| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
| |
Co-authored-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This makes sure that the global variables are initialized only once.
Most of those variables are initialized at ELF constructor, though a
couple of occasions they are initialized on-demand: the global keylog
file pointer and TPM2 TCTI context. To properly protect the
initialization this patch uses gl_once provided by Gnulib.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
As Gnulib provides portability wrappers of mutex implementations, we
don't need to provide similar wrappers by ourselves.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
| |
This makes it possible to catch undefined memory access in the more
lightweight CI runs.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This workarounds the following warnings with gcc analyzer:
kx.c:156:69: error: leak of FILE '<unknown>' [CWE-775] [-Werror=analyzer-file-leak]
156 | _gnutls_bin2hex(session->security_parameters.
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
157 | client_random, GNUTLS_RANDOM_SIZE,
| ~~~~~~~~~~~~~
This should be harmless because the keylog file pointer is closed in
the ELF destructor.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having those constants could cause wrong impression that there is a
third possible value.
To reproduce the changes other than lib/gnutls_int.h:
for i in `git ls-files lib`; do
sed -i
-e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_FALSE\|!= *RESUME_TRUE\)/!\1/' \
-e 's/\(session->internals.\(resumed\|resumable\)\) *\(== *RESUME_TRUE\|!= *RESUME_FALSE\)/\1/' \
-e 's/RESUME_TRUE/true/' \
-e 's/RESUME_FALSE/false/' \
$i
done
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes use of the "e" flag of fopen, provided by the Gnulib's
fopen-gnu module.
Reported by Remi Denis-Courmont in:
https://gitlab.com/gnutls/gnutls/-/issues/985
and fix suggested by Tim Rühsen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
| |
|
|
|
|
|
|
| |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This partially reverts commit 97117556 with a simpler interface. The
original intention of having the callback mechanism was to reuse it
for monitoring QUIC encryption changes. However, it turned out to be
insufficient because such changes must be emitted after a new epoch is
ready.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This refactors the keylogfile mechanism by adding a callback to get
notified when a new secret is derived and installed. That way,
consumers can implement custom logging feature per session, which is
particularly useful in QUIC implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
|
|
|
|
| |
During keys setup phase debug log will contain sizes of all keys and
secrets, except master secret. Dump MS length (48) to log for
uniformity.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
The flags provide a more transparent view of the received
and expected messages.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This patch turns the write_nss_key_log function to an internal
API (with a different name) so that it can be called from other places
implementing TLS 1.3 key scheduling.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
That addresses a bug which on client side on case of an initial
handshake with a client certificate, we continue to send this
certificate even if on rehandshake we were not requested with on.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
In addition do not check the environment in the constructor
but instead use static variables to save the key file name.
The GNUTLS_KEYLOGFILE environment variable is no longer used
since there is no reason to have a separate one.
|
| |
|
|
|
| |
Also consider the SSLKEYLOGFILE variable, since the format is
identical and we are always appending keys.
|
| |
|
|
|
|
|
| |
That is fix bug introduced by an incorrect #ifdef, and unconditionally
provide access to certificate callbacks.
This amends 89faab9e9e9123f39e8c0c6f8da1f67de423254a
|
| |
|
|
| |
This patch makes conditional several more SSL 3.0-only parts of codebase.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
That is the file pointed from the variable is written to, and contain
the session parameters in the following format (identical to NSS key
log format):
CLIENT_RANDOM <space> <64 bytes of hex encoded client_random> <space> <96 bytes of hex encoded master secret>
and for the old RSA ciphersuites also in the format:
RSA <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded master secret>
Resolves #64
|
| |
|
|
|
|
|
| |
This allows to completely remove SSL 3.0 support by calling configure
with the '--disable-ssl3' option.
Resolves #93
|
| |
|
