summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'tmp-session-ticket-valgrind' into 'master'Daiki Ueno2019-07-111-1/+5
|\ | | | | | | | | ext/session_ticket: eliminate redundant memcpy See merge request gnutls/gnutls!1040
| * ext/session_ticket: avoid calling memcpy on overlapping memory areastmp-session-ticket-valgrindDaiki Ueno2019-07-101-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _gnutls_encrypt_session_ticket, ticket.encrypted_state is allocated from ticket_data->data, thus those memory areas may overlap. Using memcpy here leads to undefined behavior. Spotted by valgrind run on ppc64le. ==95231== Source and destination overlap in memcpy(0x47ce3a2, 0x47ce3a2, 160) ==95231== at 0x408A840: memcpy (vg_replace_strmem.c:1023) ==95231== by 0x424EE9F: pack_ticket (session_ticket.c:139) ==95231== by 0x424FA4F: _gnutls_encrypt_session_ticket (session_ticket.c:335) ==95231== by 0x4199E3B: generate_session_ticket (session_ticket.c:249) ==95231== by 0x419A333: _gnutls13_send_session_ticket (session_ticket.c:307) ==95231== by 0x40F8817: _gnutls13_handshake_server (handshake-tls13.c:511) ==95231== by 0x4110DEB: handshake_server (handshake.c:3331) ==95231== by 0x410C70B: gnutls_handshake (handshake.c:2727) ==95231== by 0x10009EBF: retry_handshake (serv.c:1306) ==95231== by 0x1000AB67: tcp_server (serv.c:1500) ==95231== by 0x10009E5B: main (serv.c:1297) ==95231== Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-pkcs11-login-error' into 'master'Daiki Ueno2019-07-111-1/+7
|\ \ | | | | | | | | | | | | pkcs11: ignore login error when traversing tokens See merge request gnutls/gnutls!1031
| * | pkcs11: ignore login error when traversing tokensDaiki Ueno2019-07-111-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a token is a general access device, it is expected that login attempt to that token returns error: https://github.com/p11-glue/p11-kit/blob/master/trust/module.c#L852 On the other hand, _pkcs11_traverse_tokens treats the error as fatal and stops iteration. This behavior prevents object search without token specifier if such tokens are registered in the system. Reported by Stanislav Zidek in https://bugzilla.redhat.com/show_bug.cgi?id=1705478 Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | lib: mark infinite loops explicitlytmp-mark-infinite-loopsNikos Mavrogiannopoulos2019-07-102-35/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | There were few infinite loop constructions which were checking for an always true condition. Make sure that this construction is marked explicitly as while(1) to assist static analysers, or reviewers. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | encode_ber_digest_info: added sanity checkNikos Mavrogiannopoulos2019-07-081-0/+4
| |/ |/| | | | | | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Merge branch 'tmp-fix-desc' into 'master'Nikos Mavrogiannopoulos2019-06-301-4/+4
|\ \ | | | | | | | | | | | | gnutls_session_get_desc: avoid printing a NULL value See merge request gnutls/gnutls!1038
| * | gnutls_session_get_desc: avoid printing a NULL valuetmp-fix-descNikos Mavrogiannopoulos2019-06-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When gnutls_session_set_premaster() is used (under openconnect), it is possible that gnutls_session_get_desc will print a string like this: "(DTLS1.2)-(ECDHE-(null))-(AES-256-GCM)" With this change we ensure that we do not print null values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-fips-drbg-continuous' into 'master'Daiki Ueno2019-06-301-21/+81
|\ \ \ | | | | | | | | | | | | | | | | nettle/rnd-fips: add FIPS 140-2 continuous RNG test See merge request gnutls/gnutls!1034
| * | | nettle/rnd-fips: add FIPS 140-2 continuous RNG testtmp-fips-drbg-continuousDaiki Ueno2019-06-281-21/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a continuous random number generator test as defined in FIPS 140-2 4.9.2, by iteratively fetching fixed sized block from the system and comparing consecutive blocks. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | | Merge branch 'mac-gmac' into 'master'Dmitry Eremin-Solenikov2019-06-296-6/+221
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | lib: add support for AES-GMAC Closes #781 See merge request gnutls/gnutls!1036
| * | | | lib: document gnutls_hmac_fast vs nonce relationshipDmitry Eremin-Solenikov2019-06-282-6/+7
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle: return true for gnutls_mac_exists(AES-CMAC*)Dmitry Eremin-Solenikov2019-06-281-0/+2
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle/mac: fail mac calculation if nonce is required but not providedDmitry Eremin-Solenikov2019-06-281-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC requires nonce, but it was not supplied. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | nettle/mac: in mac_fast call set_nonce after set_keyDmitry Eremin-Solenikov2019-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling set_nonce before set_key is plain incorrect. For GMAC key is not initialized. For UMAC set_key will reset nonce to empty. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| * | | | lib: add support for AES-GMACDmitry Eremin-Solenikov2019-06-285-0/+205
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for computing AES-GMAC using MAC API, as requested by Samba for SMB3 support. Resolves: #781 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | gnutls_x509_crt_list_import2: updated doc to reflect the actual return value ↵Nikos Mavrogiannopoulos2019-06-281-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | options Resolves: #794 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Align _gnutls_x86_cpuid_s as OPENSSL_ia32cap_P would beNikos Mavrogiannopoulos2019-06-2712-448/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were not setting the third array member correctly, though this didn't have any impact to previous implementations as they did not rely on it. This also moves away from the custom implementation of cpuid (which was limited), and we now rely on the compiler's version. This effectively enables support for SHA_NI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | Updated asm files to latest version under cryptogams licenseNikos Mavrogiannopoulos2019-06-2752-12994/+52935
| | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | gnutls_hash/hmac_copy: check its usability in all casesNikos Mavrogiannopoulos2019-06-261-6/+2
| | | | | | | | | | | | | | | | | | | | | During the test suite run we require that all supported MAC and hash algorithms implement the copy function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | accelerated ciphers: implement hmac and hash copyNikos Mavrogiannopoulos2019-06-266-0/+121
| | | | | | | | | | | | | | | | | | This implements the new API to all internal implementations. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | | lib: add support for gnutls_hash_copy()Dmitry Eremin-Solenikov2019-06-268-0/+99
| | | | | | | | | | | | | | | | | | Add gnutls_hash_copy() function for copying message digest context. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | crypto-selftests: add test for gnutls_hmac_copy()Dmitry Eremin-Solenikov2019-06-261-0/+28
| | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | api: add gnutls_hmac_copy() functionDmitry Eremin-Solenikov2019-06-263-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add gnutls_hmac_copy() API to duplicate MAC handler state, which is necessary for SMB3 support. Resolves: #787 Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Add MAC copying support to nettle backendDmitry Eremin-Solenikov2019-06-241-0/+17
| | | | | | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Add MAC api to support copying of instancesDmitry Eremin-Solenikov2019-06-244-0/+22
|/ / | | | | | | | | | | | | | | | | GOST ciphersuites requires continuously computing MAC of all the previously sent or received data. The easies way to support that is to add support for copy function, that creates MAC instance with the same internal state. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | config: added ability to override and mark algorithms as disabledNikos Mavrogiannopoulos2019-06-2010-23/+504
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the system administrator or the distributor to use the gnutls configuration file to mark hashes, signature algorithms, TLS versions, curves, groups, ciphers KX, and MAC algorithms as insecure (the last four only in the context of a TLS session). It also allows to set a minimum profile which the applications cannot fall below. The options intentionally do not allow marking algorithms as secure so that the configuration file cannot be used as an attack vector. This change also makes sure that unsupported and disabled protocols during compile time (e.g., SSL3.0), do not get listed by gnutls-cli. The configuration file feature can be disabled at compile time with an empty --with-system-priority-file. This patch it introduces the function gnutls_get_system_config_file() allowing applications to check whether a configuration file was used. Resolves: #587 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Use inih to parse configuration fileNikos Mavrogiannopoulos2019-06-206-91/+597
| | | | | | | | | | | | | | | | | | This introduces the inih copylib, and makes our configuration file parsing more flexible. Relates: #587 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | Marked the crypto backend registration APIs as deprecatedtmp-deprecate-registration-apisNikos Mavrogiannopoulos2019-06-201-4/+8
|/ | | | | | | | This is to warn for a future conversion of these APIs to a no-op. Resolves: #789 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-fix-raw-flag-in-newapi' into 'master'Nikos Mavrogiannopoulos2019-06-141-4/+12
|\ | | | | | | | | gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag See merge request gnutls/gnutls!1025
| * gnutls_privkey_sign_hash2: accept the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flagtmp-fix-raw-flag-in-newapiNikos Mavrogiannopoulos2019-06-101-4/+12
| | | | | | | | | | | | | | | | | | | | Previously this flag was ignored, although documented not to. This patch also enables the tests sign-verify-newapi and sign-verify-data-newapi which were supposed to test this interface, but were never enabled. This was caught by Andreas Metzler. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | fips: run selftests over overridden AES-CBC algorithmtmp-aes-cbc-selftestDaiki Ueno2019-06-121-0/+6
|/ | | | | | | | | | Previously, we only tested nettle's AES-CBC in _gnutls_fips_perform_self_checks1(), which is called before the implementation is overridden. This adds an AES-CBC self-test in _gnutls_fips_perform_self_checks2() so it can test the actual implementation. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* tls13/key_update: ignore multiple key updates instead of errortmp-keyupdate-fixesDaiki Ueno2019-06-051-2/+0
| | | | | | | | This fixes the multiple KeyUpdate messages handling in commit 65e2aa80d114d4bef095d129c2eda475e473244a, where illegal_parameter is sent even if the limit doesn't exceed. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* Prefix gcc attributes with 'attr_'tmp-fix-travis2Tim Rühsen2019-06-042-11/+11
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* gnutls_prf_early: corrected Since version [ci skip]Nikos Mavrogiannopoulos2019-06-031-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix warn_unused_result for clang < 4tmp-fix-travisTim Rühsen2019-06-021-1/+3
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Remove malloc from gnutls_srp_set_server_fake_salt_seed()tmp-datum-cleanupNikos Mavrogiannopoulos2019-05-283-18/+18
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* gnutls_session_set_data(): Check for allocation errorTim Rühsen2019-05-281-1/+5
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* _gnutls_set_[str]datum: Cleanup, add function attributesTim Rühsen2019-05-282-21/+19
| | | | | | | _gnutls_set_datum(): Do not change output 'dat' on error _gnutls_set_strdatum: Likewise, cleanup code Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Add nonnull, nonnull_all and warn_unusd_result attributes in lib/gnutls_int.hTim Rühsen2019-05-281-11/+27
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* tests: prf-early fixes the global versionNikos Mavrogiannopoulos2019-05-244-1/+7
| | | | | | | | This allows having fixed data in the hello message involved. That required exposing the variable holding the global gnutls version number for testing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Pass down Q for FFDHE in al pre TLS1.3 as wellSimo Sorce2019-05-232-6/+38
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Always pass in and check Q in TLS 1.3Simo Sorce2019-05-234-2/+23
| | | | | | | In FIPS mode do an extra check that we did have Q, but it is always passed into the tls13 derive function from the callers. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add plumbing to handle Q parameter in DH exchangesSimo Sorce2019-05-236-25/+540
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Full Public Key Check for DHSimo Sorce2019-05-231-3/+20
| | | | | | | | This is for NIST SP800-56A requirements and FIPS CAVS testing. GnuTLS never passes in a non-empty Q for normal operations, but tests will and if Q is passed in it needs to be checked. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix Copy&Paste errorSimo Sorce2019-05-231-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Merge branch 'tmp-keyupdate-fixes' into 'master'Nikos Mavrogiannopoulos2019-05-233-9/+23
|\ | | | | | | | | | | | | Fix handling of malformed KeyUpdate messages Closes #699 See merge request gnutls/gnutls!1005
| * tls13/key_update: increase handling limit from 1 to 8Daiki Ueno2019-05-222-8/+20
| | | | | | | | | | | | | | | | | | | | | | The limit was too small when testing the capability of handling multiple KeyUpdate messages with tlsfuzzer. This requires a change in the rate limit logic, as previously it doesn't count the KeyUpdate messages despite the name of KEY_UPDATES_PER_SEC. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * record_add_to_buffers: check if there is an incomplete handshake headerDaiki Ueno2019-05-221-1/+3
| | | | | | | | | | | | | | | | The function checks if a Handshake message is interleaved with an Application Data, but the check was insuffient because it assumed that a complete header is received in the buffer. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Merge branch 'tmp-small-records' into 'master'Daiki Ueno2019-05-235-2/+18
|\ \ | | | | | | | | | | | | priority: add new option to allow small records (>= 64) See merge request gnutls/gnutls!1006
View Lorry Controller Status