diff options
| author | Daiki Ueno <ueno@gnu.org> | 2023-02-21 15:35:37 +0900 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2023-03-09 11:25:26 +0900 |
| commit | 9d00094935c797e4fae0a8b98fc18b114eec5e27 (patch) | |
| tree | c061ba9654c7575653b238d1a898a2633e41b9dc | |
| parent | 5e2d39c5e647db383d613be8761f5a1033661745 (diff) | |
| download | gnutls-9d00094935c797e4fae0a8b98fc18b114eec5e27.tar.gz | |
fips: enable %FORCE_SESSION_HASH by default under FIPS mode
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | lib/priority.c | 4 | ||||
| -rw-r--r-- | tests/tls-force-ems.c | 29 |
2 files changed, 28 insertions, 5 deletions
diff --git a/lib/priority.c b/lib/priority.c index 15cb133894..4b5eb7c77d 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -3234,6 +3234,10 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, (*priority_cache)->min_record_version = 1; gnutls_atomic_init(&(*priority_cache)->usage_cnt); + if (_gnutls_fips_mode_enabled()) { + (*priority_cache)->force_ext_master_secret = true; + } + if (system_wide_config.allowlisting && !priorities) { priorities = "@" LEVEL_SYSTEM; } diff --git a/tests/tls-force-ems.c b/tests/tls-force-ems.c index 18aa232994..89b5acf62e 100644 --- a/tests/tls-force-ems.c +++ b/tests/tls-force-ems.c @@ -102,11 +102,30 @@ void doit(void) AES_GCM ":%FORCE_SESSION_HASH", 0, 0); try("both force EMS", AES_GCM ":%FORCE_SESSION_HASH", AES_GCM ":%FORCE_SESSION_HASH", 0, 0); - try("neither negotiates EMS", AES_GCM ":%NO_SESSION_HASH", - AES_GCM ":%NO_SESSION_HASH", 0, 0); - try("server doesn't negotiate EMS, client forces EMS", - AES_GCM ":%NO_SESSION_HASH", AES_GCM ":%FORCE_SESSION_HASH", - GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_SECURITY); + if (gnutls_fips140_mode_enabled()) { + try("neither negotiates EMS", AES_GCM ":%NO_SESSION_HASH", + AES_GCM ":%NO_SESSION_HASH", GNUTLS_E_INSUFFICIENT_SECURITY, + GNUTLS_E_AGAIN); + } else { + try("neither negotiates EMS", AES_GCM ":%NO_SESSION_HASH", + AES_GCM ":%NO_SESSION_HASH", 0, 0); + } + /* Note that the error codes are swapped based on FIPS mode: + * in FIPS mode, the server doesn't send the extension which + * causes the client to not send the one either, and then the + * server doesn't like the situation. On the other hand, in + * non-FIPS mode, it's the client to decide to abort the + * connection. + */ + if (gnutls_fips140_mode_enabled()) { + try("server doesn't negotiate EMS, client forces EMS", + AES_GCM ":%NO_SESSION_HASH", AES_GCM ":%FORCE_SESSION_HASH", + GNUTLS_E_INSUFFICIENT_SECURITY, GNUTLS_E_AGAIN); + } else { + try("server doesn't negotiate EMS, client forces EMS", + AES_GCM ":%NO_SESSION_HASH", AES_GCM ":%FORCE_SESSION_HASH", + GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_SECURITY); + } try("server forces EMS, client doesn't negotiate EMS", AES_GCM ":%FORCE_SESSION_HASH", AES_GCM ":%NO_SESSION_HASH", GNUTLS_E_INSUFFICIENT_SECURITY, GNUTLS_E_AGAIN); |