ if (have_null || have_srp || have_rsa_psk || priority_cache->no_extensions) { @@ -1366,6 +1696,16 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->protocol.num_priorities = j; } + /* ensure that the verification profile is not lower from the configured */ + if (system_wide_verification_profile) { + gnutls_sec_param_t level = priority_cache->level; + gnutls_sec_param_t system_wide_level = _gnutls_profile_to_sec_level(system_wide_verification_profile); + + if (level < system_wide_level) { + ENABLE_PROFILE(priority_cache, system_wide_verification_profile); + } + } + return 0; } @@ -1669,10 +2009,10 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, if ((algo = gnutls_protocol_get_id (&broken_list[i][6])) != - GNUTLS_VERSION_UNKNOWN) + GNUTLS_VERSION_UNKNOWN) { fn(&(*priority_cache)-> protocol, algo); - else + } else goto error; } diff --git a/lib/x509/verify.c b/lib/x509/verify.c index e6577cad03..8234702755 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -566,7 +566,6 @@ static unsigned is_level_acceptable( break; case GNUTLS_PROFILE_UNKNOWN: /* already checked; avoid compiler warnings */ _gnutls_debug_log("An unknown profile (%d) was encountered\n", (int)profile); - return gnutls_assert_val(0); } } diff --git a/tests/Makefile.am b/tests/Makefile.am index a67f1549c2..62b2db75e5 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -63,7 +63,8 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \ data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \ data/listings-legacy1 data/listings-legacy2 data/listings-legacy3 data/listings-legacy4 \ - data/listings-SSL3.0-TLS1.1 p11-kit-trust-data/Example_Root_CA.p11-kit server-kx-neg-common.c \ + data/listings-old-SSL3.0-TLS1.1 data/listings-SSL3.0-TLS1.1 \ + p11-kit-trust-data/Example_Root_CA.p11-kit server-kx-neg-common.c \ p11-kit-trust-data/Example_Root_CA.pem data/test1.cat data/test2.cat \ data/test1.cat.data data/test2.cat.data data/test1.cat.out data/test2.cat.out \ data/pkcs7-cat-ca.pem data/long.crl data/long.pem data/large-cert.pem \ @@ -104,7 +105,8 @@ noinst_LTLIBRARIES = libutils.la libutils_la_SOURCES = utils.h utils.c seccomp.c utils-adv.c libutils_la_LIBADD = ../lib/libgnutls.la -indirect_tests = tls13/prf-early +indirect_tests = tls13/prf-early system-override-hash system-override-sig + ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ tls13/post-handshake-with-cert tls13/post-handshake-without-cert \ tls13/cookie tls13/key_share tls13/prf tls13/post-handshake-with-cert-ticket \ @@ -183,7 +185,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei dtls-max-record tls12-max-record alpn-server-prec ocsp-filename-memleak \ dh-params rehandshake-ext-secret pcert-list session-export-funcs \ handshake-false-start version-checks key-material-dtls key-material-set-dtls \ - system-prio-file name-constraints-merge crl-basic crq-basic \ + name-constraints-merge crl-basic crq-basic \ send-client-cert custom-urls-override hex rehandshake-switch-psk-id \ rehandshake-switch-srp-id base64 srpbase64 pkcs1-digest-info set_x509_key \ set_x509_key_file_der set_x509_pkcs12_key crt_apis tls12-cert-key-exchange \ @@ -218,6 +220,10 @@ if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp endif +if !DISABLE_SYSTEM_CONFIG +ctests += system-prio-file +endif + if HAVE_CMOCKA CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS) ctests += dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \ @@ -488,6 +494,12 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start sni-resume.sh ocsp-tests/ocsptool cert-reencoding.sh pkcs7-cat.sh long-crl.sh \ serv-udp.sh logfile-option.sh gnutls-cli-resume.sh profile-tests.sh +if !DISABLE_SYSTEM_CONFIG +dist_check_SCRIPTS += system-override-sig-hash.sh system-override-versions.sh system-override-invalid.sh \ + system-override-curves.sh system-override-profiles.sh system-override-tls.sh \ + system-override-kx.sh +endif + dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh if ENABLE_PKCS11 diff --git a/tests/certs/ca-cert-ecc.pem b/tests/certs/ca-cert-ecc.pem index ad8a34b552..2e95c957dd 100644 --- a/tests/certs/ca-cert-ecc.pem +++ b/tests/certs/ca-cert-ecc.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +MIICLTCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 -ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw +ZSBhdXRob3JpdHkwHhcNMTEwNTIzMTgzODIxWhcNMzEwNTI0MTIyOTEyWjB9MQsw CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG -SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA -l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= +SM49BAMCA0kAMEYCIQCoTZHO4jSkIKq5UVMnPFzv2MtJHd62KxMPq4Ad5c9RwwIh +AMyj06hO1DGrV3bOPBRJrfWTEzkgA4p1wntYRoPfCTdF -----END CERTIFICATE----- diff --git a/tests/cipher-listings.sh b/tests/cipher-listings.sh index ae20529ef2..f11b01babb 100755 --- a/tests/cipher-listings.sh +++ b/tests/cipher-listings.sh @@ -75,11 +75,15 @@ fi # This is a unit test for gnutls_priority_get_cipher_suite_index if test "${ENABLE_SSL3}" = "1";then +echo "Running with SSL3.0 enabled" check SSL3.0 "NORMAL:-VERS-ALL:+VERS-SSL3.0:+ARCFOUR-128" +check old-SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1" +else +echo "Running without support for SSL3.0" +check SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1" fi check TLS1.0 "NORMAL:-VERS-ALL:+VERS-TLS1.0" check TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.1" -check SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1" check DTLS1.0 "NORMAL:-VERS-ALL:+VERS-DTLS1.0" # Priority strings prior to 3.6.x did not require the +GROUP option; here we # test whether these work as expected. diff --git a/tests/data/listings-SSL3.0-TLS1.1 b/tests/data/listings-SSL3.0-TLS1.1 index b83b9e6f40..9c9621dfc8 100644 --- a/tests/data/listings-SSL3.0-TLS1.1 +++ b/tests/data/listings-SSL3.0-TLS1.1 @@ -8,4 +8,4 @@ TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 -Protocols: VERS-TLS1.0, VERS-SSL3.0, VERS-TLS1.1 +Protocols: VERS-TLS1.0, VERS-TLS1.1 diff --git a/tests/data/listings-old-SSL3.0-TLS1.1 b/tests/data/listings-old-SSL3.0-TLS1.1 new file mode 100644 index 0000000000..b83b9e6f40 --- /dev/null +++ b/tests/data/listings-old-SSL3.0-TLS1.1 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-TLS1.0, VERS-SSL3.0, VERS-TLS1.1 diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c index 5b3aa39c63..294fcac203 100644 --- a/tests/gnutls-strcodes.c +++ b/tests/gnutls-strcodes.c @@ -32,6 +32,8 @@ #include "utils.h" +unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t); + /* Check whether the string functions will return a non-repeated and * non null value. */ @@ -114,6 +116,9 @@ void doit(void) } for (i=GNUTLS_ECC_CURVE_INVALID+1;i<=GNUTLS_ECC_CURVE_MAX;i++) { + if (_gnutls_ecc_curve_is_supported(i) == 0) + continue; + check_unique_non_null(gnutls_ecc_curve_get_name(i)); if (i == GNUTLS_ECC_CURVE_X25519) continue; /* no oid yet */ diff --git a/tests/system-override-curves.sh b/tests/system-override-curves.sh new file mode 100755 index 0000000000..84d581bc8f --- /dev/null +++ b/tests/system-override-curves.sh @@ -0,0 +1,112 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# This test doesn't work in FIPS mode +if test -n "${GNUTLS_FORCE_FIPS_MODE}" && test "${GNUTLS_FORCE_FIPS_MODE}" != 0; then + exit 77 +fi + +# We intentionally add stray spaces and tabs to check our parser +cat <<_EOF_ > ${TMPFILE} +[overrides] + +disabled-curve = secp256r1 +disabled-curve = secp521r1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +"${CLI}" --list|grep ^Groups >${TMPFILE2} +cat ${TMPFILE2} +if grep -i "SECP256R1" ${TMPFILE2} || grep -i "SECP521R1" ${TMPFILE2};then + echo "Found disabled curve with --list" + exit 1 +fi + +if ! grep -i "SECP384R1" ${TMPFILE2};then + echo "Could not found secp384r1" + exit 1 +fi + +# Try whether a client connection with a disabled curve will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1 --insecure --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1 --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +# Try whether a server connection with a disabled curve will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1" --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-hash.c b/tests/system-override-hash.c new file mode 100644 index 0000000000..e96481918d --- /dev/null +++ b/tests/system-override-hash.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <gnutls/gnutls.h> + +#include "utils.h" +#include <assert.h> + +/* This test verifies whether a system-wide configuration which disables SHA256 + * and SHA512 is seen from the library side. + */ + +void doit(void) +{ + /* sanity */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA384) != 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); + + /* check whether the values set by the calling script are the expected */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_DSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA512) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_ECDSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_ECDSA_SHA512) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA512) == 0); +} diff --git a/tests/system-override-invalid.sh b/tests/system-override-invalid.sh new file mode 100755 index 0000000000..9bd1e91f93 --- /dev/null +++ b/tests/system-override-invalid.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-something = md5 +insecure-hash = sha256 +insecure-hash= sha512 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +${CLI} --list -d 4 >/dev/null 2>&1 +if test $? = 0;then + echo "unknown option was not caught" + exit 1 +fi + + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig-for-cert = rsa-sha256 +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 + +[unknown-section] +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +${CLI} --list >/dev/null 2>&1 +if test $? = 0;then + echo "unknown section was not caught" + exit 1 +fi + +exit 0 diff --git a/tests/system-override-kx.sh b/tests/system-override-kx.sh new file mode 100755 index 0000000000..cd318a1650 --- /dev/null +++ b/tests/system-override-kx.sh @@ -0,0 +1,104 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# We intentionally add stray spaces and tabs to check our parser +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-kx = dhe-dss +tls-disabled-kx = dhe-rsa +tls-disabled-kx = unknown +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +# Try whether a client connection with a disabled KX algorithm will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-KX-ALL:+DHE-RSA --insecure --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-KX-ALL:+DHE-RSA --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +# test whether the unknown KX will be caught +GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to succeed (3)" + +unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID + +kill ${PID} +wait + +# Try whether a server connection with a disabled KX will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-KX-ALL:+DHE-RSA" --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh new file mode 100755 index 0000000000..88ec631798 --- /dev/null +++ b/tests/system-override-profiles.sh @@ -0,0 +1,105 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> +# + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +check_for_datefudge + +CERT="${srcdir}/certs/cert-ecc256.pem" +KEY="${srcdir}/certs/ecc256.pem" + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +# successful case, 224 bit min-profile, 256 bit key +cat <<_EOF_ > ${TMPFILE} +[overrides] + +# 224 bits +min-verification-profile=medium +_EOF_ + +export GNUTLS_DEBUG_LEVEL=3 +unset GNUTLS_SYSTEM_PRIORITY_FILE + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (2)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (3)" + +# failure case, 384 bit min-profile, 256 bit key +cat <<_EOF_ > ${TMPFILE} +[overrides] + +min-verification-profile=ultra +_EOF_ + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (1)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-sig-hash.sh b/tests/system-override-sig-hash.sh new file mode 100755 index 0000000000..37980ec584 --- /dev/null +++ b/tests/system-override-sig-hash.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-hash = sha256 +insecure-hash = sha512 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +${builddir}/system-override-hash + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig-for-cert = rsa-sha256 +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +${builddir}/system-override-sig +if test $? != 0;then + echo "Could not parse config file" + exit 1 +fi + +exit 0 diff --git a/tests/system-override-sig.c b/tests/system-override-sig.c new file mode 100644 index 0000000000..9e6171c446 --- /dev/null +++ b/tests/system-override-sig.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <gnutls/gnutls.h> + +#include "utils.h" +#include <assert.h> + +/* This test verifies whether a system-wide configuration which disables RSA-SHA256, + * RSA-SHA1 and RSA-SHA512 is seen from the library side. + */ + +void doit(void) +{ + /* sanity */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA384) != 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); + + /* check whether the values set by the calling script are the expected */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA256) != 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA1) == 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA1, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA512) == 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); +} diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh new file mode 100755 index 0000000000..6114d76282 --- /dev/null +++ b/tests/system-override-tls.sh @@ -0,0 +1,125 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> +# + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=config.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +check_for_datefudge + +CERT="${srcdir}/certs/cert-ecc256.pem" +KEY="${srcdir}/certs/ecc256.pem" + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:+SHA256" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +#successful case, test whether the ciphers we disable below work +echo "Sanity testing" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage1: expected connection to succeed (1)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage1: expected connection to succeed (2)" + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-cipher = aes-128-gcm +tls-disabled-cipher = aes-128-cbc +tls-disabled-mac = sha1 +tls-disabled-group = group-ffdhe2048 +_EOF_ + +GNUTLS_SYSTEM_PRIORITY_FILE=${TMPFILE} +export GNUTLS_DEBUG_LEVEL=3 +export GNUTLS_SYSTEM_PRIORITY_FILE + +echo "Testing TLS1.3" +echo " * sanity" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage2: expected connection to succeed (1)" + +echo " * fallback to good options" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage2: expected connection to succeed (2)" + +echo " * disabled cipher" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null && #>/dev/null && + fail ${PID} "stage2: expected connection to fail (1)" + +echo " * disabled group" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && + fail ${PID} "stage2: expected connection to fail (2)" + +echo "Testing TLS1.2" +echo " * sanity" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage3: expected connection to succeed (1)" + +echo " * fallback to good options" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || + fail ${PID} "stage3: expected connection to succeed (2)" + +echo " * disabled cipher" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && + fail ${PID} "stage3: expected connection to fail (1)" + +echo " * disabled MAC" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && + fail ${PID} "stage3: expected connection to fail (2)" + + +kill ${PID} +wait + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/system-override-versions.sh b/tests/system-override-versions.sh new file mode 100755 index 0000000000..e5191e2aeb --- /dev/null +++ b/tests/system-override-versions.sh @@ -0,0 +1,106 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" +CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +disabled-version = tls1.2 +disabled-version = tls1.3 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +"${CLI}" --list|grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep "VERS-TLS1.2" ${TMPFILE2} || grep "VERS-TLS1.3" ${TMPFILE2};then + echo "Found disabled protocol with --list" + exit 1 +fi + +"${CLI}" --priority NORMAL --list|grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep "VERS-TLS1.2" ${TMPFILE2} || grep "VERS-TLS1.3" ${TMPFILE2};then + echo "Found disabled protocol with --list --priority NORMAL" + exit 1 +fi + +# Try whether a client connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (1)" + +kill ${PID} +wait + +# Try whether a server connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --insecure --logfile ${TMPFILE2} </dev/null >/dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-prio-file.c b/tests/system-prio-file.c index 4368bd0018..fbe7d0af80 100644 --- a/tests/system-prio-file.c +++ b/tests/system-prio-file.c @@ -28,6 +28,7 @@ #include <stdlib.h> #include <string.h> #include <gnutls/gnutls.h> +#include <assert.h> #include "utils.h" @@ -51,6 +52,8 @@ try_prio(const char *prio, const char *expected_str) if (p == NULL && expected_str == NULL) goto ok; + assert(strstr(gnutls_get_system_config_file(), "system.prio") != NULL); + if (p == NULL || expected_str == NULL || strcmp(p, expected_str) != 0) { fail("test: %s: error; got: %s, expected: %s\n", prio, p, expected_str); exit(1); |