diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-10-21 10:56:06 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-10-21 10:56:06 +0000 |
commit | 05580592785a73208fb33526d72d5bfd6aa292c5 (patch) | |
tree | d468a7760c760cae6e73b7e324631dc8bdd91d19 | |
parent | fea473a90351004fe2b84b4d722994bbc899d4ab (diff) | |
parent | d1ae9fb43e8bc74230d25f7b95065b4967aa09d7 (diff) | |
download | gnutls-05580592785a73208fb33526d72d5bfd6aa292c5.tar.gz |
Merge branch 'wip/asosedki/hash-filters-prf' into 'master'
make insecure-hash filter out ciphersuites on ->prf as well
See merge request gnutls/gnutls!1479
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/priority.c | 42 | ||||
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rwxr-xr-x | tests/system-override-hash-filters-prf.sh | 89 |
4 files changed, 122 insertions, 14 deletions
@@ -9,6 +9,9 @@ See the end for copying conditions. ** certtool: Certtool can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. +** libgnutls: disabling a hashing algorithm through "insecure-hash" + configuration directive now also disables TLS ciphersuites that use it + as a PRF algorithm. ** API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t diff --git a/lib/priority.c b/lib/priority.c index f043e9dd6f..55d68d734c 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1539,6 +1539,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) unsigned have_tls13 = 0, have_srp = 0; unsigned have_pre_tls12 = 0, have_tls12 = 0; unsigned have_psk = 0, have_null = 0, have_rsa_psk = 0; + gnutls_digest_algorithm_t prf_digest; /* have_psk indicates that a PSK key exchange compatible * with TLS1.3 is enabled. */ @@ -1682,10 +1683,17 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) ce = cipher_suite_get( 0, priority_cache->_cipher.priorities[j], priority_cache->_mac.priorities[z]); + if (ce == NULL) + continue; + + prf_digest = MAC_TO_DIG(ce->prf); + if (prf_digest == GNUTLS_DIG_UNKNOWN) + continue; + if (_gnutls_digest_is_insecure(prf_digest)) + continue; - if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) { + if (priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) priority_cache->cs.entry[priority_cache->cs.size++] = ce; - } } } @@ -1696,18 +1704,26 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->_kx.priorities[i], priority_cache->_cipher.priorities[j], priority_cache->_mac.priorities[z]); + if (ce == NULL) + continue; - if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) { - priority_cache->cs.entry[priority_cache->cs.size++] = ce; - if (!have_ec && (_gnutls_kx_is_ecc(ce->kx_algorithm) || - _gnutls_kx_is_vko_gost(ce->kx_algorithm))) { - have_ec = 1; - add_ec(priority_cache); - } - if (!have_dh && _gnutls_kx_is_dhe(ce->kx_algorithm)) { - have_dh = 1; - add_dh(priority_cache); - } + prf_digest = MAC_TO_DIG(ce->prf); + if (prf_digest == GNUTLS_DIG_UNKNOWN) + continue; + if (_gnutls_digest_is_insecure(prf_digest)) + continue; + + if (priority_cache->cs.size == MAX_CIPHERSUITE_SIZE) + continue; + priority_cache->cs.entry[priority_cache->cs.size++] = ce; + if (!have_ec && (_gnutls_kx_is_ecc(ce->kx_algorithm) || + _gnutls_kx_is_vko_gost(ce->kx_algorithm))) { + have_ec = 1; + add_ec(priority_cache); + } + if (!have_dh && _gnutls_kx_is_dhe(ce->kx_algorithm)) { + have_dh = 1; + add_dh(priority_cache); } } } diff --git a/tests/Makefile.am b/tests/Makefile.am index 95a447b997..e830291aa5 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -518,7 +518,7 @@ dist_check_SCRIPTS += system-override-sig.sh system-override-hash.sh \ system-override-versions.sh system-override-invalid.sh \ system-override-curves.sh system-override-profiles.sh system-override-tls.sh \ system-override-kx.sh system-override-default-priority-string.sh \ - system-override-sig-tls.sh + system-override-sig-tls.sh system-override-hash-filters-prf.sh endif dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh diff --git a/tests/system-override-hash-filters-prf.sh b/tests/system-override-hash-filters-prf.sh new file mode 100755 index 0000000000..89774f42a7 --- /dev/null +++ b/tests/system-override-hash-filters-prf.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2021 Red Hat, Inc. +# +# Author: Alexander Sosedkin +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${GREP=grep} + +if ! test -x "${CLI}"; then + exit 77 +fi + +TMPCFGFILE=cfg.$$.tmp +TMPOUTFILE=out.$$.tmp + +# Sanity + +${CLI} --list -d 4 --priority NORMAL &>"${TMPOUTFILE}" +if test $? != 0; then + cat "${TMPOUTFILE}" + echo 'fails just listing ciphersuites for NORMAL' + exit 1 +fi +if ! ${GREP} -Fq TLS_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_AES_256_GCM_SHA384 (TLS 1.3) with NORMAL' + exit 1 +fi +if ! ${GREP} -Fq TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (TLS 1.2) with NORMAL' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_RSA_AES_128_GCM_SHA256 (non-SHA384 example) with NORMAL' + exit 1 +fi + +# insecure-hash = SHA384 disables TLS_AES_256_GCM_SHA384 and friends + +cat <<_EOF_ > ${TMPCFGFILE} +[overrides] +insecure-hash = SHA384 +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPCFGFILE}" +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +${CLI} --list -d 4 --priority NORMAL &>"${TMPOUTFILE}" +if ${GREP} -Fq TLS_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_AES_256_GCM_SHA384 (TLS 1.3) has not disappeared' + exit 1 +fi +if ${GREP} -Fq TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (TLS 1.2) has not disappeared' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_RSA_AES_128_GCM_SHA256 (non-SHA384 example) has disappeared' + exit 1 +fi +if ${GREP} -Fq SHA.*384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'SHA384 is still mentioned' + exit 1 +fi + +rm "${TMPCFGFILE}" "${TMPOUTFILE}" |