Merge branch 'tmp-tlsfuzzer-update-tls13' into 'master'

tlsfuzzer: update to the latest version to enable more TLS 1.3 tests Closes #537 See merge request gnutls/gnutls!727
author: Daiki Ueno <ueno@gnu.org> 2018-08-08 11:58:14 +0000
committer: Daiki Ueno <ueno@gnu.org> 2018-08-08 11:58:14 +0000
commit: fa122d8149f1058e135bdcb31a7306a70093352d (patch)
tree: e258327b47a6d32f9d815059d1c53c8221d258d8
parent: b1e9703c5bfd12ed60664176de594a6cc453ea99 (diff)
parent: 3f56889505bb30cc65768b9e270954423a4fb5f4 (diff)
download: gnutls-fa122d8149f1058e135bdcb31a7306a70093352d.tar.gz
18 files changed, 225 insertions, 25 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 0e1e04df3e..8de6c469b8 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1270,7 +1270,8 @@ This option is only considered for TLS 1.2 and later.
 
 @item Groups @tab
 GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519,
-GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and GROUP-FFDHE8192.
+GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, and
+GROUP-FFDHE8192.
 Groups include both elliptic curve groups, e.g., SECP256R1, as well as 
 finite field groups such as FFDHE2048. Catch all which enables all groups
 from NORMAL priority is GROUP-ALL. The helper keywords GROUP-DH-ALL and
diff --git a/doc/scripts/getfuncs-map.pl b/doc/scripts/getfuncs-map.pl
index 2fc63e3759..6804e82173 100755
--- a/doc/scripts/getfuncs-map.pl
+++ b/doc/scripts/getfuncs-map.pl
@@ -43,6 +43,9 @@ my %known_false_positives = (
 	'gnutls_ffdhe_4096_group_generator' => 1,
 	'gnutls_ffdhe_4096_group_prime' => 1,
 	'gnutls_ffdhe_4096_key_bits' => 1,
+	'gnutls_ffdhe_6144_group_generator' => 1,
+	'gnutls_ffdhe_6144_group_prime' => 1,
+	'gnutls_ffdhe_6144_key_bits' => 1,
 	'gnutls_ffdhe_8192_group_generator' => 1,
 	'gnutls_ffdhe_8192_group_prime' => 1,
 	'gnutls_ffdhe_8192_key_bits' => 1,
diff --git a/lib/alert.c b/lib/alert.c
index 5755970ca1..9b10123345 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -221,7 +221,6 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
 	case GNUTLS_E_ILLEGAL_SRP_USERNAME:
 	case GNUTLS_E_PK_INVALID_PUBKEY:
-	case GNUTLS_E_NO_COMMON_KEY_SHARE:
 		ret = GNUTLS_A_ILLEGAL_PARAMETER;
 		_level = GNUTLS_AL_FATAL;
 		break;
@@ -255,6 +254,7 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
 	case GNUTLS_E_UNKNOWN_PK_ALGORITHM:
 	case GNUTLS_E_UNWANTED_ALGORITHM:
+	case GNUTLS_E_NO_COMMON_KEY_SHARE:
 		ret = GNUTLS_A_HANDSHAKE_FAILURE;
 		_level = GNUTLS_AL_FATAL;
 		break;
diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c
index 8bd94bb208..ccff59f098 100644
--- a/lib/algorithms/groups.c
+++ b/lib/algorithms/groups.c
@@ -101,6 +101,15 @@ static const gnutls_group_entry_st supported_groups[] = {
 	 .tls_id = 0x102
 	},
 	{
+	 .name = "FFDHE6144",
+	 .id = GNUTLS_GROUP_FFDHE6144,
+	 .generator = &gnutls_ffdhe_6144_group_generator,
+	 .prime = &gnutls_ffdhe_6144_group_prime,
+	 .q_bits = &gnutls_ffdhe_6144_key_bits,
+	 .pk = GNUTLS_PK_DH,
+	 .tls_id = 0x103
+	},
+	{
 	 .name = "FFDHE8192",
 	 .id = GNUTLS_GROUP_FFDHE8192,
 	 .generator = &gnutls_ffdhe_8192_group_generator,
diff --git a/lib/dh-primes.c b/lib/dh-primes.c
index 3a1947634e..4d07505c14 100644
--- a/lib/dh-primes.c
+++ b/lib/dh-primes.c
@@ -231,6 +231,128 @@ const gnutls_datum_t gnutls_ffdhe_4096_group_prime = {
 };
 const unsigned int gnutls_ffdhe_4096_key_bits = 336;
 
+static const unsigned char ffdhe_params_6144[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB,
+	0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27,
+	0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83,
+	0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36,
+	0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93,
+	0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, 0x7D,
+	0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+	0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61,
+	0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD,
+	0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F,
+	0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
+	0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13,
+	0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F,
+	0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2,
+	0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+	0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7,
+	0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A,
+	0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, 0xB3,
+	0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B,
+	0xB2, 0xC8, 0xE3, 0xFB, 0xB9, 0x6A, 0xDA,
+	0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F,
+	0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE,
+	0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+	0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D,
+	0x70, 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7,
+	0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28,
+	0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C,
+	0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12,
+	0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE,
+	0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B,
+	0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+	0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83,
+	0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2,
+	0xEF, 0xFA, 0x88, 0x6B, 0x42, 0x38, 0x61,
+	0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
+	0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4,
+	0xDE, 0xF9, 0x9C, 0x02, 0x38, 0x61, 0xB4,
+	0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A,
+	0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+	0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9,
+	0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13,
+	0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, 0xBC,
+	0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52,
+	0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2,
+	0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE,
+	0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8,
+	0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+	0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA,
+	0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4,
+	0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA,
+	0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, 0xEE,
+	0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D,
+	0x2B, 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F,
+	0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79,
+	0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+	0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D,
+	0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03,
+	0x40, 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E,
+	0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
+	0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E,
+	0x01, 0x2D, 0x9E, 0x68, 0x32, 0xA9, 0x07,
+	0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D,
+	0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+	0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B,
+	0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40,
+	0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9,
+	0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD,
+	0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5,
+	0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5,
+	0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, 0xC6,
+	0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+	0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C,
+	0x7A, 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53,
+	0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA,
+	0xF5, 0x3E, 0xA6, 0x3B, 0xB4, 0x54, 0x32,
+	0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD,
+	0x64, 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E,
+	0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, 0xCD,
+	0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+	0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04,
+	0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD,
+	0xB4, 0x77, 0xA5, 0x24, 0x71, 0xF7, 0xA9,
+	0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
+	0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0,
+	0x92, 0x35, 0x05, 0x11, 0xE3, 0x0A, 0xBE,
+	0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F,
+	0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+	0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9,
+	0xB4, 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2,
+	0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, 0x77,
+	0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23,
+	0x2A, 0x28, 0x1B, 0xF6, 0xB3, 0xA7, 0x39,
+	0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8,
+	0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, 0xF9,
+	0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+	0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F,
+	0x5E, 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62,
+	0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8,
+	0x54, 0x33, 0x8A, 0xE4, 0x9F, 0x52, 0x35,
+	0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D,
+	0xD5, 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D,
+	0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, 0x5B,
+	0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+	0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E,
+	0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31,
+	0x61, 0xC1, 0xA4, 0x1D, 0x57, 0x0D, 0x79,
+	0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
+	0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+const gnutls_datum_t gnutls_ffdhe_6144_group_prime = {
+	(void *) ffdhe_params_6144, sizeof(ffdhe_params_6144)
+};
+
+const gnutls_datum_t gnutls_ffdhe_6144_group_generator = {
+	(void *) &ffdhe_generator, sizeof(ffdhe_generator)
+};
+const unsigned int gnutls_ffdhe_6144_key_bits = 376;
+
 static const unsigned char ffdhe_params_8192[] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 
 	0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index dc56d1dc49..b2f24bc3ba 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -515,7 +515,8 @@ static int server_recv_params(gnutls_session_t session,
 
 			resuming = 1;
 			break;
-		} else if (psk.ob_ticket_age == 0 &&
+		} else if (pskcred &&
+			   psk.ob_ticket_age == 0 &&
 			   psk.identity.size > 0 && psk.identity.size <= MAX_USERNAME_SIZE) {
 			/* _gnutls_psk_pwd_find_entry() expects 0-terminated identities */
 			char identity_str[psk.identity.size + 1];
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 984febe83b..90ff1985d1 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -966,6 +966,7 @@ typedef enum {
  * @GNUTLS_GROUP_FFDHE2048: the FFDHE2048 group
  * @GNUTLS_GROUP_FFDHE3072: the FFDHE3072 group
  * @GNUTLS_GROUP_FFDHE4096: the FFDHE4096 group
+ * @GNUTLS_GROUP_FFDHE6144: the FFDHE6144 group
  * @GNUTLS_GROUP_FFDHE8192: the FFDHE8192 group
  *
  * Enumeration of supported groups. It is intended to be backwards
@@ -985,7 +986,8 @@ typedef enum {
 	GNUTLS_GROUP_FFDHE3072,
 	GNUTLS_GROUP_FFDHE4096,
 	GNUTLS_GROUP_FFDHE8192,
-	GNUTLS_GROUP_MAX = GNUTLS_GROUP_FFDHE8192,
+	GNUTLS_GROUP_FFDHE6144,
+	GNUTLS_GROUP_MAX = GNUTLS_GROUP_FFDHE6144,
 } gnutls_group_t;
 
 /* macros to allow specifying a specific curve in gnutls_privkey_generate()
@@ -2301,6 +2303,10 @@ extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits;
 
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_prime;
+extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_generator;
+extern _SYM_EXPORT const unsigned int gnutls_ffdhe_6144_key_bits;
+
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime;
 extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator;
 extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits;
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 4a43c07093..d827790745 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1241,6 +1241,9 @@ GNUTLS_3_6_4
 {
  global:
 	gnutls_record_set_max_early_data_size;
+	gnutls_ffdhe_6144_group_prime;
+	gnutls_ffdhe_6144_group_generator;
+	gnutls_ffdhe_6144_key_bits;
 } GNUTLS_3_6_3;
 
 GNUTLS_FIPS140_3_4 {
diff --git a/lib/priority.c b/lib/priority.c
index 0a6b41ca50..1d495d0e67 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -111,6 +111,7 @@ static const int _supported_groups_dh[] = {
 	GNUTLS_GROUP_FFDHE2048,
 	GNUTLS_GROUP_FFDHE3072,
 	GNUTLS_GROUP_FFDHE4096,
+	GNUTLS_GROUP_FFDHE6144,
 	GNUTLS_GROUP_FFDHE8192,
 	0
 };
@@ -136,6 +137,7 @@ static const int _supported_groups_normal[] = {
 	GNUTLS_GROUP_FFDHE2048,
 	GNUTLS_GROUP_FFDHE3072,
 	GNUTLS_GROUP_FFDHE4096,
+	GNUTLS_GROUP_FFDHE6144,
 	GNUTLS_GROUP_FFDHE8192,
 	0
 };
@@ -149,6 +151,7 @@ static const int _supported_groups_secure128[] = {
 	GNUTLS_GROUP_FFDHE2048,
 	GNUTLS_GROUP_FFDHE3072,
 	GNUTLS_GROUP_FFDHE4096,
+	GNUTLS_GROUP_FFDHE6144,
 	GNUTLS_GROUP_FFDHE8192,
 	0
 };
diff --git a/src/certtool-common.c b/src/certtool-common.c
index 19ec0c48c9..d6f668b61f 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1498,6 +1498,10 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 			p = gnutls_ffdhe_4096_group_prime;
 			g = gnutls_ffdhe_4096_group_generator;
 			key_bits = gnutls_ffdhe_4096_key_bits;
+		} else if (bits <= 6144) {
+			p = gnutls_ffdhe_6144_group_prime;
+			g = gnutls_ffdhe_6144_group_generator;
+			key_bits = gnutls_ffdhe_6144_key_bits;
 		} else {
 			p = gnutls_ffdhe_8192_group_prime;
 			g = gnutls_ffdhe_8192_group_generator;
diff --git a/symbols.last b/symbols.last
index 66b2400794..e75cdfb09c 100644
--- a/symbols.last
+++ b/symbols.last
@@ -206,6 +206,9 @@ gnutls_ffdhe_3072_key_bits@GNUTLS_3_4
 gnutls_ffdhe_4096_group_generator@GNUTLS_3_4
 gnutls_ffdhe_4096_group_prime@GNUTLS_3_4
 gnutls_ffdhe_4096_key_bits@GNUTLS_3_4
+gnutls_ffdhe_6144_group_generator@GNUTLS_3_6_4
+gnutls_ffdhe_6144_group_prime@GNUTLS_3_6_4
+gnutls_ffdhe_6144_key_bits@GNUTLS_3_6_4
 gnutls_ffdhe_8192_group_generator@GNUTLS_3_4
 gnutls_ffdhe_8192_group_prime@GNUTLS_3_4
 gnutls_ffdhe_8192_key_bits@GNUTLS_3_4
diff --git a/tests/psk-file.c b/tests/psk-file.c
index 3defa28275..28d45560b1 100644
--- a/tests/psk-file.c
+++ b/tests/psk-file.c
@@ -27,6 +27,7 @@
 #include <config.h>
 #endif
 
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 
@@ -171,7 +172,8 @@ static void client(int sd, const char *prio, const char *user, const gnutls_datu
 
 #define MAX_BUF 1024
 
-static void server(int sd, const char *prio, const char *user, int expect_fail, int exp_kx)
+static void server(int sd, const char *prio, const char *user, bool no_cred,
+		   int expect_fail, int exp_kx)
 {
 	gnutls_psk_server_credentials_t server_pskcred;
 	int ret, kx;
@@ -206,7 +208,8 @@ static void server(int sd, const char *prio, const char *user, int expect_fail,
 
 	assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
 
-	gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
+	if (!no_cred)
+		gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred);
 
 	gnutls_transport_set_int(session, sd);
 	ret = gnutls_handshake(session);
@@ -267,10 +270,12 @@ static void server(int sd, const char *prio, const char *user, int expect_fail,
 	if (expect_fail)
 		fail("server: expected failure but connection succeeded!\n");
 
-	pskid = gnutls_psk_server_get_username(session);
-	if (pskid == NULL || strcmp(pskid, user) != 0) {
-		fail("server: username (%s), does not match expected (%s)\n",
-		     pskid, user);
+	if (!no_cred) {
+		pskid = gnutls_psk_server_get_username(session);
+		if (pskid == NULL || strcmp(pskid, user) != 0) {
+			fail("server: username (%s), does not match expected (%s)\n",
+			     pskid, user);
+		}
 	}
 
 	if (exp_kx && kx != exp_kx) {
@@ -292,7 +297,7 @@ static void server(int sd, const char *prio, const char *user, int expect_fail,
 }
 
 static
-void run_test2(const char *prio, const char *sprio, const char *user, const gnutls_datum_t *key,
+void run_test3(const char *prio, const char *sprio, const char *user, const gnutls_datum_t *key, bool no_cred,
 	      unsigned expect_hint, int exp_kx, int expect_fail_cli, int expect_fail_serv)
 {
 	pid_t child;
@@ -323,7 +328,7 @@ void run_test2(const char *prio, const char *sprio, const char *user, const gnut
 		close(sockets[1]);
 		int status;
 		/* parent */
-		server(sockets[0], sprio?sprio:prio, user, expect_fail_serv, exp_kx);
+		server(sockets[0], sprio?sprio:prio, user, no_cred, expect_fail_serv, exp_kx);
 		wait(&status);
 		check_wait_status(status);
 	} else {
@@ -334,21 +339,28 @@ void run_test2(const char *prio, const char *sprio, const char *user, const gnut
 }
 
 static
+void run_test2(const char *prio, const char *sprio, const char *user, const gnutls_datum_t *key,
+	      unsigned expect_hint, int exp_kx, int expect_fail_cli, int expect_fail_serv)
+{
+	run_test3(prio, sprio, user, key, 0, expect_hint, exp_kx, expect_fail_cli, expect_fail_serv);
+}
+
+static
 void run_test_ok(const char *prio, const char *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail)
 {
-	return run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_PSK, expect_fail, expect_fail);
+	run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_PSK, expect_fail, expect_fail);
 }
 
 static
 void run_ectest_ok(const char *prio, const char *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail)
 {
-	return run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_ECDHE_PSK, expect_fail, expect_fail);
+	run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_ECDHE_PSK, expect_fail, expect_fail);
 }
 
 static
 void run_dhtest_ok(const char *prio, const char *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail)
 {
-	return run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_DHE_PSK, expect_fail, expect_fail);
+	run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_DHE_PSK, expect_fail, expect_fail);
 }
 
 void doit(void)
@@ -398,6 +410,9 @@ void doit(void)
 
 	/* try with HelloRetryRequest and PSK */
 	run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", "jas", &key, 0, GNUTLS_KX_DHE_PSK, 0, 0);
+
+	/* try without server credentials */
+	run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 }
 
 #endif				/* _WIN32 */
diff --git a/tests/suite/prime-check.c b/tests/suite/prime-check.c
index 13edc0b243..819f5371bf 100644
--- a/tests/suite/prime-check.c
+++ b/tests/suite/prime-check.c
@@ -50,6 +50,7 @@ int main(int argc, char **argv)
 	test_prime(&gnutls_srp_1024_group_prime);
 
 	test_prime(&gnutls_ffdhe_8192_group_prime);
+	test_prime(&gnutls_ffdhe_6144_group_prime);
 	test_prime(&gnutls_ffdhe_4096_group_prime);
 	test_prime(&gnutls_ffdhe_3072_group_prime);
 	test_prime(&gnutls_ffdhe_2048_group_prime);
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index 4b01fe4531..8357b0f215 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -43,9 +43,7 @@
 	 {"name" : "test-tls13-version-negotiation.py",
 	  "arguments": ["-p", "@PORT@"]},
 	 {"name" : "test-tls13-zero-length-data.py",
-	  "comment" : "gnutls sends NST before receiving client Finished, that is not expected in the disabled test",
-	  "arguments": ["-p", "@PORT@",
-			"-e", "zero-len app data with large padding during handshake"]},
+	  "arguments": ["-p", "@PORT@"]},
 	 {"name" : "test-tls13-finished.py",
 	  "commoent" : "the disabled tests timeout very often due to slow tls-fuzzer implementation",
 	  "arguments": ["-p", "@PORT@", "-n", "5",
@@ -54,6 +52,12 @@
 	 {"name" : "test-tls13-count-tickets.py",
 	  "arguments": ["-p", "@PORT@", "-t", "1"]},
 	 {"name" : "test-tls13-0rtt-garbage.py",
+	  "arguments": ["-p", "@PORT@"]},
+	 {"name" : "test-tls13-ffdhe-sanity.py",
+	  "arguments": ["-p", "@PORT@"]},
+	 {"name" : "test-tls13-session-resumption.py",
+	  "arguments": ["-p", "@PORT@"]},
+	 {"name" : "test-tls13-unrecognised-groups.py",
 	  "arguments": ["-p", "@PORT@"]}
      ]
     }
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index d99c17414b..2dc7673ad0 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -70,12 +70,8 @@
 	  "arguments" : ["-e", "max client hello"]},
 	 {"name" : "test-atypical-padding.py" },
 	 {"name" : "test-ffdhe-negotiation.py" ,
-	  "comment" : ["Check if DHE preferred: we don't prefer DHE over RSA if RSA is preferred by peer",
-	  "ffdhe6144: we don't support that group"],
-	  "arguments" : ["-e", "ffdhe6144 negotiation",
-	  "-e", "tolerate ECC curve in groups without ECC cipher, negotiate ffdhe6144 ",
-	  "-e", "Check if DHE preferred",
-	  "-e", "unassigned tolerance, ffdhe6144 negotiation"]},
+	  "comment" : ["we don't prefer DHE over RSA if RSA is preferred by peer"],
+	  "arguments" : ["-e", "Check if DHE preferred"]},
          {"name" : "test-cve-2016-2107.py"},
          {"name" : "test-dhe-rsa-key-exchange.py"},
          {"name" : "test-dhe-rsa-key-exchange-signatures.py",
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject 4433cc402c3902750c2e25848d28463df9bc666
+Subproject 01f44ce66c54193176dac7c9e87afd248c58c08
diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng
-Subproject 02852484e5ca9ea5e0c69d525ff45a3a999b386
+Subproject bad2b98b2c382674f71aff617a9274e2a095951
diff --git a/tests/tls12-ffdhe.c b/tests/tls12-ffdhe.c
index cfedf2701f..d68452147a 100644
--- a/tests/tls12-ffdhe.c
+++ b/tests/tls12-ffdhe.c
@@ -152,7 +152,8 @@ static void try(test_case_st *test)
 
 	if (test->group) {
 		if (test->group == GNUTLS_GROUP_FFDHE2048 || test->group == GNUTLS_GROUP_FFDHE3072 ||
-		    test->group == GNUTLS_GROUP_FFDHE4096 || test->group == GNUTLS_GROUP_FFDHE8192) {
+		    test->group == GNUTLS_GROUP_FFDHE4096 || test->group == GNUTLS_GROUP_FFDHE6144 ||
+		    test->group == GNUTLS_GROUP_FFDHE8192) {
 			if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_RFC7919)) {
 				fail("%s: gnutls_session_get_flags(client) reports that no RFC7919 negotiation was performed!\n", test->name);
 			}
@@ -211,6 +212,15 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096"
 	},
 	{
+		.name = "TLS 1.2 ANON-DH (FFDHE6144)",
+		.group = GNUTLS_GROUP_FFDHE6144,
+		.client_ret = 0,
+		.server_ret = 0,
+		.have_anon_cred = 1,
+		.server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144",
+		.client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144"
+	},
+	{
 		.name = "TLS 1.2 ANON-DH (FFDHE8192)",
 		.group = GNUTLS_GROUP_FFDHE8192,
 		.client_ret = 0,
@@ -255,6 +265,15 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096"
 	},
 	{
+		.name = "TLS 1.2 DHE-PSK (FFDHE6144)",
+		.client_ret = 0,
+		.server_ret = 0,
+		.group = GNUTLS_GROUP_FFDHE6144,
+		.have_psk_cred = 1,
+		.server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144",
+		.client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144"
+	},
+	{
 		.name = "TLS 1.2 DHE-PSK (FFDHE8192)",
 		.group = GNUTLS_GROUP_FFDHE8192,
 		.client_ret = 0,
@@ -303,6 +322,16 @@ test_case_st tests[] = {
 		.client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096"
 	},
 	{
+		.name = "TLS 1.2 DHE-RSA (FFDHE6144)",
+		.group = GNUTLS_GROUP_FFDHE6144,
+		.client_ret = 0,
+		.server_ret = 0,
+		.have_cert_cred = 1,
+		.have_rsa_sign_cert = 1,
+		.server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144",
+		.client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144"
+	},
+	{
 		.name = "TLS 1.2 DHE-RSA (FFDHE8192)",
 		.group = GNUTLS_GROUP_FFDHE8192,
 		.client_ret = 0,
author	Daiki Ueno <ueno@gnu.org>	2018-08-08 11:58:14 +0000
committer	Daiki Ueno <ueno@gnu.org>	2018-08-08 11:58:14 +0000
commit	fa122d8149f1058e135bdcb31a7306a70093352d (patch)
tree	e258327b47a6d32f9d815059d1c53c8221d258d8
parent	b1e9703c5bfd12ed60664176de594a6cc453ea99 (diff)
parent	3f56889505bb30cc65768b9e270954423a4fb5f4 (diff)
download	gnutls-fa122d8149f1058e135bdcb31a7306a70093352d.tar.gz