summaryrefslogtreecommitdiff
path: root/lib/auth
Commit message (Collapse)AuthorAgeFilesLines
* _gnutls_proc_srp_client_kx: use same type in subtracted valuesNikos Mavrogiannopoulos2017-08-161-1/+1
| | | | | | | | | | This ensures that there are no issues with subtracting those values. Note that the second is read from an uint16_t and thus it is always positive regardless its type. Resolves #244 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rsa-psk: corrected memory leak on invalid decryptNikos Mavrogiannopoulos2017-08-091-0/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cert selection: prioritize RSA-PSS certs over RSANikos Mavrogiannopoulos2017-08-082-3/+14
| | | | | | | | | | | | | | | | RSA and RSA-PSS can both be used for RSA-PSS operations, and as such without prioritizing RSA-PSS certificates it is unknown which certificate will be used for an RSA-PSS operation. The reason we want to have only RSA-PSS keys used for RSA-PSS operations is to cover the use case where a server uses a legacy RSA certificate for clients that don't support RSA-PSS and an RSA-PSS certificate for the rest, thus separating the keys used for these client groups. That separation ensures that any issue on PKCS#1 1.5 (legacy RSA), would not affect sessions which use RSA-PSS. Resolves #243 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_certificate_credentials_t: combine privkey into cert_st structureNikos Mavrogiannopoulos2017-08-082-16/+8
| | | | | | | | This reduces the number of applications and allows for easier use of the structure information, as they are now self-contained for most uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_pk_params_st: separate flags/qbits and curveNikos Mavrogiannopoulos2017-08-082-3/+3
| | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* prior to negotiating a signature check compatibility with private keyNikos Mavrogiannopoulos2017-08-041-4/+14
| | | | | | | | | | | | | That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: select a signature algorithm earlyNikos Mavrogiannopoulos2017-08-041-2/+54
| | | | | | | | | | | | That is, select the signature algorithm at the point the certificate and ciphersuites are decided. Also ensure that a compatible signature algorithm with the ciphersuite and the key is selected. That prevents situations where a ciphersuite and a certificate are negotiated, but later on the handshake we figure that there are no common signature algorithms. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* cleanup: removed duplicate parameter in gnutls_pubkey_stNikos Mavrogiannopoulos2017-08-031-5/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: ease access to group information by keeping pointer to itNikos Mavrogiannopoulos2017-08-024-25/+29
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: simplified contents by keeping pointer to ↵Nikos Mavrogiannopoulos2017-08-022-5/+2
| | | | | | | | | cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS: introduced support for RFC7919 groupsNikos Mavrogiannopoulos2017-08-0111-218/+118
| | | | | | | | | | | That replaces the EC curve extension negotiation with the negotiated groups extensions, introduces handling for groups as priority strings, as well as using and checking of RFC7919 DH parameters once negotiated. Resolves: #37 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519Nikos Mavrogiannopoulos2017-07-171-4/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added support for EdDSA (Ed25519) curve keysNikos Mavrogiannopoulos2017-07-171-2/+3
| | | | | | | | This adds support for draft-ietf-curdle-pkix-04. Resolves #25 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Print the requested CA names when in debug modeNikos Mavrogiannopoulos2017-07-111-3/+9
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* priorities: share priority structures across sessionsNikos Mavrogiannopoulos2017-07-103-4/+4
| | | | | | | | | | | | | As the contents of the priority cache grows, it makes sense to shared these structures across many sessions (in server side) rather than copying them to a session. All overrides of the priority contents were moved to session->internals. On client side where gnutls_priority_set_direct() is more commonly used, ensure that the set priority is deinitialized. That also introduces gnutls_priority_set2() which does not copy the priority contents by default. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Renamed fields of sign_algorithm_stNikos Mavrogiannopoulos2017-07-102-16/+14
| | | | | | | The new names better reflect the reality with signature algorithms in TLS 1.3, and correct the initial naming error. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: simplified signature algorithm list generationNikos Mavrogiannopoulos2017-07-101-8/+1
| | | | | | | | Similarly to ciphersuites, that also utilizes a cache of signature algorithms on the priority structure which is used to quickly generate the signature algorithm list. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: simplified the server-side ciphersuite negotiationNikos Mavrogiannopoulos2017-07-102-66/+90
| | | | | | | | | | | | | This eliminates all the back and forth loops in the previous code while keeping the same ciphersuite selection checks in place. The ciphersuite selection tests that were kept: * Check if key exchange supports the server public key and key usage flags * Check if DH or other parameters required for the ciphersuite are present * Find appropriate certificate for the credentials and ciphersuite * Check whether a curve is negotiated for the ECDH ciphersuites Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed support for openpgp certificates and keysNikos Mavrogiannopoulos2017-06-163-545/+8
| | | | | | Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* removed type extension_priv_data_tNikos Mavrogiannopoulos2017-06-141-3/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* corrected typo in x962 functionsNikos Mavrogiannopoulos2017-06-121-4/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tls-sig: re-organize and simplify the TLS signature generation and verificationNikos Mavrogiannopoulos2017-05-312-3/+36
| | | | | | | | That makes sure that the high level APIs are used when possible, and separate the TLS 1.2 from other code paths. This will allow supporting signature schemes like EdDSA and others. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Rework KX -> PK mappingsDmitry Eremin-Solenikov2017-05-291-7/+2
| | | | | | | | GOST VKO and PSS keys would support several public keys, so change the previous 1:1 kx->pk mapping into 1:many. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rsa-psk: Use the correct username datumtmp-fix-rsa-psk-cbNicolas Dufresne2017-05-061-2/+2
| | | | | | | | | In rsa-psk we properly request username for the case the application uses a callback, but later we use the username cached in the credentials structure. This will lead to empty username issues. Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
* cert: ensure that there are no leftovers in certificate msgNikos Mavrogiannopoulos2017-03-281-1/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: reset cert request state on handshake initNikos Mavrogiannopoulos2017-03-211-1/+1
| | | | | | | | That addresses a bug which on client side on case of an initial handshake with a client certificate, we continue to send this certificate even if on rehandshake we were not requested with on. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_pk_generate_keys: separate between ephemeral and long-term keysNikos Mavrogiannopoulos2017-03-162-4/+4
| | | | | | That allows using the faster generator for ephemeral keys. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* _gnutls_proc_x509_server_crt: return GNUTLS_E_CERTIFICATE_ERROR on parsing errorNikos Mavrogiannopoulos2017-03-071-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* auth: failures of _gnutls_mpi_init_scan_nz map to ↵Nikos Mavrogiannopoulos2017-03-072-12/+12
| | | | | | | | | GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER That ensures that the right alert is send when illegal parameters are received (e.g., zero length). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* srp: use nonce level for SRP password randomizationNikos Mavrogiannopoulos2017-02-211-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* preinitialize variables to work-around warnings with clangNikos Mavrogiannopoulos2017-02-201-0/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* eliminated dead code as indicated by clang scan-buildNikos Mavrogiannopoulos2017-02-201-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* auth rsa: eliminated memory leak on pkcs-1 formatting attack pathNikos Mavrogiannopoulos2017-01-041-1/+5
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* proc_server_kx: eliminated leak on error pathNikos Mavrogiannopoulos2017-01-031-0/+3
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed redundant certificate key usage checks.Nikos Mavrogiannopoulos2016-12-011-14/+0
| | | | | | There were redundant checks when a certificate was obtained, as well as prior to performing operations with certificates/pubkeys. Kept the checks prior to operations.
* deprecated _gnutls_rnd() in favor of exported gnutls_rnd()Nikos Mavrogiannopoulos2016-11-044-6/+6
|
* DH: introduced gnutls_*_set_known_dh_params()Nikos Mavrogiannopoulos2016-10-143-0/+5
| | | | | | | | | | | That is, the functions gnutls_certificate_set_known_dh_params(), gnutls_anon_set_server_known_dh_params(), gnutls_psk_set_server_known_dh_params(). These functions allow to statically set the DH parameters, based on the RFC7919 FFDHE parameters. This can simplify server configuration by allowing DH without loading parameters from file. Relates #37
* Added gnutls_certificate_set_ocsp_status_request_function2Nikos Mavrogiannopoulos2016-09-122-16/+36
| | | | | | | | | | | That introduces a new function to allow setting an OCSP status request handling function per certificate. Furthermore it repurposes the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file. The changes above allow setting a different OCSP status response file per certificate, and a different function. The indexes they rely on to associate with existing certs are the indexes returned by the gnutls_certificate_set_key() and friends functions.
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-116-20/+20
|
* lib: eliminated the use of deprecated variablesNikos Mavrogiannopoulos2016-06-061-2/+2
|
* doc updateNikos Mavrogiannopoulos2016-05-171-1/+1
|
* Allow for conditional compilation of SSL 3.0 protocolNikos Mavrogiannopoulos2016-05-141-4/+9
| | | | | | | This allows to completely remove SSL 3.0 support by calling configure with the '--disable-ssl3' option. Resolves #93
* call_get_cert_callback: removed dead codeNikos Mavrogiannopoulos2016-05-101-5/+0
|
* auth/cert: log the server name requested by clientNikos Mavrogiannopoulos2016-05-101-1/+3
|
* srp base64: return proper gnutls errors codes on error rather than -1Nikos Mavrogiannopoulos2016-04-291-4/+4
|
* instead of assigning a variable per flag use the init flags directlyNikos Mavrogiannopoulos2016-04-281-1/+1
| | | | | That is store the flags provided in gnutls_init() in the session structure and use these flags directly when required.
* added flag in session to force sending a client certificateNikos Mavrogiannopoulos2016-04-281-5/+7
| | | | | | | | | This handles the use case of a client connecting to a server which incorrectly lists the CA certificates it supports. Without that change the only option was to avoid using the "automatic" client certificate functions, but rather utilize callbacks. With that approach this use case is handled by the "automatic" certificate selection functions.
* ecdhe: eliminated unneeded checks for zero of public parametersNikos Mavrogiannopoulos2016-04-241-6/+0
| | | | | There were not required by either draft-ietf-tls-rfc4492bis-07 or rfc7748.
* handshake: added support for ECDH with curve X25519Nikos Mavrogiannopoulos2016-04-241-65/+152
| | | | This follows draft-ietf-tls-rfc4492bis-07 and rfc7748
* ecdhe: print the received curve from the server on debug modeNikos Mavrogiannopoulos2016-04-241-0/+7
|
View Lorry Controller Status