summaryrefslogtreecommitdiff
path: root/lib/state.c
Commit message (Collapse)AuthorAgeFilesLines
* ext/record_size_limit: distinguish sending and receiving limitstmp-record-sizesDaiki Ueno2019-05-141-0/+4
| | | | | | | | | | | | | | | | The previous behavior was that both sending and receiving limits are negotiated to be the same value. It was problematic when: - client sends a record_size_limit with a large value in CH - server sends a record_size_limit with a smaller value in EE - client updates the limit for both sending and receiving, upon receiving EE - server sends a Certificate message larger than the limit With this patch, each peer maintains the sending / receiving limits separately so not to confuse with the contradicting settings. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* handshake: move early secrets calculation to pre_shared_keyDaiki Ueno2019-04-191-1/+1
| | | | | | | TLS 1.3 Early Secret and the derived keys are calculated upon a PSK being selected, thus the code fits better in ext/pre_shared_key.c. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* doc: mark TLS1.2 functions as such [ci skip]Nikos Mavrogiannopoulos2019-04-141-0/+2
| | | | | | | | gnutls_cipher_suite_get_name and gnutls_session_get_master_secret are marked as TLS1.2 or earlier-only as they cannot be used with TLS 1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Improved estimation of wait in gnutls_session_get_data2tmp-improve-session-resumptionNikos Mavrogiannopoulos2019-03-191-2/+2
| | | | | | | | | | | | | Previously we would wait an arbitrary value of 50ms for the server to send session tickets. This change makes the client wait for the estimated single trip time + 60 ms for the server to calculate the session tickets. This improves the chance to obtain tickets from internet servers during the call of gnutls_session_get_data2(). Resolves: #706 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Protected _gnutls_epoch_get from _gnutls_epoch_gc on false startNikos Mavrogiannopoulos2019-03-021-2/+13
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_record_send2: try to ensure integrity of operations on false and ↵Nikos Mavrogiannopoulos2019-03-021-0/+10
| | | | | | | | | | early start This adds a double check in the sanity check of gnutls_record_send2() for the initial_negotiation_completed value, making sure that the check will be successful even in parallel operation of send/recv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: added more information on operation under multiple threadsNikos Mavrogiannopoulos2019-03-021-1/+1
| | | | | | Relates: #713 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Implemented support for raw public-key functionality (RFC7250).Tom Vrancken2018-12-151-26/+10
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Fix gnutls_handshake_set_timeout() for values < 1000tmp-fix-timeoutTim Rühsen2018-12-061-1/+2
| | | | | | | handshake-timeout.c now tests for <1000ms timeout and for >=1000ms timeout. The test duration decreased from 45s to 1.2s. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* doc: corrected typos [ci skip]Nikos Mavrogiannopoulos2018-11-211-4/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fix-certificate-type' into 'master'Nikos Mavrogiannopoulos2018-11-191-16/+23
|\ | | | | | | | | gnutls_certificate_type_get*: ensure that the default type is returned See merge request gnutls/gnutls!806
| * gnutls_certificate_type_get*: updated documentation to list limitationstmp-fix-certificate-typeNikos Mavrogiannopoulos2018-11-191-16/+23
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | tls13/session_ticket: fix "max_early_data_size" extension handlingDaiki Ueno2018-11-181-0/+3
|/ | | | | | session->security_parameters.max_early_data_size is initially set to 0. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* update documentation on GNUTLS_AUTO_REAUTH and gnutls_record_get_direction ↵Nikos Mavrogiannopoulos2018-11-171-6/+9
| | | | | | | | | | | [ci skip] That clarifiesthe intention, and adds warning of using this flag when multiple threads are involved. Based on suggestion by Michael Catanzaro. Relates: #615 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* handshake: handle early dataDaiki Ueno2018-11-111-0/+7
| | | | | | | | | | | This plumbers early data handling in the handshake processes, which consists of: - traffic key updates taking into account of client_early_traffic_secret - early data buffering in both server and client - the EndOfEarlyData message handling - making use of max_early_data_size extension in NewSessionTicket Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Renamed fields in priority_st to improve code readability. Fixes #453.Tom Vrancken2018-10-181-3/+3
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Added session ticket key rotation with TOTPAnder Juaristi2018-09-191-0/+3
| | | | | | | | | | | This introduces session ticket key rotation on server side. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. Resolves #184 Signed-off-by: Ander Juaristi <a@juaristi.eus>
* Implemented RFC7250 certificate type negotiation extensions.Tom Vrancken2018-08-201-3/+174
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* TLS 1.3: ignore "early_data" extensionDaiki Ueno2018-08-061-0/+8
| | | | | | | | | | As 0-RTT is still not implemented in GnuTLS, the server responds with 1-RTT, by skipping decryption failure up to max_early_data_size, as suggested in 4.2.10 Early Data Detection. Resolves #512 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls1.3: server returns early on handshake when no cert is provided by clientNikos Mavrogiannopoulos2018-08-031-0/+3
| | | | | | | | | | | | Under TLS1.3 the server knows the negotiated keys early, if no client certificate is sent. In that case, the server is not only able to transmit the session ticket immediately after its finished message, but is also able to transmit data, similarly to false start. Resolves #481 Resolves #457 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTHNikos Mavrogiannopoulos2018-07-021-0/+2
| | | | | | | | This allows a server application to detect whether the client would support post handshake authentication or not without initiating via gnutls_reauth(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* key update: corrected generation of keysNikos Mavrogiannopoulos2018-06-271-4/+0
| | | | | | Resolves #485 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_supplemental_register: disable TLS 1.3 globallyNikos Mavrogiannopoulos2018-06-211-0/+7
| | | | | | | | | This allows using the registered supplemental data handlers, since these are not used under TLS 1.3. Resolves #479 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check various parameters on resumptionNikos Mavrogiannopoulos2018-05-261-2/+3
| | | | | | | | | | | | That is, check gnutls_session_is_resumed() is functional on server side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers() and gnutls_certificate_get_ours() operate as expected, and whether session resumption fails with tickets after expiration time has passed. In addition improve function documentation by documenting the current semantics for the functions above. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* TLS 1.3: Introduced TLS 1.3 session resumptionAnder Juaristi2018-05-261-7/+24
| | | | | | | | | | | | | | | | | This introduces session resumption under TLS 1.3. For that, it enables the psk_ke_modes extension when we enable session tickets. It enables sending session tickets in addition to PSK usernames. The detection of resumption vs pure PSK is done by comparing the indexes sent with the index received by the server. TLS 1.3 session tickets are always sent to the peer unless the GNUTLS_NO_TICKETS is specified. Resolves #290 Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Signed-off-by: Daiki Ueno <dueno@redhat.com>
* _gnutls_epoch_new: allow re-allocation epoch next epochtmp-constate-fixNikos Mavrogiannopoulos2018-04-181-1/+1
| | | | | | | | | | | On certain cases when re-handshake is interrupted by application data, _gnutls_epoch_new() will be called twice. Make sure that this does not lead to an error. We also rename the function to clarify its purpose _gnutls_epoch_setup_next(). Resolves #426 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added support for out-of-band Pre-shared keys under TLS1.3Ander Juaristi2018-04-061-6/+19
| | | | | | | | | | | That adds support for pre-shared keys with and without Diffie-Hellman key exchange. That's a modified version of initial Ander's patch. Resolves #414 Resolves #125 Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>
* session state: TLS1.2 and TLS1.3 state is stored as unionNikos Mavrogiannopoulos2018-02-191-23/+38
| | | | | | | | | That is, to reduce memory usage as these protocol cannot be used in parallel. Relates: #281 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* session state: organized key exchange keys into structuresNikos Mavrogiannopoulos2018-02-191-19/+19
| | | | | | | That is, with the view of separating the data needed for TLS1.2 and earlier and TLS1.3. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* record state: avoid memory allocations for stored keysNikos Mavrogiannopoulos2018-02-191-6/+15
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: ffdhe flags merged with handshake flagsNikos Mavrogiannopoulos2018-02-191-2/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: false start flag merged with hsk_flagsNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: use hsk_flags in TLS1.2 and TLS1.3Nikos Mavrogiannopoulos2018-02-191-1/+0
| | | | | | | The flags provide a more transparent view of the received and expected messages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: added support for post-handshake authenticationNikos Mavrogiannopoulos2018-02-191-0/+5
| | | | | | | | | | | | That is: * introduced a gnutls_init() flag for clients to enable post-handshake authentication * introduced gnutls_reauth() function, to be called by servers to request authentication, and by clients to perform authentication Resolves #562 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_record_set_state: use const for seq_numberNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_record_get_state: doc updateNikos Mavrogiannopoulos2018-02-191-2/+3
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: introduced gnutls_session_key_update()Nikos Mavrogiannopoulos2018-02-191-0/+2
| | | | | | | This function allows updating keys of the session and notifying the peer. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* dtls: cookie is stored dynamically when needed rather than in pre-allocated sizeNikos Mavrogiannopoulos2018-02-191-0/+1
| | | | | | | | | That reduces the number of bytes used in cases where DTLS is not in use or we are in server-side. Relates #281 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extensions: renamed _gnutls_hello_ext_*sdata to _gnutls_hello_ext_*privNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: accept hello retry request in client sideNikos Mavrogiannopoulos2018-02-191-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: send hello retry request when no key share matchesNikos Mavrogiannopoulos2018-02-191-0/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuitesNikos Mavrogiannopoulos2018-02-191-0/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extensions: files renamed to hello_extNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* extensions: renamed hello extension handling functions appropriatelyNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added support for key share extensionNikos Mavrogiannopoulos2018-02-191-0/+5
| | | | | | This enables TLS 1.3 key exchange based on the key share extension. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: updated text on gnutls_handshake_set_hook_functionNikos Mavrogiannopoulos2018-02-131-6/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* constate: simplified allocation of epochsNikos Mavrogiannopoulos2017-09-251-9/+4
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919Nikos Mavrogiannopoulos2017-08-181-0/+2
| | | | | | | This allows checking whether the DHE parameters used were negotiated using RFC7919. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_int.h: removed unused variable from stateNikos Mavrogiannopoulos2017-08-111-1/+2
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
View Lorry Controller Status