| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, do not rely on checks done on asm level, as they vary and
may change over updates. Also handle consistently invalid key sizes
by returning an error, and eliminate calls to abort().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
aes_ssse3_cipher_setkey() accepted any key size,
which could lead to invalid memory access.
Such as with the oss-fuzz corpora file
fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
|
|
|
|
| |
Resolves #380
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Ensure that we restrict the GCM counter to the 4 bytes assigned to it.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
Previously we assumed that the nettle GCM internal functions
will use the provided ECB function for single block encryption.
Newer versions no longer operate that way. Ensure that we
are compatible with them.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
Previously we assumed that the nettle GCM internal functions
will use the provided ECB function for single block encryption.
Newer versions no longer operate that way. Ensure that we
are compatible with them.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Previously initialization of PIN callbacks would only happen during listing
of objects, which happened only in non-batch mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
It would enable batch mode accidentally.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
| |
That is, verify that gnutls_dtls_set_data_mtu() value would be
reflected into gnutls_dtls_get_data_mtu(), as well as the
gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The data MTU calculation under CBC ciphersuites takes into
account that the overhead of these ciphersuites is constant (IV +
hash + 1 byte padding), though the capacity varies due to the padding
block. That is, on 16-byte padding block, one padding byte is the
overhead but the rest 15 bytes are accounted for data MTU.
That also has the side effect that setting a data MTU using
gnutls_dtls_set_data_mtu(), is not definite, and the actual
MTU may be larger for these ciphersuites --i.e., the
return value of gnutls_dtls_get_data_mtu().
(backported from master branch)
Resolves #360
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
That eliminates the 'make syntax-check' error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Relates #347
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
| |
That is, ignore issuer when checking the issuer's parameters strength. That
resolves the issue of marking self-signed certificates as with insecure
parameters during verification.
Resolves #347
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
The getrandom() call is defined in sys/random.h.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
That is, when ck_info matches, we soft fail loading the module.
That is, because in several cases the pointers got by p11-kit
may differ for the same modules.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
trust store was not loaded, and thus prevent any certificate validation.
This change allows initializing the trust modules only even if generic
PKCS#11 support is disabled by the application.
Relates #316
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
That allows to load the PKCS#11 trusted modules (on systems which use them)
without loading all the potentially present PKCS#11 modules.
Relates #315
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
Previously, if SSLv2 hello support was disabled, the check for
the expected TLS message was incorrect.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
| |
Resolves #295
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
That amends commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
"On client side allow signing with the signature algorithm of our cert
That allows to sign for example with DSA-SHA1 as client even if we do not
allow DSA-SHA1 as signature algorithm for server's certificate. This allows
to use a deprecated certificate without enabling deprecated algorithms
globally."
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
That is, follow the RFC6066 requirement that server:
"MUST NOT accept the request to resume the session if the
server_name extension contains a different name."
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the parse_type of the SNI extension to
GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake.
With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS
servers ignored the SNI extension when resuming a TLS session from
cache, because "application" level extensions are skipped during
resumption. As a result, gnutls_server_name_get() always returned
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed
session, breaking virtual server systems.
According to RFC 6066, Section 3 the SNI extension must be parsed on
session resumption if implemented at all:
"A server that implements this extension MUST NOT accept the request
to resume the session if the server_name extension contains a
different name."
This change allows applications using GnuTLS to match SNI data on
resumed sessions.
Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
This makes tlsfuzzer's test-x25519 detect the right error
code on empty message. Previously this issue was masked by our
refusal to accept 1-byte sized fragments.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|