summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add gnulib submoduleTim Rühsen2018-06-142-0/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'req-nettle-3_4' into 'master'Nikos Mavrogiannopoulos2018-06-1417-967/+4
|\ | | | | | | | | nettle: require Nettle library >= 3.4 See merge request gnutls/gnutls!662
| * nettle: require Nettle library >= 3.4Dmitry Eremin-Solenikov2018-06-1317-967/+4
|/ | | | | | | | Nettle version 3.4 was released more than a half year ago, require it to compile GnuTLS library. It allows us to remove bundled code that was merged into that release. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Merge branch 'tmp-tlsfuzzer-tls13' into 'master'Nikos Mavrogiannopoulos2018-06-1310-13/+131
|\ | | | | | | | | | | | | update tlsfuzzer with TLS 1.3 Closes #411 See merge request gnutls/gnutls!660
| * .gitlab-ci.yml: fix artifact paths for TLS1.3/interoptmp-tlsfuzzer-tls13Daiki Ueno2018-06-121-5/+1
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * tlsfuzzer-tls13: use a random port for testingNikos Mavrogiannopoulos2018-06-122-13/+20
| | | | | | | | | | | | That eliminates the need for locking and allows parallel runs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tlsfuzzer: update to the latest versionDaiki Ueno2018-06-126-1/+96
| | | | | | | | | | | | Also enable the TLS 1.3 tests. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * buffers: remove redundant assignmentDaiki Ueno2018-06-121-1/+0
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * record: use correct alert type upon receiving empty AlertDaiki Ueno2018-06-121-1/+1
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * record: improve empty message handling in TLS 1.3Daiki Ueno2018-06-121-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | Previously, _gnutls_recv_in_buffers() silently discarded empty messages because such messages are used as a countermeasure to vulnerabilities in the CBC mode. In TLS 1.3, however, there are only AEAD ciphers and such logic is meaningless. Moreover, in the protocol it is suggested to send "unexpected_message" alert when receiving empty messages in certain occasions. This change moves the empty message handling to record_add_to_buffers(). Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * record: fix padding removal when the payload is zero-lengthDaiki Ueno2018-06-121-4/+4
|/ | | | | | | Previoysly if TLSInnerPlaintext.content is zero-length, the loop couldn't detect ContentType following the content. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp-measure-record' into 'master'Nikos Mavrogiannopoulos2018-06-1221-468/+951
|\ | | | | | | | | | | | | Address issues in record layer decoding Closes #472, #456, and #455 See merge request gnutls/gnutls!657
| * priorities: introduced %FORCE_ETMtmp-measure-recordNikos Mavrogiannopoulos2018-06-129-5/+438
| | | | | | | | | | | | | | | | | | This introduces a priority string option to force encrypt-then-mac during negotiation, to prevent negotiating the legacy CBC ciphersuites. Resolves #472 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * priorities: hmac-sha256 ciphersuites were removed from defaultsNikos Mavrogiannopoulos2018-06-125-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * cbc_mac_verify: require minimum padding under SSL3.0Nikos Mavrogiannopoulos2018-06-121-1/+7
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * cipher: separated CBC w/o EtM handlingNikos Mavrogiannopoulos2018-06-124-125/+197
| | | | | | | | | | | | This would allow to further modify for more invasive work-arounds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * dummy_wait: always hash the same amount of blocks that would have been on ↵Nikos Mavrogiannopoulos2018-06-121-30/+34
| | | | | | | | | | | | | | | | | | | | | | minimum pad This improves protection against lucky13-type of attacks when encrypt-then-mac is not in use. Resolves #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * cbc-record-check.sh: introducedNikos Mavrogiannopoulos2018-06-123-321/+295
| | | | | | | | | | | | | | That enhances the existing CBC check and adds sha384, uses PSK to reduce handshake time, and other updates. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * dummy_wait: correctly account the length field in SHA384 HMACNikos Mavrogiannopoulos2018-06-122-15/+13
|/ | | | | | | | | | | | | | | The existing lucky13 attack count-measures did not work correctly for SHA384 HMAC. The overall impact of that should not be significant as SHA384 is prioritized lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported by the peer. Resolves #455 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix warnings seen on OpenCSW Solaris 10Tim Rühsen2018-06-106-7/+12
| | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_session_get_data2: harmonize documentation with practiceNikos Mavrogiannopoulos2018-06-081-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Merge branch 'fix-overflow' into 'master'Nikos Mavrogiannopoulos2018-06-061-2/+5
|\ | | | | | | | | | | | | Fix variable overflow in TLS1.3 session ticket code Closes #471 See merge request gnutls/gnutls!656
| * Fix variable overflow in TLS1.3 session ticket codeTim Rühsen2018-06-061-2/+5
|/
* Merge branch 'tmp-session-ticket-incompatible' into 'master'Nikos Mavrogiannopoulos2018-06-055-40/+37
|\ | | | | | | | | TLS 1.3 session ticket: don't send ticket when no common KE modes See merge request gnutls/gnutls!652
| * tls13/session_ticket: don't send ticket when no common KE modesDaiki Ueno2018-06-053-13/+27
| | | | | | | | | | | | | | | | When the server had received psk_key_exchange_modes extension which doesn't have any overlap with the server configuration, omit to send NewSessionTicket. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * ext/psk_ke_modes: always send extension unless disabled in configDaiki Ueno2018-06-053-27/+10
|/ | | | | | | | | | | | | | With the psk_key_exchange_modes extension, clients can restrict the key exchange modes for use with resumption and in that case the server shouldn't send NewSessionTicket. This patch makes use of it to avoid receiving useless tickets, by sending the psk_key_exchange_modes extension unless PSK is completely disabled. A couple of tests need to be adjusted: tls13/prf to take into account of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to not treat the presence of the extension as error. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'fix-tests' into 'master'Nikos Mavrogiannopoulos2018-06-024-2/+4
|\ | | | | | | | | Fix tests See merge request gnutls/gnutls!646
| * Add --enable-doc to DISTCHECK_CONFIGURE_FLAGSTim Rühsen2018-06-011-1/+1
| | | | | | | | | | | | | | Make sure that 'make distcheck' works even if './configure --disable-doc' has been used in the project dir. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix tests 'ocsp-must-staple-connection' and 'ocsp-tls-connection'Tim Rühsen2018-06-012-0/+2
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix tests/cert-tests/template-test for 'make distcheck'Tim Rühsen2018-06-011-1/+1
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-session-ticket-key-name' into 'master'Nikos Mavrogiannopoulos2018-06-013-47/+30
|\ | | | | | | | | | | | | psk: add deterministic detection of session tickets Closes #450 See merge request gnutls/gnutls!651
| * ext/pre_shared_key: make PSK identity parsing robustertmp-session-ticket-key-nameDaiki Ueno2018-06-012-38/+23
| | | | | | | | | | | | | | | | | | | | | | | | Previously, to determine whether a PSK identity is a ticket or a PSK username, it relied on PskIdentity.obfuscated_ticket_age, which "SHOULD" be 0 if the identity is a PSK username. This patch instead checks the key name of the ticket first and then check the constraints of the PSK username. That way, it can distinguish tickets and PSK usernames in a more realible manner. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * _gnutls_decrypt_session_ticket: fail early on key name mismatchDaiki Ueno2018-06-011-9/+7
|/ | | | | | | If the key name of the ticket doesn't match, we don't need to parse the entire ticket. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Merge branch 'tmp_rename_ecc_extensions' into 'master'Nikos Mavrogiannopoulos2018-05-3112-158/+217
|\ | | | | | | | | | | | | Renamed extension supported ECC to supported groups. Closes #451 and #454 See merge request gnutls/gnutls!649
| * Renamed extension supported ECC to supported groups. Fixes #451.Tom Vrancken2018-05-2912-158/+217
|/ | | | | | Split combined ECC extensions into different files. Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Merge branch 'fix-warnings' into 'master'Nikos Mavrogiannopoulos2018-05-2610-18/+41
|\ | | | | | | | | Fix some warnings in test suite See merge request gnutls/gnutls!647
| * Fix more warnings in tests/Tim Rühsen2018-05-264-1/+32
| | | | | | | | | | | | | | | | | | To not introduce larger code changes, these bugs are mostly fixed by #pragma understood by gcc and clang. A check for the minimal gcc/clang version prevents warnings about unknown pragmas with other or older compilers. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
| * Fix warnings in test suiteTim Rühsen2018-05-266-17/+9
|/ | | | | | | | | | | | | | | | | | | Fixes: tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable] record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable] record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label] alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable] alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable] alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable] send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes] tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable] tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable] tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable] x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable] x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable] x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable] Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Merge branch 'tmp-session-resumption2' into 'master'Nikos Mavrogiannopoulos2018-05-2648-875/+2528
|\ | | | | | | | | | | | | TLS 1.3 session resumption Closes #441 and #290 See merge request gnutls/gnutls!638
| * tests: resume: check whether PSK username matches on resumptionNikos Mavrogiannopoulos2018-05-261-2/+14
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * resumption: reduce session parameters stored under TLS1.3Nikos Mavrogiannopoulos2018-05-261-162/+131
| | | | | | | | | | | | | | That is, do not store extensions or security parameters which depend on extension negotiation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * session_ticket: use random noncesNikos Mavrogiannopoulos2018-05-261-4/+1
| | | | | | | | | | | | | | Avoid using any time values in plain as this could allow association of clients. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * updated auto-generated filesNikos Mavrogiannopoulos2018-05-263-0/+4
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * doc: mention changes under TLS 1.3Nikos Mavrogiannopoulos2018-05-261-0/+9
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: added main use-case test for gnutls_session_ticket_send()Nikos Mavrogiannopoulos2018-05-262-1/+361
| | | | | | | | | | | | | | | | | | It verifies whether a server can use gnutls_session_ticket_send() to send a ticket after re-authentication, and whether a client can receive that ticket and re-authenticate with it, while its certificate is made available to server. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * handshake: do not include async messages into transcriptNikos Mavrogiannopoulos2018-05-261-34/+38
| | | | | | | | | | | | | | This prevents the session tickets to affect re-authentication or other operations that require the transcript. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * gnutls_session_ticket_send: new functionNikos Mavrogiannopoulos2018-05-265-1/+57
| | | | | | | | | | | | | | Introduced in order for a server to be able to send an arbitrary amount of tickets, at any time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * handshake: store session parameters in TLS1.3 ticketNikos Mavrogiannopoulos2018-05-266-26/+77
| | | | | | | | | | | | | | This allows a TLS1.3 server to obtain certificate or other information from the client on a resumed session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * handshake: TLS1.3 async messages trigger the handshake hookNikos Mavrogiannopoulos2018-05-264-19/+78
| | | | | | | | | | | | | | | | | | | | That is, the callback set with gnutls_handshake_set_hook_function() is now called even on the async handshake messages received under TLS1.3, such as key update, etc. Resolves #441 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| * tests: check various parameters on resumptionNikos Mavrogiannopoulos2018-05-264-60/+158
| | | | | | | | | | | | | | | | | | | | | | | | That is, check gnutls_session_is_resumed() is functional on server side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers() and gnutls_certificate_get_ours() operate as expected, and whether session resumption fails with tickets after expiration time has passed. In addition improve function documentation by documenting the current semantics for the functions above. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status