| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
That is, prevent re-using a static PIN if it has already been
known to be wrong. Introduced tests of that behavior.
Resolves #425
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
Fix re-handshake failure when interrupted by application data
Closes #426
See merge request gnutls/gnutls!620
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On certain cases when re-handshake is interrupted by application
data, _gnutls_epoch_new() will be called twice. Make sure that
this does not lead to an error. We also rename the function to
clarify its purpose _gnutls_epoch_setup_next().
Resolves #426
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Relates: #426
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
It was a legacy variable for error printing that was never
used uniformly.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| | |
That also makes macros from eagain-common.h functioning under cmocka.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
tls13/finished: addressed memory leak in receiving finished packet
See merge request gnutls/gnutls!619
|
|/
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It is used only in DTLS where multiple handshake states may be
active.
Resolves #421
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Disable TLS1.3 under certain priority strings
See merge request gnutls/gnutls!617
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reason is that these ciphersuites cannot be negotiated using TLS1.3.
There is a different strategy followed for these.
* NULL ciphersuites: they are not something normally enabled and used
for debugging purposes mostly. When set both in client and server side
only TLS1.2 can be used.
* SRP ciphersuites: they are used on client side when the client is actually
performing a username-password authentication with SRP. On server side we
can have indeed a server support SRP and non-SRP. In that case we limit
both on TLS1.2. That an unfortunate restriction, but is not a regression
and IMHO these servers would most likely be phased out as very few would
want to stick to TLS1.2 connections for SRP; or we may have an SRP update
for TLS1.3 which could lift that limitation in the future.
* ANON ciphersuites: they are used in certain client/server setups where very
basic level of security is required, and in opportunistic encryption scenarios.
There is a difference in the handling of these cases. In the case of Anon-only
server/clients they provide the session with anonymous credentials structure; in
the case of opportunistic encryption they provide both certificate and anonymous
credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we
see no certificate or PSK credentials we disable TLS1.3 negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses a memory leak found via oss-fuzz. It also
sets the right index on the selected PSK, and returns the
right server error code on incorrect key file.
Addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
That also improves the if-checks.
Issue and reproducer discovered via oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and
removes invalid NULL checks, as well as corrects the key
set for server side.
This is verified against openssl master, but does not include
automated test suite; it will be tested as part of #328
Resolves #419
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Relates: #359
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| |
| |
| | |
TLS1.3: add support for PSK key exchange
Closes #414 and #125
See merge request gnutls/gnutls!615
|
| |
| |
| |
| |
| |
| |
| | |
Add the necessary tests to verify that gnutls_psk_server_get_username()
reports the right username under TLS1.2 and TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
That includes tests with unknown usernames and connections with wrong key
and updates to fastopen.sh to use certificate auth, making it applicable
under TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
That adds support for pre-shared keys with and without Diffie-Hellman
key exchange. That's a modified version of initial Ander's patch.
Resolves #414
Resolves #125
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
That allows more uniformity across encrypt/decrypt, and
across different protocol handling.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
nettle: corrected typo in version check for compatibility mode with 3.3
See merge request gnutls/gnutls!614
|
|/
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| |
| |
| | |
Move to draft-ietf-tls-tls13-26
Closes #409, #378, and #410
See merge request gnutls/gnutls!611
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is a requirement of draft-ietf-tls-tls13-25
Resolves #409
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, because TLS1.2 has specific requirements in the ordering of
curves/groups if certain ciphersuites (ECDHE/DHE) are present, and
by being able to eliminate them early we simplify the negotiation
for TLS1.3-only clients/servers.
Relates #378
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, when %SERVER_PRECEDENCE is given in the priority string make
sure that the negotiated curve of DH group respects the server's priorities.
That's very relevant under TLS1.3 as ciphersuite negotiation itself, where
%SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC
unlike TLS1.2 which included key exchange as well.
Resolves #378
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
|
| |
This is a requirement of draft-ietf-tls-tls13-26
Resolves #410
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
| |
That is, avoid using the := syntax, set the right version variable
and use a hidden file for abi-check cache stamp.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As abi-dumper and abi-compliance-checker tools are not reliable when
run across different systems, we now compare the previous tag ABI with the
current compiled library. That is in contrast with the previous behavior
of storing the output files of abi-dumper, which can become obsolete on
a CI update.
That also moves the ABI check only on the CI, and not in the 'make dist' rule
as it takes significant time to run.
This relates to an issue reported against libidn2's use of abi-compliance-checker
but it affects gnutls as they share similar code:
https://gitlab.com/libidn/libidn2/issues/42
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That enables the nettle version macros to operate.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|