| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
There were few infinite loop constructions which were checking
for an always true condition. Make sure that this construction
is marked explicitly as while(1) to assist static analysers, or
reviewers.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |\
| |
| |
| |
| | |
gnutls_session_get_desc: avoid printing a NULL value
See merge request gnutls/gnutls!1038
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When gnutls_session_set_premaster() is used (under openconnect),
it is possible that gnutls_session_get_desc will print a string like
this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)"
With this change we ensure that we do not print null values.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\ \
| | |
| | |
| | |
| | | |
nettle/rnd-fips: add FIPS 140-2 continuous RNG test
See merge request gnutls/gnutls!1034
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a continuous random number generator test as defined in FIPS
140-2 4.9.2, by iteratively fetching fixed sized block from the system
and comparing consecutive blocks.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
lib: add support for AES-GMAC
Closes #781
See merge request gnutls/gnutls!1036
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
requires nonce, but it was not supplied.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Calling set_nonce before set_key is plain incorrect. For GMAC key is not
initialized. For UMAC set_key will reset nonce to empty.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for computing AES-GMAC using MAC API, as requested by Samba
for SMB3 support.
Resolves: #781
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
options
Resolves: #794
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were not setting the third array member correctly, though
this didn't have any impact to previous implementations as they
did not rely on it. This also moves away from the custom implementation
of cpuid (which was limited), and we now rely on the compiler's
version.
This effectively enables support for SHA_NI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
During the test suite run we require that all supported
MAC and hash algorithms implement the copy function.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
This implements the new API to all internal implementations.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Add gnutls_hash_copy() function for copying message digest context.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add gnutls_hmac_copy() API to duplicate MAC handler state, which is
necessary for SMB3 support.
Resolves: #787
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |/
|
|
|
|
|
|
|
| |
GOST ciphersuites requires continuously computing MAC of all the
previously sent or received data. The easies way to support that is to
add support for copy function, that creates MAC instance with the same
internal state.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This introduces the inih copylib, and makes our configuration
file parsing more flexible.
Relates: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is to warn for a future conversion of these APIs to a no-op.
Resolves: #789
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |\
| |
| |
| |
| | |
gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag
See merge request gnutls/gnutls!1025
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously this flag was ignored, although documented not to.
This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi
which were supposed to test this interface, but were never enabled.
This was caught by Andreas Metzler.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |/
|
|
|
|
|
|
|
|
| |
Previously, we only tested nettle's AES-CBC in
_gnutls_fips_perform_self_checks1(), which is called before the
implementation is overridden. This adds an AES-CBC self-test in
_gnutls_fips_perform_self_checks2() so it can test the actual
implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes the multiple KeyUpdate messages handling in commit
65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is
sent even if the limit doesn't exceed.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
|
|
|
| |
_gnutls_set_datum(): Do not change output 'dat' on error
_gnutls_set_strdatum: Likewise, cleanup code
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
|
|
|
|
| |
This allows having fixed data in the hello message involved.
That required exposing the variable holding the global gnutls
version number for testing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
In FIPS mode do an extra check that we did have Q, but it is always
passed into the tls13 derive function from the callers.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is for NIST SP800-56A requirements and FIPS CAVS testing.
GnuTLS never passes in a non-empty Q for normal operations, but tests will
and if Q is passed in it needs to be checked.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix handling of malformed KeyUpdate messages
Closes #699
See merge request gnutls/gnutls!1005
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The limit was too small when testing the capability of handling
multiple KeyUpdate messages with tlsfuzzer.
This requires a change in the rate limit logic, as previously it
doesn't count the KeyUpdate messages despite the name of
KEY_UPDATES_PER_SEC.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The function checks if a Handshake message is interleaved with an
Application Data, but the check was insuffient because it assumed that
a complete header is received in the buffer.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
priority: add new option to allow small records (>= 64)
See merge request gnutls/gnutls!1006
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a mismatch in the lower limit of record sizes in RFC
8449 (64) and our default (512). If the server advertises a smaller
limit than our default, the client has no way to keep communicating
with the server.
This patch adds a new priority string option %ALLOW_SMALL_RECORDS to
set the limit to 64.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA
Closes #754
See merge request gnutls/gnutls!1004
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The gnutls_certificate_verify_flags comparisons against
OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.
Resolves: #754
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
server auth: disable TLS 1.3 if no signature algorithm is usable
Closes #731
See merge request gnutls/gnutls!987
|
