| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
While GnuTLS by default implicitly sends NewSessionTicket during
handshake, application protocols like QUIC set a clear boundary
between "in handshake" and "post handshake", and NST must be sent in
the post handshake state.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Fix padlock accelerated code
Closes #930
See merge request gnutls/gnutls!1226
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
wrap_padlock_hash_fast() allocates a context on a stack (via local
variable) then tries to free it by calling wrap_padlock_hash_deinit()
causing a crash. Remove a call to deinit() to fix a crash.
Fixes #930
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
padlock sha code will segfault (at least on Nano) if it is passed a NULL
data pointer (even if size is 0). Pass digest output buffer as a dummy
data pointer in such case.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
If underlying padlock_cbc_en/decrypt return an error, pass this error to
calling code.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Added null checks in legacy callbacks to avoid warnings from
static analyzers. The issues do not appear to be reproducible
in real-world use.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
| |
| |
| |
| |
| |
| | |
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
| |\ \
| | |
| | |
| | |
| | | |
gnutls_session_get_keylog_function: new function
See merge request gnutls/gnutls!1220
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This adds a way to retrieve the keylog function set by
gnutls_session_set_keylog_function() to allow application protocols to
implement custom logging facility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
support non-NULL-terminated PSKs
Closes #586
See merge request gnutls/gnutls!917
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
memory access
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit closes #586.
Two new functions are introduced: gnutls_psk_server_get_username2()
and gnutls_psk_set_client_username2(), which are identical in behavior
to those named similarly (without the final '2'), but allow arbitrary
gnutls datums (not strings) to be used as usernames.
Two new callback functions are also introduced, with their respective
setters: gnutls_psk_set_server_credentials_function2() and
gnutls_psk_set_client_credentials_function2().
In addition, the password file format is extended so that non-string
usernames can be specified. A leading '#' character tells GnuTLS that the
username should be interpreted as a raw byte string (encoded in HEX).
Example:
#deadbeef:9e32cf7786321a828ef7668f09fb35db
Signed-off-by: Ander Juaristi's avatarAnder Juaristi <a@juaristi.eus>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
global: Load configuration after FIPS POST
Closes #956
See merge request gnutls/gnutls!1216
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, if the loaded configuration file disabled an algorithm
tested during FIPS-140 power-on self-tests, the test would fail. By
loading the configuration file after the test is finished, such failure
is avoided as any algorithm is allowed during the tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for loading Ed25519 keys from PKCS#11 and using them
Closes #946
See merge request gnutls/gnutls!1200
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
EC_POINT attribute
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also introduces GNUTLS_CIPHER_CHACHA20_32, which is a 96-bit
nonce variant of GNUTLS_CIPHER_CHACHA20_64.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |/
|/|
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
ed448: fix certificate signature verification
See merge request gnutls/gnutls!1213
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Ed448 signature scheme internally uses XOF (SHAKE256) as the hash
function with 114-octet output. According to FIPS-202, the strength
against collisions is calculated as:
min(114*8/2, 256) = 256
Reported by Peter Dettman in:
https://gitlab.com/gnutls/gnutls/-/issues/128#note_304892538
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Improve FIPS signatures self-tests
See merge request gnutls/gnutls!1206
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use deterministic signatures for ECDSA and DSA in test_known_sig(). Do
not call test_known_sig() for non-deterministic algorithms. Do not run
PK_TEST() for algorithms tested with PK_KNOWN_TEST().
The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140
mode is disabled. When called explicitly with FIPS-140 mode enabled,
the pairwise-consistency test (PK_TEST()) is used instead.
test_known_sig() was modified to support only deterministic algorithms.
The "deterministic" parameter was replaced with the "flags" parameter
through which the flags to be used in gnutls_privkey_sign_data() are
passed.
The hard-coded values for the ECDSA and DSA signatures were replaced
with the values corresponding to the deterministic signatures to be used
in known answer tests. The unused values for GOST signatures were
removed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, test_sig() would use the same key regardless the value
provided in bits parameter. The changes introduced make test_sig() to
choose the key according to the value provided in bits.
For RSA, only 2048 bits key is available for testing. The calls were
adjusted accordingly.
Introduced 2048 bits DSA key in test_sig(). Removed unused 512 bits
key, leaving only the 2048 bits key available.
For GOST, use the same keys for test_sig() and test_known_sig(). Remove
the unused keys.
Reorder constant values and change variables names for better
readability.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, when multiple tests where declared in sequence using one of
the macros, only the first test would be executed. This happened
because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the
macro. To allow more than one test to be executed in sequence, the
check for the flag was removed from both macros.
To keep the previous behaviour (execute only the first test) the check
for the flag was moved to be after the first test, except for RSA since
the RSA encryption test must be executed in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OSS Fuzzer noted an issue in parsing (incorrect) CRL files with
zero-length version field. Certificate parser does not have this issue,
while CRL and OCSP Request and Response parsers shows this problem. To
remove code duplication extract common function and use it from all four
parsers.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
x509: drop endless loop in print_extensions
See merge request gnutls/gnutls!1205
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If crq is malformed in extensions part, print_extensions() might loop
endlessly because gnutls_x509_crq_get_extension_info would return
unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
than bailing out. Fix this by handling this error code properly. Found
thanks to oss-fuzz.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
lib: use static assertion to check enum values
See merge request gnutls/gnutls!1201
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We previously had checks of enum values with '#if', such as below:
#define GNUTLS_EXTENSION_MAX_VALUE 31
typedef enum extensions_t {
...
GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */
} extensions_t;
/* we must provide at least 16 extensions for users to register */
#if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16
# error not enough extension types
#endif
This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not
defined as a preprocessor macro, it always expands to 0. To properly
do this check, we need to use static assert as provided as the
'verify' macro in gnulib.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We currently have 26 predefined extensions, allowing the user to
define 5 extra as tested in tests/handshake-large-packet.c. However,
if we introduce one more, session->internals.used_exts exceeds.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| | |
Remove memory leak in error handling in print_issuer_sign_tool() by
moving asn1_delete_structure to the end of the function.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \
| |/
|/|
| |
| | |
keylogfile: simplify the callback mechanism
See merge request gnutls/gnutls!1196
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This partially reverts commit 97117556 with a simpler interface. The
original intention of having the callback mechanism was to reuse it
for monitoring QUIC encryption changes. However, it turned out to be
insufficient because such changes must be emitted after a new epoch is
ready.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Ross Nicholson <phunkyfish@gmail.com>
|
| |
|
|
|
|
|
| |
Updated pbkdf2 API in GnuTLS removed the need for PBKDF2 helpers, drop
them now.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| | |
keylogfile: generalize with a callback
Closes #852
See merge request gnutls/gnutls!1184
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This refactors the keylogfile mechanism by adding a callback to get
notified when a new secret is derived and installed. That way,
consumers can implement custom logging feature per session, which is
particularly useful in QUIC implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |\ \
| |/
|/|
| |
| | |
nettle/gost: gost28147: require calling set_param before set_key
See merge request gnutls/gnutls!1188
|
| | |
| |
| |
| |
| |
| |
| | |
Require selecting parameter set before setting the key. There is no need
to provide default setting, if a param is always selected anyway.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| | |
crypto-api: add generic crypto functions for KDF
Closes #851 and #813
See merge request gnutls/gnutls!1186
|
| | |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
