| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
resumption: keep persistent session identifiers
Closes #484
See merge request gnutls/gnutls!721
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The message "If your browser supports session resuming, then you should
see the same session ID, when you press the reload button", is now printed
again even under TLS1.3.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of session ticket support (TLS1.2) and
TLS1.3, session identifiers have no persistency on server or
client side. Improve the situation by introducing persistent
session identifiers on server side in a backwards compatible
way.
Resolves #484
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix interleaved handshake handling in TLS 1.3
Closes #272
See merge request gnutls/gnutls!708
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Those tests were previously disabled because splitting of handshake
messages in a very short (< 4 bytes) fragments is not implemented.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the received record doesn't even complete the handshake
header (i.e., the record size < 4), keep it in a temporary buffer and
let the caller receive more records. Once enough amount of data is
received, move the already received records back to record_buffer and
proceed to the normal processing.
Fixes: #272
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is similar to _mbuffer_enqueue, but adds an element to the
beginning of the buffer.
This is to make the incomplete header handling case easier.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If `remain > 0` is true, `recv_buf[0].length > 0` always holds.
Combine those conditions and remove the `remain` utilizing MIN().
This is to make the incomplete header handling case easier.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
|
|
|
|
| |
Previously, to calculate the fragment length, it added/subtracted one
to the ending offset back and forth; that was not easier to read and
couldn't handle empty payload messages in TLS.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
TLS 1.3: ignore "early_data" extension
Closes #512
See merge request gnutls/gnutls!706
|
| | |
| |
| |
| |
| |
| | |
Also enable test-tls13-0rtt-garbage.py.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
As 0-RTT is still not implemented in GnuTLS, the server responds with
1-RTT, by skipping decryption failure up to max_early_data_size, as
suggested in 4.2.10 Early Data Detection.
Resolves #512
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
| |
This is particularly useful when displaying information about a
certificate trust store.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| |
| |
| | |
tls1.3: server returns early on handshake when no cert is provided by client
Closes #481 and #457
See merge request gnutls/gnutls!711
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Under TLS1.3 the server knows the negotiated keys early, if no client
certificate is sent. In that case, the server is not only able to
transmit the session ticket immediately after its finished message,
but is also able to transmit data, similarly to false start.
Resolves #481
Resolves #457
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
In the case handshake is not yet complete and we need
to terminate, it is because of an issue. As such prefer an
unclear termination at this stage. This addresses error detection
issues with tlsfuzzer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This was a regression in the previous cleanup at
f138ff85df69976badce44a5c46157cce091020f included in
3.6.3.
Resolves #534
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix gcc-8 -Wabi warnings
Closes #531
See merge request gnutls/gnutls!720
|
| |/
|
|
|
|
| |
Fixes #531
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
tests: improved test suite
Closes #508 and #513
See merge request gnutls/gnutls!719
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, when generating the public key based on the server's
key share, ensure that the algorithms match completely with
the key shares the client initially sent. This was detected
by the updated traces for TLS1.3 fuzzying.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
That is, silence fields no longer applicable under TLS1.3
and make sure that newer functions like gnutls_session_get_desc()
get used when describing the session.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Relates #359
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Resolves #508
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This checks whether handshake message fragmentation and de-fragmentation
is functional on server and client.
Resolves #513
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
That allows printing an exporting certificates of size only bounded
by avail memory.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
| |
READ_MULTI_LINE_TOKENIZED()
This allows to generate a certificate with an extension of arbitrary size.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fixes on TLS1.3 support
Closes #525
See merge request gnutls/gnutls!718
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a Hello Retry Request is received, do not set our (transient)
version to TLS1.2 on the second client hello. That's because both
peers have already negotiated TLS1.3.
This addresses issue with peers which may send a changecipherspec
message at this stage, which is now allowed when our version is
set to be TLS1.2. Introduced test suite using openssl and resumption
using HRR which reproduces the issue.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hello
We were incorrectly insisting on pre-shared key extension being last in
both client and server hello. That was incorrect, as only in client hello
it is required by TLS1.3 to be last.
Quoting:
The "pre_shared_key" extension MUST be the last extension in the
ClientHello (this facilitates implementation as described below).
Servers MUST check that it is the last extension and otherwise fail
the handshake with an "illegal_parameter" alert.
Resolves #525
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
gnutls_certificate_retrieve_function callbacks
In 9829ef9a we introduced a wrapper over the older callback functions
which didn't handle this case.
Resolves #528
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
cert-cred: fix possible segfault when resetting cert retrieval function
Closes #528
See merge request gnutls/gnutls!714
|
| |/
|
|
|
|
|
|
|
|
| |
Reset get_cert_callback3 callback to NULL if provided callback is NULL.
Otherwise after the certificate request call_legacy_cert_cb1 /
call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 /
legacy_cert_cb2 callback (set to NULL) leading to segfault.
Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| | |
Few small patches
See merge request gnutls/gnutls!715
|
| | |
| |
| |
| |
| |
| |
| |
| | |
During keys setup phase debug log will contain sizes of all keys and
secrets, except master secret. Dump MS length (48) to log for
uniformity.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Include full key block to the debug log.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
_gnutls_set_keys() can dump client/server write keys/ivs to debug log,
but it skips MAC keys. Add MAC keys to log.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
_gnutls_set_keys() creates rrnd as client random + server random, but
does not use it (it was used before for export key generation, but was
not removed when dropping support for export cipher suites).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b
|
| |/
|
|
|
|
|
| |
Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions
to ease extension of certificate selection code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| | |
Remove trailing dot from hostname input
See merge request gnutls/gnutls!709
|
| |/
|
|
|
|
| |
Fixes #532
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |\
| |
| |
| |
| |
| |
| | |
Addressed issue with ECDSA key export under PKCS#8
Closes #516
See merge request gnutls/gnutls!707
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
That makes the structure fully usable after import. In _encode_privkey()
use the lower-level _gnutls_x509_export_int2() for key encoding as the
call to higher gnutls_x509_privkey_export2() could result to an infinite
recursion when keys are incomplete.
Introduced additional tests for PKCS#8 key import and export.
Resolves: #516
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
