| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section:
The "pre_shared_key" extension MUST be the last extension in the
ClientHello (this facilitates implementation as described below).
Servers MUST check that it is the last extension and otherwise fail
the handshake with an "illegal_parameter" alert.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The pre-shared-key MUST always be last under TLS1.3 while the
dumbfw extension should be last in order to do proper evaluation
of extension size (gnutls requirement). As such the protocol
requirement takes precedence.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix variable overflow in TLS1.3 session ticket code
Closes #471
See merge request gnutls/gnutls!656
|
| |/ |
|
| |\
| |
| |
| |
| | |
TLS 1.3 session ticket: don't send ticket when no common KE modes
See merge request gnutls/gnutls!652
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When the server had received psk_key_exchange_modes extension which
doesn't have any overlap with the server configuration, omit to send
NewSessionTicket.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the psk_key_exchange_modes extension, clients can restrict the
key exchange modes for use with resumption and in that case the server
shouldn't send NewSessionTicket. This patch makes use of it to avoid
receiving useless tickets, by sending the psk_key_exchange_modes
extension unless PSK is completely disabled.
A couple of tests need to be adjusted: tls13/prf to take into account
of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to
not treat the presence of the extension as error.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| | |
Fix tests
See merge request gnutls/gnutls!646
|
| | |
| |
| |
| |
| |
| |
| | |
Make sure that 'make distcheck' works even if
'./configure --disable-doc' has been used in the project dir.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| | |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |/
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
psk: add deterministic detection of session tickets
Closes #450
See merge request gnutls/gnutls!651
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, to determine whether a PSK identity is a ticket or a PSK
username, it relied on PskIdentity.obfuscated_ticket_age, which
"SHOULD" be 0 if the identity is a PSK username.
This patch instead checks the key name of the ticket first and then
check the constraints of the PSK username. That way, it can
distinguish tickets and PSK usernames in a more realible manner.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
|
|
|
| |
If the key name of the ticket doesn't match, we don't need to parse
the entire ticket.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Renamed extension supported ECC to supported groups.
Closes #451 and #454
See merge request gnutls/gnutls!649
|
| |/
|
|
|
|
| |
Split combined ECC extensions into different files.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |\
| |
| |
| |
| | |
Fix some warnings in test suite
See merge request gnutls/gnutls!647
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To not introduce larger code changes, these bugs are mostly
fixed by #pragma understood by gcc and clang.
A check for the minimal gcc/clang version prevents warnings about
unknown pragmas with other or older compilers.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable]
record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable]
record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label]
alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable]
alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable]
alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable]
send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes]
tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable]
tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable]
tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable]
x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable]
x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable]
x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable]
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
TLS 1.3 session resumption
Closes #441 and #290
See merge request gnutls/gnutls!638
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
That is, do not store extensions or security parameters which
depend on extension negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Avoid using any time values in plain as this could allow association
of clients.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It verifies whether a server can use gnutls_session_ticket_send()
to send a ticket after re-authentication, and whether a client
can receive that ticket and re-authenticate with it, while
its certificate is made available to server.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This prevents the session tickets to affect re-authentication
or other operations that require the transcript.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Introduced in order for a server to be able to send an arbitrary
amount of tickets, at any time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This allows a TLS1.3 server to obtain certificate or other
information from the client on a resumed session.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, the callback set with gnutls_handshake_set_hook_function() is
now called even on the async handshake messages received under TLS1.3,
such as key update, etc.
Resolves #441
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, check gnutls_session_is_resumed() is functional on server
side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers()
and gnutls_certificate_get_ours() operate as expected, and whether session
resumption fails with tickets after expiration time has passed.
In addition improve function documentation by documenting the current
semantics for the functions above.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This requires a few changes to the resume.c test: because
NewSessionTicket is a post-handshake message,
gnutls_session_get_data2() needs to be called after sending the first
application data. Also, when GNUTLS_E_AGAIN, gnutls_record_recv()
needs to retry.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When an async handshake message has arrived while no application data
is available, gnutls_record_recv() returns GNUTLS_E_AGAIN and the loop
in socket_recv() blocks. Since socket_recv() is guarded by select(),
it should be safe to ignore GNUTLS_E_AGAIN.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This introduces session resumption under TLS 1.3. For that,
it enables the psk_ke_modes extension when we enable session
tickets. It enables sending session tickets in addition to
PSK usernames. The detection of resumption vs pure PSK is done by
comparing the indexes sent with the index received by the server.
TLS 1.3 session tickets are always sent to the peer unless the
GNUTLS_NO_TICKETS is specified.
Resolves #290
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This adds a helper function to be extended when session resumption
is added, and clarifies why we send a prioritized list on ke modes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Ander Juaristi <a@juaristi.eus>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To reuse the same ticket construction in any TLS versions, expose the
private functions in ext/session_ticket.c.
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
In that case, ClientHello1 and HelloRetryRequest are included in the
PSK binder computation, not only the truncated ClientHello2.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
|
|
|
| |
This is for deriving resumption_master_secret, whose value is
calculated over ClientHello...client Finished.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| | |
Fix testdane by removing www.kumari.net
See merge request gnutls/gnutls!648
|
| |/
|
|
|
|
|
| |
danetool --check www.kumari.net:
Verification: Verification failed. The certificate differs.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
Updated documentation on Hello extensions.
Closes #437
See merge request gnutls/gnutls!644
|
| | |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| | |
| |
| |
| |
| |
| | |
Added description of default pack and unpack functions.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| | |
| |
| |
| |
| |
| | |
Referenced new functions _gnutls_hello_ext_set_datum / _gnutls_hello_ext_get_datum for manipulation extension data.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| | |
| |
| |
| | |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
