diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-05-17 11:51:00 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-05-22 08:17:11 +0200 |
| commit | 0caf5b6922bd443bcf3eb1398a16c9d381fba86f (patch) | |
| tree | 6fe17727ff806cc23d24b857fe0f67a80f996f2d | |
| parent | 86d5c56950489bc8469f73602d793ef48af6419a (diff) | |
| download | gnutls-0caf5b6922bd443bcf3eb1398a16c9d381fba86f.tar.gz | |
algorithms: eliminate the FFDHE alert desc requirement
This implements the errata for RFC 7919 eliminating the requirement to
reply with an insufficient_security alert when we have negotiated an
FFDHE group, but cannot find common ciphersuite:
https://www.rfc-editor.org/errata/eid4908
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 14 | ||||
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 19 | ||||
| m--------- | tests/suite/tls-fuzzer/tlsfuzzer | 0 | ||||
| -rw-r--r-- | tests/tls-neg-ext4-key.c | 2 | ||||
| -rw-r--r-- | tests/tls12-ffdhe.c | 2 |
5 files changed, 18 insertions, 19 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 0c393af044..b7abfe607f 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1461,7 +1461,6 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, unsigned int is_dtls = IS_DTLS(session); gnutls_kx_algorithm_t kx; gnutls_credentials_type_t cred_type = GNUTLS_CRD_CERTIFICATE; /* default for TLS1.3 */ - unsigned int no_cert_found = 0; const gnutls_group_entry_st *sgroup = NULL; gnutls_ext_priv_data_t epriv; unsigned have_etm = 0; @@ -1517,7 +1516,6 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (ret < 0) { /* couldn't select cert with this ciphersuite */ gnutls_assert(); - no_cert_found = 1; break; } } @@ -1562,7 +1560,6 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (ret < 0) { /* couldn't select cert with this ciphersuite */ gnutls_assert(); - no_cert_found = 1; break; } } @@ -1580,16 +1577,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, /* nothing in common */ - /* RFC7919 requires that we reply with insufficient security if we have - * negotiated an FFDHE group, but cannot find a common ciphersuite. However, - * we must also distinguish between not matching a ciphersuite due to an - * incompatible certificate which we traditionally return GNUTLS_E_NO_CIPHER_SUITES. - */ - if (!no_cert_found && (session->internals.hsk_flags & HSK_HAVE_FFDHE) && - session->internals.priorities->groups.have_ffdhe && !version->tls13_sem) - return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); - else - return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); + return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); } #define CLIENT_VERSION_CHECK(minver, maxver, e) \ diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index e25b6b3613..9a734fef57 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -93,7 +93,8 @@ {"name" : "test-ffdhe-negotiation.py" , "comment" : ["we don't prefer DHE over RSA if RSA is preferred by peer"], "arguments" : ["-p", "@PORT@", - "-e", "Check if DHE preferred"]}, + "-e", "Check if DHE preferred", + "--alert", "handshake_failure"]}, {"name" : "test-cve-2016-2107.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-dhe-key-share-random.py", @@ -273,7 +274,10 @@ "-e", "Protocol (3, 2) with x448 group", "-n", "4"]}, {"name" : "test-sig-algs.py", - "arguments" : ["-p", "@PORT@"] }, + "arguments" : ["-p", "@PORT@", + "-e", "rsa_pss_pss_sha256 only", + "-e", "rsa_pss_pss_sha384 only", + "-e", "rsa_pss_pss_sha512 only"] }, {"name" : "test-signature-algorithms.py", "comment" : "gnutls doesn't handle well duplicated sign algorithms; this is not an issue in practice", "arguments" : ["-p", "@PORT@", @@ -295,11 +299,18 @@ {"name" : "test-sslv2-force-export-cipher.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-sslv2hello-protocol.py", - "arguments" : ["-p", "@PORT@"] }, + "comment" : "https://gitlab.com/gnutls/gnutls/issues/771", + "arguments" : ["-p", "@PORT@", "--no-ssl2", + "-e", "Empty SSLv2 record - type 0", + "-e", "Empty SSLv2 record - type 1", + "-e", "Just version in SSLv2 hello", + "-e", "SSLv2 Client Hello"] }, {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-truncating-of-client-hello.py", - "arguments" : ["-p", "@PORT@"] }, + "comment" : "https://gitlab.com/gnutls/gnutls/issues/771", + "arguments" : ["-p", "@PORT@", + "-e", "max pad: 16777167 of \"0\" byte padding"] }, {"name" : "test-truncating-of-finished.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-truncating-of-kRSA-client-key-exchange.py", diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject 13479e5a44bc10e3577fc28b921c5b999a363ce +Subproject 79936b86187ca48ced7c40b9b1a3872386c3f56 diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c index 1adc65b93a..3d9db855ba 100644 --- a/tests/tls-neg-ext4-key.c +++ b/tests/tls-neg-ext4-key.c @@ -451,7 +451,7 @@ static const test_st tests[] = { .key = &server_ca3_rsa_pss_key, .sig = GNUTLS_SIGN_RSA_SHA256, .exp_kx = GNUTLS_KX_ECDHE_RSA, - .exp_serv_err = GNUTLS_E_INSUFFICIENT_SECURITY + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES }, {.name = "tls1.3 rsa-pss cert, rsa-sign key, downgrade to tls1.2", /* we expect the server to downgrade to TLS 1.2 and refuse negotiating */ .pk = GNUTLS_PK_RSA, diff --git a/tests/tls12-ffdhe.c b/tests/tls12-ffdhe.c index d68452147a..8a0555dcb3 100644 --- a/tests/tls12-ffdhe.c +++ b/tests/tls12-ffdhe.c @@ -344,7 +344,7 @@ test_case_st tests[] = { { .name = "TLS 1.2 DHE-RSA (incompatible options)", .client_ret = GNUTLS_E_AGAIN, - .server_ret = GNUTLS_E_INSUFFICIENT_SECURITY, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, .have_cert_cred = 1, .have_rsa_sign_cert = 1, .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192", |